1. Home
  2. CompTIA
  3. CAS-004

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :743 Q&As
  • Last Updated
    :Mar 30, 2025

CompTIA CompTIA Certifications CAS-004 Questions & Answers

  • Question 651:

    A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log. Which of the following actions would BEST address the potential risks by the activity in the logs?

    A. Alerting the misconfigured service account password

    B. Modifying the AllowUsers configuration directive

    C. Restricting external port 22 access

    D. Implementing host-key preferences

  • Question 652:

    A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

    Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

    A. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

    B. Change privileged usernames, review the OS logs, and deploy hardware tokens.

    C. Implement MFA, review the application logs, and deploy a WAF.

    D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

  • Question 653:

    A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line. Which of the following commands would be the BEST to run to view only active Internet connections?

    A. sudo netstat -antu | grep "LISTEN" | awk `{print$5}'

    B. sudo netstat -nlt -p | grep "ESTABLISHED"

    C. sudo netstat -plntu | grep -v "Foreign Address"

    D. sudo netstat -pnut -w | column -t -s $'\w'

    E. sudo netstat -pnut | grep -P ^tcp

  • Question 654:

    A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:

    The security engineer looks at the UTM firewall rules and finds the following:

    Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

    A. Contact the email service provider and ask if the company IP is blocked.

    B. Confirm the email server certificate is installed on the corporate computers.

    C. Make sure the UTM certificate is imported on the corporate computers.

    D. Create an IMAPS firewall rule to ensure email is allowed.

  • Question 655:

    A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information. Which of the following should the security engineer do to BEST manage the threats proactively?

    A. Join an information-sharing community that is relevant to the company.

    B. Leverage the MITRE ATTandCK framework to map the TTR.

    C. Use OSINT techniques to evaluate and analyze the threats.

    D. Update security awareness training to address new threats, such as best practices for data security.

  • Question 656:

    A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

    The technician will define this threat as:

    A. a decrypting RSA using obsolete and weakened encryption attack.

    B. a zero-day attack.

    C. an advanced persistent threat.

    D. an on-path attack.

  • Question 657:

    A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company's CI/CD pipeline?

    A. Utilizing a trusted secrets manager

    B. Performing DAST on a weekly basis

    C. Introducing the use of container orchestration

    D. Deploying instance tagging

  • Question 658:

    Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

    A. Lattice-based cryptography

    B. Quantum computing

    C. Asymmetric cryptography

    D. Homomorphic encryption

  • Question 659:

    A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic. Which of the following would satisfy the requirement?

    A. NIDS

    B. NIPS

    C. WAF

    D. Reverse proxy

  • Question 660:

    A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services. Which of the following should be modified to prevent the issue from reoccurring?

    A. Recovery point objective

    B. Recovery time objective

    C. Mission-essential functions

    D. Recovery service level

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.