CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 771:

    A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems.

    Which of the following now describes the level of risk?

    A. Inherent
    B. Low
    C. Mitigated
    D. Residual.
    E. Transferred

  • Question 772:

    A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

    A. Collect proof that the exploit works in order to expedite the process.
    B. Publish proof-of-concept exploit code on a personal blog.
    C. Recommend legal consultation about the process.
    D. Visit a bug bounty website for the latest information.

  • Question 773:

    An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk. Which of the following ensures that authorized modifications are well planned and executed?

    A. Risk management
    B. Network management
    C. Configuration management
    D. Change management

  • Question 774:

    A technology company developed an in-house chat application that is used only by developers. An open-source library within the application has been deprecated. The facts below are provided:

    1.The cost of replacing this system is nominal.

    2.The system provides no revenue to the business.

    3.The system is not a critical part of the business. Which of the following is the best risk mitigation strategy?

    A. Transfer the risk, since developers prefer using this chat application over alternatives.
    B. Accept the risk, since any system disruption will only impact developers.
    C. Avoid the risk by shutting down this application and migrating to another chat platform.
    D. Mitigate the risk by purchasing an EDR and configuring network ACLs.

  • Question 775:

    A security engineer is creating a single CSR for the following web server hostnames:

    1.wwwint.internal

    2.www.company.com

    3.home.internal

    4.www.internal

    Which of the following would meet the requirement?

    A. SAN
    B. CN
    C. CA
    D. CRL
    E. Issuer

  • Question 776:

    A security administrator has been tasked with hardening a domain controller against lateral movement attacks. Below is an output of running services:

    Which of the following configuration changes must be made to complete this task?

    A. Stop the Print Spooler service and set the startup type to disabled.
    B. Stop the DNS Server service and set the startup type to disabled.
    C. Stop the Active Directory Web Services service and set the startup type to disabled.
    D. Stop Credential Manager service and leave the startup type to disabled.

  • Question 777:

    An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

    A. Limit access to the system using a jump box.
    B. Place the new system and legacy system on separate VLANs
    C. Deploy the legacy application on an air-gapped system.
    D. Implement MFA to access the legacy system.

  • Question 778:

    A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

    A. Inherent Low
    B. Mitigated
    C. Residual
    D. Transferred

  • Question 779:

    An organization had been leveraging RC4 to protect the confidentiality of a continuous, high-throughput 4K video stream but must upgrade to a more modern cipher. The new cipher must maximize speed, particularly on endpoints without crypto instruction sets or coprocessors. Which of the following is MOST likely to meet the organization's requirements?

    A. ChaCha20
    B. ECDSA
    C. Blowfish
    D. AES-GCM
    E. AES-CBC

  • Question 780:

    A company's BIA indicates that any loss of more than one hour of data would be catastrophic to the business. Which of the following must be in place to meet this requirement?

    A. RPO
    B. RTO
    C. SLA
    D. DRP
    E. BCP

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.