Practice CAS-004 Scripting, Containers and Automation questions with full explanations on every answer.
Start practicing
Scripting, Containers and Automation — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
Which of the following is the primary security benefit of using immutable infrastructure in automated deployments?
2A security analyst is writing a script to scan container images for known vulnerabilities before deployment. Which of the following best practices should the analyst implement to ensure the script runs securely?
3An organization implements a CI/CD pipeline that automatically builds and deploys containerized microservices. Which of the following is the most effective method to ensure that only signed, trusted container images are deployed to production?
4A DevOps engineer is automating the deployment of a web application using containers. Which of the following security practices should be implemented to reduce the attack surface of the containers? (Select TWO.)
5A security administrator is reviewing a Python script used to automate compliance checks across cloud resources. The script uses environment variables for API tokens. Which of the following are secure coding practices that should be implemented in this script? (Select TWO.)
6Match each automation security concept with its correct description.
7Which of the following best describes the primary security benefit of using immutable infrastructure in a containerized environment?
8A security engineer is writing a Python script to automate the revocation of compromised credentials across multiple cloud services. Which of the following is the most critical security consideration when implementing this script?
9An organization uses a CI/CD pipeline that builds Docker images and pushes them to a private registry. A security analyst discovers that some images contain environment variables with database credentials. Which of the following is the most effective way to prevent this in the future?
10Which two of the following are best practices for securing container orchestration platforms (e.g., Kubernetes)? (Select two.)
11A security team is automating incident response using playbooks. Which two of the following are critical considerations when designing automated response actions? (Select two.)
12Match each container security concept with its correct description.
13Which of the following is the primary benefit of using infrastructure as code (IaC) for automating security configurations?
14A security analyst is writing a Python script to parse network logs and automatically block IP addresses that exceed a threshold of failed login attempts. Which security consideration is most critical when implementing this automation?
15In a CI/CD pipeline, a container image is built from a Dockerfile that uses a base image from a public registry. To minimize the attack surface, which of the following actions should be automated in the pipeline?
16Which of the following are secure scripting practices when automating administrative tasks? (Choose two.)
17A DevOps engineer is automating container orchestration using Kubernetes. Which of the following are security best practices to include in the automation? (Choose two.)
18Match each automation security concept (left) with its corresponding best practice (right).
19A security engineer is writing a Python script to automate the revocation of compromised certificates using the ACME protocol. The script uses the `acme` library and requires secure credential storage. Which method is MOST appropriate for storing the ACME account private key used for authentication?
20Drag and drop the steps to configure a site-to-site IPsec VPN on a firewall into the correct order.
21Drag and drop the steps to perform a secure code review for a web application into the correct order.
22Match each acronym to its definition.
23Match each security tool to its purpose.
24A security administrator needs to automate the process of revoking access for terminated employees across multiple cloud services. Which scripting approach would best minimize the risk of errors and ensure consistent execution?
25A development team is using Docker containers for microservices. The security team wants to scan containers for vulnerabilities during the CI/CD pipeline. Which approach is most effective?
26A SOC analyst notices that a containerized application is making unexpected outbound connections. The container runs with minimal privileges. Which step should the analyst take first to investigate without compromising the environment?
27An organization uses Kubernetes to orchestrate containers. Which practice enhances the security of pod-to-pod communication?
28A security engineer is writing a Python script to parse system logs and alert on suspicious patterns. What is the best practice to ensure the script remains secure when handling log data?
29A security team is auditing a Kubernetes cluster. They find a pod running with `securityContext`: `privileged: true` and `runAsUser: 0`. Which of the following is the most critical risk?
30What is the primary benefit of using infrastructure as code (IaC) tools like Terraform for cloud resource provisioning?
31A security analyst needs to write a script that detects changes to critical files across a fleet of Linux servers. Which approach is most efficient and secure?
32During a red team exercise, an attacker exploits a vulnerability in a containerized web application to gain a shell. The container is running with a read-only root filesystem. What is the most likely persistence mechanism the attacker will use?
33Which two practices are essential for securing a CI/CD pipeline? (Choose two.)
34Which three options are best practices for writing secure scripts? (Choose three.)
35A container orchestration platform uses secrets management. Which two methods are recommended for injecting secrets into containers? (Choose two.)
36The Docker container `myservice` has the mount configuration shown. What is the most significant security implication of this configuration?
37A Kubernetes pod is defined with the above manifest. Which security concern is most critical?
38A web application generates an Ansible playbook from user input as shown. What is the primary security risk?
39An analyst needs to automate the extraction of indicators of compromise (IOCs) from log files generated by various systems. Which scripting language is most commonly used for cross-platform log parsing and automation due to its extensive library support?
40A DevOps team uses Ansible to automate server configuration. They need to ensure that sensitive variables like passwords are not exposed in playbook logs or version control. What is the recommended approach?
41A security engineer is reviewing a Kubernetes deployment where the pod spec includes `securityContext: { privileged: true }`. What is the primary security concern of this configuration?
42A company wants to automate the creation of IAM roles and policies in AWS using infrastructure as code. Which tool is specifically designed for provisioning cloud infrastructure across multiple providers?
43A security team needs to implement a CI/CD pipeline that automatically scans container images for vulnerabilities before deployment. Which tool can be integrated into the pipeline for this purpose?
