Weekend Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Page: 1 / 13
Total 185 questions
Exam Code: CAS-004                Update: Jul 19, 2026
Exam Name: CompTIA SecurityX Certification Exam

CompTIA CompTIA SecurityX Certification Exam CAS-004 Exam Dumps: Updated Questions & Answers (July 2026)

Question # 1

An organization’s existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently,

the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.

Which of the following designs would be BEST for the CISO to use?

A.

Adding a second redundant layer of alternate vendor VPN concentrators

B.

Using Base64 encoding within the existing site-to-site VPN connections

C.

Distributing security resources across VPN sites

D.

Implementing IDS services with each VPN concentrator

E.

Transitioning to a container-based architecture for site-based services

Question # 2

An organization is establishing a new software assurance program to vet applications before they are introduced into the production environment, Unfortunately. many Of the applications are provided only as compiled binaries. Which Of the following should the organization use to analyze these applications? (Select TWO).

A.

Regression testing

B.

SAST

C.

Third-party dependency management

D.

IDE SAST

E.

Fuzz testing

F.

IAST

Question # 3

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

A.

Properly configure a secure file transfer system to ensure file integrity.

B.

Have the external parties sign non-disclosure agreements before sending any images.

C.

Only share images with external parties that have worked with the firm previously.

D.

Utilize watermarks in the images that are specific to each external party.

Question # 4

A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

A.

Create a change management process.

B.

Establish key performance indicators.

C.

Create an integrated master schedule.

D.

Develop a communication plan.

E.

Perform a security control assessment.

Question # 5

Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?

A.

MOU

B.

NDA

C.

SLA

D.

ISA

Question # 6

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by re reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

+ Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Question # 7

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

A.

laaS

B.

SaaS

C.

FaaS

D.

PaaS

Question # 8

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

A.

Bot protection

B.

OAuth 2.0

C.

Input validation

D.

Autoscaling endpoints

E.

Rate limiting

F.

CSRF protection

Question # 9

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

A.

Restrict directory permission to read-only access.

B.

Use server-side processing to avoid XSS vulnerabilities in path input.

C.

Separate the items in the system call to prevent command injection.

D.

Parameterize a query in the path variable to prevent SQL injection.

Question # 10

A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

A.

Mirror the blobs at a local data center.

B.

Enable fast recovery on the storage account.

C.

Implement soft delete for blobs.

D.

Make the blob immutable.

Question # 11

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.

Which of the following testing methods would be BEST for the engineer to utilize in this situation?

A.

Software composition analysis

B.

Code obfuscation

C.

Static analysis

D.

Dynamic analysis

Question # 12

A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

A.

Outdated escalation attack

B.

Privilege escalation attack

C.

VPN on the mobile device

D.

Unrestricted email administrator accounts

E.

Chief use of UDP protocols

F.

Disabled GPS on mobile devices

Question # 13

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application isreleased to thepublic, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

A.

Peer review

B.

Regression testing

C.

User acceptance

D.

Dynamic analysis

Question # 14

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Question # 15

A security engineer notices the company website allows users following example:

hitps://mycompany.com/main.php?Country=US

Which of the following vulnerabilities would MOST likely affect this site?

A.

SQL injection

B.

Remote file inclusion

C.

Directory traversal -

D.

Unsecure references

Page: 1 / 13
Total 185 questions

Most Popular Certification Exams

Payment

       

Contact us

Site Secure

mcafee secure

TESTED 19 Jul 2026