Back to CompTIA SecurityX CAS-004 questions

Scenario-based practice

Refer to the Exhibit Practice Questions

Practise CompTIA SecurityX CAS-004 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

15
scenario questions
CAS-004
exam code
CompTIA
vendor

Scenario guide

How to approach refer to the exhibit practice questions

Practise exhibit-style questions that ask you to read a topology, table, command output or diagram before choosing the best answer.

Quick answer

Exhibit-style questions test whether you can read a topology, command output, diagram or table before choosing the best answer.

How to extract the relevant detail from an exhibit.

How topology, command output or routing information affects the answer.

How to avoid answering from memory before reading the evidence.

How to map the exhibit back to the exam objective.

Related practice questions

Related CAS-004 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

A network administrator is troubleshooting connectivity issues. Based on the exhibit, which of the following is true about the iptables rules?

Exhibit

Refer to the exhibit.

```
# iptables -L FORWARD -v -n
Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  eth0   eth1    10.0.1.0/24          0.0.0.0/0            state NEW,ESTABLISHED
    0     0 ACCEPT     all  --  eth1   eth0    0.0.0.0/0            10.0.1.0/24          state ESTABLISHED
```
Question 2hardmultiple choice
Full question →

A security analyst observes that SSH connections to the server are failing, but HTTP and HTTPS traffic works. Based on the exhibit, what is the most likely cause?

Network Topology
0 0 ACCEPT alllo * 0.0.0.0/0100 540 DROP tcp50 3000 ACCEPT tcp20 1200 ACCEPT tcpRefer to the exhibit.```
Question 3hardmultiple choice
Full question →

Based on the exhibit, which type of attack is most likely occurring?

Exhibit

Refer to the exhibit.

Exhibit:
```
Jul 15 10:23:45 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost=  user=admin
Jul 15 10:23:47 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost=  user=root
Jul 15 10:23:49 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost=  user=root
Jul 15 10:23:51 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost=  user=root
Jul 15 10:23:53 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost=  user=root
Jul 15 10:23:55 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost=  user=root
Jul 15 10:23:57 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost=  user=root
Jul 15 10:24:00 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost=  user=root
```
Question 4mediummultiple choice
Full question →

Refer to the exhibit. A security engineer reviews the S3 bucket policy. Which of the following is the most concerning security issue?

Network Topology
$ aws s3api get-bucket-policybucket mycompany-data"Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::mycompany-data/*\"}]}"

A security analyst reviews the syslog messages from the company's ASA firewall. Based on the exhibit, which of the following is the MOST likely cause of the denied traffic?

Exhibit

Refer to the exhibit.

=== syslog excerpt ===
Mar 15 14:23:45 firewall1 %ASA-4-106023: Deny tcp src inside:192.168.1.10/54321 dst outside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0]
Mar 15 14:23:46 firewall1 %ASA-4-106023: Deny tcp src inside:192.168.1.10/54322 dst outside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0]
Mar 15 14:23:47 firewall1 %ASA-4-106023: Deny tcp src inside:192.168.1.10/54323 dst outside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0]
Question 6mediummultiple choice
Full question →

A security analyst is reviewing an AppArmor profile for an application. Based on the exhibit, which action would the application be denied?

Exhibit

Refer to the exhibit.

```
-- AppArmor Profile: /usr/bin/somebin
#include <tunables/global>

profile somebin /usr/bin/somebin {
  capability dac_override,
  network inet dgram,
  /etc/config/* r,
  /var/log/app.log w,
}
```

Refer to the exhibit. A security review is being conducted on the Python application configuration. Which of the following security issues is present?

Exhibit

import os
api_key = os.environ['API_KEY']
db_connection = os.getenv('DB_CONNECTION', 'sqlite:///default.db')
if not api_key:
    print("Warning: API key not set")
Question 8hardmultiple choice
Full question →

Refer to the exhibit. A security analyst is reviewing the Nginx configuration. Which of the following is the most critical security flaw?

Exhibit

# nginx.conf
server {
    listen 443 ssl;
    ssl_certificate /etc/ssl/certs/server.crt;
    ssl_certificate_key /etc/ssl/private/server.key;
    location /admin {
        proxy_pass http://internal-admin:8080;
        allow 192.168.1.0/24;
        deny all;
    }
    location /api {
        proxy_pass http://internal-api:8080;
    }
}
Question 9mediummultiple choice
Full question →

Refer to the exhibit. Which security issue does this S3 bucket policy present?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "192.0.2.0/24"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
Question 10mediummultiple choice
Full question →

Refer to the exhibit. A security analyst reviews the following firewall rule on a border firewall. Which vulnerability is present?

Exhibit

access-list 100 permit tcp any any eq 22
access-list 100 permit tcp host 10.0.0.10 any eq 443
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 100 deny ip any any
Question 11easymultiple choice
Full question →

Refer to the exhibit. The security team has been asked to remediate the vulnerability before the next PCI DSS audit. Which of the following is the MOST appropriate action?

Exhibit

Vulnerability Scan Report
Host: 10.0.0.50
Port: 443
Vulnerability: TLS 1.0 enabled (CVE-2016-2183)
Severity: High
CVSS: 7.5
PCI DSS: Non-compliant (Requirement 4.1)
Question 12mediummultiple choice
Full question →

Based on the exhibit, what vulnerability is present in the firewall rule?

Exhibit

Refer to the exhibit.
Firewall rule:
rule id 10: allow source 203.0.113.0/24 destination 10.0.1.100 service any
Question 13easymultiple choice
Full question →

Based on the exhibit, what type of attack is indicated?

Exhibit

Refer to the exhibit.
Log entry:
2025-02-14 09:23:45 VPN login FAILED from IP 192.0.2.10 user admin
2025-02-14 09:23:46 VPN login FAILED from IP 192.0.2.10 user admin
2025-02-14 09:23:47 VPN login FAILED from IP 192.0.2.10 user admin
2025-02-14 09:23:48 VPN login SUCCESS from IP 192.0.2.10 user admin
Question 14mediummultiple choice
Full question →

Refer to the exhibit. Which of the following best describes the security constraint imposed by this policy?

Exhibit

Refer to the exhibit.
```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "StringEquals": {
          "aws:sourceVpce": "vpce-123abc"
        }
      }
    }
  ]
}
```
Question 15mediummultiple choice
Full question →

Refer to the exhibit. This clause is a requirement of which of the following?

Exhibit

Refer to the exhibit.
```
The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
  (a) the pseudonymization and encryption of personal data;
  (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
```

These CAS-004 practice questions are part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style CAS-004 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.