1. Home
  2. CompTIA
  3. CAS-004

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :743 Q&As
  • Last Updated
    :Apr 15, 2025

CompTIA CompTIA Certifications CAS-004 Questions & Answers

  • Question 291:

    Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization.

    Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

    A. Align the exploitability metrics to the predetermined system categorization.

    B. Align the remediation levels to the predetermined system categorization.

    C. Align the impact subscore requirements to the predetermined system categorization.

    D. Align the attack vectors to the predetermined system categorization.

  • Question 292:

    During an incident, an employee's web traffic was redirected to a malicious domain. The workstation was compromised, and the attacker was able to modify sensitive data from the company file server. Which of the following solutions would have BEST prevented the initial compromise from happening? (Choose two.)

    A. DNSSEC

    B. FIM

    C. Segmentation

    D. Firewall

    E. DLP

    F. Web proxy

  • Question 293:

    Which of the following indicates when a company might not be viable after a disaster?

    A. Maximum tolerable downtime

    B. Recovery time objective

    C. Mean time to recovery

    D. Annual loss expectancy

  • Question 294:

    A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation. The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program. Which of the following will BEST accomplish the company's objectives? (Choose two.)

    A. IAST

    B. RASP

    C. SAST

    D. SCA

    E. WAF

    F. CMS

  • Question 295:

    A bank has multiple subsidiaries that have independent infrastructures. The bank's support teams manage all these environments and want to use a single set of credentials. Which of the following is the BEST way to achieve this goal?

    A. SSO

    B. Federation

    C. Cross-domain

    D. Shared credentials

  • Question 296:

    In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

    A. Network security

    B. Physical security

    C. OS security

    D. Host infrastructure

  • Question 297:

    A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation. Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience. The current architecture includes:

    1.

    Directory servers

    2.

    Web servers

    3.

    Database servers

    4.

    Load balancers

    5.

    Cloud-native VPN concentrator

    6.

    Remote access server

    The MSP must secure this environment similarly to the infrastructure on premises. Which of the following should the MSP put in place to BEST meet this objective? (Choose three.)

    A. Content delivery network

    B. Virtual next-generation firewall

    C. Web application firewall

    D. Software-defined WAN

    E. External vulnerability scans

    F. Containers

  • Question 298:

    A security engineer is creating a single CSR for the following web server hostnames:

    1.

    wwwint.internal

    2.

    www.company.com

    3.

    home.internal

    4.

    www.internal

    Which of the following would meet the requirement?

    A. SAN

    B. CN

    C. CA

    D. CRL

    E. Issuer

  • Question 299:

    A domestic, publicly traded, online retailer that sells makeup would like to reduce the risks to the most sensitive type of data within the organization but also the impact to compliance. A risk analyst is performing an assessment of the collection and processing of data used within business processes. Which of the following types of data pose the GREATEST risk? (Choose two.)

    A. Financial data from transactions

    B. Shareholder meeting minutes

    C. Data of possible European customers

    D. Customers' shipping addresses

    E. Deidentified purchasing habits

    F. Consumer product purchasing trends

  • Question 300:

    A cloud engineer is tasked with improving the responsiveness and security of a company's cloud-based web application. The company is concerned that international users will experience increased latency.

    Which of the following is the BEST technology to mitigate this concern?

    A. Caching

    B. Containerization

    C. Content delivery network

    D. Clustering

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.