New Insights for the CASP+ CAS-004 Exam

By Bob Weiss

I just took the new CASP+ CAS-004 Exam on March 14.  This exam is an unscored pass/fail exam.  I passed.  There were very many questions where the feeling was “when did we ever learn about this.”   I’m an instructor for this course, and several others.  So the moral of the story, let go of your negative feelings of uncertainty and failure.  You ARE prepared, even if the subjects in the questions seem unfamiliar.  Read the scenario, read the question, pick an answer.  Go with your first answer.  Don’t overthink it, and don’t second guess yourself.  Never ever change an answer, the first impression is the good answer almost always.

This post is an accumulation over time, and I am adding new content as it happens.  Also, check me out on Reddit. 

[Bob says: As of July 13 2022 there is more information on the Linux Forensics Simulation and also the usual Question1 PBQ.  Read all the way to the end, and check the comments for deeper insights. The newest bits are at the bottom.]

There was only one Performance-Based-Question (PBQ) and it was the first one on the exam.  The one I had was a Business Continuity/Disaster Recovery scenario.  There was a network map of two offices connected by a VPN, and a number of different hosts at each location.  In the scenario, there was a disaster at Location A.  There were three “findings” about certain situations that weren’t working correctly, and I had to match each finding to one or more devices.  One of the findings also required I choose a mitigation from a drop-down list.  I did not think this was overly hard, although I did reset the board 3 times before settling on my 4th answer set.  Usually I wait to do the PBQs at the end, but this one seemed simple enough so I just completed  PBQ1 and moved on.

Then there was a “Virtual Environment” question.  These are different, I have not seen one like this.  You HAVE to answer it in the order you get it, if you skip it you can’t go back. and you get no points.  Once you have answered it, you can’t go back either.  My Virtual question gave me a simulated Linux Ubuntu desktop.  The scenario was that this system was maliciously breached, and had been repaired, but there is concern by the security tech that there is a malicious TCP process still running, and your job it to find it, identity it, disable it, and kill it.  All in the constrains of the Ubuntu terminal window.  You definitely need to know your Linux commands for this one.  This is similar to the PBQ 1-3 listed below

To get good practice in Linux, I would recommend installing Kali Linux as a virtual machine, and learning how to work at the terminal window.

There was a lot of emphasis on Business Continuity/Disaster Recovery, Cloud, Authentication, and Software Security.

If you have taken this exam recently and wish to contribute some of your experiences, I would add them to this article.

Here are some tips on the Performance Based Questions (PBQ) from the CAS-003.  They may be out of date, but in my experience these PBQ questions hang around for a while.  These come from Quizlet  These are offered as examples, not verbatim copies of actual exam questions.

PBQ 1 Part 1 As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit. This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server and it does not need to print. You need to disable and turn off unrelated services and processes. What command would you use to check the configuration

chkconfig –list

PBQ  1Part 2 As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit. This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server and it does not need to print. You need to disable and turn off unrelated services and processes. What services would you need to disable to accomplish this

wpa supplicant

PBQ 1 Part 3 As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit. This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server and it does not need to print. You need to disable and turn off unrelated services and processes. After you have stopped the service using the service “service” stop command, what needs to be done?

You need to kill the process. first type ps -A, this list all the processing running, find the service you want to kill and do so by command kill -9 262 (example) the 262 is the id number associated with the service

PBQ 2 Part 1 An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. What is your first step

Out of the six downloads, some may be http and others https. Use only the Https

PBQ 2 Part 2 An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. When downloading the patch, move on if you get these errors

the file does not download in a reasonable amount of time or you get a certificate warning

PBQ 2 Part 3 An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. If a file downloads uneventfully, how would you check the hash of that file to the control hash given?

type md5sum install.exe and hit enter to compare that hash to the control hash given. md5sum should a directory in the directory your in (C:\Downloads directory). install.exe is the file you downloaded from the patch site and should also be in the same directory as md5sum directory

PBQ 2 Part 4 An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. If you find the file that matches the control hash given on the download center site, how would you install that patch?

make sure that correct file is in the downloads directory and you are in the downloads directory and just type install.exe

A new PBQ submitted on March 31, 2023

I was given two snippets of code (both were python if I remember right) and had to identify the vulnerability in each, as well as how to remediate it. Being able to identify and remediate injection attacks, insecure object references, and other issues in the OWASP top 10 should be enough.

And some more on this “code security” PBQ.

…the old code snippet sim from CAS003 that you can find here

Check out this chat of mine on Reddit –

Added on 2022-06-28 – Searching YouTube using CAS-004 Forensic Linux Sim I did find a two hour video tutorial on Linux Forensics at I am watching it now. Some of this content may be useful in understanding the process that is being tested in the Sim.

Question from a test taker about the Simulated Virtual Environment question

I have to be careful here, I can provide guidance but not explicit information.  Conversation follows.

M – We were just talking on Reddit. I remember the exercise almost verbatim but I don’t want to make you feel uncomfortable with non-disclosure etc. But if you have any insight or tools to help me learn command line quickly or what to look for I think I can pass the rest. I’m fairly certain the exercise is what held me back. Let me know and I can send it to you. Also looking forward to reading your blog tomorrow.

Bob – Ok so you have some work ahead of you but not a lot.  You need a few Linux command line tools

First step is to get a copy of Linux on a computer.  Easiest way is to set up a virtual machine.  I have a VM of Kali Linux I use for all sorts of security work.  But Ubuntu would be the distro on the test.  Ever set up a VM?

I use Virtual Box.  It is free.  Got to  Download and install.  After that install the Extension Pack

Then go to or  I know Kali better.  But they are both Debian Linux distros.  In Kali, choose the Virtual Machine option, and then download the VirtualBox option.  Save it where you can find it, then open Virtual Box and go to File, Import Appliance, and then find your download and you are done.

Let me know if you get it working.  Or let me know if you already have done this.

M- Thank you for sending, tried to download Kali but I don’t have enough space on my computer its just a basic acer. trying to find a better option

Bob- Ah too bad.  You could make a bootable USB drive to get around that problem, look lower on the Kali downloads page.  Unfortunately you can’t flip back and forth between the windows host OS and the Kali virtual OS.  You boot into the drive and its all Kali all the time.

I’ll send you a list of commands to learn, just need some time to pull them together.

Here are some Linux Command to learn  Linux Commands

At the beginning of the question the test offers suggestions about what Linux commands may be useful in this question.  Take the hint.  Write the commands on your note card.  You will be using them.

If you need help try the man command.  For instance, man netstat shows available commands in netstat..  Press q to quit or exit.  Generally speaking Windows help or Linux man information is available in the testing environment.  Not sure?  Get help!

One command you might need for this question is netstat  This will show a running list of TCP connections.  I opened my website at  It shows up on the first line in the image below.

You can see all the other TCP connections.  You will have to scroll back to the top of this report, as it goes on for several pages.

Another command you may need is ps.  This will show you the process IDs for all running processes.  Try to find the rogue process in question.  Here is the man page.

Here’s the man page for the service command

Let’s try the command service –status-all.  You should see a list of running services.  If we were trying to stop a rouge service named rogue type service rogue stop

The kill command will kill the rogue service.  Do so by command kill -9 262 (example) where 262 is the id number associated with the service.  Of course you will use the process ID you identified earlier.

This question will take a lot of time in the middle of the exam, but it is a must do with no backs. So practice makes perfect here.  Find your way by practicing on the Kali Linux VM you created earlier.


One of the test takers I am talking with has failed the CAS-004 a total of four times now.  He is thinking that it Sim is causing him to fail, but I think he has the Sim process pretty well figured out, and I suggested that he might be only a few points from passing, and that his missing point may lie elsewhere in the test.  No guarantees on this solution, this is just what he is doing.  The email string between us follows below:

TESTER: FYI, I have had the same sim question every time, all 4.

The Linux question has two parts,  first you have a rogue tcp process and second you need to find a keep a malicious service (called malicious.service) from restarting.

The steps I took were as follows:

  • netstat -nalp to find the tcp process, there was only one established process like port 50200 to 1337,
  • lsof -i :50200, found the pid which was something like 2430
  • kill -9 2430
  • used systemctl to find the malicious.service
  • systemctl stop malicious.service
  • systemctl disable malicious.service
  • I did find the malicious.service in /etc/systemd/system and deleted it with elevated privileges
  • I rebooted twice and the tcp process or the malicious service never came back.

I figured that I answered the questions correctly and the service never came back.

In talking with a guy that I work with that knows linux much better than I do, he said that maybe the question is not written great and you need to do more.

He suggested before I kill the tcp process that I find out the location of the exe. Possibly in usr/bin or somewhere else and then kill the process and remove the exe before I stop and disable the malicious.service?  He said that deleting the malicious.service that I found in the etc/systemd/system probably isn’t what was necessary to pass the test?

My response:

That process looks pretty solid to me.  I like your colleague’s suggestion, so I would try that next time.

From the feedback I have been getting, it seems there is a malicious file to find and remove.  Presumably named whatever the process was named.  I think there is a list command (ls) that search iteratively through the nested file structure that uses the ../../../ filename structure.   Type the ls .. command to list the contents of the parent directory one level above. Use ls ../.. for contents two levels above:  See the article on the ls command at

I believe that the sim is not all or nothing type scoring, that you get partial credit for getting most of the process right.  I could be wrong, but I believe that is the case with the standard PBQs, too.

There is a possibility you are missing points in the multiple choice questions.   Since this is Pass/Fail, you may be very close to a pass, and just need one or two more answers.  Pay close attention to questions that have more than one correct answer, make sure you choose the answer that is “BEST” in relation to the scenario and the question.  For example, there is a scenario, a question, and three of the four answers are correct from a certain perspective.  Make sure the answer you choose is the most specific for the question.  If there is a n answer that is generally correct, and an answer that is specifically correct, choose wisely.  Often the most specific solution is the best one.

Are you taking this test as a home proctored exam?  I have heard horror stories galore about overzealous proctors invalidating  your test results.  If this applies to you, go to a testing center next time


CAS-004 PBQ Solution

A contributor provided this solution for the PBQ that is usually Question 1 on the exam.  This is NOT the dreaded Linux Simulation, just the standard PBQ.  Never the less, from a scoring stand point this is important.  If you are failing, you may be missing THIS question, and doing fine on the Sim.  You can skip and return to finish it later but now you may not need to.  These images are from a practice exam source, not my own.  Again, I am just curating information that can be found on the web or on commercial test prep resources.

Click on the images to make them bigger.

The Question


The Answer

The contributor dug a little deeper on the web and found another answer for the drag and drop.  The directory server is #1, the SCADA master controller is #2 and the VPN concentrator is #3.

Bob says – I removed the Answer image since the information on the illustration was incorrect.  The  answers given were #1 VPN Concentrator (wrong), #2 Pumps (wrong), #3 Directory Server (wrong).  If you are using this practice test, please do not rely on the answers shown.  The practice test is from Exam-Labs

Another contributor adds: For the PBQ, with the wrong selections from before, there was another step. After dragging the 3 selections, you also had to click on Directory Server, and choose from a drop down list of 8-9 choices of WHAT you were doing with that directory server.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at
  Related Posts


  1. Manny Lima  April 20, 2022

    Wish I saw this before taking the exam. I had no idea this question was coming and had to skip it and I failed the exam. I had all the multiple-choice questions memorized but yet I still somehow failed. Are these lab questions worth a lot of points/

  2. Manny Lima  April 20, 2022

    This was in regard to the Linux TCP virtual environment

  3. bobwyzguy  April 20, 2022

    Yes the Performance Based Questions and especially (I think) the Simulated Question carries a lot of weight on the exam. I think failing or not responding to the Sim Q pretty much guarantees a fail.

    On thing that most test takers don’t know is that HELP is available. If your PBQ or SimQ has a command window or terminal window, you can invoke help (such as ipconfig /?) and the help files will open, but JUST THE COMMANDS YOU NEED FOR THE TEST QUESTION. So if you are at the C prompt, just typing help or the ? will show you the commands that are necessary for the question. Not all the help, just what is covered on the question. This is a huge clue.

