Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCAS-004DomainsScripting, Containers and Automation
CAS-004Free — No Signup

Scripting, Containers and Automation

Practice CAS-004 Scripting, Containers and Automation questions with full explanations on every answer.

71questions

Start practicing

Scripting, Containers and Automation — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CAS-004 Domains

Scripting, Containers and AutomationApplication Environment, Configuration and SecurityGovernance, Risk and ComplianceSecurity EngineeringSecurity ArchitectureSecurity Operations

Practice Scripting, Containers and Automation questions

10Q20Q30Q50Q

All CAS-004 Scripting, Containers and Automation questions (71)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

Which of the following is the primary security benefit of using immutable infrastructure in automated deployments?

2

A security analyst is writing a script to scan container images for known vulnerabilities before deployment. Which of the following best practices should the analyst implement to ensure the script runs securely?

3

An organization implements a CI/CD pipeline that automatically builds and deploys containerized microservices. Which of the following is the most effective method to ensure that only signed, trusted container images are deployed to production?

4

A DevOps engineer is automating the deployment of a web application using containers. Which of the following security practices should be implemented to reduce the attack surface of the containers? (Select TWO.)

5

A security administrator is reviewing a Python script used to automate compliance checks across cloud resources. The script uses environment variables for API tokens. Which of the following are secure coding practices that should be implemented in this script? (Select TWO.)

6

Match each automation security concept with its correct description.

7

Which of the following best describes the primary security benefit of using immutable infrastructure in a containerized environment?

8

A security engineer is writing a Python script to automate the revocation of compromised credentials across multiple cloud services. Which of the following is the most critical security consideration when implementing this script?

9

An organization uses a CI/CD pipeline that builds Docker images and pushes them to a private registry. A security analyst discovers that some images contain environment variables with database credentials. Which of the following is the most effective way to prevent this in the future?

10

Which two of the following are best practices for securing container orchestration platforms (e.g., Kubernetes)? (Select two.)

11

A security team is automating incident response using playbooks. Which two of the following are critical considerations when designing automated response actions? (Select two.)

12

Match each container security concept with its correct description.

13

Which of the following is the primary benefit of using infrastructure as code (IaC) for automating security configurations?

14

A security analyst is writing a Python script to parse network logs and automatically block IP addresses that exceed a threshold of failed login attempts. Which security consideration is most critical when implementing this automation?

15

In a CI/CD pipeline, a container image is built from a Dockerfile that uses a base image from a public registry. To minimize the attack surface, which of the following actions should be automated in the pipeline?

16

Which of the following are secure scripting practices when automating administrative tasks? (Choose two.)

17

A DevOps engineer is automating container orchestration using Kubernetes. Which of the following are security best practices to include in the automation? (Choose two.)

18

Match each automation security concept (left) with its corresponding best practice (right).

19

A security engineer is writing a Python script to automate the revocation of compromised certificates using the ACME protocol. The script uses the `acme` library and requires secure credential storage. Which method is MOST appropriate for storing the ACME account private key used for authentication?

20

Drag and drop the steps to configure a site-to-site IPsec VPN on a firewall into the correct order.

21

Drag and drop the steps to perform a secure code review for a web application into the correct order.

22

Match each acronym to its definition.

23

Match each security tool to its purpose.

24

A security administrator needs to automate the process of revoking access for terminated employees across multiple cloud services. Which scripting approach would best minimize the risk of errors and ensure consistent execution?

25

A development team is using Docker containers for microservices. The security team wants to scan containers for vulnerabilities during the CI/CD pipeline. Which approach is most effective?

26

A SOC analyst notices that a containerized application is making unexpected outbound connections. The container runs with minimal privileges. Which step should the analyst take first to investigate without compromising the environment?

27

An organization uses Kubernetes to orchestrate containers. Which practice enhances the security of pod-to-pod communication?

28

A security engineer is writing a Python script to parse system logs and alert on suspicious patterns. What is the best practice to ensure the script remains secure when handling log data?

