New CompTIA CASP+ CAS-004 Exam Questions Available
Oct 22,2021
CAS-004 exam is a new one of CompTIA CASP+ certification, and the old one CAS-003 exam will be retired on April 5, 2022. CompTIA Advanced Security Practitioner CASP+ is an advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterprise's cybersecurity readiness. CompTIA CAS-004 exam covers the technical knowledge and skills required to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise while considering the impact of governance, risk, and compliance requirements.
CompTIA CASP+ CAS-004 Exam
To take CompTIA CAS-004 exam, you need to have a minimum of ten years of general hands-on IT experience, with at least five years of broad hands-on security experience.
Number of questions: Maximum of 90
Types of questions: Multiple-choice and performance-based
Length of test: 165 minutes
Passing score: Pass/Fail only - no scaled score
CAS-004 CompTIA Certification Exam Objectives
List CompTIA Certification CAS-004 exam objectives below.
The new released CAS-004 exam questions are good material for you to test all the above CompTIA CASP+ objectives. Share some CompTIA certification CAS-004 exam questions and answers below.
A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?
A. Implement strict three-factor authentication.
B. Implement least privilege policies
C. Switch to one-time or all user authorizations.
D. Strengthen identify-proofing procedures
Answer: A
Within change management, winch of the following ensures functions are earned out by multiple employees?
A. Least privilege
B. Mandatory vacation
C. Separator of duties
D. Job rotation
Answer: A
An application development company implements object reuse to reduce life-cycle costs for the company and its clients Despite the overall cost savings, which of the following BEST describes a security risk to customers inherent within this model?
A. Configurations of applications will affect multiple products.
B. Reverse engineering of applications will lead to intellectual property loss
C. Software patch deployment will occur less often
D. Homogeneous vulnerabilities will occur across multiple products
Answer: D
A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling. Which of the following is the MOST likely explanation? (Select TWO.)
A. Outdated escalation attack
B. Privilege escalation attack
C. VPN on the mobile device
D. Unrestricted email administrator accounts
E. Chief use of UDP protocols
F. Disabled GPS on mobile devices
Answer: C,F
A PaaS provider deployed a new product using a DevOps methodology Because DevOps is used to support both development and production assets inherent separation of duties is limited. To ensure compliance with security frameworks that require a specific set of controls relating to separation of duties the organization must design and implement an appropriate compensating control. Which of the following would be MOST suitable in this scenario?
A. Configuration of increased levels of logging, monitoring and alerting on production access
B. Configuration of MFA and context-based login restrictions for all DevOps personnel
C. Development of standard code libraries and usage of the WS-security module on all web servers
D. Implementation of peer review, static code analysis and web application penetration testing against the staging environment
Answer: A