CompTIA CAS-004 Online Practice
Questions and Exam Preparation
CAS-004 Exam Details
Exam Code
:CAS-004
Exam Name
:CompTIA Advanced Security Practitioner (CASP+)
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:792 Q&As
Last Updated
:Jul 09, 2026
CompTIA CAS-004 Online Questions &
Answers
Question 71:
An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:
1.Be based on open-source Android for use familiarity and ease
2.Provide a single application for inventory management of physical assets.
3.Permit use of the camera by only the inventory application for the purposes of scanning
4.Disallow any and all configuration baseline modifications.
5.Restnct all access to any devices resource other than those required for use of the inventory management application.
Which of the following approaches would BEST meet these security requirements?
A. Set an application wrapping policy, wrap the application distribute the Inventory APK via the MAM tool, and test the application restrictions. B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode. C. Swap out Android's Linux kernel version for >2.4 .0, build the kernel, build Android, remove unnecessary functions via MDM. configure to block network access, and perform integration testing. D. Build and install an Android middleware policy with requirements added, copy the file into /usr/init, and then build the inventory application.
A. Set an application wrapping policy, wrap the application distribute the Inventory APK via the MAM tool, and test the application restrictions.
Explanation
Question 72:
The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:
A. Budgeting for cybersecurity increases year over year. B. The committee knows how much work is being done. C. Business units are responsible for their own mitigation. D. The bank is aware of the status of cybersecurity risks
D. The bank is aware of the status of cybersecurity risks
Explanation
The primary goal of providing up-to-date metrics to the risk committee is to ensure the organization has visibility into current cybersecurity risks, their impact, and how they are being managed. This enables informed decision-making at the executive level.
Question 73:
SIMULATION
A. See the explanation below. B. PlaceHoder C. PlaceHoder D. PlaceHoder
A. See the explanation below.
Explanation
Step 1: Verify that the certificate is valid or not. In case of any warning message, cancel the download.
Step 2: If certificate issue is not there then, download the file in your system.
Step 3: Calculate the hash value of the downloaded file.
Step 4: Match the hash value of the downloaded file with the one which you selected on the website.
Step 5: Install the file if the hash value matches.
Question 74:
A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?
A. Use a secrets management tool. B. Save secrets in key escrow. C. Store the secrets inside the Dockerfiles. D. Run all Dockerfiles in a randomized namespace.
A. Use a secrets management tool.
Explanation
Question 75:
A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?
A. TOTP token B. Device certificate C. Smart card D. Biometric
B. Device certificate
Explanation
Using digital certificates for authentication is a secure method to control access to laptops and other devices. A device certificate can serve as an authenticator by providing a means for the device to prove its identity in a cryptographic manner. This certificate-based authentication is commonly used in enterprise environments for strong authentication.
Question 76:
An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:
Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
A. Password cracker B. Port scanner C. Account enumerator D. Exploitation framework
D. Exploitation framework
Explanation
Question 77:
Which of the following should an organization implement to prevent unauthorized API key sharing?
A. OTP B. Encryption C. API gateway D. HSM
C. API gateway
Explanation
An API gateway is a management tool that sits between a client and a collection of backend services. It acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result. API gateways can enforce policies such as rate limiting and authentication to prevent unauthorized access, making it an effective solution to prevent unauthorized API key sharing. By managing APIs at the gateway level, organizations can ensure that API keys are used as intended and are not shared or misused, addressing the need for secure management of API keys.
Question 78:
A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?
A. Utilizing hardening recommendations B. Deploying IPS/IDS throughout the environment C. Installing and updating antivirus D. Installing all available patches
A. Utilizing hardening recommendations
Explanation
The first step in reducing the attack surface of vulnerable, end-of-support systems is to apply hardening recommendations. Hardening involves applying security configurations, such as disabling unnecessary services, enforcing strong authentication, and tightening access controls to mitigate vulnerabilities on systems that can no longer receive patches or support. While patching and deploying security tools like IPS/IDS and antivirus are important, hardening addresses the fundamental weakness of these legacy systems by reducing their exposure to threats. CASP+ recommends hardening as a crucial measure in environments where patching or upgrading may not be feasible, particularly for unsupported systems.
References: CASP+ CAS-004 Exam Objectives: Domain 2.0 Enterprise Security Operations (System Hardening) CompTIA CASP+ Study Guide: System Hardening for End-of-Life Systems
Question 79:
A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data's confidentiality is maintained in a dynamic, low-risk environment. Which of the following would best achieve this goal? (Select two).
A. Install a SOAR on all endpoints. B. Hash all files. C. Install SIEM within a SOC. D. Encrypt all data and files at rest, in transit, and in use. E. Configure SOAR to monitor and intercept files and data leaving the network. F. Implement file integrity monitoring.
D. Encrypt all data and files at rest, in transit, and in use. E. Configure SOAR to monitor and intercept files and data leaving the network.
Explanation
Encrypt all data and files at rest, in transit, and in use: Comprehensive encryption ensures data confidentiality is maintained throughout its lifecycle, meeting the requirement for secure data handling. Configure SOAR to monitor and intercept files and data leaving the network: A SOAR system provides automated response capabilities to detect and mitigate data exfiltration attempts dynamically. This aligns with CASP+ objectives 4.2 and 4.3, which emphasize securing data and using advanced monitoring tools to mitigate risks in sensitive environments.
Question 80:
A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system: Which of the following meets the budget needs of the business?
A. Filter ABC B. Filter XYZ C. Filter GHI D. Filter TUV
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CAS-004 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.