Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-004

CompTIA CAS-004 Exam Questions
CompTIA Advanced Security Practitioner (CASP+) CAS-004 (Page 21 )

Updated On: 19-Apr-2026
Page 21 of 127
PDF with 645 Questions

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.
Which of the following is the NEXT step of the incident response plan?

  1. Remediation
  2. Containment
  3. Response
  4. Recovery

Answer(s): B


Reference:

https://www.sciencedirect.com/topics/computer-science/containment-strategy



A recent data breach stemmed from unauthorized access to an employee's company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.
Which of the following BEST mitigates inappropriate access and permissions issues?

  1. SIEM
  2. CASB
  3. WAF
  4. SOAR

Answer(s): B



A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:
-25
-110
-137
-138
-139
-445
Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.
Which of the following would be the BEST solution to harden the system?

  1. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.
  2. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.
  3. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.
  4. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

Answer(s): B



A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.
Which of the following should a security architect recommend?

  1. A DLP program to identify which files have customer data and delete them
  2. An ERP program to identify which processes need to be tracked
  3. A CMDB to report on systems that are not configured to security baselines
  4. A CRM application to consolidate the data and provision access based on the process and need

Answer(s): D


Reference:

https://searchdatacenter.techtarget.com/definition/configuration-management-database#:~:text=A%20configuration%20management%20database%
20(CMDB,the%20relationships%20between%20those%20components



A security analyst observes the following while looking through network traffic in a company's cloud log:
Which of the following steps should the security analyst take FIRST?

  1. Quarantine 10.0.5.52 and run a malware scan against the host.
  2. Access 10.0.5.52 via EDR and identify processes that have network connections.
  3. Isolate 10.0.50.6 via security groups.
  4. Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Answer(s): B



Viewing page 21 of 127
Viewing questions 101 - 105 out of 645 questions



Post your Comments and Discuss CompTIA CAS-004 exam dumps with other Community members:

CAS-004 Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!