1. Home
  2. CompTIA
  3. CAS-004

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :743 Q&As
  • Last Updated
    :Apr 15, 2025

CompTIA CompTIA Certifications CAS-004 Questions & Answers

  • Question 571:

    A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company's Linux servers. While the software version is no longer supported by the OSS community, the company's Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.

    Based on this agreement, this finding is BEST categorized as a:

    A. true positive.

    B. true negative.

    C. false positive.

    D. false negative.

  • Question 572:

    Which of the following technologies allows CSPs to add encryption across multiple data storages?

    A. Symmetric encryption

    B. Homomorphic encryption

    C. Data dispersion

    D. Bit splitting

  • Question 573:

    An organization's assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.

    Given this information, which of the following is a noted risk?

    A. Feature delay due to extended software development cycles

    B. Financial liability from a vendor data breach

    C. Technical impact to the API configuration

    D. The possibility of the vendor's business ceasing operations

  • Question 574:

    Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

    A. Zigbee

    B. CAN

    C. DNP3

    D. Modbus

  • Question 575:

    A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security

    Which of the following is the BEST option?

    A. ICANN

    B. PCI DSS

    C. OWASP

    D. CSA

    E. NIST

  • Question 576:

    Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

    A. SLA

    B. BIA

    C. BCM

    D. BCP

    E. RTO

  • Question 577:

    A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems.

    Which of the following now describes the level of risk?

    A. Inherent

    B. Low

    C. Mitigated

    D. Residual.

    E. Transferred

  • Question 578:

    A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

    A. Eavesdropping

    B. On-path

    C. Cryptanalysis

    D. Code signing

    E. RF sidelobe sniffing

  • Question 579:

    An organization requires a contractual document that includes

    1.

    An overview of what is covered

    2.

    Goals and objectives

    3.

    Performance metrics for each party

    4.

    A review of how the agreement is managed by all parties

    Which of the following BEST describes this type of contractual document?

    A. SLA

    B. BAA

    C. NDA

    D. ISA

  • Question 580:

    A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online.

    Which of the following be the FIRST step taken by the team?

    A. Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

    B. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

    C. Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

    D. Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.