CAS004 CompTIA Advanced Security Practitioner (CASP+) CAS004 Free Practice Test — 30 Questions

Question 1

A cybersecurity operations center (SOC) detects a sophisticated, previously unknown exploit targeting a critical business application. Threat intelligence indicates that the exploit is polymorphic, constantly altering its signature to evade traditional antivirus solutions. The organization\'s current security framework primarily relies on signature-based detection and static firewall rules. Given the immediate need to protect sensitive data and maintain business continuity, which of the following strategic adjustments would most effectively address the evolving threat and demonstrate adaptability in the face of ambiguity?

Accepted Answer

Augmenting existing endpoint detection and response (EDR) solutions with behavioral analysis modules and implementing micro-segmentation across the network to limit lateral movement.

Question 2

A sophisticated ransomware attack has encrypted critical operational data across multiple servers within a financial institution, demanding a significant cryptocurrency payment for decryption. Simultaneously, a zero-day vulnerability is discovered in the firm\'s public-facing trading platform, threatening client financial assets. The Chief Information Security Officer (CISO) must immediately direct response efforts, coordinate with legal and compliance teams regarding regulatory notification requirements under GDPR and CCPA, and communicate with executive leadership about the escalating threats and potential business impact. Which behavioral competency is most critically being assessed in this high-stakes, multi-faceted emergency?

Accepted Answer

Crisis Management

Question 3

A global financial institution\'s cybersecurity operations center (SOC) is experiencing a surge in sophisticated, multi-stage attacks that exploit zero-day vulnerabilities in widely used enterprise software. Existing intrusion detection systems are frequently bypassed, and incident response times are increasing. The Chief Information Security Officer (CISO) has tasked the lead security architect, Anya Sharma, with developing a revised operational strategy within two weeks to counter these emergent threats. Anya must lead her cross-functional team, which includes threat intelligence analysts, incident responders, and security engineers, through this critical pivot. Which of the following actions would best demonstrate Anya\'s leadership potential and her team\'s adaptability in this high-pressure, ambiguous situation?

Accepted Answer

Initiate a comprehensive review of current threat intelligence feeds, collaboratively develop a revised incident response playbook incorporating new detection and mitigation techniques, and establish a temporary "innovation sprint" for the engineering team to prototype novel defense mechanisms, ensuring clear communication of these changes and rationale to all stakeholders.

Question 4

An advanced security practitioner is alerted to a critical zero-day exploit actively propagating within a segmented industrial control system (ICS) network that manages a critical infrastructure facility. Initial telemetry indicates unauthorized command execution on several supervisory control units. The primary objective is to mitigate immediate operational risks while preventing further compromise without causing a system-wide shutdown. Which of the following actions represents the most prudent immediate response?

Accepted Answer

Isolate compromised network segments by reconfiguring firewall rules and disabling specific network interfaces, while concurrently analyzing available telemetry and logs to understand the exploit's behavior and scope, and prepare for targeted eradication.

Question 5

A cybersecurity team is tasked with fortifying a multi-cloud environment against a newly identified advanced persistent threat (APT) that is actively exploiting legacy authentication protocols within the organization\'s core cloud services. Simultaneously, the organization has mandated a 15% reduction in operational expenditures across all departments within the next fiscal quarter. The team must present a revised security strategy that addresses the immediate threat and aligns with the budgetary constraints, emphasizing adaptability and resilience. Which of the following strategies would best meet these requirements?

Accepted Answer

Enhance identity and access management (IAM) controls, implement micro-segmentation within cloud workloads, and leverage native cloud security services for threat detection and response, while optimizing existing configurations for cost efficiency.

Question 6

A cybersecurity division is tasked with transitioning the entire enterprise infrastructure to a zero-trust model. This involves significant changes to network segmentation, access controls, and identity management, impacting multiple departments. The project faces initial resistance due to perceived complexity and disruption to established workflows. Which leadership strategy would most effectively guide the team through this critical phase, ensuring successful adoption and minimizing operational friction?

Accepted Answer

Articulate a clear, compelling vision for the zero-trust architecture, foster cross-functional collaboration by establishing working groups, and provide regular, constructive feedback to address challenges and reinforce progress.

