This PDF contains a set of carefully selected practice questions for the

CAS-004 exam. These questions are designed to reflect the structure,

difficulty, and topics covered in the actual exam, helping you reinforce
your understanding and identify areas for improvement.

What's Inside:

1. Topic-focused questions based on the latest exam objectives

2. Accurate answer keys to support self-review
3. Designed to simulate the real test environment
4. Ideal for final review or daily practice

Important Note:

This material is for personal study purposes only. Please do not

redistribute or use for commercial purposes without permission.

For full access to the complete question bank and topic-wise explanations, visit:
CertQuestionsBank.com

Our YouTube: https://www.youtube.com/@CertQuestionsBank

FB page: https://www.facebook.com/certquestionsbank
Share some CAS-004 exam online questions below.
1.A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned
about meeting SLA requirements in the event of a CSP incident.
Which of the following would be BEST to proceed with the transformation?
A. An on-premises solution as a backup
B. A load balancer with a round-robin configuration
C. A multicloud provider solution
D. An active-active solution within the same tenant
Answer: C
Explanation:
A multicloud provider solution is the best option for proceeding with the digital transformation while
ensuring SLA (service level agreement) requirements in the event of a CSP (cloud service provider)
incident. A multicloud provider solution is a strategy that involves using multiple CSPs for different
cloud services or applications, such as infrastructure, platform, or software as a service. A multicloud
provider solution can provide resiliency, redundancy, and availability for cloud services or
applications, as it can distribute the workload and risk across different CSPs and avoid single points
of failure or vendor lock-in. An on-premises solution as a backup is not a good option for proceeding
with the digital transformation, as it could involve high costs, complexity, or maintenance for
maintaining both cloud and on-premises resources, as well as affect the scalability or flexibility of
cloud services or applications. A load balancer with a round-robin configuration is not a good option
for proceeding with the digital transformation, as it could introduce latency or performance issues for
cloud services or applications, as well as not provide sufficient resiliency or redundancy in case of a
CSP incident. An active-active solution within the same tenant is not a good option for proceeding
with the digital transformation, as it could still be affected by a CSP incident that impacts the entire
tenant or region, as well as increase the costs or complexity of managing multiple instances of cloud
services or applications.
Verified Reference:
https://www.comptia.org/blog/what-is-multicloud
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

2.A company’s claims processed department has a mobile workforce that receives a large number of
email submissions from personal email addresses. An employees recently received an email that
approved to be claim form, but it installed malicious software on the employee’s laptop when was
opened.
A. Impalement application whitelisting and add only the email client to the whitelist for laptop in the
claims processing department.
B. Required all laptops to connect to the VPN before accessing email.
C. Implement cloud-based content filtering with sandboxing capabilities.
D. Install a mail gateway to scan incoming messages and strip attachments before they reach the
mailbox.
Answer: C
Explanation:
Implementing cloud-based content filtering with sandboxing capabilities is the best solution for
preventing malicious software installation on the employee’s laptop due to opening an email
attachment that appeared to be a claim form. Cloud-based content filtering is a technique that uses a
cloud service to filter or block web traffic based on predefined rules or policies, preventing
unauthorized or malicious access to web resources or services. Cloud-based content filtering can
prevent malicious software installation on the employee’s laptop due to opening an email attachment
that appeared to be a claim form, as it can scan or analyze email attachments before they reach the
mailbox and block or quarantine them if they are malicious. Sandboxing is a technique that uses an
isolated or virtualized environment to execute or test suspicious or untrusted code or applications,
preventing them from affecting the host system or network. Sandboxing can prevent malicious
software installation on the employee’s laptop due to opening an email attachment that appeared to
be a claim form, as it can run or detonate email attachments in a safe environment and observe their
behavior or impact before allowing them to reach the mailbox. Implementing application whitelisting
and adding only the email client to the whitelist for laptops in the claims processing department is not
a good solution for preventing malicious software installation on the employee’s laptop due to
opening an email attachment that appeared to be a claim form, as it could affect the usability or
functionality of other applications on the laptops that may be needed for work purposes, as well as not
prevent malicious software from running within the email client. Requiring all laptops to connect to the
VPN (virtual private network) before accessing email is not a good solution for preventing malicious
software installation on the employee’s laptop due to opening an email attachment that appeared to
be a claim form, as it could introduce latency or performance issues for accessing email, as well as
not prevent malicious software from reaching or executing on the laptops. Installing a mail gateway to
scan incoming messages and strip attachments before they reach the mailbox is not a good solution
for preventing malicious software installation on the employee’s laptop due to opening an email
attachment that appeared to be a claim form, as it could affect the normal operations or functionality
of email communication, as well as not prevent legitimate attachments from reaching the mailbox.
Verified Reference:
https://www.comptia.org/blog/what-is-cloud-based-content-filtering
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

3.A security technician is trying to connect a remote site to the central office over a site-to-site VPN.
The technician has verified the source and destination IP addresses are correct, but the technician is
unable to get the remote site to connect.
The following error message keeps repeating:
"An error has occurred during Phase 1 handshake. Deleting keys and retrying..."
Which of the following is most likely the reason the connection is failing?
A. The IKE hashing algorithm uses different key lengths on each VPN device.
B. The IPSec settings allow more than one cipher suite on both devices.
C. The Diffie-Hellman group on both sides matches but is a legacy group.
D. The remote VPN is attempting to connect with a protocol other than SSL/TLS.
Answer: C
Explanation:
The error indicates an issue during Phase 1 of the IKE handshake, which is used for establishing
secure key exchange in IPSec VPNs. If the Diffie-Hellman group is legacy (e.g., Group 1 or 2), it
might no longer be supported by modern systems, causing the connection to fail. Updating to a
stronger Diffie-Hellman group (e.g., Group 14 or 19) resolves this issue. This aligns with CASP+
objectives related to secure communications and cryptographic protocols (3.2).

4.A Chief Information Officer is considering migrating all company data to the cloud to save money on
expensive SAN storage.
Which of the following is a security concern that will MOST likely need to be addressed during
migration?
A. Latency
B. Data exposure
C. Data loss
D. Data dispersion
Answer: B
Explanation:
Data exposure is a security concern that will most likely need to be addressed during migration of all
company data to the cloud, as it could involve sensitive or confidential data being accessed or
disclosed by unauthorized parties. Data exposure could occur due to misconfigured cloud services,
insecure data transfers, insider threats, or malicious attacks. Data exposure could also result in
compliance violations, reputational damage, or legal liabilities. Latency is not a security concern, but a
performance concern that could affect the speed or quality of data access or transmission. Data loss
is not a security concern, but a availability concern that could affect the integrity or recovery of data.
Data dispersion is not a security concern, but a management concern that could affect the visibility or
control of data.
Verified Reference:
https://www.comptia.org/blog/what-is-data-exposure
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

5. Configuration updates to the SD-WAN routers can only be initiated from the management service.

6.An organization mat provides a SaaS solution recently experienced an incident involving customer
data loss. The system has a level of sell-healing that includes monitoring performance and available
resources. When me system detects an issue, the self-healing process is supposed to restart pans of
me software.
During the incident, when me self-healing system attempted to restart the services, available disk
space on the data drive to restart all the services was inadequate. The self-healing system did not
detect that some services did not fully restart and declared me system as fully operational.
Which of the following BEST describes me reason why the silent failure occurred?
A. The system logs rotated prematurely.
B. The disk utilization alarms are higher than what me service restarts require.
C. The number of nodes in me self-healing cluster was healthy,
D. Conditional checks prior to the service restart succeeded.
Answer: D

7.The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to
deliver a service, is concerned about the handling and security of customer data by the parties.
Which of the following should be implemented to BEST manage the risk?
A. Establish a review committee that assesses the importance of suppliers and ranks them according
to contract renewals. At the time of contract renewal, incorporate designs and operational controls
into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal
with a dedicated risk management team.
B. Establish a team using members from first line risk, the business unit, and vendor management to
assess only design security controls of all suppliers. Store findings from the reviews in a database for
all other business units and risk teams to reference.
C. Establish an audit program that regularly reviews all suppliers regardless of the data they access,
how they access the data, and the type of data, Review all design and operational controls based on
best practice standard and report the finding back to upper management.
D. Establish a governance program that rates suppliers based on their access to data, the type of
data, and how they access the data Assign key controls that are reviewed and managed based on the
supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.
Answer: D
Explanation:
A governance program that rates suppliers based on their access to data, the type of data, and how
they access the data is the best way to manage the risk of handling and security of customer data by
third parties. This allows the company to assign key controls that are reviewed and managed based
on the supplier’s rating and report findings to the relevant units and risk teams.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide,
https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/third-party-risk-management

8.1.45.65 SFTP Server Disable 8080

9.Company A is merging with Company B Company A is a small, local company Company B has a
large, global presence The two companies have a lot of duplication in their IT systems processes, and
procedures On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B's
mam data center.
Which of the following actions should the CIO take first?
A. Determine whether the incident response plan has been tested at both companies, and use it to
respond
B. Review the incident response plans, and engage the disaster recovery plan while relying on the IT
leaders from both companies.
C. Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to the
companies' leadership teams
D. Initiate Company A's IT systems processes and procedures, assess the damage, and perform a
BIA
Answer: B
Explanation:
In the event of a fire at the main data center, the immediate action should be to review and engage
the disaster recovery plan. This is to ensure the continuity of business operations. The CIO should
coordinate with IT leaders from both companies to ensure a unified response. Assessing the damage
and planning for recovery are crucial, and leveraging the expertise from both companies can help
streamline the process.