    If you are in Linux, the man (Manual) pages are available. Again, just the ones you need for the exam. question.

  4. Manny Lima  April 20, 2022

    This was my results: Which sections do you think were the virtual exam? My guess Section 1-3?

    You incorrectly answered one or more questions in the following objective areas:
    1.1 Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.
    1.2 Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.
    1.3 Given a scenario, integrate software applications securely into an enterprise architecture.
    1.4 Given a scenario, implement data security techniques for securing enterprise architecture.
    1.5 Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.
    1.6 Given a set of requirements, implement secure cloud and virtualization solutions.
    1.7 Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.
    2.1 Given a scenario, perform threat management activities.
    2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.
    2.4 Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.
    2.5 Given a scenario, analyze vulnerabilities and recommend risk mitigations.
    2.6 Given a scenario, use processes to reduce risk.
    2.9 Given a scenario, use forensic analysis tools.
    3.1 Given a scenario, apply secure configurations to enterprise mobility.
    3.2 Given a scenario, configure and implement endpoint security controls.
    3.3 Explain security considerations impacting specific sectors and operational technologies.
    3.4 Explain how cloud technology adoption impacts organizational security.
    3.5 Given a business requirement, implement the appropriate PKI solution.
    3.6 Given a business requirement, implement the appropriate cryptographic protocols and algorithms.
    3.7 Given a scenario, troubleshoot issues with cryptographic implementations.
    4.1 Given a set of requirements, apply the appropriate risk strategies.
    4.2 Explain the importance of managing and mitigating vendor risk.
    4.3 Explain compliance frameworks and legal considerations, and their organizational impact.
    4.4 Explain the importance of business continuity and disaster recovery concepts

  5. bobwyzguy  April 21, 2022

    Yes you could be on the right track. I checked Reddit for more comments about CAS-004 but were not finding much.

  6. ROG141  April 22, 2022

    Today i taked the CAS-004 for the error i skip the “Simulated Virtual Environment” i cant return to SIM, for that i failed the exam, the test have 81 question, Sad but true 🙁

    • bobwyzguy  May 23, 2022

      CompTIA does explain that there is no going back on the Sim. Do your best, don’t skip it.

  7. Sam  May 27, 2022

    I just failed casp+ and that simulation was a bummer. I spent 10+ minutes on it and hit next thinking I could go back but forgot that I couldn’t.

    I tried to find the malicious connection but idk what to look for? Was it supposed to be obvious like hackerDomain and is the process supposed to be obvious too?

    I had the disaster recovery but I totally did not understand what it’s wanting me to do. I am so bummed out!

    The multiple questions were sooo hard. All the studying I did seemed very useless.

  8. bobwyzguy  May 28, 2022

    The malicious process could be consuming large amounts of system resources especially processor and RAM (memory) PS should reveal that.

    Yes a process name that seems wrong, or a process that has a similar name to a correct process would be suspicious.

    You have to stop the process in PS and then kill it

    Most people do not know Linux well, so more time on a Linux system would help

  9. First  June 20, 2022

    Finally took the CASP+, couldn’t find the rogue process with ps but was able to disable the service. Nothing was glaringly obvious to me. Going to study Jason Dion’s materials and try again I suppose as maybe I can get partial credit for the SIM and attempt to get perfect on the multiple choice.

  10. John  June 24, 2022

    I took the CASP+ 004 and I struggled most with the virtual environment. I cloud not find any malicious processes and I used all commands such as ps, ss, netstat, and top, and I could not use commands like systemctl, service, and kill. Some of the questions were a bit iffy but I believe I was dragged by the virtual environment. I think the question is very misleading.

  11. no cow  June 27, 2022

    I am taking CASP this week and I am familiar with Ubuntu. I am curious if they strictly test on Linux? I know some commands are different such as the chkconfig on ubuntu is update-rc.d. Thanks for the info!

  12. bobwyzguy  June 27, 2022

    The Sim is all Linux. The Other PBQs could be on several things.

  13. Tom  June 28, 2022

    Yesterday was fail 3 for me. I know that I answered at least 76 of the multiple choice questions correct and thought I maybe passed the virtual linux question but I guess I didn’t. This has been the same for the other 2 tests…..strong on the multiple choice not on the virtual linux. I don’t know how they can put so much emphasis on one question when none of the training covered it?

  14. bobwyzguy  June 28, 2022

    First, I admire your persistence. It seems like the Simulation on Linux is tripping up many test takers. I am convince that you need a Linux installation like a Virtual Machine to learn the use of some of the commands that are necessary for this question.. If you believe the question is too difficult or unfair, you should probably open a case with CompTIA about it, but I wouldn’t expect much. If enough testers complain, maybe the Sim will be replaced with something a little easier to pass.

  15. Tom  June 28, 2022

    I installed Virtualbox and have an Ubuntu VM running. I have been practicing using netstat to show a process that doesn’t look correct, finding the pid and killing it. I am lacking at finding a malicious service and knowing what to do to prevent it from running again. I have been trying to figure out what looks right or wrong in crontab and several other things but I can’t seem to put everything together. Can you name a resource free or not that would help me? Thanks Bob.

  16. bobwyzguy  June 28, 2022

    As to how to find the malicious file, I would expect the file name to be the process name. It may take some looking to find where it is lodged in the system files, but there is an iterative search parameter of the ls command that uses ./././. that will parse the entire file tree. Another ls command will show the file path

    I went looking for other practice resources and especially YouTube videos in the CAS-004 Linux Sim. It seems that some sources are calling this a Forensics SIM, which it is. Another term to add to your search.

    I found something interesting at that some of their content was taken down over DMCA conflicts. Sounds like CompTIA wasn’t happy that someone was revealing the solution to the sim (perhaps).

    My exploration of YouTube today revealed nothing specific to the Sim, just a lot of trainers and training companies selling their certification wares.

    Searching YouTube using CAS-004 Forensic Linux Sim I did find a two hour video tutorial on Linux Forensics at I am watching it now. Some of this content may be useful in understanding the process that is being tested in the Sim. This is a lecture from what I assume to be a college class. He uses a lot of third party tools that aren’t part of the exam, so I am not sure how helpful this will be

    We need to hear from people who passed and are willing to share some insights. I am not looking for the answer, which would be a violation of the CompTIA NDA, just some help with the questions other test takers are asking

  17. First Last  July 8, 2022

    The problem with the SIM is that the process is nothing glaringly obvious unless you are very familiar with what is normally running on Linux. I created a Kali Linux VM and a Ubuntu VM and I’ve stared at these processes trying to familiarize myself with them for awhile now. Hoping to take the test again this weekend or next and will report back if I pass. The first time I took it I could find the persistent service but could not associate a PID with it unfortunately. Honestly there is too much time on this test. I was done with an hour left and that was after reviewing everything once through. I highly suggest anyone taking this test to spend 30 minutes or more on the SIM.

  18. VeryFrustrated  July 14, 2022

    I failed my first attempt at the end of June. I tested again yesterday.
    I received many of the same questions from the first attempt, and some new ones as well.
    My first question was the drag and drop site a and b question.
    My 23rd question was the linux sim, and I believe it was going to be exactly the same as before BUT, after making some notes on my whiteboard, I clicked NEXT. That SKIPPED the question.
    I immediately reached out to the test center staff, and they had no clue. they told me to click back.
    This killed all enthusiasm for the remainder of the test as I knew I just threw $490 away.
    I asked to protest the test, and the worker said he would do that… “Oh, But not right now dude, I will do that later”
    I have 0 confidence this will happen as he does not even understand what my issue was.
    I also called the number from the bottom of the test, but this guy in India was convinced the name of the test I took was COMPTIA. Then he said I reached the wrong number.

    I don’t know that it is worth trying to gt a retake because of the unintentional sim skip issue because the printing out said I missed 1 or more questions, in 24 domains. I don’t think I really missed 24 or more questions, but they don’t give you a score so I have no idea.

    I really think is is insane that they have you accustomed to clicking NEXT to proceed, and prompt you for if you really want to proceed, really are done reviewing flagged questions, really want to end the test… But no prompt for “You really want to skip this sim question??” Very unfair.

  19. bobwyzguy  July 14, 2022

    Man, I am so sorry to hear that. Let me know if you can get them to give you a retake.

    CompTIA seems to have made CASP+ a proving ground for new test technology like the Simulated Environment. I have collected over 20 comments on this article, as well as another collection of complaints on my original Reddit posting.

    I got new intel on both the Linux Sim and the first PBQ question (usually question 1) at the bottom of this article.

  20. VeryFrustrated  July 14, 2022

    For the PBQ, with the wrong selections from before, there was another step. After dragging the 3 selections, you also had to click on Directory Server, and choose from a drop down list of 8-9 choices of WHAT you were doing with that directory server.

  21. First Last  July 15, 2022

    I believe the drop down had to do with BGP from when I took the test? Hoping to take it again this weekend and hopefully not fail!

  22. Welp  July 15, 2022

    Because of NDA I’m going to be vague so don’t bring the pitchforks. I just recently passed the CAS-004 and what I will say is don’t over complicate the linux sim if you get it. It mentions that there is a malicious process or service on the system. Start with that information. What would command would you use to show running processes or services? It should snowball from there. Comptia is not trying to be tricky or hide anything so don’t go into it thinking it’s going to be overly complex.

    If you were confident that you performed the correct actions in the sim then it may be the theory that you just need to focus on.

  23. KLAS  July 28, 2022

    Thank you for your help here Bobwyzguy. I studied up for the Linux problem and believe I did well on it. I killed two pids and the stopped and then disabled the service. I think that was right. I noticed the second pid and don’t know if I needed to kill it or not but I did. I see a lot of people talking about the MC questions in this thread, please urge everyone here to fully vet ALL practice problems they are using to study. Review every choice on every example problem, it stinks but many of the answers to practice problems on the internet are wrong…..especially if you are finding them from random sources. Thank you for this page as it got me to download Kali and install it on VBox. I, then, installed lighttpd and practiced killing it, starting it, stopping it, disabling it, re-enabling it, and just got to know a lot of commands in Linux that I don’t normally use. It also helped me vet some practice problems that had wrong answers. Thank you again.

  24. bobwyzguy  July 28, 2022

    Thanks for your contribution KLAS.

  25. Brian  July 28, 2022

    Thanks for the information! I passed my CASP exam back in 2016, did the CEUs in 2019, but unfortunately forgot to do it again this year. I have been studying to take it next week, as this cert is needed for my job.

  26. Brian  August 3, 2022

    I passed the CASP + Exam (CAS-004) yesterday. The info here was VERY helpful. I had a total of 81 questions.

    I had the “Click and Drag” VPN question with the 2 sites. I filled it out exactly how it was stated here. I did, however, have to do another step. On the VPN concentrator (which had answer #3 assigned), I had to pick from a drop down listing; which answer would resolve the flapping issue.

    I had the dreaded Linux simulation question as well. Unfortunately, I wasn’t able to find the process ID (PID) attached to the malicious service. Using netstat or netstat -nalp shows the established connection of the malicious service, but the PID info on all connections are blank. I did and delete the malicious file itself, which ended the connection within netstat.

    Hope this helps.

  27. bobwyzguy  August 3, 2022

    Thanks Brian for sharing your experience and contributing to the Comments.

  28. VeryFrustrated  August 4, 2022

    I took the CAS-004 for the 3rd time today.
    I PASSED!!!

    First time: Missed 20 questions (From what I can tell from the results sheet), Bombed the Linux sim and 2 PBQ questions.
    Second Time: Missed 22, accidently skipped the Linux sim, and bombed the 2 PBQ questions.
    3rd time: Says I missed 16. I believe I NAILED the Linux sim and the drag n drop. I did not get the 3rd one where you secure the servers.
    So there you have it, passing IS possible. 🙂

  29. bobwyzguy  August 5, 2022

    Congratulations Very Frustrated. The solution is informed preparation, and lots of Linux practice (for the Sim)

  30. First Last  August 7, 2022

    Finally passed this monster of a test and only missed one or more questions from 12 domains. Thank you so much for your help with this blog entry. I’ll definitely have to get some tutoring from you for the CISSP when I get around to that! So thankful to be done with CompTIA and their question trickery.