Question 7

An advanced persistent threat (APT) group has successfully exploited a zero-day vulnerability in the proprietary firmware of critical industrial control systems (ICS) used by a national energy provider. The vulnerability, which allows for remote code execution and system manipulation, has been publicly disclosed, creating an urgent need for immediate action. The cybersecurity team has identified a temporary mitigation strategy: segmenting the affected ICS network from the broader corporate network and the internet. However, this segmentation will temporarily halt a critical, scheduled firmware upgrade for the ICS, which is designed to enhance performance and meet upcoming environmental compliance mandates. The provider is subject to strict regulations like NERC CIP. What is the MOST effective immediate course of action that balances risk reduction, operational continuity, and regulatory compliance?

Accepted Answer

Immediately segment the affected ICS network segment, initiate a rapid assessment of the upgrade's impact and develop a revised upgrade plan with potential interim compensating controls, engage with regulatory bodies regarding the incident and revised timeline, and prioritize the development of a permanent firmware patch.

Question 8

A global financial institution is migrating its critical customer data and trading platforms to a hybrid multi-cloud environment. To comply with strict regulatory mandates such as the Gramm-Leach-Bliley Act (GLBA) and the General Data Protection Regulation (GDPR), and to enhance its security posture against sophisticated cyber threats, the organization is adopting a comprehensive Zero Trust security model. The primary challenge lies in establishing consistent, granular access controls and maintaining unified visibility across diverse cloud service providers (e.g., AWS, Azure, Google Cloud) and on-premises infrastructure, while enabling secure remote access for a large, geographically dispersed workforce and numerous third-party vendors. Which of the following strategic initiatives would best support the successful implementation and ongoing management of this Zero Trust architecture in such a complex, regulated environment?

Accepted Answer

Deploying a unified policy engine capable of enforcing granular access controls based on dynamic risk assessments of user identity, device health, and contextual data, coupled with centralized logging and analytics for continuous monitoring and compliance reporting across all environments.

Question 9

A critical zero-day vulnerability affecting a proprietary industrial control system (ICS) protocol has been disclosed, posing an immediate threat to the organization\'s manufacturing operations. Vendor patches are not yet available, and initial threat intelligence is limited, creating significant operational ambiguity. Which of the following initial containment strategies would be most effective in mitigating the immediate risk while awaiting further intelligence and remediation options?

Accepted Answer

Implement strict network segmentation and enhance access control policies for all ICS network segments.

Question 10

A cybersecurity operations center (SOC) is struggling with a significant increase in alert volume, leading to analyst burnout and a perceived inability to identify critical threats amidst the noise. The team\'s current incident response times are lengthening, and the effectiveness of their threat hunting activities is diminishing. The chief information security officer (CISO) has tasked the SOC manager with developing a new strategy to address this persistent challenge, emphasizing adaptability and a pivot from simply processing more alerts to processing fewer, more relevant ones. Which of the following strategic adjustments would most effectively address the team\'s current predicament and align with the CISO\'s directive?

Accepted Answer

Proactively refine Security Information and Event Management (SIEM) correlation rules to reduce false positives and integrate curated threat intelligence feeds to contextualize and prioritize incoming security events.

Question 11

A cybersecurity operations center (SOC) team is experiencing a significant increase in sophisticated, zero-day exploits targeting their organization\'s critical infrastructure. Traditional signature-based detection methods are proving ineffective, and incident response times are lengthening as analysts struggle to understand and counter the novel attack vectors. The leadership is concerned about the team\'s ability to maintain operational effectiveness and requires a strategic shift in their response methodologies. Which behavioral competency is most critical for the SOC team to cultivate in this rapidly evolving threat environment?

Accepted Answer

Learning agility

Question 12

A cybersecurity operations center (SOC) is experiencing a surge in sophisticated, multi-vector attacks targeting critical infrastructure. Simultaneously, internal resource constraints are impacting the team\'s ability to fully implement planned upgrades to their SIEM platform. The SOC manager must quickly re-evaluate the team\'s defensive posture, integrate new threat intelligence feeds, and streamline incident response workflows to maintain operational effectiveness. Which of the following behavioral competencies is MOST critical for the SOC manager and their team to effectively navigate this complex and rapidly changing environment?