10.During a software assurance assessment, an engineer notices the source code contains multiple
instances of strcpy. which does not verify the buffer length.
Which of the following solutions should be integrated into the SDLC process to reduce future risks?
A. Require custom IDS/IPS detection signatures for each type of insecure function found.
B. Perform a penetration test before moving to the next step of the SDLC.
C. Update the company's secure coding policy to exclude insecure functions.
D. Perform DAST/SAST scanning before handoff to another team.
Answer: C
Explanation:
The source code in this scenario uses insecure functions like strcpy which are known for not checking
buffer sizes, leading to buffer overflow vulnerabilities. The most effective solution is to update the
company’s secure coding policy to prohibit the use of insecure functions and replace them with safer
alternatives, such as strncpy, which enforces buffer length checks. Integrating this change into the
Software Development Life Cycle (SDLC) ensures that future code adheres to secure practices,
thereby reducing the risk of vulnerabilities being introduced into production systems. This approach
aligns with CASP+ guidelines that emphasize secure coding practices and policies to prevent
common security flaws in software development.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (Secure
Coding Standards)
CompTIA CASP+ Study Guide: Secure Coding and Prevention of Buffer Overflows
11.An IT director is working on a solution to meet the challenge of remotely managing laptop devices
and securely locking them down.
The solution must meet the following requirements:
• Cut down on patch management.
• Make use of standard configurations.
• Allow for custom resource configurations.
• Provide access to the enterprise system from multiple types of devices.
Which of the following would meet these requirements?
A. MDM
B. Emulator
C. Hosted hypervisor
D. VDI
Answer: D
Explanation:
A Virtual Desktop Infrastructure (VDI) solution meets all the listed requirements: reducing patch
management, using standard configurations, allowing for custom resource configurations, and
providing access from multiple device types. VDI allows centralized management of desktop
environments, where patches and updates can be applied once and distributed across all virtual
desktops. It also supports flexible resource configurations and secure remote access from various
devices. CASP+ highlights VDI as a solution for centralized, secure desktop management that meets
modern enterprise needs for mobility and security.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (VDI
for Secure Remote Desktop Management)
CompTIA CASP+ Study Guide: Virtual Desktop Infrastructure for Centralized Management and
Security

12.An auditor Is reviewing the logs from a web application to determine the source of an Incident. The
web application architecture Includes an Internet-accessible application load balancer, a number of
web servers. In a private subnet, application servers, and one database server In a tiered
configuration. The application load balancer cannot store the logs.
The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to
the sources?
A. Enable the x-Forwarded-For header al the load balancer.
B. Install a software-based HIDS on the application servers.
C. Install a certificate signed by a trusted CA.
D. Use stored procedures on the database server.
E. Store the value of the $_server ( ‘ REMOTE_ADDR ' ] received by the web servers.
Answer: C
13.A host on a company’s network has been infected by a worm that appears to be spreading via
SMB. A security analyst has been tasked with containing the incident while also maintaining evidence
for a subsequent investigation and malware analysis.
Which of the following steps would be best to perform FIRST?
A. Turn off the infected host immediately.
B. Run a full anti-malware scan on the infected host.
C. Modify the smb.conf file of the host to prevent outgoing SMB connections.
D. Isolate the infected host from the network by removing all network connections.
Answer: D

14.An organization is in frequent litigation and has a large number of legal holds.
Which of the following types of functionality should the organization's new email system provide?
A. DLP
B. Encryption
C. E-discovery
D. Privacy-level agreements
Answer: C
Explanation:
The organization’s new email system should provide e-discovery functionality. E-discovery stands for
electronic discovery, which is the process of identifying, preserving, collecting, processing, reviewing,
analyzing, and producing electronically stored information (ESI) that is relevant to a legal matter. E-
discovery can help the organization comply with legal holds, which are orders or notices to preserve
relevant ESI when litigation is anticipated or ongoing. E-discovery can also help the organization
reduce the costs and risks of litigation, as well as improve the efficiency and accuracy of the
discovery process.
Verified Reference:
https://www.techtarget.com/searchsecurity/definition/electronic-discovery
https://www.techtarget.com/searchsecurity/definition/legal-hold
https://www.ibm.com/topics/electronic-discovery

15.A company underwent an audit in which the following issues were enumerated:
• Insufficient security controls for internet-facing services, such as VPN and extranet
• Weak password policies governing external access for third-party vendors
Which of the following strategies would help mitigate the risks of unauthorized access?
A. 2FA
B. RADIUS
C. Federation
D. OTP
Answer: A
Explanation:
Two-factor authentication (2FA) adds an additional layer of security by requiring two forms of
identification before granting access to an account or system. Implementing 2FA can significantly
reduce the risk of unauthorized access, even if passwords are weak or compromised.

16.A company based in the United States holds insurance details of EU citizens.
Which of the following must be adhered to when processing EU citizens' personal, private, and
confidential data?
A. The principle of lawful, fair, and transparent processing
B. The right to be forgotten principle of personal data erasure requests
C. The non-repudiation and deniability principle
D. The principle of encryption, obfuscation, and data masking
Answer: A

17.An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not
have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move
customer office equipment from one service location to another. The vendor acquires customer data
and access to the business via an API.
Given this information, which of the following is a noted risk?
A. Feature delay due to extended software development cycles
B. Financial liability from a vendor data breach
C. Technical impact to the API configuration
D. The possibility of the vendor’s business ceasing operations
Answer: A
Explanation:
Reference: https://legal.thomsonreuters.com/en/insights/articles/data-breach-liability

18.A software developer created an application for a large, multinational company. The company is
concerned the program code could be reverse engineered by a foreign entity and intellectual property
would be lost.
Which of the following techniques should be used to prevent this situation?
A. Obfuscation
B. Code signing
C. Watermarking
D. Digital certificates
Answer: A
Explanation:
Obfuscation is a technique used to make the program code difficult to understand or read. It can help
to prevent reverse engineering by making it more challenging to analyze the code and understand its
structure and functionality, thereby protecting intellectual property.

19.A company recently deployed a SIEM and began importing logs from a firewall, a file server, a
domain controller a web server, and a laptop. A security analyst receives a series of SIEM alerts and
prepares to respond.
The following is the alert information:
Which of the following should the security analyst do FIRST?
A. Disable Administrator on abc-uaa-fsl, the local account is compromised
B. Shut down the abc-usa-fsl server, a plaintext credential is being used
C. Disable the jdoe account, it is likely compromised
D. Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited
Answer: C
Explanation:
Based on the SIEM alerts, the security analyst should first disable the jdoe account, as it is likely
compromised by an attacker. The alerts show that the jdoe account successfully logged on to the abc-
usa-fsl server, which is a file server, and then initiated SMB (445) traffic to the abc-web01 server,
which is a web server. This indicates that the attacker may be trying to exfiltrate data from the file
server to the web server. Disabling the jdoe account would help stop this unauthorized activity and
prevent further damage.
Disabling Administrator on abc-usa-fsl, the local account is compromised, is not the first action to
take, as it is not clear from the alerts if the local account is compromised or not. The alert shows that
there was a successful logon event for Administrator on abc-usa-fsl, but it does not specify if it was a
local or domain account, or if it was authorized or not. Moreover, disabling the local account would not
stop the SMB traffic from jdoe to abc-web01.
Shutting down the abc-usa-fsl server, a plaintext credential is being used, is not the first action to
take, as it is not clear from the alerts if a plaintext credential is being used or not. The alert shows that
there was RDP (3389) traffic from abc-admin1-logon to abc-usa-fsl, but it does not specify if the
credential was encrypted or not. Moreover, shutting down the file server would disrupt its normal
operations and affect other users.
Shutting down abc-usa-fw01; the remote access VPN vulnerability is exploited, is not the first action
to take, as it is not clear from the alerts if the remote access VPN vulnerability is exploited or not. The
alert shows that there was FTP (21) traffic from abc-usa-dcl to abc-web01, but it does not specify if it
was related to the VPN or not. Moreover, shutting down the firewall would expose the network to
other threats and affect other services.
Reference: What is SIEM? | Microsoft Security, What is a SIEM Alert? | Cofense
20.A security consultant is designing an infrastructure security solution for a client company that has
provided the following requirements:
• Access to critical web services at the edge must be redundant and highly available.
• Secure access services must be resilient to a proprietary zero-day vulnerability in a single
component.
• Automated transition of secure access solutions must be able to be triggered by defined events or
manually by security operations staff.
Which of the following solutions BEST meets these requirements?
A. Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user
optionality in the selection of a remote access provider
B. Remote access services deployed using vendor-diverse redundancy with event response driven by
playbooks.
C. Two separate secure access solutions orchestrated by SOAR with components provided by the
same vendor for compatibility.
D. Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that
connects critical web services out to endpoint computers.
Answer: B
Explanation:
Remote access services deployed using vendor-diverse redundancy with event response driven by
playbooks is the best solution to meet the requirements. Vendor-diverse redundancy means using
different vendors or technologies to provide the same service or function, which can increase the
availability and resilience of the service. For example, if one vendor’s VPN solution fails due to a zero-
day vulnerability, another vendor’s VPN solution can take over without affecting the users. Event
response driven by playbooks means using predefined workflows or scripts to automate the actions or
decisions that need to be taken in response to certain events or triggers. For example, a playbook
can define how to switch between different remote access solutions based on certain criteria or
conditions, such as performance, availability, security, or manual input. Playbooks can also be
integrated with SOAR platforms to leverage their capabilities for orchestration, automation, and
response.
Verified Reference:
https://cyware.com/security-guides/security-orchestration-automation-and-response/what-is-vendor-
agnostic-security-orchestration-automation-and-response-soar-40e4
https://www.paloaltonetworks.com/cyberpedia/what-is-a-security-playbook

