Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Scripting, Containers and Automation practice sets

CAS-004 Scripting, Containers and Automation • Complete Question Bank

CAS-004 Scripting, Containers and Automation — All Questions With Answers

Complete CAS-004 Scripting, Containers and Automation question bank — all 0 questions with answers and detailed explanations.

71
Questions
Free
No signup
Certifications/CAS-004/Practice Test/Scripting, Containers and Automation/All Questions
Question 1easymultiple choice
Read the full Scripting, Containers and Automation explanation →

Which of the following is the primary security benefit of using immutable infrastructure in automated deployments?

Question 2mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

A security analyst is writing a script to scan container images for known vulnerabilities before deployment. Which of the following best practices should the analyst implement to ensure the script runs securely?

Question 3hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

An organization implements a CI/CD pipeline that automatically builds and deploys containerized microservices. Which of the following is the most effective method to ensure that only signed, trusted container images are deployed to production?

Question 4mediummulti select
Read the full Scripting, Containers and Automation explanation →

A DevOps engineer is automating the deployment of a web application using containers. Which of the following security practices should be implemented to reduce the attack surface of the containers? (Select TWO.)

Question 5hardmulti select
Study the full Python automation breakdown →

A security administrator is reviewing a Python script used to automate compliance checks across cloud resources. The script uses environment variables for API tokens. Which of the following are secure coding practices that should be implemented in this script? (Select TWO.)

Question 6hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

Match each automation security concept with its correct description.

Question 7easymultiple choice
Read the full Scripting, Containers and Automation explanation →

Which of the following best describes the primary security benefit of using immutable infrastructure in a containerized environment?

Question 8mediummultiple choice
Study the full Python automation breakdown →

A security engineer is writing a Python script to automate the revocation of compromised credentials across multiple cloud services. Which of the following is the most critical security consideration when implementing this script?

Question 9hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

An organization uses a CI/CD pipeline that builds Docker images and pushes them to a private registry. A security analyst discovers that some images contain environment variables with database credentials. Which of the following is the most effective way to prevent this in the future?

Question 10mediummulti select
Read the full Scripting, Containers and Automation explanation →

Which two of the following are best practices for securing container orchestration platforms (e.g., Kubernetes)? (Select two.)

Question 11hardmulti select
Read the full Ansible explanation →

A security team is automating incident response using playbooks. Which two of the following are critical considerations when designing automated response actions? (Select two.)

Question 12hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

Match each container security concept with its correct description.

Question 13easymultiple choice
Read the full Scripting, Containers and Automation explanation →

Which of the following is the primary benefit of using infrastructure as code (IaC) for automating security configurations?

Question 14mediummultiple choice
Study the full Python automation breakdown →

A security analyst is writing a Python script to parse network logs and automatically block IP addresses that exceed a threshold of failed login attempts. Which security consideration is most critical when implementing this automation?

Question 15hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

In a CI/CD pipeline, a container image is built from a Dockerfile that uses a base image from a public registry. To minimize the attack surface, which of the following actions should be automated in the pipeline?

Question 16mediummulti select
Read the full Scripting, Containers and Automation explanation →

Which of the following are secure scripting practices when automating administrative tasks? (Choose two.)

Question 17hardmulti select
Read the full Scripting, Containers and Automation explanation →

A DevOps engineer is automating container orchestration using Kubernetes. Which of the following are security best practices to include in the automation? (Choose two.)

Question 18hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

Match each automation security concept (left) with its corresponding best practice (right).

Question 19hardmultiple choice
Study the full Python automation breakdown →

A security engineer is writing a Python script to automate the revocation of compromised certificates using the ACME protocol. The script uses the `acme` library and requires secure credential storage. Which method is MOST appropriate for storing the ACME account private key used for authentication?

Question 20mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to configure a site-to-site IPsec VPN on a firewall into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 21mediumdrag order
Read the full Scripting, Containers and Automation explanation →

Drag and drop the steps to perform a secure code review for a web application into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 22mediummatching
Read the full Scripting, Containers and Automation explanation →

Match each acronym to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cloud Access Security Broker

Data Loss Prevention

Identity and Access Management

Security Information and Event Management

Security Orchestration, Automation, and Response

Question 23mediummatching
Read the full Scripting, Containers and Automation explanation →

Match each security tool to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Protects web applications from attacks

Detects intrusions and alerts

Detects and blocks intrusions in real-time

Host-based intrusion detection system

Network-based intrusion detection system

Question 24easymultiple choice
Read the full NAT/PAT explanation →

A security administrator needs to automate the process of revoking access for terminated employees across multiple cloud services. Which scripting approach would best minimize the risk of errors and ensure consistent execution?