Accepted Answer

Adaptability and Flexibility

Question 13

A sophisticated, zero-day exploit targeting a proprietary inter-server communication protocol has been identified within the enterprise network. Initial telemetry indicates rapid, but not yet ubiquitous, propagation. The security operations center (SOC) must act swiftly to mitigate the threat while ensuring the continued availability of critical business functions that rely heavily on this protocol. The exact attack vector and the full extent of compromise remain unclear. Which of the following actions represents the most prudent initial step to balance containment with operational continuity?

Accepted Answer

Deploy a behavioral anomaly detection system specifically configured to monitor the proprietary protocol for deviations from its established baseline, and simultaneously initiate targeted network segmentation of segments exhibiting anomalous traffic patterns.

Question 14

A manufacturing firm\'s critical industrial control system (ICS) is currently under active exploitation by a novel zero-day vulnerability, causing intermittent operational disruptions. The vulnerability is a buffer overflow within a custom, legacy communication protocol. A permanent patch is estimated to be at least three weeks away. The security operations center (SOC) has confirmed the exploit\'s signature and its targeted nature. Given the critical infrastructure status of the facility and the immediate need to stabilize operations while awaiting a definitive fix, what is the MOST appropriate course of action?

Accepted Answer

Implement network segmentation via access control lists to isolate the affected ICS segment and deploy an intrusion prevention system (IPS) with custom-defined signatures to block the exploit's traffic patterns, followed by immediate notification to relevant regulatory bodies.

Question 15

During a critical incident involving a newly discovered zero-day exploit targeting a core enterprise application, the cybersecurity team is divided. Anya, the lead analyst, insists on an immediate, system-wide patch deployment, prioritizing speed. Ben, the incident response manager, advocates for a phased approach, starting with critical systems after a brief impact assessment to avoid operational disruption. Chloe, the senior architect, proposes a strategy that includes immediate network segmentation for affected segments, enhanced real-time monitoring of suspicious activities, and the development of a targeted, validated patch for gradual deployment. Which team member\'s proposed strategy best exemplifies adaptability and flexibility in managing the evolving threat landscape and operational constraints?

Accepted Answer

Chloe's proposal, as it incorporates layered defenses and dynamic adjustments based on ongoing analysis and potential impacts.

Question 16

A cybersecurity team is alerted to a sophisticated, previously unknown exploit targeting a critical industrial control system (ICS) within a manufacturing facility. The exploit is causing intermittent but severe operational disruptions, raising concerns about potential physical safety risks. The organization must also comply with the EU\'s NIS Directive, which requires reporting significant security incidents within a specified, short timeframe. The team needs to formulate an immediate response strategy that addresses containment, investigation, operational restoration, and regulatory obligations. Which of the following strategies would best align with these requirements?

Accepted Answer

Immediately isolate affected ICS segments, initiate comprehensive forensic analysis to understand the exploit's vector and scope, communicate findings and incident details to relevant regulatory bodies per NIS Directive timelines, and develop a phased plan for system restoration based on forensic data and risk assessment.

Question 17

A cybersecurity operations team is alerted to a sophisticated, zero-day exploit actively targeting the organization\'s public-facing web applications. Initial telemetry suggests that the exploit is attempting to leverage an unpatched vulnerability in the web server software to gain unauthorized access and exfiltrate sensitive data. The threat actors are demonstrating advanced evasion techniques, making signature-based detection challenging. The team needs to implement an immediate, effective countermeasure to halt the ongoing compromise while a full forensic analysis and remediation plan are developed. Which of the following security controls, when properly configured, would provide the most immediate and impactful defense against this specific type of active exploitation?

Accepted Answer

Deploying a Web Application Firewall (WAF) with updated behavioral analysis rules to inspect and block malicious HTTP requests.

Question 18

Following the discovery of a zero-day exploit targeting a proprietary industrial control system (ICS) network, a security operations team must react swiftly. The exploit appears to be propagating laterally, impacting several supervisory control units. The organization\'s incident response framework emphasizes minimizing operational downtime while ensuring the integrity of critical infrastructure. The team has limited information about the exploit\'s full capabilities and persistence mechanisms.

Which of the following actions represents the most prudent initial step to mitigate the immediate threat?

