CompTIA CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Online Training
CompTIA CAS-004 Online Training
The questions for CAS-004 were last updated at Mar 01,2025.
- Exam Code: CAS-004
- Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
- Certification Provider: CompTIA
- Latest update: Mar 01,2025
Which of the following BEST sets expectation between the security team and business units within an organization?
- A . Risk assessment
- B . Memorandum of understanding
- C . Business impact analysis
- D . Business partnership agreement
- E . Services level agreement
A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option.
Which of the following is the BEST solution for this company?
- A . Community cloud service model
- B . Multinency SaaS
- C . Single-tenancy SaaS
- D . On-premises cloud service model
A security is assisting the marketing department with ensuring the security of the organization’s social media platforms. The two main concerns are:
The Chief marketing officer (CMO) email is being used department wide as the username
The password has been shared within the department
Which of the following controls would be BEST for the analyst to recommend?
- A . Configure MFA for all users to decrease their reliance on other authentication.
- B . Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
- C . Create multiple social media accounts for all marketing user to separate their actions.
- D . Ensue the password being shared is sufficiently and not written down anywhere.
A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access.
Which of the following system should the engineer consider NEXT to mitigate the associated risks?
- A . DLP
- B . Mail gateway
- C . Data flow enforcement
- D . UTM
The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:
* Transaction being requested by unauthorized individuals.
* Complete discretion regarding client names, account numbers, and investment information.
* Malicious attackers using email to malware and ransomeware.
* Exfiltration of sensitive company information.
The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing.
Which of the following is the BEST option to resolve the boar’s concerns for this email migration?
- A . Data loss prevention
- B . Endpoint detection response
- C . SSL VPN
- D . Application whitelisting
A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops.
Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?
- A . Increased network latency
- B . Unavailable of key escrow
- C . Inability to selected AES-256 encryption
- D . Removal of user authentication requirements