21.The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst
at the retailer detects a redirection of unsecure web traffic to a competitor's site.
Which of the following would best prevent this type of attack?
A. Enabling HSTS
B. Configuring certificate pinning
C. Enforcing DNSSEC
D. Deploying certificate stapling
Answer: A
Explanation:
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect
websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.
It allows web servers to declare that web browsers (or other complying user agents) should only
interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. Enabling
HSTS would prevent attackers from redirecting users from a secure site to an unsecure or malicious
one.
22.A company requires a task to be carried by more than one person concurrently. This is an
example of:
A. separation of d duties.
B. dual control
C. least privilege
D. job rotation
Answer: B
Explanation:
Dual control is a security principle that requires two or more authorized individuals to perform a task
concurrently. This reduces the risk of fraud, error, or misuse of sensitive assets or information.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide,
https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/using-dual-control-to-mitigate-
risk

23.An organization established an agreement with a partner company for specialized help desk
services. A senior security officer within the organization Is tasked with providing documentation
required to set up a dedicated VPN between the two entities.
Which of the following should be required?
A. SLA
B. ISA
C. NDA
D. MOU
Answer: B
Explanation:
An ISA, or interconnection security agreement, is a document that should be required to set up a
dedicated VPN between two entities that provide specialized help desk services. An ISA defines the
technical and security requirements for establishing, operating, and maintaining a secure connection
between two or more organizations. An ISA also specifies the roles and responsibilities of each party,
the security controls and policies to be implemented, the data types and classifications to be
exchanged, and the incident response procedures to be followed.
Reference: [CompTIA CASP+ Study Guide, Second Edition, page 36]

24.A software development company makes Its software version available to customers from a web
portal. On several occasions, hackers were able to access the software repository to change the
package that is automatically published on the website.
Which of the following would be the BEST technique to ensure the software the users download is the
official software released by the company?
A. Distribute the software via a third-party repository.
B. Close the web repository and deliver the software via email.
C. Email the software link to all customers.
D. Display the SHA checksum on the website.
Answer: D

25.A security analyst reviews network logs and notices a large number of domain name queries
originating from an internal server for an unknown domain, similar to the following:

26.A penetration tester discovers a condition that causes unexpected behavior in a web application.
This results in the dump of the interpreter's debugging information, which includes the interpreter's
version, full path of binary files, and the user ID running the process.
Which of the following actions would best mitigate this risk?
A. Include routines in the application for message handling
B. Adopt a compiled programming language instead.
C. Perform SAST vulnerability scans on every build.
D. Validate user-generated input.
Answer: A
Explanation:
In this scenario, the web application is disclosing sensitive debugging information when an error
occurs. To mitigate this risk, the best solution is to implement proper error message handling routines
that ensure detailed debugging information is not exposed to users. Instead, the application should
display generic error messages to the end-user while logging detailed information securely for internal
troubleshooting. This approach reduces the risk of information disclosure, which is a common
vulnerability in web applications. CASP+ emphasizes the importance of secure error handling as part
of secure software development practices.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (Secure
Coding and Error Handling)
CompTIA CASP+ Study Guide: Web Application Security and Proper Error Handling

27.A company is repeatedly being breached by hackers who valid credentials. The company’s Chief
information Security Officer (CISO) has installed multiple controls for authenticating users, including
biometric and token-based factors. Each successive control has increased overhead and complexity
but has failed to stop further breaches. An external consultant is evaluating the process currently in
place to support the authentication controls.
Which of the following recommendation would MOST likely reduce the risk of unauthorized access?
A. Implement strict three-factor authentication.
B. Implement least privilege policies
C. Switch to one-time or all user authorizations.
D. Strengthen identify-proofing procedures
Answer: A

28.Company A acquired Company

B. During an initial assessment, the companies discover they are using the same SSO system. To
help users with the transition, Company A is requiring the following:
• Before the merger is complete, users from both companies should use a single set of usernames
and passwords.
• Users in the same departments should have the same set of rights and privileges, but they should
have different sets of rights and privileges if they have different IPs.
• Users from Company B should be able to access Company A's available resources.
Which of the following are the BEST solutions? (Select TWO).
A. Installing new Group Policy Object policies
B. Establishing one-way trust from Company B to Company A
C. Enabling multifactor authentication
D. Implementing attribute-based access control
E. Installing Company A's Kerberos systems in Company B's network
F. Updating login scripts
Answer: B,D
Explanation:
Establishing one-way trust from Company B to Company A would allow users from Company B to
access Company A’s resources using their existing credentials. Implementing attribute-based access
control would allow users to have different sets of rights and privileges based on their attributes, such
as department and IP address.
Verified Reference:
https://www.cloudflare.com/learning/access-management/what-is-sso/
https://frontegg.com/blog/a-complete-guide-to-implementing-single-sign-on
https://learn.microsoft.com/en-us/host-integration-server/esso/enterprise-single-sign-on-basics

29.While investigating a security event, an analyst finds evidence that a user opened an email
attachment from an unknown source. Shortly after the user opened the attachment, a group of
servers experienced a large amount of network and resource activity. Upon investigating the servers,
the analyst discovers the servers were encrypted by ransomware that is demanding payment within
48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the
management team?
A. Pay the ransom within 48 hours.
B. Isolate the servers to prevent the spread.
C. Notify law enforcement.
D. Request that the affected servers be restored immediately.
Answer: B
Explanation:
Isolating the servers is the best immediate action to take after reporting the incident to the
management team, as it can limit the damage and contain the ransomware infection. Paying the
ransom is not advisable, as it does not guarantee the recovery of the data and may encourage further
attacks. Notifying law enforcement is a possible step, but not the next one after reporting.
Requesting that the affected servers be restored immediately may not be feasible or effective, as it
depends on the availability and integrity of backups, and it does not address the root cause of the
attack.
Verified Reference:

https://www.comptia.org/blog/what-is-ransomware-and-how-to-protect-yourself
https://www.comptia.org/certifications/comptia-advanced-security-practitioner

30.A security engineer is assessing a legacy server and needs to determine if FTP is running and on
which port. The service cannot be turned off, as it would impact a critical application's ability to
function.
Which of the following commands would provide the information necessary to create a firewall rule to
prevent that service from being exploited?
A. service ?status-ali I grep ftpd
B. chkconfig --list
C. neestat -tulpn
D. systeactl list-unit-file ?type service ftpd
E. service ftpd. status
Answer: C
Explanation:
The netstat -tulpn command is used to display network connections, routing tables, interface
statistics, masquerade connections, and multicast memberships. The -tulpn options specifically show
TCP and UDP connections with the process ID and the name that is listening on each port, which
would provide the necessary information to identify if FTP is running and on which port without turning
the service off. This information can then be used to create a precise firewall rule to prevent the FTP
service from being exploited.
31.A security engineer is performing a threat modeling procedure against a machine learning system
that correlates analytic information for decision support.
Which of the following threat statements most likely applies to this type of system?
A. An attacker is able to overload the system with incorrect information.
B. An attacker conducts a password-spraying attack against the system's authentication method.
C. An attacker exploits a server-side request forgery attack.
D. An attacker accesses information that should not be disclosed due to an authorization error.
Answer: A
Explanation:
Overloading a machine learning system with incorrect information is an example of poisoning the data
set, which can compromise the integrity of decision-making processes. This aligns with CASP+
objective 2.3, which involves threat modeling and mitigating risks associated with AI and ML systems.

