Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-004

CompTIA CAS-004 Exam
CompTIA Advanced Security Practitioner (CASP+) CAS-004 (Page 24 )

Updated On: 7-Feb-2026
Page 24 of 127
PDF with 645 Questions

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.
Which of the following security responsibilities will the DevOps team need to perform?

  1. Securely configure the authentication mechanisms.
  2. Patch the infrastructure at the operating system.
  3. Execute port scanning against the services.
  4. Upgrade the service as part of life-cycle management.

Answer(s): A



A company's Chief Information Officer wants to implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine the processes or users involved.
Which of the following would provide this information?

  1. HIPS
  2. UEBA
  3. HIDS
  4. NIDS

Answer(s): C


Reference:

https://www.sciencedirect.com/topics/computer-science/host-based-intrusion-detection-systems



The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.
Which of the following testing methods would be BEST for the engineer to utilize in this situation?

  1. Software composition analysis
  2. Code obfuscation
  3. Static analysis
  4. Dynamic analysis

Answer(s): C



A forensic investigator would use the foremost command for:

  1. cloning disks.
  2. analyzing network-captured packets.
  3. recovering lost files.
  4. extracting features such as email addresses.

Answer(s): C


Reference:

https://www.networkworld.com/article/2333727/foremost--a-linux-computer-forensics-tool.html



A software company is developing an application in which data must be encrypted with a cipher that requires the following:
-Initialization vector
-Low latency
-Suitable for streaming
Which of the following ciphers should the company use?

  1. Cipher feedback
  2. Cipher block chaining message authentication code
  3. Cipher block chaining
  4. Electronic codebook

Answer(s): A


Reference:

https://www.sciencedirect.com/topics/computer-science/symmetric-cipher






Post your Comments and Discuss CompTIA CAS-004 exam prep with other Community members:

Join the CAS-004 Discussion