• Home
  • Articles
  • Updated Free CompTIA CAS-004 Test Engine Questions with 130 Q&As [Q44-Q61]

Updated Free CompTIA CAS-004 Test Engine Questions with 130 Q&As [Q44-Q61]

Share

Updated Free CompTIA CAS-004 Test Engine Questions with 130 Q&As

The Best CompTIA CASP CAS-004 Professional Exam Questions


CompTIA CAS-004 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Given a scenario, integrate software applications securely into an enterprise architecture
  • Given a set of requirements, implement secure cloud and virtualization solutions
Topic 2
  • Given a scenario, implement data security techniques for securing enterprise architecture
  • Given a set of requirements, apply the appropriate risk strategies
Topic 3
  • Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls
  • Given a scenario, analyze indicators of compromise and formulate an appropriate response
Topic 4
  • Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools
  • Explain the importance of managing and mitigating vendor risk
Topic 5
  • Explain compliance frameworks and legal considerations, and their organizational impact
  • Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements
Topic 6
  • Given a scenario, configure and implement endpoint security controls
  • Given a scenario, perform vulnerability management activities
Topic 7
  • Explain how cloud technology adoption impacts organizational security
  • Explain the importance of business continuity and disaster recovery concepts
Topic 8
  • Explain the impact of emerging technologies on enterprise security and privacy
  • Given a scenario, analyze vulnerabilities and recommend risk mitigations


CompTIA CASP+ Exam Certification Details:

Passing ScorePass / Fail
Books / TrainingCASP+ CAS-004
Duration165 mins
Sample QuestionsCompTIA CASP+ Sample Questions

 

NEW QUESTION 44
The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:

  • A. The bank is aware of the status of cybersecurity risks
  • B. Budgeting for cybersecurity increases year over year.
  • C. The committee knows how much work is being done.
  • D. Business units are responsible for their own mitigation.

Answer: B

 

NEW QUESTION 45
A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.
Which of the following encryption methods should the cloud security engineer select during the implementation phase?

  • A. Storage-based
  • B. Proxy-based
  • C. Instance-based
  • D. Array controller-based

Answer: C

 

NEW QUESTION 46
A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

  • A. Permissive
  • B. Mandatory
  • C. Enforcing
  • D. Protecting

Answer: A

 

NEW QUESTION 47
A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

  • A. Single-tenancy SaaS
  • B. Multinency SaaS
  • C. Community cloud service model
  • D. On-premises cloud service model

Answer: C

 

NEW QUESTION 48
A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.
Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

  • A. The company will have access to the latest version to continue development.
  • B. The company will be able to manage the third-party developer's development process.
  • C. The company will be paid by the third-party developer to hire a new development team.
  • D. The company will be able to force the third-party developer to continue support.

Answer: D

 

NEW QUESTION 49
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?

  • A. Perform a full system penetration test to determine the vulnerabilities.
  • B. Ascertain the impact of an attack on the availability of crucial resources.
  • C. Create a full inventory of information and data assets.
  • D. Determine which security compliance standards should be followed.

Answer: D

 

NEW QUESTION 50
An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

  • A. Regression testing
  • B. User acceptance
  • C. Peer review
  • D. Dynamic analysis

Answer: C

 

NEW QUESTION 51
A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

  • A. The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.
  • B. The DHCP server has a reservation for the PC's MAC address for the wired interface.
  • C. The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.
  • D. The DHCP server is unavailable, so no IP address is being sent back to the PC.

Answer: A

 

NEW QUESTION 52
The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:
* Transaction being requested by unauthorized individuals.
* Complete discretion regarding client names, account numbers, and investment information.
* Malicious attackers using email to malware and ransomeware.
* Exfiltration of sensitive company information.
The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar's concerns for this email migration?

  • A. SSL VPN
  • B. Endpoint detection response
  • C. Application whitelisting
  • D. Data loss prevention

Answer: D

 

NEW QUESTION 53
A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

  • A. Network intrusion prevention
  • B. CAPTCHA
  • C. Data encoding
  • D. Input validation

Answer: D

 

NEW QUESTION 54
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.
Which of the following would be the BEST option to implement?

  • A. SD-WAN vertical heterogeneity
  • B. Distributed connection allocation
  • C. Content delivery network
  • D. Local caching

Answer: C

 

NEW QUESTION 55
An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.
Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

  • A. Implement decoy files on adjacent hosts.
  • B. Modify user password history and length requirements.
  • C. Deploy a SOAR tool.
  • D. Apply new isolation and segmentation schemes.

Answer: D

 

NEW QUESTION 56
An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

  • A. Port scanner
  • B. Exploitation framework
  • C. Account enumerator
  • D. Password cracker

Answer: D

 

NEW QUESTION 57
A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered dat a. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.
Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

  • A. Purchasing managed FIM services to alert on detected modifications to covered data
  • B. Implementing redundant stores and services across diverse CSPs for high availability
  • C. Emulating OS and hardware architectures to blur operations from CSP view
  • D. Designing data protection schemes to mitigate the risk of loss due to multitenancy

Answer: D

 

NEW QUESTION 58
A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

  • A. Log reduction and analysis tool
  • B. Network enurrerator
  • C. Software Decomplier
  • D. Static code analysis

Answer: D

 

NEW QUESTION 59
A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.
Which of the following should the company use to make this determination?

  • A. A system penetration test
  • B. Log analysis within the SIEM tool
  • C. The Cyber Kill Chain
  • D. Threat hunting

Answer: A

 

NEW QUESTION 60
A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.
A security engineer is concerned about the security of the solution and notes the following.
* The critical devise send cleartext logs to the aggregator.
* The log aggregator utilize full disk encryption.
* The log aggregator sends to the analysis server via port 80.
* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.
* The data is compressed and encrypted prior to being achieved in the cloud.
Which of the following should be the engineer's GREATEST concern?

  • A. Hardware vulnerabilities introduced by the log aggregate server
  • B. Encryption of data in transit
  • C. Multinancy and data remnants in the cloud
  • D. Network bridging from a remote access VPN

Answer: B

 

NEW QUESTION 61
......

Try 100% Updated CAS-004 Exam Questions [2022]: https://www.practicedump.com/CAS-004_actualtests.html

Pass CAS-004 Exam - Real Questions and Answers: https://drive.google.com/open?id=1-REkVU7EtkxZYSQEL9HOzjEHlm5V6CVm

Related Articles

more
CompTIA CAS-004 Certification Practice Exam

Copyright © 2026 PracticeDump. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
PracticeDump material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
PracticeDump website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
PracticeDump offers only Probable Questions and Answers. PracticeDump offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. PracticeDump does not own or claim any ownership on any of the brands. The site www.practicedump.com is in no way affiliated with SAP SE.