32.A company in the financial sector receives a substantial number of customer transaction requests
via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an
unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations
employee who has access to several of the compromised accounts. Subsequent antivirus scans of
the device do not return an findings, but the CIRT finds undocumented services running on the
device.
Which of the following controls would reduce the discovery time for similar in the future.
A. Implementing application blacklisting
B. Configuring the mall to quarantine incoming attachment automatically
C. Deploying host-based firewalls and shipping the logs to the SIEM
D. Increasing the cadence for antivirus DAT updates to twice daily
Answer: C

33.A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure.
The Chief Information Security Officer asks the security engineer to design connectivity to meet the
following requirements:
Only users with corporate-owned devices can directly access servers hosted by the cloud provider.
The company can control what SaaS applications each individual user can access.
User browser activity can be monitored.
Which of the following solutions would BEST meet these requirements?
A. IAM gateway, MDM, and reverse proxy
B. VPN, CASB, and secure web gateway
C. SSL tunnel, DLP, and host-based firewall
D. API gateway, UEM, and forward proxy
Answer: B
Explanation:
A VPN (virtual private network) can provide secure connectivity for remote users to access servers
hosted by the cloud provider. A CASB (cloud access security broker) can enforce policies and
controls for accessing SaaS applications. A secure web gateway can monitor and filter user browser
activity to prevent malicious or unauthorized traffic.
Verified Reference:
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
https://www.comptia.org/blog/what-is-a-vpn
34.Which of the following is a security concern for DNP3?
A. Free-form messages require support.
B. Available function codes are not standardized.
C. Authentication is not allocated.
D. It is an open source protocol.
Answer: C
Explanation:
One of the known security concerns with the Distributed Network Protocol version 3 (DNP3), which is
used in SCADA systems, is the lack of built-in security features, including authentication. This means
that by default, it does not verify the identity of the entities communicating, making it susceptible to
unauthorized access and commands.

35.An analyst is working to address a potential compromise of a corporate endpoint and discovers the
attacker accessed a user’s credentials. However, it is unclear if the system baseline was modified to
achieve persistence.
Which of the following would most likely support forensic activities in this scenario?
A. Side-channel analysis
B. Bit-level disk duplication
C. Software composition analysis
D. SCAP scanner
Answer: B
Explanation:
Bit-level disk duplication creates an exact copy of the storage device, preserving the system's state
for in-depth forensic analysis. This helps identify any unauthorized changes to the baseline or other
artifacts of compromise. This aligns with CASP+ objective 5.2, which emphasizes conducting forensic
activities and ensuring evidence integrity during investigations.

36.During a review of events, a security analyst notes that several log entries from the FIM system
identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst
receives alerts from the DLP system that indicate an employee is sending sensitive data to an
external email address.
Which of the following would be the most relevant to review in order to gain a better understanding of
whether these events are associated with an attack?
A. Configuration management tool
B. Intrusion prevention system
C. Mobile device management platform
D. Firewall access control list
E. NetFlow logs
Answer: E
Explanation:
NetFlow logs provide visibility into network traffic patterns and volume, which can be analyzed to
detect anomalies, including potential security incidents. They can be invaluable in correlating the
timing and nature of network events with security incidents to better understand if there is an
association.

37.In preparation for the holiday season, a company redesigned the system that manages retail sales
and moved it to a cloud service provider. The new infrastructure did not meet the company’s
availability requirements.
During a postmortem analysis, the following issues were highlighted:
38.Which of the following best describes what happens if chain of custody is broken?
A. Tracking record details are not properly labeled.
B. Vital evidence could be deemed inadmissible.
C. Evidence is not exhibited in the court of law.
D. Evidence will need to be recollected.
Answer: B
Explanation:
Chain of custody is critical in legal contexts as it documents the seizure, custody, control, transfer,
analysis, and disposition of evidence. If the chain of custody is broken, it means there is a possibility
that the evidence could have been tampered with or compromised, which can lead to it being deemed
inadmissible in court.

39.A small business requires a low-cost approach to theft detection for the audio recordings it
produces and sells.
Which of the following techniques will MOST likely meet the business’s needs?
A. Performing deep-packet inspection of all digital audio files
B. Adding identifying filesystem metadata to the digital audio files
C. Implementing steganography
D. Purchasing and installing a DRM suite
Answer: C
Explanation:
Steganography is a technique that can hide data within other files or media, such as images, audio, or
video. This can provide a low-cost approach to theft detection for the audio recordings produced and
sold by the small business, as it can embed identifying information or watermarks in the audio files
that can reveal their origin or ownership. Performing deep-packet inspection of all digital audio files
may not be feasible or effective for theft detection, as it could consume a lot of bandwidth and
resources, and it may not detect hidden data within encrypted packets. Adding identifying filesystem
metadata to the digital audio files may not provide enough protection for theft detection, as filesystem
metadata can be easily modified or removed by unauthorized parties. Purchasing and installing a
DRM (digital rights management) suite may not be a low-cost approach for theft detection, as it could
involve licensing fees and hardware requirements.
Verified Reference:
https://www.comptia.org/blog/what-is-steganography
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

40.A vulnerability scanner detected an obsolete version of an open-source file-sharing application on

one of a company’s Linux servers. While the software version is no longer supported by the OSS
community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities,
and agrees to support the software in the future.
Based on this agreement, this finding is BEST categorized as a:
A. true positive.
B. true negative.
C. false positive.
D. false negative.
Answer: C

41.Due to internal resource constraints, the management team has asked the principal security
architect to recommend a solution that shifts partial responsibility for application-level controls to the
cloud provider.
In the shared responsibility model, which of the following levels of service meets this requirement?
A. laaS
B. SaaS
C. FaaS
D. PaaS
Answer: D

42.A Chief Information Security Officer (CISO) received a call from the Chief Executive Officer (CEO)
about a data breach from the SOC lead around 9:00 a.m. At 10:00 a.m. The CEO informs the CISO
that a breach of the firm is being reported on national news. Upon investigation, it is determined that a
network administrator has reached out to a vendor prior to the breach for information on a security
patch that failed to be installed.
Which of the following should the CISO do to prevent this from happening again?
A. Properly triage events based on brand imaging and ensure the CEO is on the call roster.
B. Create an effective communication plan and socialize it with all employees.
C. Send out a press release denying the breach until more information can be obtained.
D. Implement a more robust vulnerability identification process.
Answer: B
Explanation:
To prevent similar issues from occurring again, the CISO should create an effective communication
plan and ensure all employees are aware of it. A clear communication plan ensures that critical
security information, such as breaches or vulnerabilities, is promptly communicated to the right
stakeholders (e.g., the CEO) in a timely manner, preventing situations where the media reports on
breaches before internal teams are fully informed. CASP+ emphasizes the importance of having
structured communication protocols during security incidents to ensure accurate and timely
responses.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations
(Incident Communication Plans)
CompTIA CASP+ Study Guide: Developing and Implementing Effective Incident Communication
Plans

43.A security analyst identified a vulnerable and deprecated runtime engine that is supporting a public-
facing banking application. The developers anticipate the transition to modern development
environments will take at least a month.
Which of the following controls would best mitigate the risk without interrupting the service during the
transition?
A. Shutting down the systems until the code is ready
B. Uninstalling the impacted runtime engine
C. Selectively blocking traffic on the affected port
D. Configuring IPS and WAF with signatures
Answer: D
Explanation:
Given the vulnerability in the deprecated runtime engine, configuring an IPS (Intrusion Prevention
System) and WAF (Web Application Firewall) with appropriate signatures is the best temporary
control. This allows the organization to monitor and block potential attacks targeting known
vulnerabilities in the runtime engine while the developers work on the transition. Shutting down the
systems or uninstalling the runtime engine would cause service interruptions, and blocking traffic
might disrupt legitimate users. IPS and WAF provide an active layer of defense without interrupting
service. CASP+ emphasizes the use of layered security, including IPS and WAF, to mitigate risks in
public-facing applications.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (Web
Application Firewalls, Intrusion Prevention Systems)
CompTIA CASP+ Study Guide: Mitigating Application Vulnerabilities with WAFs and IPS