29

A security team is auditing a Kubernetes cluster. They find a pod running with `securityContext`: `privileged: true` and `runAsUser: 0`. Which of the following is the most critical risk?

30

What is the primary benefit of using infrastructure as code (IaC) tools like Terraform for cloud resource provisioning?

31

A security analyst needs to write a script that detects changes to critical files across a fleet of Linux servers. Which approach is most efficient and secure?

32

During a red team exercise, an attacker exploits a vulnerability in a containerized web application to gain a shell. The container is running with a read-only root filesystem. What is the most likely persistence mechanism the attacker will use?

33

Which two practices are essential for securing a CI/CD pipeline? (Choose two.)

34

Which three options are best practices for writing secure scripts? (Choose three.)

35

A container orchestration platform uses secrets management. Which two methods are recommended for injecting secrets into containers? (Choose two.)

36

The Docker container `myservice` has the mount configuration shown. What is the most significant security implication of this configuration?

37

A Kubernetes pod is defined with the above manifest. Which security concern is most critical?

38

A web application generates an Ansible playbook from user input as shown. What is the primary security risk?

39

An analyst needs to automate the extraction of indicators of compromise (IOCs) from log files generated by various systems. Which scripting language is most commonly used for cross-platform log parsing and automation due to its extensive library support?

40

A DevOps team uses Ansible to automate server configuration. They need to ensure that sensitive variables like passwords are not exposed in playbook logs or version control. What is the recommended approach?

41

A security engineer is reviewing a Kubernetes deployment where the pod spec includes `securityContext: { privileged: true }`. What is the primary security concern of this configuration?

42

A company wants to automate the creation of IAM roles and policies in AWS using infrastructure as code. Which tool is specifically designed for provisioning cloud infrastructure across multiple providers?

43

A security team needs to implement a CI/CD pipeline that automatically scans container images for vulnerabilities before deployment. Which tool can be integrated into the pipeline for this purpose?

44

A security audit reveals that Docker containers are built with multiple unnecessary layers and utilities. Which practice reduces the attack surface of the container image?

45

A Windows administrator needs to automate the retrieval of failed login events from the Security log. Which scripting language is most native and efficient for this task?

46

In a CI/CD pipeline, a security gate fails because a high-severity vulnerability is found in the base image of a container. The pipeline is configured to block deployment on such findings. What is the appropriate remediation step?

47

An organization uses AWS, Azure, and GCP for different workloads. They want a single tool to manage infrastructure consistently across all providers. Which approach is most appropriate?

48

Refer to the exhibit. A security analyst reviews this pod specification. Which attack surface is most increased by the added capabilities?

49

Refer to the exhibit. A security administrator finds this IAM policy attached to a Lambda execution role. What is the most critical security risk?

50

Refer to the exhibit. A system administrator creates a systemd service to run a daily patching script. Which security concern is most prevalent?

51

A security engineer is implementing container security controls. Which TWO practices are most effective in preventing privilege escalation within a container? (Choose two.)

52

A DevOps team is automating server configuration using configuration management tools. Which THREE principles should be followed to ensure secure automation? (Choose three.)

53

An analyst wants to automate incident response tasks in a SOC environment. Which THREE scripting languages are commonly used for automation? (Choose three.)

54

A company uses a CI/CD pipeline with Jenkins to build and deploy containerized applications. Security scanning of container images is currently done manually after deployment, causing delays. Which of the following would be the most effective automation to improve security and efficiency?

55

An organization needs to ensure consistent configuration across multiple Linux servers. They want to automate this process with a solution that requires minimal agent installation and uses push-based communication. Which approach is most appropriate?

56

A security engineer is hardening a Kubernetes cluster. They want to reduce the risk of container escape attacks. Which combination of settings is most effective at the pod security context level?

57

A systems administrator must automate the patching of 200 Windows servers. The environment has strict security requirements and change management. Which scripting approach best balances automation and control?

58

A development team wants to deploy a microservices application using containers. They need a solution to automate the deployment, scaling, and management of the containers across a cluster. Which technology is most suitable?