  31. bobwyzguy  August 8, 2022

    Congrats! Its been a long process, but you did it. Drop me a line when you start your CISSP. Don’t wait too long as the CASP+ is great prep for the CISSP. Two exams very much the same content. Personally, I think the CISSP may be easier to pass than the CASP+ No PBQs or SIMS

    The CISSP is a MANAGER’S exam, and the hardest thing for a technician to learn is how to THINK LIKE A MANAGER and pick the answer a manager would pick

  32. Ahmad  August 9, 2022

    I am about to take CAS-004 exam and really happy that I have found this page. Thank you for your contribution.

    Regarding the Linux Sim, what I understood upon going through the Linux commands is that the following should be done:

    1- Find the malicious process (using PS command)
    2- Determine the PID (using PS and/or netstat)
    3- Stop the service (using service command)
    4- Kill the service (using kill -9 )
    5- Delete the malicious file which is starting the process (using rm command)

    Is this the correct logic or am I missing something? Kindly advise.

    Thank you!

  33. bobwyzguy  August 9, 2022

    That looks good, based on the input I have received from other test takers.

  34. Glizzy  August 17, 2022

    I just took my CASP exam yesterday and passed on the first try. This blog has been super helpful in assisting with understanding the concepts and what the test is asking for. I got the Linux Sim and it’s alot more simple than what some people are making it, don’t overthink it. Study the terms and you should be good. As I was going through the test, it felt like I didn’t know every single answer but just take the time to read it thoroughly and pick your best choice and you should be good, don’t let the test frustrate or consume you!

    Thank you again Bob for this page and how you assist people in trying to help them pass this test! Very helpful and much appreciated.

  35. bobwyzguy  August 17, 2022

    Congrats Glizzy. Together we all have contributed to this tutorial. So thanks to all who provided tips and guidance.

  36. CASP Hopeful  August 22, 2022

    I’m going to be taking CASP in the next couple days after failing it last week due to the Linux SIM not loading. It was a blessing bc I was not prepared for the Linux sim but after finding this blog I believe I will be ready for it now. I do have a question about the PBQ though. I had the drag and drop as described in the blog post but I am unsure if I should be dragging #3 on both vpn concentrators, just the one on site A or just the one on site B. Originally I put it on just site A and the extra step I chose the BGP option but now I am second guessing myself on which VPN concentrator they are looking for or both. Any insight into this would be very much appreciated!

  37. bobwyzguy  August 22, 2022

    CASP Hopeful – Answering your question would be a detailed enough answer to potentially violate the NDA. Make sure you have looked at the last section of the original article that deals with the PBQ. This was originally submitted with two images, and the second one, THE ANSWER, was wrong. If you are working from that two image set, forgt what you are shown on the second image and read the article comments.

    You can enlarge any of the images in the article but clicking on them to open them up full size.

    Let me know if this is enough for you.

  38. CASP Hopeful  August 22, 2022

    bobwyzguy.. thank you for the feedback! I will take it and see how I do. Retesting in the morning and hoping my SIM populates correctly and this time it is enough to get that PASS. I will update tomorrow with the news.

  39. bobwyzguy  August 22, 2022

    Good luck CASP Hopeful

  40. CASP Hopeful  August 23, 2022

    I promised an update so here it is:

    I passed! The first time I skipped the Linux SIM by accident, failed, and my score report said I missed one or more questions in 21 different areas. This time I did the simulation but I was only able to find the malicious service and stop it, I wasn’t able to find the process to kill or any kind of .exe so I know I didn’t get full credit bc there is definitely more than 1 task to perform.

    The PBQ was fairly easy but make sure you read the fine print under the choices bc one of them will be different and the photo on the main blog post does not show that. I think this matters as it had me change one of my answers. Can only assume that I got it right this time as opposed to the first time since I passed.

    This time my report said I missed one or more questions in 20 different areas, so I believe the little bit of the Linux SIM that I was able to do and the changing of my PBQ answer pushed me over the edge into passing.

  41. bobwyzguy  August 23, 2022

    CASP Hopeful – Good work!! Congratulations

  42. Perplexed  September 5, 2022

    I’ve taken the exam twice and I am not sure where I am falling short but suspect it is the Linux sim.

    inthe Linux sim I cannot find the PID using lsof, top or ps. I did sudo systemctl stop and systemctl disable the “suspicious name”. I was able to find two files in separate directories using systemctl | grep “suspicious name” and sudo rm them. I rebooted and after rechecking netstat the service did not restart. I checked the file locations and the file did not return. I rebooted again to make sure, rechecked the service and locations and nothing came back. I figured that was all I could do and moved on.

    Any suggestions or guidance would be well received.

  43. Alexandro Mullings  September 7, 2022

    Hi Bob,

    I took the CAS004 on September 5th and today. I failed again…. I stumbled on this bloq after digging around to see if anyone has gotten this same issue. I feel cheated. I took the exam and ALL of the multiple choice questions were STUPID easy. If I got 4 wrong that was PLENTY. I did the SIM and stopped the process and removed the file buried in the directory. The first time I took the exam it took about 24 hours for me to see my results, today, I click on Finish and the results are there. I got according to the printout 23 sections wrong, REALLY? ^.^
    I compared it to the printout of 25 so basically I spent 2 days studying and going over the content like a madman to ONLY get 2 questions right the second try. I find this ludicrous. I WILL never be taking another CompTIA exam again and will advise everyone that I come across to do the same. I’ve done CompTIA exams in the past and other certifications but none have I felt cheated like this one. I mean: just about every single question I was confident in my answer. There is NO way that my responses were wrong, the VM simulation or system grading that they use must have some sort of glitch OR the SIM is a pass/fail sort of deal. Addtionally, there is more than one way to tackle the SIM because I restarted and the process did not appear. However, if there is a parameter checking for a condition and that condition is not met based on what CompTIA deems as correct then this is truly an unfair exam. I wrote to them but I am not expecting much. Sad, to say; I will not be taking another CompTIA cert for the rest of my life.

  44. bobwyzguy  September 8, 2022

    Alexandro – once you calm down, give it another try. Many people are struggling with this exam. You can open an appeal with CompTIA if you think the results were unfair,

    I think the CAS-004 is harder at this point than the CISSP. It is a managerial exam (like the CISSP) and is looking for answers a manager would choose over what a technician would choose.

    The test report is not saying you got 23 questions wrong, but is just showing you the objectives you need to work some more on.

    There are LOTS of tips about the Linux SIM. There are more than two steps, more like 5, and you need too use more of the commands at the terminal. Also check the PBQs. Many are missing the PBQ answers and thinking it was the SIM.

  45. KLAS  September 9, 2022

    Alexandro, I do not know the methods of which you studied but if you used any practice questions on the internet, I will guarantee you that the answers were wrong on at least 50% of them. If you read a book or two and watched video after video, then I agree, you may have been robbed. I had 15 listed topics on my score report and passed. I used a CASP+ book from Amazon and practice questions from the internet, most of the answers on the questions were incorrect though. You have to completely vet every question you use to study with from the internet, it stinks and adds weeks to your studying but it has to be done. Just my 2 cents but who uses change anymore.

  46. bobwyzguy  September 10, 2022

    Thanks KLAS

    Even the well-known brand name commercial practice exams have errors. I got a new release of Boson for A+ 220-1102 and found a question where the shown correct answer was WRONG, but the explanation chose the correct answer, not the highlighted answer. People are not perfect, and neither are practice questions.

  47. GremlinMaster  September 13, 2022

    Hello all,
    So, I just took the CASP and passed it on my first attempt. I’ll go through my experience first then the study materials I used. It was about what you expect from CompTIA. I only got one PBQ, it was very close to the one in the blog notes above 😉 as for the simulation I was messing around with it for 45 mins. The process kept returning after killing it/rebooting and some commands didn’t work like lsof, I’m not sure if I was using them correctly. To make matters worse the sim black screened on me almost like the connection was terminated. That only left me with about 1hr 30mins to answer the remaining questions (I had 81 total). With only 15 mins left I went back and reviewed 22 questions I flagged. I only changed a couple answers. Like Bob says go with your first choice. When I got my report, I had 19 areas that needed to be worked on. So, with the sim dying on me I was still able to pass. Now for the materials, I used Mark Birch’s book, Jason Dion’s web training/practice test and pocket prep. I was baffled that there are allot of questions on the test that mimic Marks end of book practice exams. Since I wasn’t really in the cyber security field, I took about 3 months to study with the last month studying almost 8+ hours a day and the last week I did practice test after practice test. I feel like you need to diversify your material instead of having one resource. I stumbled across this blog a week ago and I can tell you It was one of the key reasons I passed. I had no Idea about a sim question and this blog outlined perfectly what is needed to succeed. I know what it’s like taking CompTIA certs more than once, keep putting in the work. You got this peeps.

    Here is a link to a reddit user that used Marks book:

  48. bobwyzguy  September 13, 2022

    Thanks Gremlin Master – great rendition of your exam experience, thanks for sharing. Congratulations on your certification too

  49. John  September 15, 2022

    I passed the casp+ on my second try this website helped a lot when re studying. The virtual environment was better the second time because of practice in my own virtual machine.

  50. James Beanbag  September 19, 2022

    The CASP+ exam is the bomb.
    I was shocked at my 1st attempt at the type of questions I met on the exam day. Most of the practise questions I had used were CAS-003. However, i do not really like using dumps so i was just going with the mindset of understanding the objectives of the exam very clearly; to my surprise, it is much more than what is in the objective. Your practical experience in the past will be put to test. So it is thorough one at that.

    Now on my experience during the 2nd attempt:
    I also got the PBQ for the DR scenario. In my own case, they asked me to choose the exact service I am choosing to improve connectivity in site B. In your case, it might be the directory service. So know what you are doing. [Answers are SCADA Pumps, Directory service & VPN concentrator in no particular order]
    For the SIM/Ubuntu lab question: i think that question alone carries 2 questions out of the 81…and I am sure the marks are different. I got to know this during review before submitting. questions 22,23 were omitted for me.
    To solve it, follow the steps below:
    1. netstat -nalp [to identify the TCP process, there was only one established process like port 50200 to 1337]
    2. lsof -i :50200 [I put sudo before mine; I noticed without sudo, it didnt work]
    3. kill -9 PID from 2 above OR systemctl stop malicious.service and then systemctl disable malicious.service. (stop before disabling)
    NB: The service would still be in the system but waiting to start again on reboot bcos it is written to execute during startup.
    4. cd to /etc/systemd/system path
    5. since you dont know what the service exactly looks like, scroll gently until you see some strange process name (in my case, it was malicious.service). They may have changed it during your attempt.
    6. I CAT the content of the file (malicious.service)…u can hash out the line that makes it execute on restart or just rm the bastard file. but i think hashing out the line would give max point cos the 2nd question as seen below says

    1. End the compromised process that is using a malicious TCP service.
    2. Remove the malicious persistence agent by disabling the service’s ability to start on boot.

    7. I did find the malicious.service in /etc/systemd/system and deleted it with elevated privileges (sudo su)
    8. I rebooted and the TCP process or the malicious service never came back. I checked and never found it.

    For the rest of the question, your experience counts and u also need it to study the dumps cos there are lot of wronggggggggggg answers.


  51. bobwyzguy  September 19, 2022

    James – thanks for your detailed contribution. It seems like the Linux Sim may have several solutions, based on the comments of earlier contributors. All I can say is KNOW YOUR LINUX. You cannot bluff your way through this question

  52. Kim  September 19, 2022

    Thank you so much for this website. It was a huge help in passing the CASP today. Definitely know your Linux commands. I used the CompTia CASP+ CAS-004 Certification Guide by Mark Birch. The mock exams in this book were a huge help.

