Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. CAS-004

CompTIA CAS-004 Exam (page: 11)
CompTIA Advanced Security Practitioner (CASP+) CAS-004
Updated on: 12-Oct-2025

Viewing Page 11 of 112
CAS-004 PDF 645 Questions

An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.
Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

  1. Deploy a SOAR tool.
  2. Modify user password history and length requirements.
  3. Apply new isolation and segmentation schemes.
  4. Implement decoy files on adjacent hosts.

Answer(s): D


Reference:

https://www.cynet.com/network-attacks/network-attacks-and-network-security-threats/



A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.
Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

  1. Execute never
  2. No-execute
  3. Total memory encryption
  4. Virtual memory protection

Answer(s): A


Reference:

https://developer.arm.com/documentation/102433/0100/Stack-smashing-and-execution-permissions



A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.
Which of the following will allow the inspection of the data without multiple certificate deployments?

  1. Include all available cipher suites.
  2. Create a wildcard certificate.
  3. Use a third-party CA.
  4. Implement certificate pinning.

Answer(s): B



A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.
Which of the following techniques will MOST likely meet the business's needs?

  1. Performing deep-packet inspection of all digital audio files
  2. Adding identifying filesystem metadata to the digital audio files
  3. Implementing steganography
  4. Purchasing and installing a DRM suite

Answer(s): C


Reference:

https://portswigger.net/daily-swig/what-is-steganography-a-complete-guide-to-the-ancient-art-of-concealing-messages



Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.
Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

  1. Implement rate limiting on the API.
  2. Implement geoblocking on the WAF.
  3. Implement OAuth 2.0 on the API.
  4. Implement input validation on the API.

Answer(s): A



Viewing Page 11 of 112



Share your comments for CompTIA CAS-004 exam with other users:

9eagles 4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.
Anonymous