• Home
  • Articles
  • CAS-004 Free Certification Exam Easy to Download PDF Format 2024 [Q173-Q193]

CAS-004 Free Certification Exam Easy to Download PDF Format 2024 [Q173-Q193]

Share

CAS-004 Free Certification Exam Easy to Download PDF Format 2024

Get 100% Success with Latest CompTIA CASP CAS-004 Exam Dumps


CompTIA CAS-004 (CompTIA Advanced Security Practitioner (CASP+)) Certification Exam is a vendor-neutral industry certification that validates the advanced-level security skills and knowledge of experienced IT professionals. CAS-004 exam is designed for professionals who have a minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience. CompTIA Advanced Security Practitioner (CASP+) Exam certification exam covers a wide range of security topics, including risk management, enterprise security architecture, research and collaboration, and integration of network, endpoint and cloud security.


CompTIA CAS-004, also known as the CompTIA Advanced Security Practitioner (CASP+), is a certification exam designed for experienced IT professionals looking to advance their careers in the field of cybersecurity. CAS-004 exam validates the skills and knowledge required to conceptualize, design, and implement secure solutions across complex enterprise environments.

 

NEW QUESTION # 173
Company A acquired Company B. During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program.
Which of the following risk-handling techniques was used?

  • A. Avoid
  • B. Mitigate
  • C. Transfer
  • D. Accept

Answer: B


NEW QUESTION # 174
A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

  • A. Implementing an IDS
  • B. Placing a WAF inline
  • C. Deploying a honeypot
  • D. Installing a network firewall

Answer: D


NEW QUESTION # 175
Which of the following is used to assess compliance with internal and external requirements?

  • A. Business continuity plan
  • B. Audit report
  • C. After-action report
  • D. RACI matrix

Answer: B


NEW QUESTION # 176
A security analyst runs a vulnerability scan on a network administrator's workstation. The network administrator has direct administrative access to the company's SSO web portal. The vulnerability scan uncovers critical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client, and an offline password manager. Which of the following should the security analyst patch FIRST?

  • A. Email client
  • B. Browser
  • C. OS
  • D. Password manager

Answer: B

Explanation:
The browser is the application that the security analyst should patch first, given that all the applications have equally high CVSS scores. CVSS stands for Common Vulnerability Scoring System, which is a method for measuring the severity of vulnerabilities based on various factors, such as access conditions, impact, and exploitability. CVSS scores range from 0 to 10, with higher scores indicating higher severity. However, CVSS scores alone are not sufficient to determine the patching priority, as they do not account for other factors, such as the likelihood of exploitation, the exposure of the system, or the criticality of the data. Therefore, the security analyst should also consider the context and the risk of each application when deciding which one to patch first. In this case, the browser is likely to be the most exposed and frequently used application by the network administrator, and also the most likely entry point for an attacker to compromise the system or access the SSO web portal. Therefore, patching the browser first can reduce the risk of a successful attack and protect the system and the data from further damage. Verified Reference:
https://nvd.nist.gov/vuln-metrics/cvss
https://www.darkreading.com/risk/vulnerability-severity-scores-make-for-poor-patching-priority-researchers-find


NEW QUESTION # 177
A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:
The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would be BEST for the analyst to recommend?

  • A. Create multiple social media accounts for all marketing user to separate their actions.
  • B. Ensue the password being shared is sufficiently and not written down anywhere.
  • C. Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
  • D. Configure MFA for all users to decrease their reliance on other authentication.

Answer: D

Explanation:
Explanation
Configuring MFA for all users to decrease their reliance on other authentication is the best option to improve email security at the company. MFA stands for multi-factor authentication, which is a method of verifying a user's identity by requiring two or more factors, such as something the user knows (e.g., password), something the user has (e.g., token), or something the user is (e.g., biometric). MFA can prevent unauthorized access to email accounts even if the username or password is compromised or shared. Verified References:
https://www.comptia.org/training/books/casp-cas-004-study-guide ,
https://www.csoonline.com/article/3239144/what-is-mfa-how-multi-factor-authentication-works.html


NEW QUESTION # 178
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

  • A. TLS_DHE_DSS_WITH_RC4_128_SHA
  • B. TLS_CHACHA20_POLY1305_SHA256
  • C. TLS_AES_128_GCM_SHA256
  • D. TLS_AES_128_CCM_8_SHA256

Answer: A


NEW QUESTION # 179
A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

Which of the following should the security analyst perform?

  • A. Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.
  • B. Contact the security department at the business partner and alert them to the email event.
  • C. Block the IP address for the business partner at the perimeter firewall.
  • D. Configure the email gateway to automatically quarantine all messages originating from the business partner.