  53. bobwyzguy  September 20, 2022

    Thanks Kim. When I posted this article I had no idea how many CASP students would find it helpful. As I complete other certification exams, I have been starting new articles like this one for those exams. You sjould be able to find them using the search tool on my web site. I am also active on Reddit/r/CompTIA and Reddit/r/CISSP and Reddit/r/CEH

  54. Sean  October 14, 2022

    Searching through the internet, I’ve found the notorious Linux sim on Examtopics website. I didn’t want to post the link due to NDA but you can go to the site and search for your self. It’s question number 146.
    I’m scheduled for testing tomorrow night. I’ll let you know how it goes.

  55. bobwyzguy  October 16, 2022

    Thanks Sean. I hope your exam went well for you. And a word of caution to everyone on this thread: sometimes these practice question contain incorrect answers. Don’t just memorize, doubt check first.

  56. whisper  October 17, 2022

    so on the exam we will have the sim , and also lab questions like downloading something and the Red Hat Enterprise Server 5.5 64- bit Question?

  57. Ahmadallica  October 17, 2022

    I am glad I passed the test at first attempt. The information here on this page is very useful. Please double check all the answers on other websites because many of them are answered incorrectly. I got the Linux Sim and I found using the command netstat -nltp is better than netstat -nalp because it easily shows the TCP connections so you can find the malicious one. Good Luck to everyone! Now next is CISSP!

  58. whisper  October 18, 2022

    @Ahmadallica do you have a email i could reach out to?

  59. Thatdude  October 23, 2022

    I took the CASP last Thursday at home. The at home testing went well, no horror stories here like I’ve heard with others. Unfortunately, I did fail my first attempt.

    Here’s where I think I went wrong. First, I took the exam Thursday evening after a full days work. I was burnt out by this time and really just didn’t want to sit for it. The next thing, I read Mark Birch’s book twice and did the practice test once. I ended with 21 sections called out in the exam results.

    Going forward, I’ve been hitting all the sections I failed in Jason Dion’s video course and purchased his practice exams. I also plan to retake Marks practice exam seeing how similar some of the questions were.

    I felt I was close on the Linux SIM last time but couldn’t find the TCP process. I did find, stop, and disable the rogue process. After reviewing I feel I have the necessary commands to find and kill the TCP process and will delete the rogue service next time.

    For the cloud based question it looks like I should go with BGP next time as I think I just guessed initially.

    I plan to retake in the next week after I’m done reviewing, I’ll report back!

  60. bobwyzguy  October 24, 2022

    Thanks for your comments Thatdude. Better luck next time

  61. Thatdude  October 29, 2022

    Well I passed today on the second attempt!

    I finished up with 17 sections marked in the review. I felt confident in my Linux solution. I didn’t delete any anything, I just followed the instructions as written. Find and end the TCP connection. Find the bad.service and disable it on boot. When using netstat -nalp make sure to look for the TCP connection as you might see TCP and UDP. Also, I ran netstat as sudo so it would give me the PID. I rebooted the server after and verified the connections didn’t come back up.

    Jason Dion’s course on Udemy and his practice exams we’re absolutely fantastic. Also, thank you to everyone on here. There is a ton of valuable information. On to the CISSP!

  62. bobwyzguy  October 30, 2022

    ThatDude – Congratulations on your new certification. It is always a good plan to follow up the CASP with the CISSP or the CISSP with the CASP. The content is nearly identical. I’ve got some tips on the CISSP exam too, just search on my blog. Lot’s of CISSP articles.

  63. daniel  November 6, 2022

    The virtual simulation carries plenty of weight and this site is a great source of info, just passed the CASP+ yesterday. PLEASE install a virtual Linux machine or OS and learn the command line and be fluent. When testing most of the time every thought disappears even is the answer is known to you. “If one is in security then all is well”

  64. KingKiller  November 10, 2022

    I know about the Linux Sim and the disaster PBQ, but I saw someone else mentioned another PBQ. What is that one about? I may just be confused.

  65. Punisher  November 12, 2022

    Thank you to all of the contributions here. I passed the CASP today on my first attempt. As for the Linux sim, I personally started out with using the locate command and searched for some key words. Not the way you should go about this in the real world if you’re hunting for malware but this worked for the exam. One of the key words I used pointed me in the right direction and I was able to cat the contents of the file which gave me a hint as to what process and connection I needed to kill. Pretty much reverse engineered the question. Confirmed the connection with netstat, confirmed process with ps aux. Finally killed the process, deleted the files, killed the connection, and then did a reboot to confirm the malicious artifacts were indeed gone ( not in that order).

  66. bobwyzguy  November 13, 2022

    Many hands make the work light. Thanks for your contribution

  67. Achilles  November 14, 2022

    I don’t think it’s ever advised to just “kill -9”. This stops the process but the linked processes. If you capture all of the process IDs then you can “kill -9” all of them in a list. I usually do this with a:
    kill -9 `cat`
    (pasted list of pids)

  68. Ariel  November 23, 2022

    Hi All!

    I wanted to share a little of my experience. I tested for CASP on 11/21/22 and passed the exam the first time up. I only had 2 PBQ and the Linux Virtual Environment. I know for sure that I did not get the simulation question correct because I have zero experience with Linux and I was unable to kill the malicious process nor stop it from coming back after reboot. Just wanted to give some of you all out there some hope and let you know that you can definitely pass the test even if you do not get the Linux sim correct. You’ll just have to be very strong with the multiple choice and PBQ questions.

  69. John  November 30, 2022

    Is there any tips for second PBQ?

  70. bobwyzguy  November 30, 2022

    John- there are tips galore. Read my entire post, plus all the comments. Ask your question more specifically, like what do you mean by “second PBQ?”

  71. Bengal7  December 11, 2022

    Thought I’d add my 2 cents as reading this forum did help me some. I took my first CAS 004 in early Dec 2022. and passed. I had previously failed the CAS 003 two years ago on one try.

    I too had the drag and drop PBQ as the first item. I didn’t think it was that challenging and did remember to click Directory Services box for the additional drop down question. (there’s a red ball icon on it after making drag and drops) I am not 100% sure I got it all right).

    For the SIM question I had trouble. I had read this forum and basically memorized ‘Tester’ and ‘James Beanbag’ posts from above… I did also do a quick brush up on the relevant Linux commands. Still I blew the question because I used netstat -nalp, or -natp (which gives the PID, making the lsof -i :port# unnecessary I think) , and more flags and did not realize it was listing processes, not services… when I searched for the names of the processes or just anything like I spent a lot of time on this because I thought I’d get it eventually. I didn’t know how to list Services at the time and we are tasked to find services. There was one process listed that ended its name with the word ‘resolve’ so I figured I’d try to stop and disable that one. But upon trying Kill -9 with its PID it responded by saying it’s not a service. I did see a total of 5 or 6 processes total. Some were obviously related to the services the instructions said NOT to disable or stop. So ultimately I simply ran the kill -9 for the remaining processes (two) and moved on. As I understand it Likk -9 does bot the stopping and disabling and that is what is asked, so that is how I left it and moved on. I am pretty sure I bobed the sim but maybe got some credit for running some commands, not sure.

    The remaining questions were all multiple choice which I had had studied for overall. Bu the end I felt confident in most of my multiple choice responses except for maybe 10 of them.

    Having read in this forum that the SIM likely weighs heavy in scoring, by the end of finishing the exam I felt like I had blown it. I was shocked to see that I had passed.

    Interestingly enough I talked with a co-worker who also had very recently passed his CASP in one shot I believe… he said he had no clue regarding the SIM and he basically just skipped it…and passed! He felt the drag and drop was PBQ was easy.

    Leads me to believe that al is not lost if one doesn’t do well with the SIM. But if you know how to list services and processes, and use the kill -9 with the correct PID, it should be straight forward

  72. Bengal7  December 11, 2022

    **As I understand it kill-9 does bot the stopping and disabling and that is what is asked, so that is how I left it and moved on. I am pretty sure I bombed the sim but maybe got some credit for running some commands, not sure.

  73. angryelvis  December 29, 2022

    I passed my test this week and I want to thank you for mentioning Virtual Box. I had not heard of that site/software and it was exactly what I was looking for. Your mention of that & that Ubuntu provided machines ready for use in VBox really gave me the opportunity to practice and understand what I was doing in the environment.

  74. Sportynerdguy  January 3, 2023

    Came here after passing my second attempt. This site was a MAJOR help. Definitely recommend to follow James’ logic but really get familiar with systemctl. Failed the first exam after not fully completing the Linux Sim (only stopped the service). Tried all of the commands but couldn’t find pid even after an hour of digging which then made me rush on the training MC questions. Whole sim could really be done with just systemctl and kill -9 but be sure to run the other commands. Thanks for starting this thread and posting on reddit Bob!!

  75. Taylorbuckeye  January 6, 2023

    Yesterday was my third attempt at the CASP+ 004 exam. Failed again. My first two attempts were pretty much the same test (and I struggled with the Forensic Sim). This third one was different. I’m very confident I did well on the Forensic Sim this time (thanks to this blog and everyone’s helpful comments). The PBQs were different though and several of the MC questions. This time I had to review code snippets, figure out what they were doing and how to mitigate; not so confident about this one but the other was to harden the server which I think I did well on. Guess I’ll study code snippets some more and try again….hopefully the test won’t change again if I’m able to retake it in a couple weeks….

  76. bobwyzguy  January 6, 2023

    Interesting comment about your PBQs. I just took and passed the Pentest+ PT0-002 exam today. I had those PBQs on my exam. Thought they were hard, but somehow I got 768 points, enough to pass. I’ll be posting my usually Exam Notes article in a few days.

  77. Droid  January 9, 2023

    Just wanted to say I passed my test yesterday and similar to Taylorbuckeye had the code snippet question as my second PBQ and lots of new multiple choice questions I didn’t see in any practice exam. I think they might have rolled out a new version of the test for the new year. But the Linux sim I aced thanks to this blog post suggesting practicing on a VM and the comments from everyone.

    I did run out of time at the end, got to the final question with about 1min to spare and had to quickly go back to the 2 unanswered questions I had skipped (one was the code snippet), only was able to answer the code snippet PBQ before time ran out. But still passed!

    Thanks Bob!

  78. bobwyzguy  January 10, 2023

    Thanks for your comments and congratulations

  79. Tpumpkin  January 13, 2023

    I am getting ready to take the exam next week (remote). I have been using the Certmaster from CompTIA and Jason Dion’s course and practice exams. I’ve passed Security + and CySa+ in years past. First time I took the practice exams I was scoring about 70% for CASP. I am studying the areas I am having trouble with the most and obviously focusing on the material I got wrong. Any indication of roughly what percentage we need to be at to pass the exam? Any other tips besides the ones in this thread? This has been most helpful for knowing what to study.

  80. bobwyzguy  January 13, 2023

    I am happy your found this page helpful, and I am grateful for all the responses. You need to have practiced the Linux Sim. And prepared for the PBQs. You need to score in the 80th percentile to pass, at least as far as we can deduce. Most CompTIA exams require a score of 700 out of 900 which is 78%.

    Good luck! I am sure you will do well.

  81. Tpumpkin  January 21, 2023

    Just wanted to give an update here. I took the exam this morning. I still have not received an email, but I logged into my CompTIA account and what do you know? I Passed! I could not believe my eyes. From the looks of it I think I scored an 84%. I ended this exam knowing it was the toughest one I have even taken. I full expected to fail this exam after I pressed submit.

    Most of the questions on the exam I have never seen before. By far the toughest one was the Linux sim. I spent about 40 minutes on this part. At one point I didn’t think I would find the problem, but I kept digging and digging and I found the problems.

    Thanks to all the helpful tips! If you are going to take this exam, DEFINITELY practice the Linux portion!

  82. bobwyzguy  January 21, 2023

    Thanks Tpumpkin – Which is harder? The CASP+ exam or the CISSP exam? They are difficult in thier own ways.

    The CASP+ is crazy hard because of the Linux Forensic Sim and the Performance Based Questions. The CISSP is crazy hard because the Computer Adaptive Testing format exploits your weaknesses by giving you more questions in those areas where you are weak.

    Which is the hardest?

