Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. CAS-004

CompTIA CAS-004 Exam (page: 3)
CompTIA Advanced Security Practitioner (CASP+) CAS-004
Updated on: 25-Aug-2025

Viewing Page 3 of 112
CAS-004 PDF 645 Questions

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

  1. Lattice-based cryptography
  2. Quantum computing
  3. Asymmetric cryptography
  4. Homomorphic encryption

Answer(s): D


Reference:

https://searchsecurity.techtarget.com/definition/cryptanalysis



A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?

  1. NIDS
  2. NIPS
  3. WAF
  4. Reverse proxy

Answer(s): A


Reference:

https://subscription.packtpub.com/book/networking-and-servers/9781782174905/5/ch05lvl1sec38/differentiating-between-nids-and-nips



A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.
Which of the following should be modified to prevent the issue from reoccurring?

  1. Recovery point objective
  2. Recovery time objective
  3. Mission-essential functions
  4. Recovery service level

Answer(s): D


Reference:

https://www.nakivo.com/blog/disaster-recovery-in-cloud-computing/



A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped.
The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.
The technician will define this threat as:

  1. a decrypting RSA using obsolete and weakened encryption attack.
  2. a zero-day attack.
  3. an advanced persistent threat.
  4. an on-path attack.

Answer(s): C


Reference:

https://www.internetsociety.org/deploy360/tls/basics/



A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.
Which of the following would BEST secure the company's CI/CD pipeline?

  1. Utilizing a trusted secrets manager
  2. Performing DAST on a weekly basis
  3. Introducing the use of container orchestration
  4. Deploying instance tagging

Answer(s): A


Reference:

https://about.gitlab.com/blog/2021/04/09/demystifying-ci-cd-variables/



Viewing Page 3 of 112



Share your comments for CompTIA CAS-004 exam with other users:

9eagles 4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.
Anonymous