Question 25mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

A development team is using Docker containers for microservices. The security team wants to scan containers for vulnerabilities during the CI/CD pipeline. Which approach is most effective?

Question 26hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

A SOC analyst notices that a containerized application is making unexpected outbound connections. The container runs with minimal privileges. Which step should the analyst take first to investigate without compromising the environment?

Question 27easymultiple choice
Read the full Scripting, Containers and Automation explanation →

An organization uses Kubernetes to orchestrate containers. Which practice enhances the security of pod-to-pod communication?

Question 28mediummultiple choice
Study the full Python automation breakdown →

A security engineer is writing a Python script to parse system logs and alert on suspicious patterns. What is the best practice to ensure the script remains secure when handling log data?

Question 29hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

A security team is auditing a Kubernetes cluster. They find a pod running with `securityContext`: `privileged: true` and `runAsUser: 0`. Which of the following is the most critical risk?

Question 30easymultiple choice
Read the full Scripting, Containers and Automation explanation →

What is the primary benefit of using infrastructure as code (IaC) tools like Terraform for cloud resource provisioning?

Question 31mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

A security analyst needs to write a script that detects changes to critical files across a fleet of Linux servers. Which approach is most efficient and secure?

Question 32hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

During a red team exercise, an attacker exploits a vulnerability in a containerized web application to gain a shell. The container is running with a read-only root filesystem. What is the most likely persistence mechanism the attacker will use?

Question 33easymulti select
Read the full Scripting, Containers and Automation explanation →

Which two practices are essential for securing a CI/CD pipeline? (Choose two.)

Question 34mediummulti select
Read the full Scripting, Containers and Automation explanation →

Which three options are best practices for writing secure scripts? (Choose three.)

Question 35hardmulti select
Read the full Scripting, Containers and Automation explanation →

A container orchestration platform uses secrets management. Which two methods are recommended for injecting secrets into containers? (Choose two.)

Question 36mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

The Docker container `myservice` has the mount configuration shown. What is the most significant security implication of this configuration?

Exhibit

$ docker inspect myservice | jq '.[].Mounts'
[
  {
    "Type": "bind",
    "Source": "/data/config",
    "Destination": "/app/config",
    "Mode": "ro",
    "RW": false,
    "Propagation": "rprivate"
  }
]
Question 37hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

A Kubernetes pod is defined with the above manifest. Which security concern is most critical?

Exhibit

apiVersion: v1
kind: Pod
metadata:
  name: security-pod
spec:
  containers:
  - name: app
    image: nginx:latest
    securityContext:
      capabilities:
        add: ["NET_ADMIN", "SYS_ADMIN"]
      readOnlyRootFilesystem: true
Question 38easymultiple choice
Read the full Ansible explanation →

A web application generates an Ansible playbook from user input as shown. What is the primary security risk?

Exhibit

input_user = request.args.get('user')
playbook = """
- hosts: all
  tasks:
    - name: Greet {{ user }}
      debug:
        msg: "Hello {{ user }}"
""".replace('{{ user }}', input_user)
Question 39easymultiple choice
Read the full Scripting, Containers and Automation explanation →

An analyst needs to automate the extraction of indicators of compromise (IOCs) from log files generated by various systems. Which scripting language is most commonly used for cross-platform log parsing and automation due to its extensive library support?

Question 40mediummultiple choice
Read the full Ansible explanation →

A DevOps team uses Ansible to automate server configuration. They need to ensure that sensitive variables like passwords are not exposed in playbook logs or version control. What is the recommended approach?

Question 41hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

A security engineer is reviewing a Kubernetes deployment where the pod spec includes `securityContext: { privileged: true }`. What is the primary security concern of this configuration?

Question 42easymultiple choice
Read the full Scripting, Containers and Automation explanation →

A company wants to automate the creation of IAM roles and policies in AWS using infrastructure as code. Which tool is specifically designed for provisioning cloud infrastructure across multiple providers?

Question 43mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

A security team needs to implement a CI/CD pipeline that automatically scans container images for vulnerabilities before deployment. Which tool can be integrated into the pipeline for this purpose?

Question 44hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

A security audit reveals that Docker containers are built with multiple unnecessary layers and utilities. Which practice reduces the attack surface of the container image?

Question 45easymultiple choice
Read the full NAT/PAT explanation →

A Windows administrator needs to automate the retrieval of failed login events from the Security log. Which scripting language is most native and efficient for this task?

