CompTIA CAS-004 Exam Questions - Navigate Your Path to Success

The CompTIA Advanced Security Practitioner (CASP+) Exam (CAS-004) exam is a good choice for CompTIA security architects CompTIA senior security engineers and if the candidate manages to pass CompTIA Advanced Security Practitioner (CASP+) Exam, he/she will earn CompTIA CASP Certification. Below are some essential facts for CompTIA CAS-004 exam candidates:

In actual CompTIA Advanced Security Practitioner (CASP+) Exam (CAS-004) exam, a candidate can expect 90 Questions and the officially allowed time is expected to be around 165 Minutes.
TrendyCerts offers 558 Questions that are based on actual CompTIA CAS-004 syllabus.
Our CompTIA CAS-004 Exam Practice Questions were last updated on: Mar 01, 2025

Sample Questions for CompTIA CAS-004 Exam Preparation

Question 1

A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

Aservice ---status-ali I grep ftpd

Bchkconfig --list

Cneestat -tulpn

Dsysteactl list-unit-file ---type service ftpd

Eservice ftpd. status

Correct : C

The netstat -tulpn command is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The -tulpn options specifically show TCP and UDP connections with the process ID and the name that is listening on each port, which would provide the necessary information to identify if FTP is running and on which port without turning the service off. This information can then be used to create a precise firewall rule to prevent the FTP service from being exploited.

Options Selected by Other Users:

Question 2

A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:

CAS-004 Exam Question 2 Exhibit 1

Which of the following is the most appropriate action for the SOC analyst to recommend?

ADisabling account JDoe to prevent further lateral movement

BIsolating laptop314 from the network

CAlerting JDoe about the potential account compromise

DCreating HIPS and NIPS rules to prevent logins

Correct : B

The SIEM logs indicate suspicious behavior that could be a sign of a compromise, such as the launching of cmd.exe after Outlook.exe, which is atypical user behavior and could indicate that a machine has been compromised to perform lateral movement within the network. Isolating laptop314 from the network would contain the threat and prevent any potential spread to other systems while further investigation takes place.