1. Home
  2. CompTIA
  3. CAS-004

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :743 Q&As
  • Last Updated
    :Apr 15, 2025

CompTIA CompTIA Certifications CAS-004 Questions & Answers

  • Question 411:

    An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

    Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

    A. Password cracker

    B. Port scanner

    C. Account enumerator

    D. Exploitation framework

  • Question 412:

    A threat analyst notices the following URL while going through the HTTP logs.

    Which of the following attack types is the threat analyst seeing?

    A. SQL injection

    B. CSRF

    C. Session hijacking

    D. XSS

  • Question 413:

    Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

    A. Traffic interceptor log analysis

    B. Log reduction and visualization tools

    C. Proof of work analysis

    D. Ledger analysis software

  • Question 414:

    A company requires a task to be carried by more than one person concurrently. This is an example of:

    A. separation of d duties.

    B. dual control

    C. least privilege

    D. job rotation

  • Question 415:

    A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:

    The penetration testers MOST likely took advantage of:

    A. A TOC/TOU vulnerability

    B. A plain-text password disclosure

    C. An integer overflow vulnerability

    D. A buffer overflow vulnerability

  • Question 416:

    The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties.

    Which of the following should be implemented to BEST manage the risk?

    A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.

    B. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

    C. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

    D. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.

  • Question 417:

    The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

    1.

    Transaction being requested by unauthorized individuals.

    2.

    Complete discretion regarding client names, account numbers, and investment information.

    3.

    Malicious attackers using email to malware and ransomeware.

    4.

    Exfiltration of sensitive company information.

    The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing.

    Which of the following is the BEST option to resolve the boar's concerns for this email migration?

    A. Data loss prevention

    B. Endpoint detection response

    C. SSL VPN

    D. Application whitelisting

  • Question 418:

    A financial institution has several that currently employ the following controls:

    1.

    The severs follow a monthly patching cycle.

    2.

    All changes must go through a change management process.

    3.

    Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

    4.

    The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

    An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

    A. Require more than one approver for all change management requests.

    B. Implement file integrity monitoring with automated alerts on the servers.

    C. Disable automatic patch update capabilities on the servers

    D. Enhanced audit logging on the jump servers and ship the logs to the SIEM.

  • Question 419:

    A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

    1.

    Transactions being required by unauthorized individual

    2.

    Complete discretion regarding client names, account numbers, and investment information.

    3.

    Malicious attacker using email to distribute malware and ransom ware.

    4.

    Exfiltration of sensitivity company information.

    The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board's concerns for this email migration?

    A. Data loss prevention

    B. Endpoint detection response

    C. SSL VPN

    D. Application whitelisting

  • Question 420:

    Which of the following BEST sets expectation between the security team and business units within an organization?

    A. Risk assessment

    B. Memorandum of understanding

    C. Business impact analysis

    D. Business partnership agreement

    E. Services level agreement

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.