44.An organization developed a social media application that is used by customers in multiple remote
geographic locations around the world. The organization’s headquarters and only datacenter are
located in New York City.
The Chief Information Security Officer wants to ensure the following requirements are met for the
social media application:
Low latency for all mobile users to improve the users’ experience
SSL offloading to improve web server performance
Protection against DoS and DDoS attacks
High availability
Which of the following should the organization implement to BEST ensure all requirements are met?
A. A cache server farm in its datacenter
B. A load-balanced group of reverse proxy servers with SSL acceleration
C. A CDN with the origin set to its datacenter
D. Dual gigabit-speed Internet connections with managed DDoS prevention
Answer: B

45.A new requirement for legislators has forced a government security team to develop a validation
process to verify the integrity of a downloaded file and the sender of the file.
Which of the following is the BEST way for the security team to comply with this requirement?
A. Digital signature
B. Message hash
C. Message digest
D. Message authentication code
Answer: A
Explanation:
A digital signature is a cryptographic technique that allows the sender of a file to sign it with their
private key and the receiver to verify it with the sender’s public key. This ensures the integrity and
authenticity of the file, as well as the non-repudiation of the sender. A message hash or a message
digest is a one-way function that produces a fixed-length output from an input, but it does not provide
any information about the sender. A message authentication code (MAC) is a symmetric-key
technique that allows both the sender and the receiver to generate and verify a code using a shared
secret key, but it does not provide non-repudiation.
Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives],
Domain 2: Enterprise Security Architecture, Objective 2.1: Apply cryptographic techniques

46.A security engineer needs to implement a cost-effective authentication scheme for a new web-
based application that requires:
• Rapid authentication
• Flexible authorization
• Ease of deployment
• Low cost but high functionality
Which of the following approaches best meets these objectives?
A. Kerberos
B. EAP
C. SAML
D. OAuth
E. TACACS+
Answer: D
Explanation:
OAuth, which stands for Open Authorization, is a standard for authorization that enables secure token-
based access. It allows users to grant a web application access to their information on another web
application without giving them the credentials for their account. OAuth is particularly useful for rapid
authentication, flexible authorization, ease of deployment, and offers high functionality at a low cost,
making it an ideal choice for new web-based applications. This approach is well-suited for situations
where web applications need to interact with each other on behalf of the user, without sharing user's
password, such as integrating a geolocation application with Facebook. OAuth uses tokens issued by
an authorization server, providing restricted access to a user's data, which aligns with the objectives
of rapid authentication, flexible authorization, ease of deployment, and cost-effectiveness.

47.In order to authenticate employees who, call in remotely, a company's help desk staff must be able
to view partial Information about employees because the full information may be considered sensitive.
Which of the following solutions should be implemented to authenticate employees?
A. Data scrubbing
B. Field masking
C. Encryption in transit
D. Metadata
Answer: B
Explanation:
Field masking is a technique that hides or obscures part of the information in a data field, such as a
password, credit card number, or social security number. Field masking can be used to protect
sensitive or confidential data from unauthorized access or disclosure, while still allowing authorized
users to view or verify the data.
Field masking should be implemented to authenticate employees who call in remotely by allowing the
help desk staff to view partial information about employees, because field masking would: Enable the
help desk staff to verify the identity of the employees by asking them to provide some characters or
digits from their data fields, such as their employee ID or email address.
Prevent the help desk staff from viewing the full information about employees, which may be
considered sensitive and subject to privacy regulations or policies.
Reduce the risk of data leakage, theft, or misuse by limiting the exposure of sensitive data to only
those who need it.

48.An internal security assessor identified large gaps in a company's IT asset inventory system during
a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to
avoid external findings, the assessor chooses not to report the gaps in the inventory system.
Which of the following legal considerations is the assessor directly violating?
A. Due care
B. Due diligence
C. Due process
D. Due notice
Answer: A
Explanation:
Due care refers to the effort made by an ordinarily prudent or reasonable party to avoid harm to
another party. By not reporting the gaps in the inventory system, the assessor is neglecting their
responsibility and not exercising the due care that is expected of them, which could lead to legal
ramifications for non-compliance or other security breaches.

49.A company publishes several APIs for customers and is required to use keys to segregate
customer data sets.
Which of the following would be BEST to use to store customer keys?
A. A trusted platform module
B. A hardware security module
C. A localized key store
D. A public key infrastructure
Answer: D
Explanation:
A public key infrastructure (PKI) is a system of certificates and keys that can provide encryption and
authentication for APIs (application programming interfaces). A PKI can be used to store customer
keys for accessing APIs and segregating customer data sets. A trusted platform module (TPM) is a
hardware device that provides cryptographic functions and key storage, but it is not suitable for
storing customer keys for APIs. A hardware security module (HSM) is similar to a TPM, but it is used
for storing keys for applications, not for APIs. A localized key store is a software component that
stores keys locally, but it is not as secure or scalable as a PKI.
Verified Reference:
https://www.comptia.org/blog/what-is-pki
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

50.The management team at a company with a large, aging server environment is conducting a
server risk assessment in order to create a replacement strategy. The replacement strategy will be
based upon the likelihood a server will fail, regardless of the criticality of the application running on a
particular server.
Which of the following should be used to prioritize the server replacements?
A. SLE
B. MTTR
C. TCO
D. MTBF
E. MSA
Answer: D
Explanation:
To prioritize server replacements based on the likelihood of failure, the MTBF (Mean Time Between
Failures) metric is most appropriate. MTBF provides a measure of the average time a server or
system is expected to operate before experiencing failure. This allows the management team to
assess which servers are more likely to fail soon, irrespective of the application criticality, and thus
should be replaced first. CASP+ highlights the use of MTBF in hardware lifecycle management and
risk assessments.
Reference: CASP+ CAS-004 Exam Objectives: Domain 1.0 C Risk Management (MTBF in Hardware
Lifecycle)
CompTIA CASP+ Study Guide: Server Risk Assessments Using MTBF and Reliability Metrics

51.Due to adverse events, a medium-sized corporation suffered a major operational disruption that
caused its servers to crash and experience a major power outage.
Which of the following should be created to prevent this type of issue in the future?
A. SLA
B. BIA
C. BCM
D. BCP
E. RTO
Answer: D
Explanation:
A Business Continuity Plan (BCP) is a set of policies and procedures that outline how an organization
should respond to and recover from disruptions [1]. It is designed to ensure that critical operations
and services can be quickly restored and maintained, and should include steps to identify risks,
develop plans to mitigate those risks, and detail the procedures to be followed in the event of a
disruption. Resources:
CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 4: “Business Continuity
Planning,” Wiley, 2018. https://www.wiley.com/en-us/CompTIA+Advanced+Security+Practitioner+CA
SP%2B+Study+Guide%2C+2nd+Edition-p-9781119396582

52.A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that examined all
aspects of the company's response plan.
Which of the following best describes what the CISO reviewed?
A. An after-action report
B. A tabletop exercise
C. A system security plan
D. A disaster recovery plan
Answer: A
Explanation:
An after-action report is a document that summarizes the performance of a team during a
cybersecurity incident. It is used to review all aspects of the incident response plan, including what
was done correctly, what needs improvement, and how the team responded to the incident. The
CISO's review of data from a cyber exercise would typically result in an after-action report, which
helps in improving future responses to incidents.

53.A security analyst sees that a hacker has discovered some keys and they are being made
available on a public website. The security analyst is then able to successfully decrypt the data using
the keys from the website.
Which of the following should the security analyst recommend to protect the affected data?
A. Key rotation
B. Key revocation
C. Key escrow
D. Zeroization
E. Cryptographic obfuscation
Answer: E

54.A security team is creating tickets to track the progress of remediation.

