Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. CAS-004

CompTIA CAS-004 Exam (page: 9)
CompTIA Advanced Security Practitioner (CASP+) CAS-004
Updated on: 12-Oct-2025

Viewing Page 9 of 112
CAS-004 PDF 645 Questions

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.
Which of the following would be BEST to use to store customer keys?

  1. A trusted platform module
  2. A hardware security module
  3. A localized key store
  4. A public key infrastructure

Answer(s): B


Reference:

https://developer.android.com/studio/publish/app-signing



An organization wants to perform a scan of all its systems against best practice security configurations.
Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for full automation? (Choose two.)

  1. ARF
  2. XCCDF
  3. CPE
  4. CVE
  5. CVSS
  6. OVAL

Answer(s): B,F


Reference:

https://www.govinfo.gov/content/pkg/GOVPUB-C13-9ecd8eae582935c93d7f410e955dabb6/pdf/GOVPUB-C13
9ecd8eae582935c93d7f410e955dabb6.pdf
(p.12)



A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.
Which of the following will MOST likely secure the data on the lost device?

  1. Require a VPN to be active to access company data.
  2. Set up different profiles based on the person's risk.
  3. Remotely wipe the device.
  4. Require MFA to access company applications.

Answer(s): C



A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?

  1. Deploy an RA on each branch office.
  2. Use Delta CRLs at the branches.
  3. Configure clients to use OCSP.
  4. Send the new CRLs by using GPO.

Answer(s): B


Reference:

https://www.sciencedirect.com/topics/computer-science/revoke-certificate



After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary
ISP that is not normally used.
Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

  1. Disable BGP and implement a single static route for each internal network.
  2. Implement a BGP route reflector.
  3. Implement an inbound BGP prefix list.
  4. Disable BGP and implement OSPF.

Answer(s): C



Viewing Page 9 of 112



Share your comments for CompTIA CAS-004 exam with other users:

9eagles 4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.
Anonymous