Answer: B


NEW QUESTION # 180
Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

  • A. Code signing
  • B. TPM
  • C. Trust models
  • D. Key escrow

Answer: D

Explanation:
Key escrow is the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely. Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow by a trusted third party that can release them under certain conditions. Key escrow can be useful for backup or recovery purposes, or for complying with legal or regulatory requirements that may demand access to encrypted data.
B) TPM is not the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely. TPM stands for Trusted Platform Module, which is a hardware device that provides secure storage and generation of cryptographic keys on a computer. TPM does not involve any third party or escrow service.
C) Trust models are not the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely. Trust models are frameworks that define how entities can establish and maintain trust relationships in a network or system. Trust models do not necessarily involve any third party or escrow service.
D) Code signing is not the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely. Code signing is a process of using digital signatures to verify the authenticity and integrity of software code. Code signing does not involve any third party or escrow service.


NEW QUESTION # 181
A security manager needed to protect a high-security data center, so the manager installed a mantrap that can detect an employee's heartbeat, weight, and badge.
Which of the following did the security manager implement?

  • A. A compensating control
  • B. A corrective control
  • C. A managerial control
  • D. A physical control

Answer: D

Explanation:
A mantrap is being used to control *physical* access to the data center.


NEW QUESTION # 182
A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.
Which of the following techniques will MOST likely meet the business's needs?

  • A. Adding identifying filesystem metadata to the digital audio files
  • B. Purchasing and installing a DRM suite
  • C. Performing deep-packet inspection of all digital audio files
  • D. Implementing steganography

Answer: D

Explanation:
Steganography is a technique that can hide data within other files or media, such as images, audio, or video. This can provide a low-cost approach to theft detection for the audio recordings produced and sold by the small business, as it can embed identifying information or watermarks in the audio files that can reveal their origin or ownership. Performing deep-packet inspection of all digital audio files may not be feasible or effective for theft detection, as it could consume a lot of bandwidth and resources, and it may not detect hidden data within encrypted packets. Adding identifying filesystem metadata to the digital audio files may not provide enough protection for theft detection, as filesystem metadata can be easily modified or removed by unauthorized parties. Purchasing and installing a DRM (digital rights management) suite may not be a low-cost approach for theft detection, as it could involve licensing fees and hardware requirements. Verified Reference: https://www.comptia.org/blog/what-is-steganography https://partners.comptia.org/docs/default-source/resources/casp-content-guide


NEW QUESTION # 183
A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:
* A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.
* A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.
* The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection.
Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?

  • A. Secure web gateway
  • B. Software composition analysis
  • C. Dynamic analysis
  • D. User behavior analysis
  • E. Web application firewall

Answer: E

Explanation:
A web application firewall (WAF) is a security device that inspects web application traffic and can detect and prevent malicious activity such as SQL injection, cross-site scripting, and malicious file uploads. This type of attack could have been prevented if a WAF was in place to monitor and block malicious traffic. Resources:
CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 4: "Web Application Firewalls," Wiley, 2018. https://www.wiley.com/en-us/CompTIA+Advanced+Security+Practitioner+CASP%2B+Study+Guide%2C+2nd+Edition-p-9781119396582


NEW QUESTION # 184
A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.
Which of the following is the MOST likely cause?

  • A. A certificate on the WAF is expired.
  • B. HTTP traffic is not forwarding to HTTPS to decrypt.
  • C. The user agent client is not compatible with the WAF.
  • D. Old, vulnerable cipher suites are still being used.

Answer: A

Explanation:

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/waf-block-http-requests- no-user-agent/


NEW QUESTION # 185
A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:
* Mobile clients should verify the identity of all social media servers locally.
* Social media servers should improve TLS performance of their certificate status
* Social media servers should inform the client to only use HTTPS.
Given the above requirements, which of the following should the company implement? (Select TWO).

  • A. HSTS
  • B. Quick UDP internet connection
  • C. CRL
  • D. OCSP stapling
  • E. DNSSEC
  • F. Distributed object model
  • G. Private CA

Answer: A,D

Explanation:
The company should implement OCSP stapling and HSTS to improve TLS performance and enforce HTTPS.
OCSP stapling is a technique that allows a server to provide a signed proof of the validity of its certificate along with the TLS handshake, instead of relying on the client to contact the certificate authority (CA) for verification. This can reduce the latency and bandwidth of the TLS handshake, as well as improve the privacy and security of the certificate status. HSTS stands for HTTP Strict Transport Security, which is a mechanism that instructs browsers to only use HTTPS when connecting to a website, and to reject any unencrypted or invalid connections. This can prevent downgrade attacks, man-in-the-middle attacks, and mixed content errors, as well as improve the performance of HTTPS connections by avoiding unnecessary redirects. Verified References:
https://www.techtarget.com/searchsecurity/definition/OCSP-stapling
https://www.techtarget.com/searchsecurity/definition/HTTP-Strict-Transport-Security
https://www.cloudflare.com/learning/ssl/what-is-hsts/


NEW QUESTION # 186
A security consultant has been asked to recommend a secure network design that would:
* Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.
* Limit operational disruptions.
Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

  • A. Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.
  • B. Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port
    5000.
  • C. Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.
  • D. Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port
    102.

