CAS-004 · topic practice

Security Architecture practice questions

Practise CompTIA SecurityX CAS-004 Security Architecture practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security Architecture

What the exam tests

What to know about Security Architecture

Security Architecture questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Security Architecture exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Security Architecture questions

20 questions · select your answer, then reveal the explanation

A company is implementing a zero trust architecture. Which of the following BEST describes the principle of micro-segmentation in this model?

An organization is adopting a cloud-first strategy and wants to ensure proper security responsibilities are understood. Which concept defines the division of security responsibilities between the cloud provider and the customer?

A security architect is designing a hybrid cloud environment with workloads in AWS and on-premises. The architect needs to ensure secure, low-latency connectivity between the two environments without traversing the internet. Which solution should be used?

A company is deploying a cloud access security broker (CASB) to gain visibility into shadow IT. Which mode of operation would allow the CASB to inspect traffic without requiring proxy configuration on endpoints?

Question 5easymultiple choice
Read the full NAT/PAT explanation →

A security analyst needs to ensure that only authorized containers run in a Kubernetes cluster. Which Kubernetes native security control should be configured?

An organization is concerned about quantum computer attacks on its current cryptographic infrastructure. Which of the following NIST-approved post-quantum cryptographic algorithms is designed for key encapsulation?

During a security assessment, a penetration tester discovers that a web application fails to validate the size of user input, leading to a buffer overflow. Which application security control would have BEST prevented this vulnerability?

An organization wants to enforce that only signed container images are deployed in production. Which of the following should be implemented?

A company is deploying a SASE architecture. Which component is responsible for securing web traffic and enforcing acceptable use policies at the edge?

A security architect is designing a PKI for a large enterprise. Which component is used to protect private keys and perform cryptographic operations in a tamper-resistant environment?

During an API security review, an assessor finds that the API uses JSON Web Tokens (JWT) with a symmetric key shared among multiple services. Which of the following is the MOST significant security concern?

An organization wants to enforce consistent security policies across multiple cloud providers (AWS, Azure, GCP). Which tool is designed to continuously monitor and remediate misconfigurations in cloud environments?

A security architect is designing a supply chain security program. Which TWO of the following are essential components of a software bill of materials (SBOM) strategy? (Select TWO.)

An organization is migrating to a zero trust model and wants to implement identity-centric security. Which THREE of the following are key principles of an identity-centric zero trust approach? (Select THREE.)

A company is implementing a defense-in-depth strategy for its web application. Which THREE of the following are layers that should be included? (Select THREE.)

A security architect is designing a zero-trust architecture for a multi-cloud environment. Which principle is essential for enforcing identity-centric micro-segmentation?

An organization is adopting a cloud-first strategy and needs to ensure compliance with SOC 2. Which cloud service model places the most responsibility on the customer for security?

A security engineer is deploying a Cloud Access Security Broker (CASB) to protect a SaaS application. Which deployment mode allows the CASB to inspect encrypted traffic without requiring client software?

A company needs to connect its on-premises data center to a public cloud provider with low latency and high bandwidth while avoiding the public internet. Which connectivity method should be used?

A security architect is reviewing a Secure Access Service Edge (SASE) implementation. Which component of SASE provides security inspection for all traffic, regardless of location?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security Architecture sessions

Start a Security Architecture only practice session

Every question in these sessions is drawn from the Security Architecture domain — nothing else.

Related practice questions

Related CAS-004 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CAS-004 exam test about Security Architecture?
Security Architecture questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security Architecture questions in a focused session?
Yes — the session launcher on this page draws every question from the Security Architecture domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CAS-004 topics?
Use the topic links above to move to related areas, or go back to the CAS-004 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CAS-004 exam covers. They are not copied from any real exam or dump site.