Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > CompTIA > CompTIA Certifications > CAS-004 > CAS-004 Online Practice Questions and Answers

CAS-004 Online Practice Questions and Answers

Questions 4

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log. Which of the following actions would BEST address the potential risks by the activity in the logs?

A. Alerting the misconfigured service account password

B. Modifying the AllowUsers configuration directive

C. Restricting external port 22 access

D. Implementing host-key preferences

Buy Now

Correct Answer: C

Questions 5

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

A. 65

B. 77

C. 83

D. 87

Buy Now

Correct Answer: C

Questions 6

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

A. The product owner should perform a business impact assessment regarding the ability to implement a WAF.

B. The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

C. The system administrator should evaluate dependencies and perform upgrade as necessary.

D. The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Buy Now

Correct Answer: A

Questions 7

A penetration tester is trying to gain access to a building after hours as part of a physical assessment of an office complex. The tester notes that each employee touches a badge near a small black box outside the side door, and the door unlocks. The tester uses a software-defined radio tool to determine a 125kHz signal is used during this process. Which of the following technical solutions would be BEST to help the penetration tester gain access to the building?

A. Generate a 125kHz tone.

B. Compromise the ICS/SCADA system.

C. Utilize an RFID duplicator.

D. Obtain a lock pick set.

Buy Now

Correct Answer: A

Questions 8

A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

A. True positive

B. False negative

C. False positive

D. True negative

Buy Now

Correct Answer: C

Questions 9

Which of the following is MOST commonly found in a network SLA contract?

A. Price for extra services

B. Performance metrics

C. Service provider responsibility only

D. Limitation of liability

E. Confidentiality and non-disclosure

Buy Now

Correct Answer: B

Questions 10

A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file. Which of the following is the BEST way for the security team to comply with this requirement?

A. Digital signature

B. Message hash

C. Message digest

D. Message authentication code

Buy Now

Correct Answer: A

It provides both the needed data integrity and sender authentication using asymmetric cryptography, ensuring compliance with the stated requirement.

Questions 11

Multiple users have reported that an internal website's status is listed as insecure because the TLS certificate has expired. Although a new certificate was generated, this issue has become a common occurrence throughout the year for multiple websites. Which of the following best prevents recurrence of this issue?

A. OCSP responder

B. Life-cycle management

C. Wildcard certificates

D. Certificate pinning

Buy Now

Correct Answer: B

Questions 12

Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B's mam data center Which of the following actions should the CIO take first?

A. Determine whether the incident response plan has been tested at both companies, and use it to respond

B. Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.

C. Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams

D. Initiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA

Buy Now

Correct Answer: B

In the event of a fire at the main data center, the immediate action should be to review and engage the disaster recovery plan. This is to ensure the continuity of business operations. The CIO should coordinate with IT leaders from both companies to ensure a unified response. Assessing the damage and planning for recovery are crucial, and leveraging the expertise from both companies can help streamline the process.

Questions 13

A risk assessment determined that company data was leaked to the general public during a migration. Which of the following best explains the root cause of this issue?

A. Incomplete firewall rules between the CSP and on-premises infrastructure

B. Insufficient logging of cloud activities to company SIEM

C. Failure to implement full disk encryption to on-premises data storage

D. Misconfiguration of access controls on cloud storage containers

Buy Now

Correct Answer: D

During a migration, data is often moved to cloud storage containers. If these containers are not properly configured, they may be accessible to the public or unauthorized users, leading to data leaks. Misconfigurations such as setting permissions to public or not restricting access appropriately are common causes of data breaches in cloud environments.

Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+)
Last Update: May 28, 2026
Questions: 792

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.