Which of the following is used to specify the due dates for high- and critical-priority findings?
A. MSA
B. SLA
C. ISA
D. MOU
Answer: B
Explanation:
A Service Level Agreement (SLA) is the document used to specify due dates for the remediation of
high- and critical-priority findings. SLAs outline the responsibilities of the service provider, including
time frames for addressing issues or vulnerabilities, based on their severity. By setting clear timelines
for remediation, SLAs ensure that critical security vulnerabilities are addressed in a timely manner.
CASP+ emphasizes the importance of SLAs in maintaining accountability for security operations and
ensuring compliance with organizational security policies.
Reference: CASP+ CAS-004 Exam Objectives: Domain 1.0 C Risk Management (SLAs and Security
Management)
CompTIA CASP+ Study Guide: SLAs for Security Vulnerability Management

55.A security analyst for a managed service provider wants to implement the most up-to-date and
effective security methodologies to provide clients with the best offerings.
Which of the following resources would the analyst MOST likely adopt?
A. OSINT
B. ISO
C. MITRE ATT&CK
D. OWASP
Answer: C
Explanation:
MITRE ATT&CK is a threat management framework that provides a comprehensive and detailed
knowledge base of adversary tactics and techniques based on real-world observations. It can help
security analysts to identify, understand, and prioritize potential threats, as well as to develop effective
detection and response strategies. MITRE ATT&CK covers the entire lifecycle of a cyberattack, from
initial access to impact, and provides information on how to mitigate, detect, and hunt for each
technique. It also includes threat actor profiles, software descriptions, and data sources that can be
used for threat intelligence and analysis. MITRE ATT&CK is the most likely resource that a security
analyst would adopt to implement the most up-to-date and effective security methodologies for their
clients.
Verified Reference:
https://attack.mitre.org/
https://resources.infosecinstitute.com/topic/top-threat-modeling-frameworks-stride-owasp-top-10-mitre-
attck-framework/

56.A recent data breach stemmed from unauthorized access to an employee’s company account
with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-
party OAuth application to collect sensitive information.
Which of the following BEST mitigates inappropriate access and permissions issues?
A. SIEM
B. CASB
C. WAF
D. SOAR
Answer: C
Explanation:
Reference: https://www.cloudflare.com/en-gb/learning/ddos/glossary/web-application-firewall-waf/

57.After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with
the development and security teams to find a way to reduce the security task workload.
The CISO would like to:
* Have a solution that uses API to communicate with other security tools
* Use the latest technology possible
* Have the highest controls possible on the solution
Which of following is the best option to meet these requirements?
A. EDR
B. CSP
C. SOAR
D. CASB
Answer: C
Explanation:
Security Orchestration, Automation, and Response (SOAR) solutions are designed to automate and
streamline security operations in complex environments. By utilizing APIs, SOAR platforms can
integrate with various security tools to enhance incident response processes, automate tasks, and
improve overall efficiency. This aligns with the requirements of using the latest technology and having
high control over the solution. SOAR's ability to orchestrate between different security solutions and
automate responses to threats makes it the best option to reduce the security task workload while
maintaining high controls.

58.An employee's device was missing for 96 hours before being reported. The employee called the
help desk to ask for another device.
Which of the following phases of the incident response cycle needs improvement?
A. Containment
B. Preparation
C. Resolution
D. Investigation
Answer: B
Explanation:
The incident response cycle's preparation phase includes establishing policies and procedures for
reporting lost or stolen devices promptly. If an employee's device was missing for 96 hours before
being reported, this indicates a lack of awareness or clear procedures on the employee's part,
pointing to inadequacies in the preparation phase of the incident response.

59.Which of the following processes involves searching and collecting evidence during an
investigation or lawsuit?
A. E-discovery
B. Review analysis
C. Information governance
D. Chain of custody
Answer: A
Explanation:
The process that involves searching and collecting evidence during an investigation or lawsuit is e-
discovery. E-discovery stands for electronic discovery, which is the process of identifying, preserving,
collecting, processing, reviewing, analyzing, and producing electronically stored information (ESI) that
is relevant to a legal matter. E-discovery can be used for civil litigation, criminal prosecution,
regulatory compliance, internal investigations, and other purposes. E-discovery can help parties
obtain evidence from various sources, such as emails, documents, databases, social media, cloud
services, mobile devices, and others.
Verified Reference:
https://www.techtarget.com/searchsecurity/definition/electronic-discovery
https://www.edrm.net/frameworks-and-standards/edrm-model/
https://www.law.cornell.edu/wex/electronic_discovery_(federal)
60.An ASIC manufacturer wishing to best reduce downstream supply chain risk can provide validation
instructions for consumers that:
A. Leverage physically uncloneable functions.
B. Analyze an emplaced holographic icon on the board.
C. Include schematics traceable via X-ray interrogation.
D. Incorporate MD5 hashes of the ASIC design file.
Answer: A
Explanation:
Physically uncloneable functions (PUFs) are hardware-based features that leverage intrinsic physical
properties of chips to create unique, non-reproducible identifiers. This reduces supply chain risks by
enabling robust authentication and counterfeit prevention. This method aligns with CASP+ objective
4.3, which focuses on secure hardware design and supply chain risk management, ensuring
authenticity and integrity of hardware components.

61.A DNS forward lookup zone named complia.org must:

• Ensure the DNS is protected from on-path attacks.
• Ensure zone transfers use mutual authentication and are authenticated and negotiated.
Which of the following should the security architect configure to meet these requirements? (Select
two).
A. Public keys
B. Conditional forwarders
C. Root hints
D. DNSSEC
E. CNAME records
F. SRV records
Answer: A,D
Explanation:
To protect DNS from on-path attacks and ensure that zone transfers are mutually authenticated and
secure, the security architect should configure DNSSEC and Public keys. DNSSEC (Domain Name
System Security Extensions) provides protection against DNS spoofing by digitally signing DNS data
to ensure its integrity. Public keys are crucial for mutual authentication during zone transfers, ensuring
that only authorized parties can exchange DNS zone data. Together, these options help meet both
the requirements of securing DNS queries and authenticating zone transfers with cryptographic
integrity.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (DNS
Security)
CompTIA CASP+ Study Guide: DNSSEC Implementation and Use of Public Keys

62.A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in
the development process in order to reduce the average time to identify serverless application
vulnerabilities and the costs associated with remediation The startup began its early security testing
efforts with DAST to cover public-facing application components and recently implemented a bug
bounty program.
Which of the following will BEST accomplish the company's objectives?
A. RASP
B. SAST
C. WAF
D. CMS
Answer: B
Explanation:
Static application security testing (SAST) is a method of analyzing the source code of an application
for vulnerabilities and weaknesses before it is deployed. SAST can help identify security issues earlier
in the development process, reducing the time and cost of remediation. Dynamic application security
testing (DAST) is a method of testing the functionality and behavior of an application at runtime for
vulnerabilities and weaknesses. DAST can cover public-facing application components, but it cannot
detect issues in the source code or in serverless applications. Runtime application self-protection
(RASP) is a technology that monitors and protects an application from attacks in real time by
embedding security features into the application code or runtime environment. RASP can help
prevent exploitation of vulnerabilities, but it cannot identify or fix them. A web application firewall
(WAF) is a device or software that filters and blocks malicious web traffic from reaching an
application. A WAF can help protect an application from common attacks, but it cannot detect or fix
vulnerabilities in the application code or in serverless applications.
Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives],
Domain 3: Enterprise Security Operations, Objective 3.4: Conduct security assessments using
appropriate tools

63.A hospitality company experienced a data breach that included customer Pll. The hacker used
social engineering to convince an employee to grant a third-party application access to some
company documents within a cloud file storage service.
Which of the following is the BEST solution to help prevent this type of attack in the future?
A. NGFW for web traffic inspection and activity monitoring
B. CSPM for application configuration control
C. Targeted employee training and awareness exercises
D. CASB for OAuth application permission control
Answer: D
Explanation:
The company should use CASB for OAuth application permission control to help prevent this type of
attack in the future. CASB stands for cloud access security broker, which is a software tool that
monitors and enforces security policies for cloud applications. CASB can help control which third-
party applications can access the company’s cloud file storage service and what permissions they
have. CASB can also detect and block any unauthorized or malicious applications that try to access
the company’s data.
Verified Reference:
https://www.kaspersky.com/resource-center/threats/how-to-avoid-social-engineering-attacks
https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/understanding-preventing-social-
engineering-attacks/
https://www.indusface.com/blog/10-ways-businesses-can-prevent-social-engineering-attacks/

64. Topic 4, Exam Pool D

A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that
have hit the company. The data Indicates most of the attacks came through a fake email. The
company has added training, and the CSO now wants to evaluate whether the training has been
successful.
Which of the following should the CSO implement?
A. Simulating a spam campaign
B. Conducting a sanctioned vishing attack
C. Performing a risk assessment
D. Executing a penetration test
Answer: A
Explanation:
A spam campaign is a mass distribution of unsolicited or fraudulent emails that may contain malicious
links, attachments, or requests. Spam campaigns are often used by attackers to deliver ransomware,
which is a type of malware that encrypts the victim’s data and demands a ransom for its decryption.
Simulating a spam campaign would allow the Chief Security Officer (CSO) to evaluate whether the
training has been successful in reducing the number of successful ransomware attacks that have hit
the company, because it would:
Test the employees’ ability to recognize and avoid clicking on fake or malicious emails, which is one
of the main vectors for ransomware infection.
Measure the effectiveness of the training by comparing the click-through rate and the infection rate
before and after the training.
Provide feedback and reinforcement to the employees by informing them of their performance and
reminding them of the best practices for email security.