Accepted Answer

Isolating affected network segments and systems via firewall rules and VLAN reconfigurations

Question 19

A cybersecurity team is alerted to a sophisticated, zero-day exploit that has been observed targeting a critical industrial control system (ICS) network. The exploit appears to be propagating rapidly, and initial analysis suggests it could disrupt core operational processes, leading to significant safety hazards and economic losses. The ICS environment comprises legacy hardware and software that are not easily patched or updated due to operational constraints and vendor support limitations. The team must devise an immediate response strategy that prioritizes containment and minimizes operational impact. Which of the following approaches would be the MOST effective in this scenario?

Accepted Answer

Implement a tiered network segmentation strategy with granular access controls and enhanced monitoring on critical ICS segments to limit lateral movement and detect anomalous behavior.

Question 20

A cybersecurity operations center (SOC) detects a novel, sophisticated attack campaign targeting critical infrastructure components within its organization. Initial indicators are fragmented, and the threat actor\'s methodology is not yet fully understood, requiring the team to operate with incomplete information. The CISO has directed an immediate, multi-faceted response, which involves reallocating resources from ongoing projects, integrating new threat intelligence feeds from diverse, unverified sources, and potentially reconfiguring core network security devices. The team lead must quickly assess the situation, adjust the defensive strategy, and ensure team cohesion and productivity despite the high-pressure, ambiguous environment. Which of the following behavioral competencies is MOST critical for the security team and its lead to effectively navigate this evolving crisis?

Accepted Answer

Adaptability and Flexibility

Question 21

A sophisticated, zero-day exploit is intermittently disrupting a critical industrial control system (ICS) network, leading to unpredictable operational failures. The security operations center (SOC) has deployed initial containment measures, but the root cause remains elusive, and the threat actors appear to be adapting their tactics in real-time. The operational technology (OT) team is concerned about potential physical safety implications and maintaining essential services. Which of the following strategic responses best addresses the multifaceted challenges presented by this evolving cyber-physical threat scenario?

Accepted Answer

Immediately implement broad network segmentation, deploy advanced anomaly detection tuned for ICS behavior, establish a dedicated incident response task force comprising SOC, OT, and external threat intelligence experts, and maintain continuous, transparent communication with all stakeholders regarding progress and potential impacts.

Question 22

A nation-state sponsored advanced persistent threat (APT) has successfully exploited a previously unknown vulnerability in a critical industrial control system (ICS) network. The organization’s existing security posture, heavily reliant on perimeter defenses and known-exploit signatures, has been compromised, leading to significant operational disruption. The cybersecurity director must immediately guide the team through this crisis, which involves an ambiguous threat landscape, limited visibility into the full scope of the breach, and pressure from executive leadership to restore operations swiftly and transparently. The director needs to implement a strategic shift that not only addresses the immediate fallout but also builds future resilience against similar novel attacks. Which of the following actions represents the most effective strategic pivot to address both the immediate crisis and long-term security posture enhancement?

Accepted Answer

Implementing a zero-trust architecture and enhancing behavioral analytics to detect anomalous activities, while communicating a revised incident response roadmap to stakeholders.

Question 23

A cybersecurity operations center is tasked with integrating a cutting-edge threat intelligence platform that promises enhanced correlation and predictive analytics. During the rollout, a significant portion of the senior analyst team expresses apprehension, citing concerns about the learning curve, potential disruption to established workflows, and a perceived lack of immediate return on investment compared to their familiar, albeit less sophisticated, legacy tools. The project manager observes that these concerns are not rooted in technical flaws of the new platform but rather in a reluctance to deviate from ingrained practices.

Which behavioral competency is most critical for the project manager to leverage to ensure the successful adoption and effective utilization of this new threat intelligence platform by the entire team?

Accepted Answer

Adaptability and Flexibility

Question 24

A critical infrastructure company\'s cybersecurity operations center (SOC) is experiencing an unprecedented denial-of-service attack that is evading all signature-based intrusion detection systems and firewall rules. Key services are intermittently unavailable, and the threat actor\'s methods are not documented in any known threat intelligence feeds. The incident response team is struggling to contain the disruption using their standard operating procedures, which are heavily reliant on known attack vectors. Which core behavioral competency is most critical for the incident response lead to demonstrate to guide the team through this evolving and ambiguous crisis?

