CAS-004 dumps have been updated as CAS-004 CASP+ certification material

CAS-004 dumps have been updated to include 267 latest exam questions and answers, covering the core of the CAS-004 CASP+ certification exam, and the best CAS-004 CASP+ certification material.

Therefore, it is strongly recommended that candidates download the Lead4Pass CAS-004 dumps and practice the CAS-004 CASP+ certification material using the PDF file or the VCE learning tool.

Now, use the Lead4pass CAS-004 dumps as the CAS-004 CASP+ certification material to ensure you successfully pass the target exam on your first attempt.

Download the CAS-004 dumps to complete the 267 CAS-004 exam practice questions, and use the following information to prepare for the CAS-004 CASP+ certification exam:

Vendor: CompTIA
Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+)
Certification: CompTIA Advanced Security Practitioner
Number of Questions: Maximum of 90 questions
Type of Questions: Multiple-choice
Length of Test: 165 Minutes
Passing Score: This test has no scaled score; it’s pass/fail only.
Price: $480 USD

You can also take the CAS-004 online practice test first:

Answers are announced at the end of the article


A security analyst is trying to identify the source of a recent data loss incident The analyst has reviewed all the logs for the time surrounding the incident and identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application.
Which of the following tools should the analyst use NEXT?

A. Software decompiler
B. Network enumerator
C. Log reduction and analysis tool
D. Static code analysis


A forensic investigator would use the foremost command for:

A. cloning disks.
B. analyzing network-captured packets.
C. recovering lost files.
D. extracting features such as email addresses.


A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization. Which of the following should be the analyst\’s FIRST action?

A. Create a full inventory of information and data assets.
B. Ascertain the impact of an attack on the availability of crucial resources.
C. Determine which security compliance standards should be followed.
D. Perform a full system penetration test to determine the vulnerabilities.


A developer wants to maintain the integrity of each module of a program and ensure the code cannot be altered by malicious users. Which of the following would be BEST for the developer to perform? (Choose two.)

A. Utilize code signing by a trusted third party.
B. Implement certificate-based authentication.
C. Verify MD5 hashes.
D. Compress the program with a password.
E. Encrypt with 3DES.
F. Make the DACL read-only.


A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.
The technician will define this threat as:

A. a decrypting RSA using obsolete and weakened encryption attack.
B. a zero-day attack.
C. an advanced persistent threat.
D. an on-path attack.


A company has experienced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets that were not properly defined. The company recently implemented some new policies and is now testing their effectiveness. Over the last three months, the number of phishing victims dropped from 100 to only two in the last test The DLP solution that was implemented catches potential material leaks, and the user response is retrained

Personal email accounts and USB drives are restricted from the corporate network.
Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?

A. Additional corporate-wide training on phishing.
B. A policy outlining what is and is not acceptable on social media.
C. Notifications when a user falls victim to a phishing attack.
D. Positive DLP preventions with stronger enforcement.


A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.
Which of the following should the company use to prevent data theft?

A. Watermarking
D. Access logging


A company\’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign. Which of the following should the company use to make this determination?

A. Threat hunting
B. A system penetration test
C. Log analysis within the SIEM tool
D. The Cyber Kill Chain


A hospital is deploying new imaging software that requires a web server for access to images for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following:

The imaging server IP is
The domain controller IP is
The client machine IP is

Which of the following should be used to confirm this is the only open port on the web server?

A. nmap “p 80,443
B. nmap “p 80,443,389,636
C. nmap “p 80,389
D. nmap “p”


A company requires a task to be carried by more than one person concurrently. This is an example:

A. separation of d duties.
B. dual control
C. least privilege
D. job rotation


A company provides guest WiFi access to the Internet and physically separates the guest network from the company\’s internal WiFi. Due to a recent incident in which an attacker gained access to the company\’s internal WiFi, the company plans to configure WPA2 Enterprise in an EAP-TLS configuration.
Which of the following must be installed on authorized hosts for this new configuration to work properly?

A. Active Directory GPOs
B. PKI certificates
C. Host-based firewall
D. NAC persistent agent


A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

A. Disable powershell.exe on all Microsoft Windows endpoints.
B. Restart Microsoft Windows Defender.
C. Configure the forward proxy to block
D. Disable local administrator privileges on the endpoints.


A host on a company\’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.
Which of the following steps would be best to perform FIRST?

A. Turn off the infected host immediately.
B. Run a full anti-malware scan on the infected host.
C. Modify the smb.conf file of the host to prevent outgoing SMB connections.
D. Isolate the infected host from the network by removing all network connections.


Verify the answer:


[Google Drive]: Download the above CAS-004 online practice questions and answers: Click to view

If you have already participated in the CAS-004 online practice and know what the next exam is planned, then, you only need to click here to get the CAS-004 dumps to ensure that you successfully pass the CAS-004 CASP+ certification exam.