65.A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

A. Installing a network firewall
B. Placing a WAF inline
C. Implementing an IDS
D. Deploying a honeypot
Answer: B
Explanation:
The output shows a SQL injection attack that is trying to exploit a web application. A WAF (Web
Application Firewall) is a security solution that can detect and block malicious web requests, such as
SQL injection, XSS, CSRF, etc. Placing a WAF inline would prevent the attack from reaching the web
server and database.
Reference:
https://owasp.org/www-community/attacks/SQL_Injection
https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/

66.A security architect is given the following requirements to secure a rapidly changing enterprise with
an increasingly distributed and remote workforce
• Cloud-delivered services
• Full network security stack
• SaaS application security management
• Minimal latency for an optimal user experience
• Integration with the cloud 1AM platform
Which of the following is the BEST solution?
A. Routing and Remote Access Service (RRAS)
B. NGFW
C. Managed Security Service Provider (MSSP)
D. SASE
Answer: D

67.Which of the following BEST describes a common use case for homomorphic encryption?
A. Processing data on a server after decrypting in order to prevent unauthorized access in transit
B. Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing
C. Transmitting confidential data to a CSP for processing on a large number of resources without
revealing information
D. Storing proprietary data across multiple nodes in a private cloud to prevent access by
unauthenticated users
Answer: C
Explanation:
Homomorphic encryption is a type of encryption method that allows computations to be performed on
encrypted data without first decrypting it with a secret key. The results of the computations also
remain encrypted and can only be decrypted by the owner of the private key. Homomorphic
encryption can be used for privacy-preserving outsourced storage and computation. This means that
data can be encrypted and sent to a cloud service provider (CSP) for processing, without revealing
any information to the CSP or anyone else who might intercept the data. Homomorphic encryption
can enable new services and applications that require processing confidential data on a large number
of resources, such as machine learning, data analytics, health care, finance, and voting.
A. Processing data on a server after decrypting in order to prevent unauthorized access in transit is
not a common use case for homomorphic encryption, because it does not take advantage of the main
feature of homomorphic encryption, which is computing over encrypted data. This use case can be
achieved by using any standard encryption method that provides confidentiality for data in transit. B.
Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing is
not a common use case for homomorphic encryption, because it does not take advantage of the main
feature of homomorphic encryption, which is computing over encrypted data. This use case can be
achieved by using any standard encryption method that provides confidentiality for data at rest and in
transit.
D. Storing proprietary data across multiple nodes in a private cloud to prevent access by
unauthenticated users is not a common use case for homomorphic encryption, because it does not
involve any computation over encrypted data. This use case can be achieved by using any standard
encryption method that provides confidentiality for data at rest.
https://www.splunk.com/en_us/blog/learn/homomorphic-encryption.html
https://research.aimultiple.com/homomorphic-encryption/

68.An engineering team is developing and deploying a fleet of mobile devices to be used for
specialized inventory management purposes.
These devices should:
* Be based on open-source Android for user familiarity and ease.
* Provide a single application for inventory management of physical assets.
* Permit use of the camera be only the inventory application for the purposes of scanning
* Disallow any and all configuration baseline modifications.
* Restrict all access to any device resource other than those requirement?
A. Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM
tool, and test the application restrictions.
B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the
policy, and set to enforcing mode.
C. Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove
unnecessary functions via MDL, configure to block network access, and perform integration testing
D. Build and install an Android middleware policy with requirements added, copy the file into/
user/init, and then built the inventory application.
Answer: A

69.A health company has reached the physical and computing capabilities in its datacenter, but the
computing demand continues to increase. The infrastructure is fully virtualized and runs custom and
commercial healthcare application that process sensitive health and payment information.
Which of the following should the company implement to ensure it can meet the computing demand
while complying with healthcare standard for virtualization and cloud computing?
A. Hybrid IaaS solution in a single-tenancy cloud
B. Pass solution in a multinency cloud
C. SaaS solution in a community cloud
D. Private SaaS solution in a single tenancy cloud.
Answer: A
Explanation:
A hybrid IaaS solution in a single-tenancy cloud is the best option for the company to meet the
computing demand while complying with healthcare standards for virtualization and cloud computing.
A hybrid IaaS solution allows the company to use both on-premises and cloud-based resources to
scale up its capacity and performance. A single-tenancy cloud ensures that the company’s data and
applications are isolated from other customers and have dedicated resources and security controls.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide, https://www.hhs.gov/hipaa/for-
professionals/special-topics/cloud-computing/index.html

70.A forensic investigator would use the foremost command for:

A. cloning disks.
B. analyzing network-captured packets.
C. recovering lost files.
D. extracting features such as email addresses
Answer: C

71.A security architect is tasked with securing a new cloud-based videoconferencing and
collaboration platform to support a new distributed workforce.
The security architect's key objectives are to:
• Maintain customer trust
• Minimize data leakage
• Ensure non-repudiation
Which of the following would be the BEST set of recommendations from the security architect?
A. Enable the user authentication requirement, enable end-to-end encryption, and enable waiting
rooms.
B. Disable file exchange, enable watermarking, and enable the user authentication requirement.
C. Enable end-to-end encryption, disable video recording, and disable file exchange.
D. Enable watermarking, enable the user authentication requirement, and disable video recording.
Answer: B
Explanation:
Disabling file exchange can help to minimize data leakage by preventing users from sharing sensitive
documents or data through the videoconferencing platform. Enabling watermarking can help to
maintain customer trust and ensure non-repudiation by adding a visible or invisible mark to the video
stream that identifies the source or owner of the content. Enabling the user authentication
requirement can help to secure the videoconferencing sessions by verifying the identity of the
participants and preventing unauthorized access.
Verified Reference:
https://www.rev.com/blog/marketing/follow-these-7-video-conferencing-security-best-practices
https://www.paloaltonetworks.com/blog/2020/04/network-video-conferencing-security/
https://www.megameeting.com/news/best-practices-secure-video-conferencing/

72.A managed security provider (MSP) is engaging with a customer who was working through a
complete digital transformation Part of this transformation involves a move to cloud servers to ensure
a scalable, high-performance, online user experience
The current architecture includes:
• Directory servers
• Web servers
• Database servers
• Load balancers
• Cloud-native VPN concentrator
• Remote access server
The MSP must secure this environment similarly to the infrastructure on premises.
Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)
A. Content delivery network
B. Virtual next-generation firewall
C. Web application firewall
D. Software-defined WAN
E. External vulnerability scans
F. Containers
G. Microsegmentation
Answer: B,C,G
Explanation:
A virtual next-generation firewall (vNGFW) is a software version of a NGFW that can be deployed on
cloud servers to provide advanced network security features. A vNGFW can help secure the cloud
environment similarly to the infrastructure on premises by providing functions such as URL filtering,
SSL/TLS inspection, deep packet inspection, antivirus, IPS, application control, and sandboxing. A
web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from
reaching an application. A WAF can help secure the web servers in the cloud environment by
protecting them from common attacks such as SQL injection, cross-site scripting (XSS), and cross-
site request forgery (CSRF). Microsegmentation is a technique that divides a network into smaller
segments or zones based on criteria such as identity, role, or function. Microsegmentation can help
secure the cloud environment by isolating different types of servers and applying granular security
policies to each segment.
A content delivery network (CDN) is a distributed system of servers that delivers web content to users
based on their geographic location, the origin of the content, and the performance of the network. A
CDN can help improve the availability and performance of web applications by caching content closer
to the users, reducing latency and bandwidth consumption. However, a CDN does not provide the
same level of security as a vNGFW or a WAF. Software-defined WAN (SD-WAN) is a technology that
uses software to manage the connectivity and routing of wide area network (WAN) traffic across
multiple links or carriers. SD-WAN can help improve the reliability and efficiency of WAN connections
by dynamically selecting the best path for each application based on factors such as bandwidth,
latency, cost, and quality of service (QoS). However, SD-WAN does not provide the same level of
security as a vNGFW or a WAF. External vulnerability scans are assessments that identify and report
on the vulnerabilities and weaknesses of an IT system from an external perspective. External
vulnerability scans can help improve the security posture of an IT system by providing visibility into its
exposure to potential threats. However, external vulnerability scans do not provide the same level of
protection as a vNGFW or a WAF. Containers are units of software that package an application and
its dependencies into a standardized format that can run on any platform or environment. Containers
can help improve the portability and scalability of applications by allowing them to run independently
from the underlying infrastructure. However, containers do not provide the same level of security as
microsegmentation.
Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives],
Domain 2: Enterprise Security Architecture, Objective 2.3: Implement solutions for the secure use of
cloud services

73.The information security manager at a 24-hour manufacturing facility is reviewing a contract for
potential risks to the organization. The contract pertains to the support of printers and multifunction
devices during non-standard business hours.
Which of the following will the security manager most likely identify as a risk?
A. Print configurations settings for locked print jobs
B. The lack of an NDA with the company that supports its devices
C. The lack of an MSA to govern other services provided by the service provider
D. The lack of chain of custody for devices prior to deployment at the company
Answer: B
Explanation:
A non-disclosure agreement (NDA) is crucial when external parties are provided access to sensitive
company devices or information. The absence of an NDA poses a risk that confidential information
could be disclosed by the service provider. Therefore, ensuring an NDA is in place with the company
that supports sensitive devices would be a key risk identified in the contract.