44A security audit reveals that Docker containers are built with multiple unnecessary layers and utilities. Which practice reduces the attack surface of the container image?
45A Windows administrator needs to automate the retrieval of failed login events from the Security log. Which scripting language is most native and efficient for this task?
46In a CI/CD pipeline, a security gate fails because a high-severity vulnerability is found in the base image of a container. The pipeline is configured to block deployment on such findings. What is the appropriate remediation step?
47An organization uses AWS, Azure, and GCP for different workloads. They want a single tool to manage infrastructure consistently across all providers. Which approach is most appropriate?
48Refer to the exhibit. A security analyst reviews this pod specification. Which attack surface is most increased by the added capabilities?
49Refer to the exhibit. A security administrator finds this IAM policy attached to a Lambda execution role. What is the most critical security risk?
50Refer to the exhibit. A system administrator creates a systemd service to run a daily patching script. Which security concern is most prevalent?
51A security engineer is implementing container security controls. Which TWO practices are most effective in preventing privilege escalation within a container? (Choose two.)
52A DevOps team is automating server configuration using configuration management tools. Which THREE principles should be followed to ensure secure automation? (Choose three.)
53An analyst wants to automate incident response tasks in a SOC environment. Which THREE scripting languages are commonly used for automation? (Choose three.)
54A company uses a CI/CD pipeline with Jenkins to build and deploy containerized applications. Security scanning of container images is currently done manually after deployment, causing delays. Which of the following would be the most effective automation to improve security and efficiency?
55An organization needs to ensure consistent configuration across multiple Linux servers. They want to automate this process with a solution that requires minimal agent installation and uses push-based communication. Which approach is most appropriate?
56A security engineer is hardening a Kubernetes cluster. They want to reduce the risk of container escape attacks. Which combination of settings is most effective at the pod security context level?
57A systems administrator must automate the patching of 200 Windows servers. The environment has strict security requirements and change management. Which scripting approach best balances automation and control?
58A development team wants to deploy a microservices application using containers. They need a solution to automate the deployment, scaling, and management of the containers across a cluster. Which technology is most suitable?
59A security team needs to automate the enforcement of cloud security policies across multiple accounts in AWS. They want a solution that uses code to define policies and automatically remediate violations. Which approach best meets these requirements?
60A company is adopting container security best practices. Which TWO actions should be implemented to reduce the attack surface of container images? (Select TWO.)
61A DevOps team is automating the deployment of a containerized application to production. Which THREE practices are essential for maintaining security and reliability? (Select THREE.)
62An organization is automating cloud security group management across AWS, Azure, and GCP. Which TWO approaches provide centralized, auditable control? (Select TWO.)
63A security auditor reviews this Kubernetes pod configuration. Which security vulnerability is most critical?
64A small business uses Puppet for configuration management on Linux servers. They are now migrating to containers and want to maintain security. The operations team is unfamiliar with containers. The security team insists on automated vulnerability scanning of container images before deployment. What should be the company's first step?
65A security analyst discovers that container images in the company's private registry lack signatures. The development team uses a script to build and push images. The analyst wants to ensure image integrity and prevent tampering. Which solution should the analyst recommend?
66A company's Jenkins pipeline builds container images by mounting the Docker socket from the host into the Jenkins container (Docker-in-Docker). An auditor flags this as a security risk because it gives the Jenkins container root access to the host's Docker daemon. The development team wants to maintain the same functionality without the risk. Which alternative should they implement?
67An organization uses Ansible to automate server configuration for a hybrid cloud environment. The security team requires that sensitive data such as API keys and passwords are not exposed in the Ansible playbooks or logs. The Ansible control node is shared among several administrators. What is the best approach to protect these secrets?
68A company uses Terraform to deploy infrastructure on AWS. They have a compliance requirement that all containers running on Amazon ECS must have a read-only root filesystem and must not run as root. The security team needs an automated way to enforce this policy and provide an audit trail for any violations. Which solution best meets these requirements?
69A security analyst is reviewing a CI/CD pipeline configuration. The pipeline uses a containerized application and includes automated security scanning. Which TWO practices should be implemented to ensure container immutability and reduce the attack surface?
70Refer to the exhibit. A security analyst notices that the pod is running with a service account token mounted. Which security best practice should be implemented to reduce the risk of token theft in container environments?
71An organization is migrating its on-premises monolithic application to a containerized microservices architecture on a Kubernetes cluster. The development team has created a set of Docker images that are stored in a private registry. The security team requires that all container images be scanned for vulnerabilities before deployment. The current CI/CD pipeline uses Jenkins to build images, push them to the registry, and then deploy to Kubernetes via kubectl. The scanning is performed by a tool that generates a report, but developers have been ignoring critical vulnerabilities and deploying anyway. The security team wants to enforce a policy that blocks deployment if the image has any critical or high-severity vulnerabilities. Additionally, the cluster must ensure that containers run with the least privilege and that secrets are not exposed in environment variables. The operations team is concerned about performance overhead from runtime security monitoring. Which of the following approaches best addresses these requirements while minimizing operational overhead?
The Scripting, Containers and Automation domain covers the key concepts tested in this area of the CAS-004 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CAS-004 domains — no account required.
The Courseiva CAS-004 question bank contains 71 questions in the Scripting, Containers and Automation domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Scripting, Containers and Automation domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included