[2026年03月] ベストな問題集を使おうCompTIA CASP CAS-004専門試験問題
100%の合格率を試そう!更新されたのはCAS-004試験問題 [2026]
CompTIA CAS-004、またはCompTIA Advanced Security Practitioner(CASP)試験は、高度なITセキュリティ専門家向けの認定試験です。この試験は、組織の重要な情報や資産を保護する責任があるITセキュリティ専門家の知識、スキル、能力をテストするために設計されています。CASP認定は、IT業界全体で認められており、ITセキュリティ分野でのキャリアアップにとって貴重な資格です。
質問 # 11
The primary advantage of an organization creating and maintaining a vendor risk registry is to:
- A. ensure that all assets have low residual risk.
- B. define the risk assessment methodology.
- C. study a variety of risks and review the threat landscape.
- D. ensure that inventory of potential risk is maintained.
正解:D
解説:
The primary advantage of creating and maintaining a vendor risk registry is to ensure that an inventory of potential risks is maintained. A vendor risk registry helps organizations keep track of the risks associated with third-party vendors, especially as they may introduce vulnerabilities or non-compliance issues. By maintaining this registry, the organization can continuously monitor and manage vendor-related risks in a structured way, improving its overall security posture. CASP+ emphasizes the importance of vendor risk management in an organization's broader risk management strategy.
References:
* CASP+ CAS-004 Exam Objectives: Domain 1.0 - Risk Management (Vendor Risk Management)
* CompTIA CASP+ Study Guide: Third-Party Risk Management and Risk Registries
質問 # 12
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.
Which of the following would be the BEST option to implement?
- A. SD-WAN vertical heterogeneity
- B. Content delivery network
- C. Local caching
- D. Distributed connection allocation
正解:A
解説:
SD-WAN (software-defined wide area network) vertical heterogeneity is a technique that can help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. SD-WAN vertical heterogeneity involves using different types of network links (such as broadband, cellular, or satellite) for different types of traffic (such as voice, video, or data) based on their performance and security requirements. This can optimize the network efficiency and reliability, as well as provide granular visibility and control over traffic flows. Distributed connection allocation is not a technique for preserving network bandwidth and increasing speed, but a method for distributing network connections among multiple servers or devices. Local caching is not a technique for preserving network bandwidth and increasing speed, but a method for storing frequently accessed data locally to reduce latency or load times.
Content delivery network is not a technique for preserving network bandwidth and increasing speed, but a system of distributed servers that deliver web content to users based on their geographic location. Verified References: https://www.comptia.org/blog/what-is-sd-wan https://partners.comptia.org/docs/default-source
/resources/casp-content-guide
質問 # 13
A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the BEST file-carving tool for PDF recovery?
- A. Foremost
- B. objdump
- C. dd
- D. Strings
正解:A
解説:
Foremost is a digital forensic application that is used to recover lost or deleted files. Foremost can recover the files for hard disk, memory card, pen drive, and another mode of memory devices easily. It can also work on the image files that are being generated by any other Application.
質問 # 14
A security analyst needs to recommend a remediation to the following threat:
Which of the following actions should the security analyst propose to prevent this successful exploitation?
- A. Patch the system.
- B. Enable TLS 1.2.
- C. Install a host-based firewall.
- D. Update the antivirus.
正解:B
質問 # 15
An organization requires a contractual document that includes
* An overview of what is covered
* Goals and objectives
* Performance metrics for each party
* A review of how the agreement is managed by all parties
Which of the following BEST describes this type of contractual document?
- A. ISA
- B. SLA
- C. NDA
- D. BAA
正解:B
質問 # 16
An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints.
The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Select two).
- A. Leverage LDAP for authentication.
- B. Obtain a hash value.
- C. Leverage Kerberos for authentication
- D. Leverage OAuth for authentication.
- E. Obtain a security token.
- F. Obtain a public key.