Answer: A

Explanation:
Explanation
OPC (Open Platform Communications) and Modbus are two common protocols used for industrial control systems (ICS). OPC is a standard that allows different devices and applications to exchange data in a vendor-neutral way. Modbus is a serial communication protocol that enables devices to send and receive commands and data over a network. Modbus has two variants: Modbus TCP/IP, which uses TCP port 502 for communication, and Modbus RTU/ASCII, which uses serial ports.
To allow an OPC server to communicate with a Modbus server that is controlling electrical relays, the security engineer should recommend restricting inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502. This configuration would:
Permit the OPC server to send commands and data to the Modbus server using Modbus TCP/IP protocol over port 502.
Limit operational disruptions, by preventing unauthorized or malicious access to the Modbus server from other sources.
Due to the limitations within the Modbus protocol, such as lack of encryption and authentication, restricting inbound traffic is a necessary security measure to protect the integrity and availability of the ICS.


NEW QUESTION # 187
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

Explanation:
Explanation
The process ID 87 can be the starting point for an investigation of a possible buffer overflow attack, as it shows a high percentage of CPU utilization (99.7%) and a suspicious command name (graphic.linux_randomization.prg). A buffer overflow attack is a type of attack that exploits a vulnerability in an application or system that allows an attacker to write data beyond the allocated buffer size, potentially overwriting memory segments and executing malicious code. A high CPU utilization could indicate that the process is performing intensive or abnormal operations, such as a buffer overflow attack. A suspicious command name could indicate that the process is trying to disguise itself or evade detection, such as by mimicking a legitimate program or using random characters. The other process IDs do not show signs of a buffer overflow attack, as they have low CPU utilization and normal command names. Verified References:
https://www.comptia.org/blog/what-is-buffer-overflow
https://partners.comptia.org/docs/default-source/resources/casp-content-guide


NEW QUESTION # 188
The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

  • A. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.
  • B. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.
  • C. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.
  • D. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.

Answer: C


NEW QUESTION # 189
An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

  • A. SDLC attack
  • B. Side-load attack
  • C. Supply chain attack
  • D. Remote code signing

Answer: C


NEW QUESTION # 190
A company's user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.
Which of the following solutions would BEST support trustworthy communication solutions?

  • A. Enabling spam filtering and DMARC.
  • B. Enforcing data classification labels before an email is sent to an outside party.
  • C. Enabling SPF and DKIM on company servers.
  • D. Enforcing HTTPS everywhere so web traffic, including email, is secure.
  • E. Using MFA when logging into email clients and the domain.

Answer: A


NEW QUESTION # 191
A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

  • A. Isolate 10.0.50.6 via security groups.
  • B. Access 10.0.5.52 via EDR and identify processes that have network connections.
  • C. Investigate web logs on 10.0.50.6 to determine if this is normal traffic.
  • D. Quarantine 10.0.5.52 and run a malware scan against the host.

Answer: C


NEW QUESTION # 192
A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

  • A. Reviewing video from IP cameras within the facility
  • B. Implementing integrity checks on endpoint computing devices
  • C. Looking for privileged credential reuse on the network
  • D. Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

Answer: A

Explanation:
Reviewing video from IP cameras within the facility would be the most likely process to expose an attacker who has compromised an air-gapped system. Since air-gapped systems are isolated from external networks, an attacker would need physical access to the system or use some covert channel to communicate with it. Video surveillance could reveal any unauthorized or suspicious activity within the facility that could be related to the attack. Verified Reference:
https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf
https://en.wikipedia.org/wiki/Air-Gap_Malware
https://www.techtarget.com/searchsecurity/essentialguide/How-air-gap-attacks-challenge-the-notion-of-secure-networks


NEW QUESTION # 193
......

Get Ready to Pass the CAS-004 exam Right Now Using Our CompTIA CASP Exam Package: https://www.dumpstorrent.com/CAS-004-exam-dumps-torrent.html

The Best CAS-004 Exam Study Material and Preparation Test Question Dumps: https://drive.google.com/open?id=18-6gF9bAQl3A0wb1JmBIhomBKVCrdef1

Related Articles

more
CompTIA CAS-004 Certification Practice Exam

Copyright © 2026 DumpsTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy