Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. CAS-004

CompTIA CAS-004 Exam (page: 16)
CompTIA Advanced Security Practitioner (CASP+) CAS-004
Updated on: 12-Jan-2026

Viewing Page 16 of 112
CAS-004 PDF 645 Questions

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the
RPO for a disaster recovery event for this data classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?

  1. Leave the current backup schedule intact and pay the ransom to decrypt the data.
  2. Leave the current backup schedule intact and make the human resources fileshare read-only.
  3. Increase the frequency of backups and create SIEM alerts for IOCs.
  4. Decrease the frequency of backups and pay the ransom to decrypt the data.

Answer(s): C



A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.
Which of the following would be BEST to proceed with the transformation?

  1. An on-premises solution as a backup
  2. A load balancer with a round-robin configuration
  3. A multicloud provider solution
  4. An active-active solution within the same tenant

Answer(s): C



A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.
Which of the following solutions should the security architect recommend?

  1. Replace the current antivirus with an EDR solution.
  2. Remove the web proxy and install a UTM appliance.
  3. Implement a deny list feature on the endpoints.
  4. Add a firewall module on the current antivirus solution.

Answer(s): A



All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:
-Leaked to the media via printing of the documents
-Sent to a personal email address
Accessed and viewed by systems administrators
-Uploaded to a file storage site
Which of the following would mitigate the department's concerns?

  1. Data loss detection, reverse proxy, EDR, and PGP
  2. VDI, proxy, CASB, and DRM
  3. Watermarking, forward proxy, DLP, and MFA
  4. Proxy, secure VPN, endpoint encryption, and AV

Answer(s): C



A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
-Unauthorized insertions into application development environments
-Authorized insiders making unauthorized changes to environment configurations
Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

  1. Perform static code analysis of committed code and generate summary reports.
  2. Implement an XML gateway and monitor for policy violations.
  3. Monitor dependency management tools and report on susceptible third-party libraries.
  4. Install an IDS on the development subnet and passively monitor for vulnerable services.
  5. Model user behavior and monitor for deviations from normal.
  6. Continuously monitor code commits to repositories and generate summary logs.

Answer(s): A,F



Viewing Page 16 of 112



Share your comments for CompTIA CAS-004 exam with other users:

9eagles 4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.
Anonymous