[Jan 14, 2026] Pass CompTIA CASP CAS-004 Exam With 620 Questions [Q92-Q116]

Share

[Jan 14, 2026] Pass CompTIA CASP CAS-004 Exam With 620 Questions

Ultimate Guide to Prepare Free CompTIA CAS-004 Exam Questions and Answer


The CASP+ exam covers a wide range of topics, including risk management, enterprise security architecture, research and collaboration, and integration of advanced technologies. CAS-004 exam also tests candidates' ability to analyze and interpret data to identify and respond to security threats and vulnerabilities.

 

NEW QUESTION # 92
An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.
Which of the following phases establishes the identification and prioritization of critical systems and functions?

  • A. Perform a cost-benefit analysis.
  • B. Develop an exposure factor matrix.
  • C. Conduct a business impact analysis.
  • D. Review a recent gap analysis.

Answer: C


NEW QUESTION # 93
A security consultant needs to set up wireless security for a small office that does not have Active Directory.
Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.
Which of the following technologies would BEST meet this need?

  • A. WPA3 SAE
  • B. WEP 128 bit
  • C. Faraday cage
  • D. WPA2 PSK

Answer: A

Explanation:
Explanation
WPA3 SAE prevents brute-force attacks.
"WPA3 Personal (WPA-3 SAE) Mode is a static passphrase-based method. It provides better security than what WPA2 previously provided, even when a non-complex password is used, thanks to Simultaneous Authentication of Equals (SAE), the personal authentication process of WPA3."


NEW QUESTION # 94
A company is developing a new service product offering that will involve the storage of personal health information. The Chief Information Security Officer (CISO) is researching the relevant compliance regulations. Which of the following best describes the CISO's action?

  • A. Due diligence
  • B. Reference framework
  • C. Data retention
  • D. Data classification

Answer: A

Explanation:
Comprehensive and Detailed Step by Step Explanation:
Due diligenceinvolves researching and understanding regulatory requirements (e.g., HIPAA) to ensure compliance for handling sensitive data like personal health information.
Data retentionrefers to how long data is stored, not compliance research.
Data classificationorganizes data by sensitivity but is not specific to compliance research.
Reference frameworksprovide guidelines for implementation but are not directly about research.
References:
CompTIA CASP+ Exam Objective 1.1: Analyze business and compliance requirements.
CASP+ Study Guide, 5th Edition, Chapter 2, Legal and Regulatory Compliance.


NEW QUESTION # 95
The Chief Information Security Officer is concerned about the possibility of employees downloading 'malicious files from the internet and 'opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

  • A. Scan all downloads using an antivirus engine on the web proxy.
  • B. Block known malware sites on the web proxy.
  • C. Integrate the web proxy with threat intelligence feeds.
  • D. Execute the files in the sandbox on the web proxy.

Answer: D

Explanation:
Executing the files in the sandbox on the web proxy is the best solution to reduce the risk of employees downloading and opening malicious files from the internet. A sandbox is a secure and isolated environment that can run untrusted or potentially harmful code without affecting the rest of the system. By executing the files in the sandbox, the web proxy can analyze their behavior and detect any malicious activity before allowing them to reach the corporate workstations.


NEW QUESTION # 96
An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

  • A. Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.
  • B. Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.
  • C. Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next.
    Choose the best solution based on the best metrics.
  • D. Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

Answer: A

Explanation:
The analyst should implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics. This approach would allow the analyst to test each solution individually and measure its effectiveness against the attack, without affecting the other solutions or the production environment. This would also minimize the downtime required to implement the best solution, as only one change would be needed. The other options would either involve implementing multiple solutions at once, which could cause conflicts or errors, or collecting metrics before running the attack simulation, which would not reflect the actual impact of the solutions.


NEW QUESTION # 97
A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?

  • A. Configure clients to use OCSP.
  • B. Deploy an RA on each branch office.
  • C. Send the new CRLs by using GPO.
  • D. Use Delta CRLs at the branches.

Answer: A


NEW QUESTION # 98
A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.
Which of the following will MOST likely secure the data on the lost device?

  • A. Require a VPN to be active to access company data.
  • B. Set up different profiles based on the person's risk.
  • C. Remotely wipe the device.
  • D. Require MFA to access company applications.