  83. Tpumpkin  January 22, 2023

    I have actually not taken the CISSP yet. I was thinking about taking that exam at the end of the year. But I can say with certainty that the CASP is no joke. You really have to read the questions and think critically about the answer. I’ve been working in security for the past 4 years and as a sysadmin for the past 7 years prior. I worked in a primarily Linux shop and I think that helped a lot for me on the Linux sim.

    I definitely learned quite a bit throughout the studying process for this exam. Just remember while taking the exam to carefully and methodically read each question. The wording is something you need to get used to, so I highly recommend the CertMaster.

  84. bobwyzguy  January 22, 2023

    I have many articles on my website about preparing for the CISSP, so when you get there, give them all a look. You can find them using the search function on my site. I teach the CISSP as well, so when you are ready reach out to me.

  85. Redbeard42  January 25, 2023

    When using sudo for the sim, are we prompted with a password to enter it? If so, what’s the PW? I failed my first exam and just blew by this due to being lame with Linux. So, having researched the heck out of this, I am about ready for the second try. Been a Windows/VMware guy most of my career and only know what I need to know because of ESXi. Plus, I always research online for scripting and all. This blasted exam is forcing me to know Linux stuff more than I ever wanted.

  86. bobwyzguy  January 25, 2023

    Its been long enough I don’t remember if a password was required for sudo, but it it was, it would have been given in the simulation scenario.

    As far as Linux goes, all of the certifications are increasing the Linux content. So welcome to Linux.

    The reason for this is that employers expect their IT and IS staff to be comfortable with Linux. If you are planning to work in this field for many more years then you should get comfortable with Linux.

  87. Redbeard42  January 26, 2023

    OK, Thanks. The scenario gives Username of labXXXadmin with the password of XXXyyYzz! so I assume that would suffice fo sudo. Correct? I’ve been IT for over 40 years and still want to work. I really love this job but could retire if I wanted to.

  88. bobwyzguy  January 26, 2023

    That should work

  89. JohnnyBlaze  January 31, 2023


    Im about to take my CASP+ 04 on friday. I think im prepared… I trying to fumble through some labs form certmaster but im kind of confused at places. Will it be straight forward in the exam?

  90. bobwyzguy  January 31, 2023

    If you have read through the article and the comments, you should know what to expect. CISSP is all multiple choice, but that said the computer adaptive format will exploit your weaknesses. Memorizing practice exam questions and answers would help. Learn how to think like a manager, read the scenario, read the question, then choose the answer a manager would choose (NOT the technical, fix-me answer) Manager choices would involve planning, documentation, and reporting, policies, compliance. Everything leads to Business Continuity and Disaster Recovery. Don’t overthink it, go with your first impression.

    Good luck!

  91. Johnnyblaze  February 4, 2023

    So I took the test last night. Failed(my first time). Thought I did well, knew most of the questions. I didn’t skip anything on purpose or on accident. I got two pbqs right off the bat I was not prepared for. Code snippets and another one I wish I could remember right now. I’ll have to look it up and find it.
    But, as a test taker I felt confident. Then, when I looked it up, I saw the dreaded fail.
    I’m going to keep studying and take it again at the end of the month.

  92. bobwyzguy  February 4, 2023

    Your code snippets PBQ is a lot like one I had when I took the Pentest+ last month. Check out the description in this article. Maybe it will jog your memory and you can add some insights of your own.

  93. gyan  February 10, 2023

    The keyboard setting for lab is US and I found it difficult to type | from UK keyboard. Any idea which key to use to type | on command?

    Can we change the keyboard setting? I doubt it..

  94. bobwyzguy  February 10, 2023

    You would need to work that out with the testing center. Taking the test at home – this is why I like the testing center.

  95. Third times a charm!  February 11, 2023

    Thanks to this site and another discussion forum I passed my CASP yesterday. The discussion above with the test taker was beneficial on my exam. I had taken this exam 2 times previously and failed miserably. Yesterday I had some real confidence and passed.
    Look folks, I studied hard for this test. You have to review questions from dumps and find the best answers. I installed Ubuntu and not only became familiar with some of the commands to use but also became comfortable with services and the contents of the directories within Linux. Why not?!? I couldn’t hurt! Thanks again for this site and the discussions & comments from all above. Very helpful to this guy!!

  96. Mike  February 16, 2023

    Thanks to this blog. I passed yesterday from the first attempt.

    Insights and comments were very helpful. It guided me to install Kali on my old laptop and it made me fluent in commands I might need at the exam.

    Drag and drop was my first question and I did as described above (1 – Directory server, 2 – SCADA, 3 – VPN concentrator with BGP modified)

    Regarding Forensics SIM: there were no TCP connections to stop except proctored via port 22 popping up after I did some changes. So I just grep malicious.service, stop and disable that. Then cd to etc/systemd/system, ls and sudo rm malicious.service. After reboot it never came back.

    Regarding multiple choice questions: many of them were tough enough, and they broke my eyes reading multiple times on the eyebreaking exam centre screens. Thought it was a great help finding this PDF ( ) few days before exam as many of the questions I met on the exam and didn’t waste the time deciding which answer is better, because I did so in advance.

    I ended up with 20 minutes to review the answers, but after changing a few, I decided that I can do even worse, so I just ended the exam and it was PASS, however I expected Fail.

    Thanks to this blog once again and Good Luck for every one who is going to sit the exam soon.

  97. bobwyzguy  February 16, 2023

    Congratulations on your passing the CASP+. And thanks so much for your extensive comments and insights. I am sure other test takers will find them helpful.

  98. President Valentine  February 25, 2023

    Passed CASP+ yesterday, this blog was really helpful. Thank you all for your insights!

  99. singingking  February 28, 2023

    I took the exam today and I passed at the second attempt. Comments from “Mike February 16, 2023” really helped. My suggestion for anyone taking the exam soon is to familiarize themselves with Ubuntu bash commands. Also, get the CompTIA CASP+ Certification Guide book from Mark Birch. The book dumbed down the whole course.

  100. bobwyzguy  February 28, 2023

    Thanks for your book selection. I’ll have to check it out.

  101. redbeard42  March 21, 2023

    Passed the exam yesterday. What a relief. When I failed the first time, I passed on the Sim since I was clueless. I studied the heck out of Linux commands and all and that clearly helped me pass. Interestingly enough, when I closed out the Sim the first time, it caused me to get assistance as it froze the system I was working on. The monitor had to come in and allow me to continue. It happened again yesterday, freezing the system when I rebooted the VM to make sure the malicious service didn’t come back. This monitor had to call for tech support. She got me back into the VM and I could validate the service was no longer there. So, thanks for this blog as it certainly helped me get through this. At 66 years old, I think I’m done with any more certs. VMware pisses me off with their stupid cert changes. I have been certified since v3.x back in 2009 and passed every update to v6.5. They just want more money to move to any further updates.

  102. bobwyzguy  March 21, 2023

    Thanks for your comments and congratulations!

  103. concentrativity  March 31, 2023

    Took the CAS-004 today. I had 2 PBQs: the drag and drop covered here, and a code security one. The linux simulation was still there.

  104. bobwyzguy  March 31, 2023

    Congrats! Care to share a little more about the “code security” PBQ?

  105. blues008  April 9, 2023

    Passed today…

    82 questions and 3 PBQs. The PBQs were the one that you have to drag and drop the directory server, scada master and VPN concentrator (There is an additional option for the VPN concentrator on site B but I choose something about the SCADA controller), this linux simulation and the old code snippet sim from CAS003 that you can find here

    I got the linux simulation but I have to say that sudo netstat -nltp which is the must recommended command in this section didn’t help me.

    I had to use sudo netstat -tulpen and it showed a service running on port 3991 but I was not able to know its name just the pid however the process in my case seems to be running at least 3 different pids. The sudo lsof -i : command didn’t show anything to me and sudo systemctl –type=service | grep is useless in case that you don’t know the entire name of the service.

    I knew that I had to check the /etc/systemd/system directory for sure so I did the following:

    1) sudo netstat -tulpen (saw the service running several pids but one was running on port 3991 and used for SYN_SENT.

    2) cd /etc/systemd/system (went to the /etc/systemd/system directory)

    3) ls -la (to list all the files and if you know what ubuntu have in this directory you will see the obvious answer here. There is a malicious.service file (LOL) there is no way a hacker would name his file like that… anyway thank you comptia. You made it easy!.

    4) cat malicious.service (to see the content of the file… you will see that it runs several sh*t).

    5) sudo systemctl stop malicious.service (to stop the service)

    6) sudo systemctl disable malicious.service (to disable the malicious service at start up).

    7) Now ran sudo netstat -tulpen again and saw that the service on port 39991 that was sending SYN_SENT (clearly used for DDOS) was not running anymore but to be sure I had to delete it and reboot so I did the following.

    8) sudo rm malicious.service (To delete the file)

    9) reboot -n (restarted the server… be aware that the simulation is slow and the restart took about 3 minutes).

    10) Login again, open terminal and ran netstat -tulpen and saw that the service was gone. Went to /etc/systemd/system and the malicious.service file was not there anymore.

    11) There was not any “submit” or “done” button for this simulation you just click “next” and hope for the best but I’m pretty sure that I got it right.

    Hope this helps anyone else. Good Luck!

  106. bobwyzguy  April 9, 2023

    Thanks for your comments especially on the code security PBQ

  107. Drizz  April 13, 2023

    Passed on my first attempt three days ago……. somehow. Even after accidentally skipping the notorious Linux simulation question.

    My two PBQs were the vulnerable code snippet one from CAS-003 (, and and the nmap scan interpretation question, also from CAS-003 ( I was fully prepared for the code snippet one, but the scan interpretation one took me by surprise. The answers in the discussions on ExamTopics are pretty similar to what I chose, so just familiarize yourself with those and understand *why* those are the correct answers, and you should be fine.

    But man, words cannot convey how close I was to walking out when I accidentally skipped that Linux sim. It came up at around question 30 out of 78. It gives you three pages of warnings, the general message of “you are about to enter the virtual environment, you cannot come back to this question” repeated several times, and you have to click “Next” to proceed through those pages. And then you get to the page with the actual simulated environment; there will be your shell in the background, and the pop-out box with instructions on how to complete the question on the right. Once you get here, ***DO. NOT. CLICK. NEXT.*** Like an idiot, I assumed that the instructions box would go away when you click “Next” again, and the actual question will begin. No. It will instead close the entire question; no warning, no confirmation, no “are you SURE you want to do that?,” nothing. It will just move you to the next multiple choice question and you will not be able to go back. Again, ***DO NOT CLICK NEXT*** when you get to the sim and you see that instructions box. Use the minimize button at the top to close it instead. I was unbelievably frustrated when it happened, almost to the point of walking out because I thought it was a guaranteed fail.

    I ended up just skimming and taking my first gut-reaction guess at the remaining multiple choice questions, and I was flabbergasted to see that “Pass” on the printout after the test.

    The study material I used was the Dion Training practice tests on Udemy, and the test questions and discussions on ( I would say ExamTopics is probably your single most valuable resource as about 70% of the questions I encountered on the exam could be found there. It’s well worth the $50 in my opinion because it’s almost a guaranteed pass, assuming you study those questions well, and more importantly, checking the discussions section to understand *WHY* the correct answers are correct.

    For the sim, you’ll probably want to install a Kali VM, set up your own fake “malicious” service to run on boot, and get some practice with netstat, lsof, ps, systemctl, and grep commands and how you use them to find/identify/stop/disable services. You should also probably be familiar with where services are located and how they are structured. I wish I could give more insight into exactly what the question looks like but……. y’know, I fumbled that one even though I was fully prepared for it. Just do what everyone else has said about that question and you should be fine haha.

    Overall I am ecstatic that I passed, but I still have some pretty sour feelings about just how insanely easy it is to accidentally outright skip the simulation. Do y’all happen to know of any kind of feedback/complaints department at CompTIA that would actually take constructive criticism? Because, if nothing else, there needs to be at least some kind of warning when you attempt to click “Next” instead of instantly skipping the question, especially after it makes you click Next through several pages before that. I don’t want anyone else making the same mistake and end up failing, because I honestly feel I just got lucky.