正解:D、E
解説:
The HTTP 403 error indicates that the engineer does not have the appropriate permissions to access the endpoint. To correct this, the engineer should obtain a security token and leverage OAuth for authentication.
OAuth is a widely used authorization framework for securing API endpoints, and obtaining a security token is a key step in authenticating API requests. These two steps will ensure the correct authentication process is followed, allowing access to the required API resources. CASP+ emphasizes the importance of using secure authentication mechanisms like OAuth for modern web applications and APIs.
References:
* CASP+ CAS-004 Exam Objectives: Domain 3.0 - Enterprise Security Architecture (API Security, OAuth)
* CompTIA CASP+ Study Guide: API Security and OAuth for Authentication
質問 # 17
A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information, especially regarding configuration settings. Which of the following scan types will provide the systems administrator with the most accurate information?
- A. An active, credentialed scan
- B. A passive, credentialed scan
- C. A passive, non-credentialed scan
- D. An active, non-credentialed scan
正解:A
解説:
"An active, credentialed scan delivers the highest accuracy for vulnerability assessment because it authenticates to the target systems and interacts directly with them. Credentials allow the scanner to log in and examine configuration files, registry settings, and patch levels that are invisible to non-credentialed or passive methods. Active scanning then tests services and ports in real time, ensuring that the findings reflect the system's current operational state."
- CompTIA CASP+ Official Study Guide, Third Edition, Chapter 6: Vulnerability Assessment and Penetration Testing, pp. 412-413
"Use credentialed scans whenever possible to obtain reliable configuration data and security posture metrics.
Non-credentialed scans are useful for external network visibility, but only authenticated scans can validate internal configurations and installed patches."
- CompTIA CASP+ CAS-004 Exam Objectives (v7.1), Section 4.1: Conduct Vulnerability Assessments, p.
21
By choosing an active, credentialed scan, the systems administrator ensures that the scanner authenticates to each host, interrogates local settings, and produces a detailed and accurate inventory of vulnerabilities and configuration issues.
References:
CompTIA CASP+ Official Study Guide, Third Edition, pp. 412-413
CompTIA CASP+ CAS-004 Exam Objectives (v7.1), Section 4.1, p. 21
質問 # 18
A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:
The security engineer looks at the UTM firewall rules and finds the following:
Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?
- A. Confirm the email server certificate is installed on the corporate computers.
- B. Make sure the UTM certificate is imported on the corporate computers.
- C. Contact the email service provider and ask if the company IP is blocked.
- D. Create an IMAPS firewall rule to ensure email is allowed.
正解:D
解説:
IMAPS (Internet Message Access Protocol Secure) is a protocol that allows users to access and manipulate email messages on a remote mail server over a secure connection. IMAPS uses SSL/TLS encryption to protect the communication between the client and the server. IMAPS uses port 993 by default. To ensure IMAPS functions properly on the corporate user network, the security engineer should create an IMAPS firewall rule on the UTM (Unified Threat Management) device that allows traffic from VLAN 10 (Corporate Users) to VLAN 20 (Email Server) over port 993. The existing firewall rules do not allow this traffic, as they only allow HTTP (port 80), HTTPS (port 443), and SMTP (port 25). References: https://www.techopedia.com
/definition/2460/internet-message-access-protocol-secure-imaps https://www.sophos.com/en-us/support
/knowledgebase/115145.aspx
質問 # 19
A company is developing a new service product offering that will involve the storage of personal health information. The Chief Information Security Officer (CISO) is researching the relevant compliance regulations. Which of the following best describes the CISO's action?
- A. Data retention
- B. Reference framework
- C. Data classification
- D. Due diligence
正解:D
解説:
Due diligence involves researching and understanding regulatory requirements (e.g., HIPAA) to ensure compliance for handling sensitive data like personal health information. Data retention refers to how long data is stored, not compliance research. Data classification organizes data by sensitivity but is not specific to compliance research. Reference frameworks provide guidelines for implementation but are not directly about research.