Question 46mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

In a CI/CD pipeline, a security gate fails because a high-severity vulnerability is found in the base image of a container. The pipeline is configured to block deployment on such findings. What is the appropriate remediation step?

Question 47hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

An organization uses AWS, Azure, and GCP for different workloads. They want a single tool to manage infrastructure consistently across all providers. Which approach is most appropriate?

Question 48mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

Refer to the exhibit. A security analyst reviews this pod specification. Which attack surface is most increased by the added capabilities?

Exhibit

apiVersion: v1
kind: Pod
metadata:
  name: security-example
spec:
  containers:
  - name: my-container
    image: nginx:latest
    securityContext:
      capabilities:
        add: ["NET_ADMIN", "SYS_ADMIN"]
Question 49easymultiple choice
Read the full Scripting, Containers and Automation explanation →

Refer to the exhibit. A security administrator finds this IAM policy attached to a Lambda execution role. What is the most critical security risk?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iam:*",
      "Resource": "*"
    }
  ]
}
Question 50hardmultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. A system administrator creates a systemd service to run a daily patching script. Which security concern is most prevalent?

Exhibit

[Unit]
Description=Auto-patch service
After=network.target

[Service]
ExecStart=/usr/local/bin/patch.sh
Restart=on-failure
User=root
Question 51mediummulti select
Read the full Scripting, Containers and Automation explanation →

A security engineer is implementing container security controls. Which TWO practices are most effective in preventing privilege escalation within a container? (Choose two.)

Question 52hardmulti select
Read the full Scripting, Containers and Automation explanation →

A DevOps team is automating server configuration using configuration management tools. Which THREE principles should be followed to ensure secure automation? (Choose three.)

Question 53easymulti select
Read the full Scripting, Containers and Automation explanation →

An analyst wants to automate incident response tasks in a SOC environment. Which THREE scripting languages are commonly used for automation? (Choose three.)

Question 54mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

A company uses a CI/CD pipeline with Jenkins to build and deploy containerized applications. Security scanning of container images is currently done manually after deployment, causing delays. Which of the following would be the most effective automation to improve security and efficiency?

Question 55easymultiple choice
Read the full Scripting, Containers and Automation explanation →

An organization needs to ensure consistent configuration across multiple Linux servers. They want to automate this process with a solution that requires minimal agent installation and uses push-based communication. Which approach is most appropriate?

Question 56hardmultiple choice
Read the full NAT/PAT explanation →

A security engineer is hardening a Kubernetes cluster. They want to reduce the risk of container escape attacks. Which combination of settings is most effective at the pod security context level?

Question 57mediummultiple choice
Read the full NAT/PAT explanation →

A systems administrator must automate the patching of 200 Windows servers. The environment has strict security requirements and change management. Which scripting approach best balances automation and control?

Question 58easymultiple choice
Read the full Scripting, Containers and Automation explanation →

A development team wants to deploy a microservices application using containers. They need a solution to automate the deployment, scaling, and management of the containers across a cluster. Which technology is most suitable?

Question 59hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

A security team needs to automate the enforcement of cloud security policies across multiple accounts in AWS. They want a solution that uses code to define policies and automatically remediate violations. Which approach best meets these requirements?

Question 60mediummulti select
Read the full Scripting, Containers and Automation explanation →

A company is adopting container security best practices. Which TWO actions should be implemented to reduce the attack surface of container images? (Select TWO.)

Question 61mediummulti select
Read the full Scripting, Containers and Automation explanation →

A DevOps team is automating the deployment of a containerized application to production. Which THREE practices are essential for maintaining security and reliability? (Select THREE.)

Question 62hardmulti select
Read the full Scripting, Containers and Automation explanation →

An organization is automating cloud security group management across AWS, Azure, and GCP. Which TWO approaches provide centralized, auditable control? (Select TWO.)

Question 63hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

A security auditor reviews this Kubernetes pod configuration. Which security vulnerability is most critical?

Exhibit

Refer to the exhibit.

```yaml
apiVersion: v1
kind: Pod
metadata:
  name: web-server
spec:
  containers:
  - name: nginx
    image: nginx:latest
    securityContext:
      runAsNonRoot: true
      allowPrivilegeEscalation: false
      readOnlyRootFilesystem: true
    volumeMounts:
    - name: host-volume
      mountPath: /data
  volumes:
  - name: host-volume
    hostPath:
      path: /var/data
      type: Directory
```
Question 64easymultiple choice
Read the full Scripting, Containers and Automation explanation →

A small business uses Puppet for configuration management on Linux servers. They are now migrating to containers and want to maintain security. The operations team is unfamiliar with containers. The security team insists on automated vulnerability scanning of container images before deployment. What should be the company's first step?