  108. Geeno  April 18, 2023

    First, thank you for compiling all of the useful information here. Much to my amazement, I passed on my first attempt. I happened to see the comment from Drizz and used his input during my final cram session.

    For the sim question, I could not for the life of me figure out what process I was supposed to kill. There was nothing named like the service and couldn’t figure it out. I was able to identify the service and stopped, disabled removed files and then restarted daemon. That all I think I got right and was in line with what folks had been saying. But I was able to pass even with missing one of the objectives on the sim.

    I think I hit the next rotation on PBQs. The two I got were similar to the ones Drizz had posted. So I was very thankful for the post. I would not have been prepared for them if I had not seen it.
    PBQ #1 – 2 code snippits asking for vulnerability and fix action

    PBQ #2 – Based on scan results identify the server role and which ports need to be closed for single secure function of the server.

    I used Comptia material and Jason Dion practice exams. I checked out the questions posted on during my final cram session since it was only just posted. There are a lot of questions that are used on the site but the have incorrect answers posted and the user responses are not always in agreement. So take it with a grain of salt or plan to really research the answers yourself.

    I was getting practice exam scores in the high 70s and felt pretty comfortable with the sim and PBQ and was able to make it out alive. I hope this helps! Best of luck to everybody.

  109. bobwyzguy  April 19, 2023

    Thanks Drizz and Geeno for your great contributions. The community of test takers have taken my original post and made it into something amazing! Thanks everyone for your contributions.

  110. NotGoodAtThis  April 22, 2023

    For locating the malicious process, once you find malicious.service (or whatever file), I would recommend viewing the contents of the file using “cat” (ex: cat /etc/systemd/system/malicious.service). I personally would grep for the “ExecStart=” line and see what it is starting. So, possibly the steps are:
    Task 1: Identify and kill a rogue TCP process
    1. netstat -tulpn
    -t: Displays specifically TCP connections.
    -u: Displays specifically UDP connections.
    -l: Displays only listening connections.
    -n: Displays numerical addresses instead of host names.
    -p: Displays the name of the program that owns each connection.
    2. identify the unusual port being opened (weird port number? active connection with weird PID/Program name section?, typically in a LISTEN state?)
    3. lsof -i :3991 [replace 3991 with the “Local Address” port number]
    -i: Display information about all processes that have a network socket open on a specified port
    4. kill -9 4360 [replace 4360 with the “PID” results of your lsof command]

    Task 2: Find a malicious service and remove it.
    1. Typically, netstat -tulpn will provide the process name in the PID/Program name section.
    2. If you can not find the malicious service (somehow), use systemctl list-units –type service –all (or service –status-all) and scroll through the results.
    3. cat the file to check if the service file (likely in “/etc/systemd/system”) is starting another file in /usr/bin, /opt ,or elsewhere. EXAMPLE: cat /etc/systemd/system/malicious.service | grep -i execstart
    4. If it is starting another malicious file, rm -f [/path/to/file] the file.
    5. Stop the service: systemctl stop malicious.service
    6. Disable the service from starting on boot: systemctl disable malicious.service
    7. Delete the .service file: rm -f /etc/systemd/system/malicious.service
    8. Reboot the machine and check to ensure the service does not reappear.

  111. Edgar Ramirez  April 23, 2023

    Thanks for sharing!

    Passed the CASP+ CAS-004 exam on 18/Apr/2023.

    Got 82 questions in all.

    All 2 PBQ questions and 1 VM kali Linux Simulation are available in the newest version of PassLeader CAS-004 dumps with 450 Q&As (

    Good luck!

  112. Thatoneguy  April 29, 2023

    Thanks to everyone for contributing to this thread, super helpful!

    I passed the 004 today 4/29, according to the paper after, I only missed 9 questions, possibly partial due to how many had “select 3.”

    PBQ’s: Vulnerable code snippet/resolution (easy) and the disaster replication drag n drop, with the drop down on the concentrator.

    For the Linux Sim, I found it to be relatively simple, service was named super obvious.. used systemctl status to give me an overview in which I found an odd connection over 1337. Like blatantly obvious if you know anything about networking. Used netstat -tlpn to identify the tcp connection, although this failed me, so I had to netstat -a and found the odd connection there. Lsof -i :*local port* to identify the pid to kill. There were two, so killed both. Found the service in /etc/systemd/system as always.. stop/disable, rm -f it. Verify the tcp process was gone as well as the service upon reboot. Good to go.

    Multiple Choice Questions were relatively straightforward. Typical CompTIA with the *choose 3 out of the 8* that are BEST. I recommend using the Passleader – CASP 004 dump my man Edgar above linked. The questions were spot on and I studied all 450 it included. Get familiar and VERIFY ANSWERS, as there are 100% some wrong ones, but for the most part its a great resource and was my main resource once I bought it. Worth the money. ExamTopics dump got taken down, so clearly it was accurate, and I can confirm, very very similar questions 🙂

    I also used Jason Dion’s 6 exams on udemy as well as pocket prep’s app when I had some random time throughout the day.

    Happy to have passed my first time, good luck to everyone that is planning on knocking this one out! KNOW YOUR LINUX. Oh.. and encryption.

  113. bobwyzguy  April 30, 2023

    Thanks for sharing and congratulations on passing your certification.

  114. qwertt  May 2, 2023

    Can someone explain where to find this code snippet PQB? The link that people are providing doesn’t show it.

  115. Mike  May 3, 2023


    This page was defiently a huge help for me, considering the fact that I had 0 Linux experience lol. I got the 2 code snippets and the BC/DRP PBQs as the first two questions. Thanks to all the comments in this page, the VM simulation went smooth. I spent around 15-20 minutes on it to make sure I did everything right. As far as the multiple choice questions, I feel like they weren’t as hard/complex as I though they would be. I feel like CYSA+ was a lot more challenging than this exam. Anyways, huge thanks to everyone who contributed to this page!

  116. bobwyzguy  May 4, 2023

    Congrats and thanks for your comments

  117. Shawn  May 5, 2023

    I have to say a big thank you to Bob and all contributors to this thread. Reading here was a defining factor for a first time pass of the CASP+ Exam today. The guidance of what to study was tremendously helpful. I used CertMaster, Mark Birch’s Study Guide and Dion from Udemy. The training was all here and there for self study. Next is CISSP. Good luck to everyone.

  118. Yuri  June 21, 2023

    I just wanted to thank everyone’s input on here about the CASP+ exam. I used Jason Dion’s online training (his website offers a 10% discount on the voucher), Mark Birch’s book and this blog. Took it yesterday and passed. Will definitely look into the CISSP.

  119. Travis  June 29, 2023

    Did anyone else have issues seeing the active port for the Linux Sim when running netcat or lsof? I found the malicious.service file and cat it and found the port it was using but when I was going through netcat and lsof (both using sudo or non-sudo), I did not see the 1337 port at all.

    I ended up still killing the PID by getting the info from systemctl, and then stopping and disabling the service and removing the file. I also restarted and confirmed that the processes and service were gone. I failed the test I think due to not reading the multiple choice carefully but I am having doubts I dealt with the correct service, I feel like I might of been chasing a red herring and not addressing the “real” malicious.service since I didnt see 1337 in lsof or netcat.

  120. LJ  June 30, 2023

    I just wanted to thank everyone’s input on here about the CASP+ exam. I used CompTIA Official bundle pack and Mark Birch’s book and this blog. Took it yesterday and PASSED!

    Good Luck to anyone taking this exam. Studying recommendations definitely use CompTIA CertMaster Practice for CASP+ CAS-004, take the practice tests as much as possible. Mark Birch’s book is a great companion to add to the CertMaster studying tools!

    I will be looking into the CISSP certification in the near future.


  121. Antonio Cooper  July 31, 2023

    I can’t get enough of this post! It’s like a comprehensive guide that covers all the important aspects. The step-by-step instructions and real-life examples make it easy to implement the suggestions. This site has instantly become my go-to for self-improvement
    Also Check This Amazing Exam Discussion:

    [Bob says: This appears to be a commercial comment for Pass4Success, which is a fine resource. So I am letting the comment stand, just know that this is comment is a marketing message]

  122. Michael Sorenson  July 31, 2023

    Test Taken 7/29/2023

    Without giving away the secret recipe, I wanted to comment on the CASP+ and a very simple issue I ran into… Time Manage. I highly recommend the standing up or using CompTIA’s or Cybrary’s learning environments to navigate and study the live environments in preparation for the Simulation/PBQ. As someone who has been studying CISSP for the last year (took 3 times and failed), I jumped over to CASP+. I like the more in depth and technical aspect of CASP+. However it is just that more technical. I have been in the IT industry with DoD systems at the sys admin, software developer, and Cyber level for 5+ years now. I have been studying questions and the book the last few months with CompTIA and Cybrary’s suites, pocket prep (subscriptions, books, questions, practice tests, etc.). This prepared me for much of the multi choice questions, however the life environments really became challenging especially when having to operate and recall processes under time constraints and pressures. I tried to memorize what Wyzguy outlines for the question however once getting into the environment you really need to know what each set of commands does and how to use them in the right order to discover how to answer the question. I ended up spending 50+ minutes on the famous Linux Simulation and when I look up at the timer I realized that I didn’t have enough time to answer the rest of the questions since they put the simulation exam closer to the beginning. This was a combination of both not thoroughly knowing what exactly I was looking for, and not having good time management.

    I’ll be taking the test again in the next few weeks, so I’ll definitely be reaching out for more resources and discussions with individuals.

    TL:DR Find a live environment to practice in, practice the commands, then try timing yourself to make sure you can do it in a reasonable amount of time.

  123. bobwyzguy  July 31, 2023

    Michael – Thanks for your useful comments. You have to practice on live labs (virtual machines) to prepare for the Linux Simulation and the other PBQs.

  124. KingTre  August 7, 2023

    I PASSED! First thanks to everyone on this forum! And YES I skipped the sim lol. I tried to attempt it but i could not find the process so i just pressed next and moved on. So there is hope if you dont get it all the way.

    Jason Dion’s Course
    Jason Dion’s Practice Test (BEST)
    Marks CASP book (Second Best)
    ExamTopics: There were only about 10 questions out of the 280 i studied but the discussions helped bring it home
    YouTube: How To Kill A Process In Linux

    People, I felt so discouraged after i skipped the sim and I had 5 PBQs (2 were new to me). I literally went with my gut on a lot questions and just moved through. Please don’t stress too much over an answer if it looks right to you, click it and move on.

  125. bobwyzguy  August 7, 2023

    Thanks for providing some of your own insights into the exam. Congratulations!

  126. RickSpringfield  August 10, 2023

    Passed the test on the first shot! They added several new PBQ’s, so watch out!

    Check out Mark Birch’s book etc etc.. and also know your EAP config settings and linux, trust your instinct and go with it.

  127. bobwyzguy  August 10, 2023

    Thanks for your comments. If you or other recent test takers can provide some insight into the new PBQs that would be great.

  128. Henry John  August 17, 2023

    I am glad I passed the test at first attempt. The information here on this page is very useful. Please double check all the answers on other websites because many of them are answered incorrectly.

  129. Freaking A  September 5, 2023

    Passed after the third time. (Do not Trust the dumps on vce, or exam topics) Use CGPT to assist you with Q&A if you do use dumps. Read those acronyms!

    PBQ1: The freaking Linux VM is what kept me back the first two times, and almost the third.
    Echoing a reoccurring theme here that Bob has said all he can say. It is a cheap little trick that CompTIA uses to separate the wheat from the tares. Here is what I did without “violating” NDA. First off the Linux VM that hosts the Ubuntu OS has a service that is “malicious” I struggled with my test anxiety and I froze up after struggling for over 7 months on this, and could not find the PID for said malicious service to save my life. So! The instructions say “do not restart the VM” I totally restated the VM after I did the “sudo systemctl stop ” then “sudo systemctl disable The second part is now done, doing the “netstat -nalp” never helped me in the Ubuntu for what ever reason, it sucked. but what it did tell me is that the TCP connection was still open even after I stopped and disabled it. so I rebooted the vm “sudo reboot -n” after about 3~ish minutes the VM came back up, I reran the “netstat -nalp command” and the TCP service was gone!

