CAS-004 Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :792 Q&As
  • Last Updated
    :Jul 09, 2026

CompTIA CAS-004 Online Questions & Answers

  • Question 71:

    An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

    1.Be based on open-source Android for use familiarity and ease

    2.Provide a single application for inventory management of physical assets.

    3.Permit use of the camera by only the inventory application for the purposes of scanning

    4.Disallow any and all configuration baseline modifications.

    5.Restnct all access to any devices resource other than those required for use of the inventory management application.

    Which of the following approaches would BEST meet these security requirements?

    A. Set an application wrapping policy, wrap the application distribute the Inventory APK via the MAM tool, and test the application restrictions.
    B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.
    C. Swap out Android's Linux kernel version for >2.4 .0, build the kernel, build Android, remove unnecessary functions via MDM. configure to block network access, and perform integration testing.
    D. Build and install an Android middleware policy with requirements added, copy the file into /usr/init, and then build the inventory application.

  • Question 72:

    The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:

    A. Budgeting for cybersecurity increases year over year.
    B. The committee knows how much work is being done.
    C. Business units are responsible for their own mitigation.
    D. The bank is aware of the status of cybersecurity risks

  • Question 73:

    SIMULATION

    A. See the explanation below.
    B. PlaceHoder
    C. PlaceHoder
    D. PlaceHoder

  • Question 74:

    A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

    A. Use a secrets management tool.
    B. Save secrets in key escrow.
    C. Store the secrets inside the Dockerfiles.
    D. Run all Dockerfiles in a randomized namespace.

  • Question 75:

    A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

    A. TOTP token
    B. Device certificate
    C. Smart card
    D. Biometric

  • Question 76:

    An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

    Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

    A. Password cracker
    B. Port scanner
    C. Account enumerator
    D. Exploitation framework

  • Question 77:

    Which of the following should an organization implement to prevent unauthorized API key sharing?

    A. OTP
    B. Encryption
    C. API gateway
    D. HSM

  • Question 78:

    A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?

    A. Utilizing hardening recommendations
    B. Deploying IPS/IDS throughout the environment
    C. Installing and updating antivirus
    D. Installing all available patches

  • Question 79:

    A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data's confidentiality is maintained in a dynamic, low-risk environment. Which of the following would best achieve this goal? (Select two).

    A. Install a SOAR on all endpoints.
    B. Hash all files.
    C. Install SIEM within a SOC.
    D. Encrypt all data and files at rest, in transit, and in use.
    E. Configure SOAR to monitor and intercept files and data leaving the network.
    F. Implement file integrity monitoring.

  • Question 80:

    A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system: Which of the following meets the budget needs of the business?

    A. Filter ABC
    B. Filter XYZ
    C. Filter GHI
    D. Filter TUV

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.