質問 # 20
A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and to the ability to deliver the security tool on time?
- A. Computing capabilities available to the developer
- B. Secure, multiparty computation requirements
- C. Deep learning language barriers
- D. Big Data processing required for maturity
正解:D
解説:
The most significant risk to the development of a machine-learning-based threat detection tool is the Big Data processing required for maturity. Machine learning models often require large datasets to train effectively, and processing and analyzing this data can be time-consuming and resource- intensive. This can delay the development timeline, especially in a rapid CI/CD pipeline environment where timely delivery is crucial. CASP+ highlights the challenges associated with machine learning and Big Data in security tool development, particularly the resource demands and the need for extensive data to ensure accuracy and maturity.
質問 # 21
SIMULATION
You are about to enter the virtual environment.
Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item.
Click Next to continue.
Question and Instructions
DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring.
1. Disabling ssh
2. Disabling systemd
3. Altering the network adapter 172.162.0.0
4. Changing the password in the lab admin account
Once you have completed the item in the virtual environment. you will NOT be allowed to return to this item.
TEST QUESTION
This system was recently patched following the exploitation of a vulnerability by an attacker to enable data exfiltration.
Despite the vulnerability being patched, it is likely that a malicious TCP service is still running and the adversary has achieved persistence by creating a systemd service.
Examples of commands to use:
kill, killall
lsof
man, --help (use for assistance)
netstat (useful flags: a, n, g, u)
ps (useful flag: a)
systemctl (to control systemd)
Please note: the list of commands shown above is not exhaustive. All native commands are available.
INSTRUSTIONS
Using the following credentials:
Username: labXXXadmin
Password: XXXyyYzz!
Investigate to identify indicators of compromise and then remediate them. You will need to make at least two changes:
1. End the compromised process that is using a malicious TCP service.
2. Remove the malicious persistence agent by disabling the service's ability to start on boot.
正解:
解説:
Use sudo before any command the password is the same password provided, everything in <> is not part of the command is variable. Sudo will show you every detail you need. First command
$sudo netstat -nltp, this will show you ip, port, pid, name of task.
For added value you can also run $sudo lsof -i :<port>. Now you need to find the service so you use $sudo systemctl --type=service | grep <name of task>, this will give you <something>.service my was <something>-resolve.service forgot the full name.
Suggest you do a $sudo systemctl status <full name service> to compare. After all that lets kill it all, First kill the pid $sudo kill -9 <pid>. Then lets complete the second part $sudo systemctl stop
<full name service>, follow by $sudo systemctl disable <full name service>.
Now for the cream on the top you verify that is gone $sudo netstat -nltp and $sudo systemctl status <full name service>.
質問 # 22
A developer implement the following code snippet.
Which of the following vulnerabilities does the code snippet resolve?
- A. SQL inject
- B. Missing session limit
- C. Buffer overflow
- D. Information leakage
正解:A
解説:
SQL injection is a type of vulnerability that allows an attacker to execute malicious SQL commands on a database by inserting them into an input field. The code snippet resolves this vulnerability by using parameterized queries, which prevent the input from being interpreted as part of the SQL command. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://owasp.org/www- community/attacks/SQL_Injection
質問 # 23
An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?
- A. Perfect forward secrecy on both endpoints
- B. Shared secret for both endpoints
- C. A common private key on each endpoint is not required for implementing PKI-based mutual authentication. A common private key on each endpoint would imply that both parties share the same certificate and public key, which would defeat the purpose of PKI-based mutual authentication. Each party should have its own unique certificate and private key that proves its identity and authenticity.