Answer: C

Explanation:
Explanation
Remotely wiping the device is the best way to secure the data on the lost device, as it would erase all the data and prevent unauthorized access. Requiring a VPN to be active to access company data may not protect the data on the device itself, as it could be stored locally or cached. Setting up different profiles based on the person's risk may not prevent data loss or theft, as it depends on the level of access and encryption. Requiring MFA to access company applications may not protect the data on the device itself, as it could be stored locally or cached. Verified References: https://www.comptia.org/blog/what-is-byod
https://partners.comptia.org/docs/default-source/resources/casp-content-guide


NEW QUESTION # 99
A software developer created an application for a large, multinational company. The company is concerned the program code could be reverse engineered by a foreign entity and intellectual property would be lost. Which of the following techniques should be used to prevent this situation?

  • A. Code signing
  • B. Watermarking
  • C. Obfuscation
  • D. Digital certificates

Answer: C

Explanation:
Obfuscation is a technique used to make the program code difficult to understand or read. It can help to prevent reverse engineering by making it more challenging to analyze the code and understand its structure and functionality, thereby protecting intellectual property.


NEW QUESTION # 100
A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks by the activity in the logs?

  • A. Restricting external port 22 access
  • B. Alerting the misconfigured service account password
  • C. Implementing host-key preferences
  • D. Modifying the AllowUsers configuration directive

Answer: D

Explanation:
Reference:
The AllowUsers configuration directive is an option for SSH servers that specifies which users are allowed to log in using SSH. The directive can include usernames, hostnames, IP addresses, or patterns. The directive can also be negated with a preceding exclamation mark (!) to deny access to specific users.
The logs show that there are multiple failed login attempts from different IP addresses using different usernames, such as root, admin, test, etc. This indicates a brute-force attack that is trying to guess the SSH credentials. To address this risk, the security analyst should modify the AllowUsers configuration directive to only allow specific users or hosts that are authorized to access the SSH jump server. This will prevent unauthorized users from attempting to log in using SSH and reduce the attack surface. Reference: https://man.openbsd.org/sshd_config#AllowUsers https://www.ssh.com/academy/ssh/brute-force


NEW QUESTION # 101
During a network defense engagement, a red team is able to edit the following registry key:

Which of the following tools is the red team using to perform this action?

  • A. SCAP scanner
  • B. Network vulnerability scanner
  • C. PowerShell
  • D. Fuzzer

Answer: C

Explanation:
PowerShell is a versatile scripting language that can be used to automate administrative tasks and configurations on Windows machines. It has the capability to edit registry keys, which is what the red team appears to have done based on the provided information. PowerShell is a common tool used by both system administrators and attackers (in the form of a red team during penetration testing).


NEW QUESTION # 102
Which of the following technologies allows CSPs to add encryption across multiple data storages?

  • A. Homomorphic encryption
  • B. Symmetric encryption
  • C. Bit splitting
  • D. Data dispersion

Answer: C

Explanation:
Cryptographic splitting, also known as cryptographic bit splitting or cryptographic data splitting, is a technique for securing data over a computer network. The technique involves encrypting data, splitting the encrypted data into smaller data units, distributing those smaller units to different storage locations, and then further encrypting the data at its new location.


NEW QUESTION # 103
A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page:
NET:ERR_CERT_COMMON_NAME_INVALID.
Which of the following BEST describes what the administrator should do NEXT?

  • A. Request a new certificate with the correct subject alternative name that includes the new websites.
  • B. Request a new certificate with the correct organizational unit for the company's website.
  • C. Request a new certificate with a stronger encryption strength and the latest cipher suite.
  • D. Request a new certificate with the same information but including the old certificate on the CRL.

Answer: A

Explanation:
1. Verify That Your SSL Certificate Is Correct
The most basic cause of the NET::ERR_CERT_COMMON_NAME_INVALID error is that your site's domain doesn't match the common name listed on your SSL certificate. So, the first fix you'll want to try is viewing your certificate to determine if it's been misconfigured.


NEW QUESTION # 104
An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.
Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

  • A. Modify user password history and length requirements.
  • B. Implement decoy files on adjacent hosts.
  • C. Apply new isolation and segmentation schemes.
  • D. Deploy a SOAR tool.

Answer: B

Explanation:
Decoy files, also known as honeypots, are fake assets that are designed to lure attackers into interacting with them, revealing their presence and potentially exposing their tactics, techniques, and procedures (TTPs). By placing decoy files on adjacent hosts, the hunt team can potentially lure the adversary into interacting with them, revealing their presence and potentially exposing their malicious activity.