    PBQ2: Had the hosts that had about 8 requirements,
    such as harden the hosts, the Database server, two switches. Write down the list of requirements on your helpless notepad they give you at the testing center and check them off as you go.

    “Harden” refers to things that should be done to the hosts that are not explicitly listed in the requirements.
    Look at the CPU usage on the hosts, if it is running high, then maybe there are pretend resources that are hogging up power that could be disabled…
    The some hosts had been updated 7 days ago, the req was to make sure anything 8 or more, then maybe you should update that stuff.

    PBQ3: The list of options are only to be dragged and dropped in site A.
    VPN Concentrator is one of the correction options
    Directory Service – something in the drop down that relates to BGP will solve the issue
    Scada (this controls the pumps, read the comments above)

    PBQ4: I also had the AAA authenticator and the VPN concentrator that wants you to use the strongest form of encryption for Public Key infrastructure (PKI), You need to stop and take a breath and read the 8 options and ask yourself, do these encryption’s have any relevance to a EAP or PKI? The option you choose will be the same for both hosts you are configuring. for the password requirements, I used the same on as the VM “Passw0rd!” to satisfy the complexity request. The Ip addresses need to point back towards each other, the ip you type in when you click the VPN concentrator, you type the ip address for the AAA server, and vice versa when you click them AAA field to click and type-in the stuff.

  130. bobwyzguy  September 5, 2023

    Freaking A – Congratulations on your certification. And thanks for your excellent contribution to the comments section. Very helpful information

  131. Outis  September 6, 2023

    Very glad I found this post before taking on the test.

    I took the test 3 days ago and PASSED first shot!

    Linux VM: One thing I haven’t seen anyone suggest is using the “top” or “htop” command. If you’re looking for a malicious process you’ll want to find what is using up all your resources…

    Otherwise to prepare for this I did the Linux Fundamentals 1,2, and 3 rooms on TryHackMe. That depth of knowledge is more than enough for the sim. I also felt like they gave good direction in the test. They basically listed commands that would get you the answer. Remember that some commands in LInux require a sudo.

    PBQs: I had 4 of them. They were not so tough as long as you didn’t overcomplicate things. “What was affected/needs to be addressed” “Configure this set up” “how would you harden these endpoints”.

    Multiple choice: I found that they were asking for sometimes conflicting requirements but the answers always had a BEST answer. They might not be perfect solutions but what satisfies the most business needs in the situation. I did not get any REGEX quesitons. Otherwise knowing your Linux commands, and the depth of knowledge you get from Jason Dion’s Udemy videos

    I found the test to be tricky but fun. Keep. It. Simple!

  132. bobwyzguy  September 7, 2023

    Thanks for your comment and very useful suggestions. The TryHackMe tip is invaluable. Congrats on your passing grade and good luck with your career

  133. Razzle  September 10, 2023

    After passing I wanted to make one thing clear: DO NOT TRUST THE DUMPS. The dumps are complete garbage and definitely do not work.. that being said, study configurations regarding wifi and also know your authentication (and authorization) methods. Don’t overcomplicate things and you’ll be fine.

  134. Freeman  September 25, 2023

    Took CASP+ recently and passed on first attempt. This blog entry is very valuable. That said, without breaking NDA, there is a second service that the malicious service hooks to that may need to be stopped/removed as well. Looks like additional persistence for the malicious service.

    The hint I’ll give, expanding on other input here, is to ‘nano’ the malicious service within the folder you find it in. Read the code of the malicious service. Here you’ll see it’s creating another service in a different name; one that may LOOK innocent, but is not.

    I killed and rm’d both the malicious service and the one it hooks to/creates, and passed CASP+. I think this sim is weighted heavily on your score because I wasn’t confident in the multiple choice and additional PBQs I took.

  135. Alex  September 26, 2023

    I passed today used comptia practice test and self paced course studied that for a month along with cbt nuggest practice test . I’ve passed security+ pentest+ and cysa+ that previous knowledge will help you a lot plus I had about 3 year cyber security administration experience which helped figure out alot of questions . I skipped the Linux sim and still passed I felt I did well on the other sims and questions. There was a ton of questions about cloud infrastructure

  136. Tanya  October 22, 2023

    I jst took the test today remotely and did not pass. I can say that the SIM and DR are still there but I also had a PBQ that hat a acess point, laptops, desktop and server. Gave the option to harden systems as well as allowing no changes if it was good as is.. You were given some must haves and maybe I was overthinking but I didn’t get it. I barely answered all the questions. I have a retake so this blog helped some. Unfortunately if I can’t get it I will be seeking employment. Frustrating because other than this certification I will not be using any of these skills for my current position and it’s so frustrating.

  137. bobwyzguy  October 23, 2023

    I am sorry you did not pass. PBQs get added and changed all the time. Different testers see different PBQs. We hope this article a repository of other tester’s experiences. We do not give answers, just tips to help you understand what the questions are asking, and how to prepare to give a correct answer

  138. just_passing_by  November 6, 2023

    Just wanted to add my experience from taking it yesterday (passing, fortunately, as it was all out my own pocket).

    1. The Linux VM question is pretty easy. Some things to comment on from the other experiences I’ve seen:

    – I know a lot of people are stating they can try rebooting the VM to verify, just wanted to point out the screen ‘before’ the VM loads states to ‘not’ restart the VM. I’m not sure if they really mean it because they list four other instructions (i.e. don’t kill this, don’t that, etc.) on top of the ‘no reboot’ item but when the VM loads, the instructions are listed again and this time the ‘reboot’ instruction is gone. Eitherway, I didn’t reboot.

    – Another item of discourse I see on here is killing the process. I can’t speak about other peoples experiences, I can only say that I tried stopping it via systemctl multiple times and the process never terminated. I had to use the ‘kill’ command for the process to terminate.

    – Finding the TCP connection in my VM was extremely simple as there were only like two established connections so don’t feel like you won’t see it.

    – One thing I haven’t seen mention (if someone did then apologies for repeating) is, instead of searching for the service from a list, just use systemctl to find it from the PID: systemctl status

    – While I have no proof, I’m thinking the scoring may be similar to a Microsoft certification I took where they wanted the expected commands executed and no shortcuts taken. I could be wrong but I’m suspecting that, since they have some other process that is checking your VM for the results after it closes (could be why you can’t revisit it because they want to score the test as fast as possible and if you were to revisit that background process/service they use wouldn’t provide the results in time for you as you walk out the door), that they expect to see the commands that are listed in the instructions. Again, no proof, just speculation.

    2. I can’t remember the amount of PBQs, leaning towards three. Out of the three, the VPN concentrator above was one of them. The ‘code inspection’ was not. Out of the other two, one involved configuring an AAA and VPN concentrator with some config lines and the other was more involved with a bunch of systems that you had to inspect and determine if anything was wrong with them (i.e. had to be updated, etc.).

    3. For anyone whose been looking at questions from the exam, unless the answer is obvious, do your own due diligence. I saw some comments for some answers, even ones that only had a few people that all agreed 100% on their answer, that I ended up choosing a different answer. That doesn’t mean the answer I chose was right, just that it possibly could have been so just do your own due diligence. I’ll also add that at least half the questions I had were new; however, I never encountered all the questions out there so your mileage may vary.

    4. Don’t overthink the questions. When going through CompTIA’s CertMaster, many times my second choice was incorrect because I didn’t think the answer could be that simple. I was wrong and they were simple. Pick up any CompTIA recommended/official study guide and make sure you learn the words associated with those terms.

    5. Lastly, watch your time. It goes by fast (at least for people who can’t read well like myself).

    Good luck

  139. bobwyzguy  November 7, 2023

    Thanks for your insights and contributions. Congratulations on passing your exam

  140. Sam  November 18, 2023

    Just passed CASP today 11-18-2023. It wasn’t easy with the SIMS but I managed to look this website and got lot of hints how to pass. I had 5 SIMS three were easy but two were all Linux\ubuntu I did the best I could looks like if you answer even few and miss others in SIM you can pass, which I did. I didn’t fail on any quizzes, I had it all in my head. Prepared for 2 months, added one more to my belt along with Security+ and CEH. I am not a managerial type but my peers at work wanted me to take CISSP. Well that’ll probably come next time\year.

  141. eden jane  December 27, 2023

    This post is absolutely captivating! It serves as an all-encompassing guide, addressing every crucial aspect. The clear, step-by-step instructions and real-life illustrations make it a breeze to put the recommendations into practice. This website has quickly become my primary resource for self-improvement.

    Additionally, don’t miss out on this incredible exam discussion: { }

  142. Nissi  January 19, 2024

    Thank you for this article, it helped me tremendously on the CASP+. I passed it first try, thanks be to God!

    One other resource that was super helpful on the Linux simulation question came from TryHackMe’s Advent of Cyber 2023 Day 18 [Eradication]. This will basically walk you through 95% of the Linux simulation

  143. IamLittleKristi  January 22, 2024

    Passed the CAS-004 last night first try. I’m convinced that this post was the primary aid in my success. I’m always hard on myself but I think it’s safe to say I wasn’t prepared 100% or even 80%. I bought a voucher through Dion Training and added the 2nd try voucher for a bit more thinking I would need it. I studied occasionally for 2 months with about 30minutes-1hr nightly for ~1.5 weeks. (and by study I mean listening to the training courses and doing knowledge checks). I used many practice tests from 4-5 different sources and then some (mark birch certification guide, dion training on udemy (completed 30%), pearsontestprep, quizlet flashcards). I initially was setting out to study for the CISSP
    but my Security+ certification was set to expire 1/22/2024 and I learned you can auto renew by leveling up so I switched courses to the CASP+.
    I got the same first PBQ question as others reported and 3 additional PBQ. Regarding the SIM, I struggled for a while and ate a lot of valuable time, even though I knew what to expect and what to do; but because I am rusty and did not practice, I was slow.
    I was unable to locate the process ID to kill but was able to work backwards by finding the service in the /etc/systemd/system folder. Stopped the process and then disabled. Then deleted the file (malicious.service) in the system folder that allowed it to start with the system – THANK YOU to James Beanbag for the tip! I was unable to verify due to instructions stating to NOT reboot.
    I nailed all the PBQ (I think) but think I may have missed 1 answer on one of the multipart ones. ALL but 5-10 questions in the multiple choice were new… like I didnt have any like them in all sources of practice tests except for 5-10 of them. I was convinced I failed and may have gotten a ton wrong on the multiple choice. I’m thinking the PBQs and SIM have a VERY big influence on the overall determination. I refuse to believe I am THAT good at process of elimination.
    Thank you for this wonderful post and your dedication. I have already recommended this to others looking to take the exam and will continue to do so.

  144. bobwyzguy  January 23, 2024

    Congratulations on your exam and thanks for your kind remarks.

  145. Don  February 2, 2024

    Dear Bob,

    i just passed the CAS 004 yesterday evening – my first Comptia exam. I stumbled on your blog a few hours before my exams and I must admit I am not sure I would have passed on my first take without the insights here. I am pretty comfortable with Linux and was expecting the PBQs since it was marketed as a technical cert. I had 4 PBQs, the Drag and Drop for Directory Server, SCADA and VPN, as well as the AAA and VPN configuration. And an MDM and hardening PBQ that will eat at least 15-20 mins of the exams time, finally I had one that required NMAP knowledge and remediation. The Linux SIM was fun all thanks to the brilliant write-up of folks here. I will just go ahead to list out the steps that may work for you, in the interest of non-disclosure – I don’t recommend memorizing commands, besides malicious.service under /etc/systemd/system has been deprecated. What you are looking out for is systemd-resolved.service (can’t remember exactly).

    sudo su
    use Passw0rd!

    netstat -tulpn or netstat -nltp (either one works fine and shows the port and PID)

    lsof -i : port (not necessary unless you want to confirm the PID and the service)

    kill -9 PID

    systemctl status systemd-resolved,service (take note of the location, cant remember if it was under /lib/bin/ or something)

    systemctl stop systemd-resolved,service

    systemctl disable systemd-resolved,service

    cd /lib or wherever you noted the location of the service


    rm -rf systemd-resolved,service

    systemctl status systemd-resolved,service (to confirm)

    Oh, for fun i still navigated to /etc/systemd/system and deleted the deprecated malicious.service just in case.