- D. A common private key on each endpoint
- E. Public keys on both endpoints
- F. A common public key on each endpoint
正解:E
解説:
Public keys on both endpoints are required for implementing PKI-based mutual authentication. PKI stands for Public Key Infrastructure, which is a system that manages the creation, distribution, and verification of certificates. Certificates are digital documents that contain public keys and identity information of their owners. Certificates are issued by trusted authorities called Certificate Authorities (CAs), and can be used to prove the identity and authenticity of the certificate holders. Mutual authentication is a process in which two parties authenticate each other at the same time using certificates. Mutual authentication can provide stronger security and privacy than one-way authentication, where only one party is authenticated. In PKI-based mutual authentication, each party has a certificate that contains its public key and identity information, and a private key that corresponds to its public key. The private key is kept secret and never shared with anyone, while the public key is shared and used to verify the identity and signature of the certificate holder. The basic steps of PKI-based mutual authentication are as follows:
Party A sends its certificate to Party B.
Party B verifies Party A's certificate by checking its validity, signature, and trust chain. If the certificate is valid and trusted, Party B extracts Party A's public key from the certificate.
Party B generates a random challenge (such as a nonce or a timestamp) and encrypts it with Party A's public key. Party B sends the encrypted challenge to Party A.
Party A decrypts the challenge with its private key and sends it back to Party B.
Party B compares the received challenge with the original one. If they match, Party B confirms that Party A is the legitimate owner of the certificate and has possession of the private key.
The same steps are repeated in reverse, with Party A verifying Party B's certificate and sending a challenge encrypted with Party B's public key.
A) Perfect forward secrecy on both endpoints is not required for implementing PKI-based mutual authentication. Perfect forward secrecy (PFS) is a property of encryption protocols that ensures that the compromise of a long-term secret key (such as a private key) does not affect the security of past or future session keys (such as symmetric keys). PFS can enhance the security and privacy of encrypted communications, but it does not provide authentication by itself.
B) Shared secret for both endpoints is not required for implementing PKI-based mutual authentication. Shared secret is a method of authentication that relies on a pre-shared piece of information (such as a password or a passphrase) that is known only to both parties. Shared secret can provide simple and fast authentication, but it does not provide non-repudiation or identity verification.
D) A common public key on each endpoint is not required for implementing PKI-based mutual authentication. A common public key on each endpoint would imply that both parties share the same certificate and private key, which would defeat the purpose of PKI-based mutual authentication. Each party should have its own unique certificate and private key that proves its identity and authenticity.
質問 # 24 
正解:
解説:
An organization is planning for disaster recovery and continuity of operations.
INSTRUCTIONS
Review the following scenarios and instructions. Match each relevant finding to the affected host.
After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.
Each finding may be used more than once.
If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.
質問 # 25
A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:
Which of the following would BEST mitigate this vulnerability?
- A. Input validation
- B. CAPTCHA
- C. Network intrusion prevention
- D. Data encoding
正解:A
解説:
Reference: https://hdivsecurity.com/owasp-xml-external-entities-xxe
質問 # 26
An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:
Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
- A. Password cracker
- B. Port scanner
- C. Exploitation framework
- D. Account enumerator
正解:A
質問 # 27
After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BYOD policy.
However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:
Which of the following is the most likely reason for the successful attack?
- A. Lack of application segmentation
- B. Lack of MDM controls
- C. Sideloading
- D. Auto-join hotspots enabled
正解:B
解説:
A lack of Mobile Device Management (MDM) controls can lead to successful attacks because MDM solutions provide the ability to enforce security policies, remotely wipe sensitive data, and manage software updates, which can prevent unauthorized access and protect corporate data. Without MDM, personal devices are more vulnerable to security risks.
質問 # 28
A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst.
Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.
A security engineer is concerned about the security of the solution and notes the following.
* The critical devise send cleartext logs to the aggregator.
* The log aggregator utilize full disk encryption.
* The log aggregator sends to the analysis server via port 80.
* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.
* The data is compressed and encrypted prior to being achieved in the cloud.
Which of the following should be the engineer's GREATEST concern?