NEW QUESTION # 105
A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated
from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?

  • A. Reverse proxy, stateful firewalls, and VPNs at the local sites
  • B. IPSs at the hub, Layer 4 firewalls, and DLP
  • C. DoS protection at the hub site, mutual certificate authentication, and cloud proxy
  • D. IDSs, WAFs, and forward proxy IDS

Answer: C

Explanation:
To meet the requirements, the network architect should implement the following solutions:
DoS protection at the hub site: To ensure the network supports core applications with 99.99% uptime, the network architect should implement DoS (denial of service) protection at the hub site.
This can help to prevent DoS attacks, which can disrupt the availability of the network and its applications.
Mutual certificate authentication: To ensure that configuration updates to the SD-WAN routers can only be initiated from the management service, the network architect should implement mutual certificate authentication. This involves requiring the management service to present a valid certificate before it can initiate configuration updates, and requiring the SD-WAN routers to present a valid certificate before they can accept updates.
Cloud proxy: To ensure that documents downloaded from websites are scanned for malware, the network architect should implement a cloud proxy. A cloud proxy is a security service that is hosted in the cloud and can be used to inspect traffic for malware and other threats before it reaches the network.


NEW QUESTION # 106
A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:
* All remote devices to have up-to-date antivirus
* An up-to-date and patched OS
Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

  • A. Bastion host
  • B. NIDS
  • C. Reverse proxy
  • D. NGFW
  • E. WAF
  • F. NAC

Answer: B,F


NEW QUESTION # 107
A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.
Which of the following technologies would BEST meet this need?

  • A. WPA3 SAE
  • B. WEP 128 bit
  • C. Faraday cage
  • D. WPA2 PSK

Answer: A

Explanation:
WPA3 SAE prevents brute-force attacks.


NEW QUESTION # 108
A company recently deployed new servers to create an additional cluster to support a new application. The corporate security policy states that all new servers must be resilient. The new cluster has a high-availability configuration for a smooth failover. The failover was successful following a recent power outage, but both clusters lost critical data, which impacted recovery time. Which of the following needs to be configured to help ensure minimal delays when power outages occur in the future?

  • A. Containerization
  • B. Caching
  • C. Redundancy
  • D. Replication
  • E. High availability

Answer: D

Explanation:
Step by Step
Replication ensures data consistency by synchronizing copies of data across clusters. This would prevent data loss during power outages.
Caching provides faster data retrieval but does not ensure data persistence.
Containerization improves deployment consistency but does not address resilience or data integrity.
Redundancy relates to additional hardware or systems but does not guarantee up-to-date data.
High availability addresses system uptime but does not prevent data loss.


NEW QUESTION # 109
A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to
20,000rpm from its normal operating range. As a result, the part deteriorated more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be BEST to prevent a side-channel attack in the future?

  • A. Installing online hardware sensors
  • B. Air gapping important ICS and machines
  • C. Implementing a HIDS
  • D. Installing a SIEM agent on the endpoint

Answer: B

Explanation:
Air gapping, which means physically isolating a secure network from unsecured networks, including the public internet, is one of the most effective ways to prevent side-channel attacks. By creating an air gap, you remove the pathways that an attacker might exploit to gain unauthorized access to sensitive systems and manipulate them, as in the case of the SCADA system mentioned.


NEW QUESTION # 110
Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.
Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

  • A. Implement input validation on the API.
  • B. Implement rate limiting on the API.
  • C. Implement geoblocking on the WAF.
  • D. Implement OAuth 2.0 on the API.

Answer: B

Explanation:
Rate limiting is a technique that can limit the number or frequency of requests that a client can make to an API (application programming interface) within a given time frame. This can help remedy the performance issues caused by high CPU utilization on the servers that host the APIs, as it can prevent excessive or abusive requests that could overload the servers. Implementing geoblocking on the WAF (web application firewall) may not help remedy the performance issues, as it could block legitimate requests based on geographic location, not on request rate. Implementing OAuth 2.0 on the API may not help remedy the performance issues, as OAuth 2.0 is a protocol for authorizing access to APIs, not for limiting requests. Implementing input validation on the API may not help remedy the performance issues, as input validation is a technique for preventing invalid or malicious input from reaching the API, not for limiting requests. Verified Reference: https://www.comptia.org/blog/what-is-rate-limiting https://partners.comptia.org/docs/default-source/resources/casp-content-guide


NEW QUESTION # 111
Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?