74.A development team created a mobile application that contacts a company’s back-end APIs
housed in a PaaS environment. The APIs have been experiencing high processor utilization due to
scraping activities. The security engineer needs to recommend a solution that will prevent and
remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two.)
A. Bot protection
B. OAuth 2.0
C. Input validation
D. Autoscaling endpoints
E. Rate limiting
F. CSRF protection
Answer: D,E
Explanation:
Reference: https://stackoverflow.com/questions/3161548/how-do-i-prevent-site-scraping

75.Which of the following describes how a risk assessment is performed when an organization has a
critical vendor that provides multiple products?
A. At the individual product level
B. Through the selection of a random product
C. Using a third-party audit report
D. By choosing a major product
Answer: A
Explanation:
When conducting a risk assessment for a vendor that provides multiple products, it is important to
perform the assessment at the individual product level. Each product might have different risk factors,
security requirements, and vulnerabilities, so assessing each one ensures a comprehensive
understanding of the risks involved. Assessing randomly or only major products could leave gaps in
understanding the risks for smaller but still critical products. CASP+ emphasizes that risk
assessments should be detailed and product-specific for a thorough evaluation.
Reference: CASP+ CAS-004 Exam Objectives: Domain 1.0 C Risk Management (Vendor and
Product Risk Assessments)
CompTIA CASP+ Study Guide: Vendor Risk Management

76.Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party
entity?
A. Key sharing
B. Key distribution
C. Key recovery
D. Key escrow
Answer: D
Explanation:
Key escrow is a process that involves storing encryption keys with a trusted third party, such as a
CASB (Cloud Access Security Broker) or a government agency. Key escrow can enable authorized
access to encrypted data in case of emergencies, legal issues, or data recovery. However, key
escrow also introduces some risks and challenges, such as trust, security, and privacy.
Reference:
https://www.techopedia.com/definition/1772/key-escrow
https://searchsecurity.techtarget.com/definition/key-escrow

77.A company's BIA indicates that any loss of more than one hour of data would be catastrophic to
the business.
Which of the following must be in place to meet this requirement?
A. RPO
B. RTO
C. SLA
D. DRP
E. BCP
Answer: A
Explanation:
Step by Step
RPO (Recovery Point Objective): Specifies the maximum acceptable amount of data loss measured
in time. If data loss of more than one hour is unacceptable, the RPO should be set to less than or
equal to one hour.
RTO (Recovery Time Objective): Refers to the acceptable duration of system downtime, which is not
relevant to the question.
The BCP, DRP, and SLA do not directly address data loss.
Reference: CASP+ Exam Objectives 1.3 C Analyze BIA results to determine RPO and RTO
requirements.

78.An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the
code was compiled. The malicious code is now running at the hardware level across a number of
industries and sectors.
Which of the following categories BEST describes this type of vendor risk?
A. SDLC attack
B. Side-load attack
C. Remote code signing
D. Supply chain attack
Answer: D

79.Immediately following the report of a potential breach, a security engineer creates a forensic image
of the server in question as part of the organization incident response procedure.
Which of the must occur to ensure the integrity of the image?
A. The image must be password protected against changes.
B. A hash value of the image must be computed.
C. The disk containing the image must be placed in a seated container.
D. A duplicate copy of the image must be maintained
Answer: B

80.An organization's finance system was recently attacked. A forensic analyst is reviewing the
contents of the compromised files for credit card data.
Which of the following commands should the analyst run to BEST determine whether financial data
was lost?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C

81.The IT team suggests the company would save money by using self-signed certificates, but the
security team indicates the company must use digitally signed third-party certificates.
Which of the following is a valid reason to pursue the security team's recommendation?
A. PKCS #10 is still preferred over PKCS #12.
B. Private-key CSR signage prevents on-path interception.
C. There is more control in using a local certificate over a third-party certificate.
D. There is minimal benefit in using a certificate revocation list.
Answer: B
Explanation:
Digitally signed third-party certificates provide greater security assurance because they are verified by
trusted Certificate Authorities (CAs) and offer protection against on-path (man-in-the-middle)
interception. Private-key Certificate Signing Request (CSR) signage helps ensure that communication
cannot be intercepted or modified by malicious actors. Self-signed certificates, on the other hand, are
not trusted outside the local environment and do not provide the same level of protection against on-
path attacks. CASP+ emphasizes the security benefits of using third-party-signed certificates for
securing communications over public networks.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (PKI,
SSL/TLS Certificates)
CompTIA CASP+ Study Guide: The Role of Certificate Authorities in Secure Communication

82.An organization is rolling out a robust vulnerability management system to monitor SCADA
devices on the network.
Which of the following scan types should be used to monitor these system types?
A. Web application
B. Agent
C. Passive
D. Authenticated
Answer: C
Explanation:
Passive scanning is the safest approach for SCADA systems to avoid disrupting their operations. It
detects vulnerabilities by analyzing network traffic without directly interacting with the systems,
aligning with CASP+ objective 4.2, which focuses on securing critical systems and reducing risks
during vulnerability management.

83.A software development company is building a new mobile application for its social media
platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between
the mobile client and its servers and by implementing stronger digital trust.
To support users' trust, the company has released the following internal guidelines:
• Mobile clients should verify the identity of all social media servers locally.
• Social media servers should improve TLS performance of their certificate status
• Social media servers should inform the client to only use HTTPS.
Given the above requirements, which of the following should the company implement? (Select TWO).
A. Quick UDP internet connection
B. OCSP stapling
C. Private CA
D. DNSSEC
E. CRL
F. HSTS
G. Distributed object model
Answer: B,F
Explanation:
The company should implement OCSP stapling and HSTS to improve TLS performance and enforce
HTTPS. OCSP stapling is a technique that allows a server to provide a signed proof of the validity of
its certificate along with the TLS handshake, instead of relying on the client to contact the certificate
authority (CA) for verification. This can reduce the latency and bandwidth of the TLS handshake, as
well as improve the privacy and security of the certificate status. HSTS stands for HTTP Strict
Transport Security, which is a mechanism that instructs browsers to only use HTTPS when
connecting to a website, and to reject any unencrypted or invalid connections. This can prevent
downgrade attacks, man-in-the-middle attacks, and mixed content errors, as well as improve the
performance of HTTPS connections by avoiding unnecessary redirects.
Verified Reference:
https://www.techtarget.com/searchsecurity/definition/OCSP-stapling
https://www.techtarget.com/searchsecurity/definition/HTTP-Strict-Transport-Security
https://www.cloudflare.com/learning/ssl/what-is-hsts/

84.In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP
relies on:
A. cloud-native applications.
B. containerization.
C. serverless configurations.
D. software-defined netWorking.
E. secure access service edge.
Answer: D
Explanation:
Defining ACLs in a CSP relies on software-defined networking. Software-defined networking (SDN) is
a network architecture that decouples the control plane from the data plane, allowing for centralized
and programmable network management. SDN can enable dynamic and flexible network
configuration and optimization, as well as improved security and performance. In a CSP, SDN can be
used to define ACLs that can apply to virtual networks, subnets, or interfaces, regardless of the
physical infrastructure. SDN can also allow for granular and consistent ACL enforcement across
different cloud services and regions.
Verified Reference:
https://www.techtarget.com/searchsdn/definition/software-defined-networking-SDN
https://learn.microsoft.com/en-us/azure/architecture/guide/networking/network-security
https://www.techtarget.com/searchcloudcomputing/definition/cloud-networking

85.An analyst received a list of IOCs from a government agency.

The attack has the following characteristics:

86.Company A is establishing a contractual with Company

B. The terms of the agreement are formalized in a document covering the payment terms, limitation of
liability, and intellectual property rights.
Which of the following documents will MOST likely contain these elements
A. Company A-B SLA v2.docx
B. Company A OLA v1b.docx
C. Company A MSA v3.docx
D. Company A MOU v1.docx
E. Company A-B NDA v03.docx
Answer: C
Explanation:
A MSA stands for master service agreement, which is a document that covers the general terms and
conditions of a contractual relationship between two parties. It usually includes payment terms,
limitation of liability, intellectual property rights, dispute resolution, and other clauses that apply to all
 services provided by one party to another.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide, https://www.upcounsel.com/master-
service-agreement

Get CAS-004 exam dumps full version.

Powered by TCPDF (www.tcpdf.org)