Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :743 Q&As
  • Last Updated
    :Apr 15, 2025

CompTIA CompTIA Certifications CAS-004 Questions & Answers

  • Question 521:

    A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.

    Which of the following scan types will provide the systems administrator with the MOST accurate information?

    A. A passive, credentialed scan

    B. A passive, non-credentialed scan

    C. An active, non-credentialed scan

    D. An active, credentialed scan

  • Question 522:

    An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

    1.

    Low latency for all mobile users to improve the users' experience

    2.

    SSL offloading to improve web server performance

    3.

    Protection against DoS and DDoS attacks

    4.

    High availability

    Which of the following should the organization implement to BEST ensure all requirements are met?

    A. A cache server farm in its datacenter

    B. A load-balanced group of reverse proxy servers with SSL acceleration

    C. A CDN with the origin set to its datacenter

    D. Dual gigabit-speed Internet connections with managed DDoS prevention

  • Question 523:

    A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

    Which of the following steps would be best to perform FIRST?

    A. Turn off the infected host immediately.

    B. Run a full anti-malware scan on the infected host.

    C. Modify the smb.conf file of the host to prevent outgoing SMB connections.

    D. Isolate the infected host from the network by removing all network connections.

  • Question 524:

    A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.

    The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

    A. The pharmaceutical company

    B. The cloud software provider

    C. The web portal software vendor

    D. The database software vendor

  • Question 525:

    Given the following log snippet from a web server:

    Which of the following BEST describes this type of attack?

    A. SQL injection

    B. Cross-site scripting

    C. Brute-force

    D. Cross-site request forgery

  • Question 526:

    Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

    A. Biometric authenticators are immutable.

    B. The likelihood of account compromise is reduced.

    C. Zero trust is achieved.

    D. Privacy risks are minimized.

  • Question 527:

    A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market. Which of the following should the company implement to address the risk of system unavailability?

    A. User and entity behavior analytics

    B. Redundant reporting systems

    C. A self-healing system

    D. Application controls

  • Question 528:

    SIMULATION

    You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.

    The company's hardening guidelines indicate the following:

    1.

    There should be one primary server or service per device.

    2.

    Only default ports should be used.

    3.

    Non-secure protocols should be disabled.

    INSTRUCTIONS

    Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

    For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

    1.

    The IP address of the device

    2.

    The primary server or service of the device (Note that each IP should by associated with one service/port only)

    3.

    The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    A. See explanation below.

    B. Place Holder

    C. Place Holder

    D. Place Holder

  • Question 529:

    A security architect is reviewing the following proposed corporate firewall architecture and configuration: Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:

    1.

    Web servers must receive all updates via HTTP/S from the corporate network.

    2.

    Web servers should not initiate communication with the Internet.

    3.

    Web servers should only connect to preapproved corporate database servers.

    4.

    Employees' computing devices should only connect to web services over ports 80 and 443.

    Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

    A. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

    B. Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

    C. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

    D. Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

    E. Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

    F. Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

  • Question 530:

    A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.

    Which of the following would be BEST for the company to implement?

    A. A WAF

    B. An IDS

    C. A SIEM

    D. A honeypot

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.