  • A. To determine the business owner(s) of the system
  • B. To decide between conducting a quantitative or qualitative analysis
  • C. To determine which laws and regulations apply
  • D. To determine the scope of the risk assessment

Answer: D

Explanation:
Identifying the security boundary is an essential first step in a risk assessment process as it defines the scope of the assessment. It delineates the environment where the risk assessment will take place and sets the limits for what assets, systems, and processes will be included in the assessment.


NEW QUESTION # 112
An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:
- Unstructured data being exfiltrated after an employee leaves the
organization
- Data being exfiltrated as a result of compromised credentials
- Sensitive information in emails being exfiltrated
Which of the following solutions should the security team implement to mitigate the risk of data loss?

  • A. Conditional access, DoH, and full disk encryption
  • B. Certificates, DLP, and geofencing
  • C. Mobile application management, MFA, and DRM
  • D. Mobile device management, remote wipe, and data loss detection

Answer: C

Explanation:
MAM software secures and enables IT to control over enterprise applications on end users' corporate and personal smartphones and tablets and allows for selective wipes when the person leaves the organization.
MFA will help with compromised credentials and finally DRM will provide us with Email DRM Protection as Senders should be able to stop recipients from forwarding sensitive messages or downloading confidential documents locally.
https://www.virtru.com/blog/drm-protection


NEW QUESTION # 113
A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

  • A. The security engineer asks the project manager to review the updates for the client's system.
  • B. The change control board must review and approve a submission.
  • C. The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.
  • D. The information system security officer provides the systems engineer with the system updates.

Answer: B

Explanation:
The change control board (CCB) is a committee that consists of subject matter experts and managers who decide whether to implement proposed changes to a project. The change control board is part of the change management plan, which defines the roles and processes for managing change within a team or organization. The change control board must review and approve a submission for any change request that affects the scope, schedule, budget, quality, or risks of the project. The change control board evaluates the impact and benefits of the change request and decides whether to accept, reject, or defer it.
A) The implementation engineer requesting direct approval from the systems engineer and the Chief Information Security Officer is not a correct process for requesting updates or corrections to the client's systems, because it bypasses the change control board and the project manager. This could lead to unauthorized changes that could compromise the project's objectives and deliverables.
C) The information system security officer providing the systems engineer with the system updates is not a correct process for requesting updates or corrections to the client's systems, because it does not involve the change control board or the project manager. This could lead to unauthorized changes that could introduce security vulnerabilities or conflicts with other system components.
D) The security engineer asking the project manager to review the updates for the client's system is not a correct process for requesting updates or corrections to the client's systems, because it does not involve the change control board. The project manager is responsible for facilitating the change management process, but not for approving or rejecting change requests.
https://www.projectmanager.com/blog/change-control-board-roles-responsibilities-processes


NEW QUESTION # 114
A security architect for a manufacturing company must ensure that a new acquisition of IoT devices is securely integrated into the company's Infrastructure. The devices should not directly communicate with other endpoints on the network and must be subject to network traffic monitoring to identify anomalous traffic. Which of the following would be the BEST solution to meet these requirements?

  • A. Establish an air-gapped network and implement an IDS.
  • B. Allow only wireless connections and proxy the traffic through a network tap.
  • C. Use a separate VLAN with an ACL and implement network detection and response.
  • D. Block all outbound traffic and implement an inline firewall.

Answer: C

Explanation:
By using a separate VLAN (Virtual Local Area Network) with an Access Control List (ACL), the IoT devices can be isolated from the rest of the network, preventing direct communication with other endpoints on the network. Additionally, by implementing network detection and response, anomalous traffic can be identified and investigated.


NEW QUESTION # 115
A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:


Which of the following meets the budget needs of the business?

  • A. Filter TUV
  • B. Filter XYZ
  • C. Filter ABC
  • D. Filter GHI

Answer: D


NEW QUESTION # 116
......

CompTIA Advanced Security Practitioner (CASP+) Exam Practice Tests 2026 | Pass CAS-004 with confidence!: https://drive.google.com/open?id=1No30StUW4qbAOWaWA-qLiJfrJBGl2Exd

Pass CAS-004 Tests Engine pdf - All Free Dumps: https://www.fast2test.com/CAS-004-premium-file.html

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어