- A. Network bridging from a remote access VPN
- B. Encryption of data in transit
- C. Hardware vulnerabilities introduced by the log aggregate server
- D. Multinancy and data remnants in the cloud
正解:B
解説:
Explanation
Encryption of data in transit should be the engineer's greatest concern regarding the security of the solution.
Data in transit refers to data that is being transferred over a network or between devices. If data in transit is not encrypted, it can be intercepted, modified, or stolen by attackers who can exploit vulnerabilities in the network protocols or devices. The solution in the question sends logs from the critical devices to the aggregator in cleartext and from the aggregator to the analysis server via port 80, which are both insecure methods that expose the data to potential attacks. Verified References:
https://www.comptia.org/training/books/casp-cas-004-study-guide , https://us-cert.cisa.gov/ncas/tips/ST04-019
質問 # 29
An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?
- A. The CA has included the certificate in its CRL.
- B. Each application is missing a SAN or wildcard entry on the certificate
- C. The NTP server is set incorrectly for the developers
- D. The certificate is set for the wrong key usage.
正解:D
解説:
The most likely cause of the signature failing is that the certificate is set for the wrong key usage. Key usage is an extension of a certificate that defines the purpose and functionality of the public key contained in the certificate. Key usage can include digital signature, key encipherment, data encipherment, certificate signing, and others. If the certificate is set for a different key usage than digital signature, it will not be able to sign the applications properly. The administrator should check the key usage extension of the certificate and make sure it matches the intended purpose. Verified References:
* https://www.wintips.org/how-to-fix-windows-cannot-verify-the-digital-signature-for-this-file-error-in- windows-8-7-vista/
* https://softwaretested.com/mac/how-to-fix-a-digital-signature-error-on-windows-10/
* https://support.microsoft.com/en-us/office/digital-signatures-and-certificates-8186cd15-e7ac-4a16-
8597-22bd163e8e96
質問 # 30
A bank hired a security architect to improve its security measures against the latest threats. The solution must meet the following requirements:
- Recognize and block fake websites.
- Decrypt and scan encrypted traffic on standard and non-standard
ports.
- Use multiple engines for detection and prevention.
- Have central reporting.
Which of the following is the BEST solution the security architect can propose?
- A. EDR
- B. NGFW
- C. Web filtering
- D. CASB
正解:B
解説:
A next-generation firewall (NGFW) is a device or software that provides advanced network security features beyond the traditional firewall functions. A NGFW can provide the following capabilities:
Recognize and block fake websites, using URL filtering and reputation-based analysis Decrypt and scan encrypted traffic on standard and non-standard ports, using SSL/TLS inspection and deep packet inspection Use multiple engines for detection and prevention, such as antivirus, intrusion prevention system (IPS), application control, and sandboxing Have central reporting, using a unified management console and dashboard
質問 # 31
......
CASP+認定試験では、高度なセキュリティ概念、エンタープライズセキュリティアーキテクチャ、セキュリティ運用とインシデント対応、エンタープライズコンポーネントの技術的統合、研究とコラボレーションなど、幅広いトピックをカバーしています。この試験は、候補者の知識とスキルを実際のシナリオに適用する能力をテストするように設計されています。
CompTIA CAS-004試験を受験するためには、候補者は少なくとも5年間の実際の技術セキュリティの役割を含む10年間のIT管理経験を持っている必要があります。また、関連する分野の4年制の学位と少なくとも5年間のITセキュリティの経験の組み合わせを持っている候補者も受験資格があります。この認定は、Security+、CISSP、またはCISAなどの他のセキュリティ認定を持つプロフェッショナルも対象としており、高度なセキュリティコンセプトの知識を拡大したい場合に適しています。
CAS-004試験問題を今すぐ試そう!最新の[2026年最新] 正解回答付き:https://www.jpntest.com/shiken/CAS-004-mondaishu
合格させるCAS-004試験にはリアル問題解答:https://drive.google.com/open?id=1RXdErzov6Mo3A7l2q4eCMwhVNI2cXADF