Question 65mediummultiple choice
Read the full NAT/PAT explanation →

A security analyst discovers that container images in the company's private registry lack signatures. The development team uses a script to build and push images. The analyst wants to ensure image integrity and prevent tampering. Which solution should the analyst recommend?

Question 66hardmultiple choice
Read the full NAT/PAT explanation →

A company's Jenkins pipeline builds container images by mounting the Docker socket from the host into the Jenkins container (Docker-in-Docker). An auditor flags this as a security risk because it gives the Jenkins container root access to the host's Docker daemon. The development team wants to maintain the same functionality without the risk. Which alternative should they implement?

Question 67mediummultiple choice
Read the full Ansible explanation →

An organization uses Ansible to automate server configuration for a hybrid cloud environment. The security team requires that sensitive data such as API keys and passwords are not exposed in the Ansible playbooks or logs. The Ansible control node is shared among several administrators. What is the best approach to protect these secrets?

Question 68hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

A company uses Terraform to deploy infrastructure on AWS. They have a compliance requirement that all containers running on Amazon ECS must have a read-only root filesystem and must not run as root. The security team needs an automated way to enforce this policy and provide an audit trail for any violations. Which solution best meets these requirements?

Question 69easymulti select
Read the full Scripting, Containers and Automation explanation →

A security analyst is reviewing a CI/CD pipeline configuration. The pipeline uses a containerized application and includes automated security scanning. Which TWO practices should be implemented to ensure container immutability and reduce the attack surface?

Question 70mediummultiple choice
Read the full Scripting, Containers and Automation explanation →

Refer to the exhibit. A security analyst notices that the pod is running with a service account token mounted. Which security best practice should be implemented to reduce the risk of token theft in container environments?

Exhibit

# kubectl describe pod my-app-pod
Name:         my-app-pod
Namespace:    default
Node:         worker-node-1/192.168.1.10
Start Time:   Tue, 15 Aug 2023 14:30:00 UTC
Labels:       app=my-app
Annotations:  none
Status:       Running
Containers:
  my-app-container:
    Container ID:   docker://abc123
    Image:          myregistry.com/my-app:v1.0
    Image ID:       docker-pullable://myregistry.com/my-app@sha256:xyz
    Port:           8080/TCP
    Host Port:      0/TCP
    State:          Running
    Started:        Tue, 15 Aug 2023 14:30:05 UTC
    Ready:          True
    Restart Count:  0
    Environment:
      DB_PASSWORD:   <set to the key 'db-password' in secret 'db-secret'>  Optional: false
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-abc (ro)
Question 71hardmultiple choice
Read the full Scripting, Containers and Automation explanation →

An organization is migrating its on-premises monolithic application to a containerized microservices architecture on a Kubernetes cluster. The development team has created a set of Docker images that are stored in a private registry. The security team requires that all container images be scanned for vulnerabilities before deployment. The current CI/CD pipeline uses Jenkins to build images, push them to the registry, and then deploy to Kubernetes via kubectl. The scanning is performed by a tool that generates a report, but developers have been ignoring critical vulnerabilities and deploying anyway. The security team wants to enforce a policy that blocks deployment if the image has any critical or high-severity vulnerabilities. Additionally, the cluster must ensure that containers run with the least privilege and that secrets are not exposed in environment variables. The operations team is concerned about performance overhead from runtime security monitoring.

Which of the following approaches best addresses these requirements while minimizing operational overhead?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CAS-004 Practice Test 1 — 10 Questions→CAS-004 Practice Test 2 — 10 Questions→CAS-004 Practice Test 3 — 10 Questions→CAS-004 Practice Test 4 — 10 Questions→CAS-004 Practice Test 5 — 10 Questions→CAS-004 Practice Exam 1 — 20 Questions→CAS-004 Practice Exam 2 — 20 Questions→CAS-004 Practice Exam 3 — 20 Questions→CAS-004 Practice Exam 4 — 20 Questions→Free CAS-004 Practice Test 1 — 30 Questions→Free CAS-004 Practice Test 2 — 30 Questions→Free CAS-004 Practice Test 3 — 30 Questions→CAS-004 Practice Questions 1 — 50 Questions→CAS-004 Practice Questions 2 — 50 Questions→CAS-004 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Scripting, Containers and AutomationApplication Environment, Configuration and SecurityGovernance, Risk and ComplianceSecurity EngineeringSecurity ArchitectureSecurity Operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Scripting, Containers and Automation setsAll Scripting, Containers and Automation questionsCAS-004 Practice Hub