Accepted Answer

Adaptability and Flexibility

Question 25

Anya, a seasoned cybersecurity lead, oversees a diverse incident response team comprising network engineers, malware analysts, and digital forensics specialists. They are currently investigating a sophisticated, zero-day exploit for which no established playbook exists. During a critical planning session, heated debates erupt regarding the primary containment strategy, with each specialist group advocating for approaches that leverage their domain expertise but may conflict with others. The network engineers prioritize immediate network segmentation, the malware analysts focus on reverse-engineering the payload for behavioral indicators, and the forensics team emphasizes preserving volatile data before any network changes. Anya recognizes that simply dictating a solution will likely alienate some team members and potentially overlook crucial insights. Which behavioral competency is Anya most critically demonstrating by seeking to facilitate a consensus among these disparate technical viewpoints to formulate a unified response?

Accepted Answer

Teamwork and Collaboration

Question 26

A critical legacy system within a financial institution has been compromised by a sophisticated zero-day exploit that bypasses existing security controls. No vendor patches are immediately available, and the full scope of the compromise is still being determined. The incident response team is tasked with containing the threat, eradicating it, and restoring service while adhering to strict regulatory compliance requirements, including data privacy mandates like GDPR. Which of the following behavioral competencies would be MOST critical for the incident response team lead to effectively manage this evolving crisis and ensure a successful outcome?

Accepted Answer

Demonstrating adaptability and flexibility by quickly pivoting containment strategies based on new intelligence and managing the inherent ambiguity of a novel threat.

Question 27

A nation-state sponsored advanced persistent threat (APT) has successfully infiltrated a high-technology firm\'s research and development network, exfiltrating proprietary design schematics. The incident response team has identified the primary command-and-control (C2) infrastructure and the compromised endpoints. The firm operates under stringent data breach notification laws, requiring swift and accurate reporting of intellectual property theft. The security lead must decide on the immediate next steps to contain the threat, preserve forensic evidence, and ensure regulatory compliance. Which of the following sequences of actions best addresses these competing requirements?

Accepted Answer

Isolate compromised network segments to prevent further exfiltration and lateral movement, capture volatile memory dumps from critical endpoints, and then create forensic images of affected storage media.

Question 28

A distributed denial-of-service (DDoS) attack, originating from an unknown botnet utilizing novel evasion techniques, is overwhelming a company\'s primary web services. Existing DDoS mitigation solutions are failing to block the traffic effectively, and the attack\'s signature is not recognized by threat intelligence feeds. The security operations center (SOC) team is struggling to isolate the attack vector and develop immediate countermeasures. Which of the following sets of actions best demonstrates the required behavioral competencies to effectively manage this evolving, high-pressure situation?

Accepted Answer

The incident response lead initiates a rapid threat hunting exercise to identify the botnet's command-and-control infrastructure, while simultaneously tasking network engineers to analyze traffic anomalies for unique packet characteristics and instructing application developers to review recent code deployments for potential vulnerabilities, fostering open communication and collaborative problem-solving.

Question 29

A highly sophisticated zero-day exploit targeting an organization\'s critical infrastructure is actively propagating, bypassing all deployed intrusion detection systems and advanced threat hunting tools. The incident response team, initially focused on traditional IoC matching and signature updates, finds their efforts yielding no results. The attack is polymorphic, constantly altering its payload and communication channels, making static analysis difficult. The CISO has tasked the security operations manager with developing an immediate, albeit potentially unproven, strategy to contain and neutralize the threat, emphasizing speed and adaptability over absolute certainty. Which of the following represents the most critical factor for the team\'s success in this evolving crisis?

Accepted Answer

The team's demonstrated capacity for rapid adaptation of response methodologies and effective collaboration across diverse technical disciplines to identify and counter novel attack vectors.

Question 30

A critical zero-day vulnerability has been actively exploited against a core communication protocol, leading to widespread service degradation across your organization\'s network. Initial indicators suggest that the exploit bypasses signature-based detection mechanisms. What is the most prudent initial course of action for the security operations team to mitigate the immediate impact and begin the remediation process?

Accepted Answer

Isolate affected network segments, deploy host-based intrusion prevention systems (HIPS) with behavioral anomaly detection, and initiate a forensic analysis of compromised endpoints.

CAS004 CompTIA Advanced Security Practitioner (CASP+) CAS004 Free Practice Test — 30 Questions

A lot more is already mapped out

About the CAS004 CompTIA Advanced Security Practitioner (CASP+) CAS004 Certification