59

A security team needs to automate the enforcement of cloud security policies across multiple accounts in AWS. They want a solution that uses code to define policies and automatically remediate violations. Which approach best meets these requirements?

60

A company is adopting container security best practices. Which TWO actions should be implemented to reduce the attack surface of container images? (Select TWO.)

61

A DevOps team is automating the deployment of a containerized application to production. Which THREE practices are essential for maintaining security and reliability? (Select THREE.)

62

An organization is automating cloud security group management across AWS, Azure, and GCP. Which TWO approaches provide centralized, auditable control? (Select TWO.)

63

A security auditor reviews this Kubernetes pod configuration. Which security vulnerability is most critical?

64

A small business uses Puppet for configuration management on Linux servers. They are now migrating to containers and want to maintain security. The operations team is unfamiliar with containers. The security team insists on automated vulnerability scanning of container images before deployment. What should be the company's first step?

65

A security analyst discovers that container images in the company's private registry lack signatures. The development team uses a script to build and push images. The analyst wants to ensure image integrity and prevent tampering. Which solution should the analyst recommend?

66

A company's Jenkins pipeline builds container images by mounting the Docker socket from the host into the Jenkins container (Docker-in-Docker). An auditor flags this as a security risk because it gives the Jenkins container root access to the host's Docker daemon. The development team wants to maintain the same functionality without the risk. Which alternative should they implement?

67

An organization uses Ansible to automate server configuration for a hybrid cloud environment. The security team requires that sensitive data such as API keys and passwords are not exposed in the Ansible playbooks or logs. The Ansible control node is shared among several administrators. What is the best approach to protect these secrets?

68

A company uses Terraform to deploy infrastructure on AWS. They have a compliance requirement that all containers running on Amazon ECS must have a read-only root filesystem and must not run as root. The security team needs an automated way to enforce this policy and provide an audit trail for any violations. Which solution best meets these requirements?

69

A security analyst is reviewing a CI/CD pipeline configuration. The pipeline uses a containerized application and includes automated security scanning. Which TWO practices should be implemented to ensure container immutability and reduce the attack surface?

70

Refer to the exhibit. A security analyst notices that the pod is running with a service account token mounted. Which security best practice should be implemented to reduce the risk of token theft in container environments?

71

An organization is migrating its on-premises monolithic application to a containerized microservices architecture on a Kubernetes cluster. The development team has created a set of Docker images that are stored in a private registry. The security team requires that all container images be scanned for vulnerabilities before deployment. The current CI/CD pipeline uses Jenkins to build images, push them to the registry, and then deploy to Kubernetes via kubectl. The scanning is performed by a tool that generates a report, but developers have been ignoring critical vulnerabilities and deploying anyway. The security team wants to enforce a policy that blocks deployment if the image has any critical or high-severity vulnerabilities. Additionally, the cluster must ensure that containers run with the least privilege and that secrets are not exposed in environment variables. The operations team is concerned about performance overhead from runtime security monitoring. Which of the following approaches best addresses these requirements while minimizing operational overhead?

Practice all 71 Scripting, Containers and Automation questions

Other CAS-004 exam domains

Application Environment, Configuration and SecurityGovernance, Risk and ComplianceSecurity EngineeringSecurity ArchitectureSecurity Operations

Frequently asked questions

What does the Scripting, Containers and Automation domain cover on the CAS-004 exam?

The Scripting, Containers and Automation domain covers the key concepts tested in this area of the CAS-004 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CAS-004 domains — no account required.

How many Scripting, Containers and Automation questions are in the CAS-004 question bank?

The Courseiva CAS-004 question bank contains 71 questions in the Scripting, Containers and Automation domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Scripting, Containers and Automation for CAS-004?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Scripting, Containers and Automation questions for CAS-004?

Yes — the session launcher on this page draws questions exclusively from the Scripting, Containers and Automation domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CAS-004 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

CS0-003SY0-701CISSP