    The questions in the exams are a bit technical, as is expected but COMPTIA tries to do too much, especially with the phrasing. Not every one is a native English speaker. But they are comparable with the CISSP questions, I might even say they may be a bit more difficult given that half of the questions I received needed me to select more than one answer from a plethora of options (in some cases 9).

    For preparation I used Mark Birch’s book and the official CISSP sand CISM study guides as I already owned them, and spent 3 hours on this website yesterday before the exams – this was my most valuable resource, as it changed my managerial attitude to probelm solving I developed for my CISSP and CISM exams in the past. Would have found and rectified the linux issue but it would have taken me time I did not have, same as the other PBQs. Thank you Bob, you and the good folks here are the reason i finished with more than an hour to spare,

    I have a habit of not flagging questions, because I almost never change an answer.

  146. bobwyzguy  February 2, 2024

    Thanks Don and congratulations on passing your exam. A special thanks for the help you provided in your remarks. I continue to be amazed and gratified with the support from the community of users of this article.

  147. testing soon  February 4, 2024

    Going to take the test in 2 days and looking for verification regarding linux sim based off what I’ve read so far:

    1. Use sudo netstat – atp (to find all TCP processes running and corresponding PID?)

    2. sudo kill -9 PID (Kill the PID using)

    3. use commands: ps OR top (show list of processes running and CPU/MEM usage, look for process taking up large amount of CPU/memory)

    4. systemctl status (search of suspicious service? Not sure how to determine if it is malicious? How do I correlate PID with service name??)(Also take note of fiel location of service)

    5. systemctl stop service

    6. systemctl disable service

    7. Use ls/cd to find file responsible for malicious serivce

    8. use rm to remove the file


  148. bobwyzguy  February 4, 2024

    Looks pretty good, but I’ll let someone who has taken the test more recently confirm. I am sure the answer you seek has been posted in the comments already

  149. testing soon  February 4, 2024

    Thanks Bob. I think the only part I’m getting tripped on is regarding how to find the file location of the malicious service/process? What commands would I use to find those?

    I saw someone said just ‘cat malicious.service’?
    What if I do ps or top and find malicious process taking up large amounts of CPU/RAM, what command would I use to find associated file location or service?

  150. bobwyzguy  February 4, 2024

    That sounds right.

    Don’t forget to run the HELP command before you do anything else. This will give you the list of available commands, and provide big clues about what you will be doing in this exercise.

  151. AvgJoe  February 15, 2024

    Does PassLeader Help? or is it BS??

  152. bobwyzguy  February 15, 2024

    not familiar with PassLeader. Anybody using this? Only a 2 star ranking on TrustPilot

  153. test john  February 18, 2024

    i pass the exam. i did not believed i did.
    The sim question posted on 2022-07-13 above and the one posted 2022-07-12. there was two other one with reading nmap and another deal with VPN and AAA. Like others have posted on the day of the exam i read all things on this post and the other post deal with CASP + and it help.

    Thank you and all of those that provided what they tried for those question.

  154. Sloppy Joe  March 1, 2024

    @”testing soon”, you can view what files get executed by a systemd unit (service) by:
    1) either displaying the contents of that “.service” file with “cat/less/more/vi/nano” or
    2) running “systemctl show EXAMPLE.service”, and look for the lines that start with “Exec”. Optionally just run “systemctl show EXAMPLE.service | grep Exec”.

    NOTE: haven’t taken the exam yet, and just a Linux sysadmin here

  155. Janet  March 15, 2024

    There is a new PBQ.. About half of thr exam had new questions. If you depend on dumps only. You will fail trust me. This exam is for those who studied well and know what they re doing. Yes i passed. Non disclosure. Study your soars, San, Cdn and serverless computing very well. Good luck

  156. John Doe  April 24, 2024

    Just passed CASP+ recently.
    study materials:
    Jason Dion Casp videos
    Jason Dion practice tests

    My test had 4 sims,
    reviewing nmap results
    reviewing IOC logs and remediation.
    the disaster recovery sim
    and one other one

    The Linux vm was spot on and and the advice/commands provided above are sufficient enough to complete this successfully.

    I feel like the MC questions were all relevant and never had a “i never learned/heard about this” moment.

  157. fr6me  May 16, 2024

    Something that was recommended for me for the Linux SIM was to do the TryHackMe Bulletproof Penguin room. It is free to do (I subscribed to the service because I was to do more CTFs).
    Effectively it walks you through the disabling of services & checking them. There are a lot of YouTube walkthroughs as well so if you get stuck, just pull up YouTube. Hopefully gonna take this test in a month or so!

  158. 1st try PASS  May 17, 2024

    Just passed, and this post was very helpful, I got that new sim with a VPN and AAA, no clue if I got it right, you need to pick an encryption method that supports certificates and make a secret key (or something like that).
    I did NOT get the Linux sim. Was so nervous about that one.

  159. 1st try Pass  May 17, 2024

    My plan for the sim was
    netstat -nalp
    top (just to confirm)
    sudo readlink /proc/[pid]/exe
    (to get the file path)
    service -all (cant really remember this command- something like that)
    sudo systemctl status -pid=[pid]
    sudo systemctl stop [name]
    sudo systemctldisable [name]
    sudo rm [path]
    top (to confirm )

  160. 1st try Pass!  May 17, 2024

    My plan for the sim was
    netstat -nalp
    top (just to confirm)
    sudo readlink /proc/[pid]/exe
    (to get the file path)
    service -all (cant really remember this command- something like that)
    sudo systemctl status -pid=[pid]
    sudo systemctl stop [name]
    sudo systemctldisable [name]
    sudo rm [path]
    top (to confirm )

  161. Patrick  May 20, 2024

    I took the CASP exam very recently. I did not pass. The one thing I noticed about this exam is that most of the third party test questions that are supplied in conjunction with many third-party books are not nearly on the same level as this exam. This is the first exam that I did not use the CompTIA CertMaster Test Prep question bank. If I decide to retake this I definitely will do that. A lot of the PBQ questions were kind of the same as you’ve already read about in previous comments, although I believe I was able to review all three at the end. The third party books I used were from Sybex, as well as the official CompTIA Corporation CASP 004 book. I was unable to get the McGraw CASP 004 book as it doesn’t seem to be available, so I used the 003 book in this case. They’re both extremely lengthy at somewhere over 800 pages, whereas the Sybex book, for example, is only around 400. I also used pocket prep and I did the two Dion courses from Udemy. I did find the Dion practice tests to be close to the same difficulty as the exam, but not quite. The exam really takes it to another level. I will probably take a lower-evel exam and then take another shot in a few months.

  162. damn  June 12, 2024

    just passed the exam but let me say my test did not have the linux sim. I had 77 questions and only 3 pbqs. the questions are harder than the other CompTIA exams. they are more like the isc2 exams questions.

    probably the hardest CompTIA exam just because the questions are more vague and could have multiple answers that are correct moreso then any of the other CompTIA exams.

    • bobwyzguy  June 13, 2024

      Its looking like CompTIA has removed the Linux Sim, I guess they had too many failures and retakes. Companies that pay for their employee’s certifications would complain at the extra cost.

      Nevertheless, it wont hurt you to be prepared, and employers like Linux skills.

  163. Solid Snake  June 19, 2024

    Passed the CASP exam recently on the first try. 76 questions. 3PBQ. NO Linux sim. Thank you for your blog. Some of the information here was the most helpful I used out of all study resources I used. I was very prepared for the Linux Sim and looking forward to it. I was somewhat bummed out for not having it. Kinda felt anti-climactic to pass the exam without that since it is basically the capstone of the CompTIA exams.

  164. King Krieg  June 20, 2024

    Just passed the CASP+ 004 on my first try.
    76 questions, 3 PBQs, No Linux sim.

    There was a good chunk of focus on OT.
    A lot of answers are technically correct, but based on the scenario would point you to one of them. Breaking the questions into multiple chunks to separate requirements seemed to help identify which of the two correct answers fits the scenario.

    Study Materials:
    Jason Dion’s CASP+ (CAS-004) course
    Jason Dion’s CASP+ (CAS-004) 6 exams
    Pocket Prep (Mostly to keep my brain engaged), but had a few concepts that I hadn’t seen before.
    This blog

  165. Brandon  July 1, 2024

    Hey Bob,
    I appreciate the insight.

    Has there been any updates to any of this?

    I’m attempting the SecX beta in 3 weeks and its the CASP+ revamp. Have you heard or read anything that would assume they will be similar?

    Thanks for any info!


    • bobwyzguy  July 2, 2024

      I do not have any information on the new CASP exam. It seems pretty certain that the current CASP+ exam no longer contains the Linux virtual machine exercise. No telling if they are bring back the virtual machine in the next exam, using a different question.

  166. Macher  July 6, 2024

    Hi Bob, just want to confirm that the HELP command in the Linux SIM is available… thanks!

    • bobwyzguy  July 7, 2024

      Hi Macher – the HELP command was available on the Linux Virtual Machine Sim when I took the exam. Recent reporters have been saying the Sim was not part of their exams. It seems like CompTIA has pulled this question from the exam, possibly. Out of an abundance of caution, I would recommend preparing for it anyway.

  167. fr6me  July 7, 2024

    Passed 1st try! No Linux SIM, 76 Qs, 3 PBQs
    Studied with Dion videos, Dion practice tests & PocketPrep app. This site helped a lot. Good luck everyone! Just drill the Qs and understand the concepts.

  168. Anon77725  July 10, 2024

    Took beta exam – as part of prep for 004. I dont know why the heck CompTIA advertises 90 questions in draft objectives… its 118 PLUS several PBQs on top. No VMs. All that plus review took me almost entirety of the time… so added difficulty is time management while trying to interpret word soup and logs. Questions are somewhat short but convoluted. There was variation of a SCADA PBQ. Rest were very simple dropdowns – nothing like example on CompTIA site where you used CLI in the PBQ. Definitely worth reviewing updated objectives and AI. I used comparison Excel link from another post here and then Chat GPT or google if CGPT was trying to bs me to at least get some idea what the terms were.

    Mark Birch mock exams were the closest as its all worded like in CISSP – Scenario then pick “best” – you either know it or you dont. You really need to know all the goofy acronyms in their respective context(As question wordings dont really help with extracting context as the case in longer formats) and how technology interconnects in the grand scheme of things.

    Idk if I passed or failed. Probably failed as my career is mostly middle management(CISSP was far easier to me) with limited technician experience beyond a degree and hobbies and I didnt really feel comfortable with many details. However exam really has shined some light on how questions are worded to enhance my practice etc. Many I could narrow down to 2 choices then make a guess whe other questions decided to grill me on ins and nitty gritty outs of email(marked, wrote down offending acronyms and luckily was able to define them using context of other questions in the test)… overall its a pisitive experience – all that for only 50 bucks. I think Ill read the comptia book next in hopes some more of those pesky acronyms stick in my brain then see how I do in my last actually graded attempt. I do struggle to see the value of this cert (beyond free or cheap vouchers) as opposed to having CISSP; I feel targeted certs are far more actionable than mile wide inch deep technical ones like this – plus their SecX(NSFW) rebrand doesnt do any favors in my not so humble opinion.

    Cheers and good luck.

  169. WiseGal  July 15, 2024

    Just took the CASP last night and passed. No Linux question. 76 questions and 3 PBQs. Lots of questions on web apps and app testing. I will say that the test was tougher than I thought. Pretty much studied Dion’s videos, and the one test that comes with the videos. Then got pocket prep and worked on those questions. Nothing felt close to the types of questions asked though. I finished with about 40 mins to spare. The PBQs listed above def helped !!!


Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.