CompTIA SecurityX Practice Test (CAS-005)
Use the form below to configure your CompTIA SecurityX Practice Test (CAS-005). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA SecurityX CAS-005 (V5) Information
What is the CompTIA SecurityX Certification?
CompTIA SecurityX is a high-level cybersecurity certification. It used to be called CASP+ but was renamed in 2024 when the CAS-005 exam was released. This certification proves that you can design and manage secure systems in big, complex businesses.
Who is SecurityX For?
SecurityX is meant for advanced IT professionals. You should have at least 10 years of general IT experience and 5 years working directly with cybersecurity. If you're a senior engineer, architect, or lead, this certification is a good fit for you.
What Topics Does It Cover?
The SecurityX exam tests your skills in four main areas:
- Security Architecture: Building secure systems and networks
- Security Operations: Handling incidents and keeping systems running safely
- Governance, Risk, and Compliance: Following laws and managing risk
- Security Engineering and Cryptography: Using encryption and secure tools
What Is the Exam Like?
- Questions: Up to 90 questions
- Types: Multiple-choice and performance-based (real-world problems)
- Time: 165 minutes
- Languages: English, Japanese, and Thai
- Passing Score: Pass/Fail (no number score is shown)
You’ll find out if you passed right after finishing the test.
Why Take the SecurityX Exam?
SecurityX shows that you can handle high-level security work. Many jobs, especially in the government or large companies, ask for this type of certification. It’s also approved by the U.S. Department of Defense (DoD 8140.03M).
Is There a Prerequisite?
There’s no required course or other exam before SecurityX, but CompTIA strongly recommends that you have 10 years in IT and 5 years in security. Without this experience, the exam may be too hard.
Should I take the SecurityX exam?
If you're already working in cybersecurity and want to prove your skills, SecurityX is a great choice. It shows that you’re ready to lead, solve complex problems, and keep organizations secure.

Free CompTIA SecurityX CAS-005 (V5) Practice Test
- 20 Questions
- Unlimited
- Governance, Risk, and ComplianceSecurity ArchitectureSecurity EngineeringSecurity Operations
Which group is recognized for focusing efforts on raising awareness about issues to influence corporate behavior or public attitudes?
Nation-state operatives searching for intellectual property
Criminal network seeking data for black market trade
Insiders who intend to sabotage for personal revenge
Activists who champion social or political agendas
Answer Description
Groups driven by social or political causes target organizations to highlight their concerns, often through public campaigns or protest tactics. Criminal networks concentrate on unlawful gains, insiders are typically seeking revenge or personal advantage, and nation-state operatives focus on intelligence gathering or strategic benefits. Recognizing these differences helps security teams anticipate the nature of attacks and better align defenses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What tactics do activists use to influence corporate behavior or public attitudes?
How do security teams differentiate activist attacks from other threats like criminal or insider attacks?
Why are activist attacks considered a significant security concern despite their non-financial motives?
Which method best addresses a newly detected issue that threatens a key business function?
Record the discovery in an internal database and inform stakeholders later
Postpone any intervention until the next regularly scheduled system refresh
Apply a fix in a controlled environment, verify results, then deploy the solution
Take the affected system offline for prolonged isolation from the rest of the network
Answer Description
Applying and testing a fix in a controlled environment confirms that the solution is effective and does not introduce unintended problems. Not taking direct and validated action leaves the business at risk or disrupts normal processes unnecessarily.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to test a fix in a controlled environment before deployment?
What is a controlled environment in the context of IT solutions?
Why is postponing fixes until a system refresh considered a bad practice?
An administrator wants to keep thorough records of changes made to a multi-cloud environment. Later reviews must identify who performed each action, as well as the precise set of modifications. Which technique is the best for keeping these changes tracked and easily referenced for regulatory checks?
Maintaining weekly snapshots instead of storing continuous details
Using an automated platform that consolidates entries and requires approval gates
Keeping logs split among individual environments
Posting changes in a read-only area while administrators keep their own logs
Answer Description
A central system that captures events and enforces approval steps provides a reliable audit trail. Each update is logged with a record of who made it. Weekly snapshots miss incremental details, relying on multiple separate logs can create gaps, and read-only channels supplemented by personal notes can fragment the information. A unified approach makes it simpler to validate actions during reviews.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an audit trail and why is it important in a multi-cloud environment?
What is an automated platform with approval gates, and how does it work?
Why are weekly snapshots insufficient compared to continuous logging?
Which method provides an isolated hardware-based environment for performing protected cryptographic operations on the same physical device?
Automatically deploying patches
A tool that allows memory scanning
A specialized processor extension that runs code in a dedicated environment
An external service for key rotation
Answer Description
A specialized processor extension that dedicates an environment for cryptographic operations is correct because it ensures sensitive code runs in a secure area, safe from malicious activities. A tool that allows memory scanning helps identify threats but does not guarantee real-time isolation. An external service for key rotation is valuable for managing keys but does not protect local processing. Automatically deploying patches is a broad maintenance strategy rather than a solution for hardware isolation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a specialized processor extension?
How does a specialized processor extension protect cryptographic operations?
What are some examples of technologies that use specialized processor extensions?
Which technique is used by attackers to expand infiltration across connected systems while avoiding detection?
Leveraging DNS tunneling to move data out of the perimeter
Eliminating malicious services on the first infiltrated system
Pivoting through compromised devices to reach additional machines within the same environment
Inspecting traffic to capture user passwords on a single gateway
Answer Description
Pivoting through compromised machines means the intruder is using one infiltrated device to access other internal targets. This broadens their presence inside a network. Monitoring traffic focuses on collecting data and does not allow hopping from one device to another. DNS (Domain Name System) tunneling is often used to disguise data exfiltration, not move deeper into multiple systems. Stopping malicious processes on a single host does not provide new access to other endpoints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'pivoting' mean in cybersecurity?
How is pivoting different from DNS tunneling?
Why is detecting pivoting important in network security?
A large enterprise has a new monitoring system that generates a high volume of routine notices. Security personnel get overwhelmed and miss unusual intrusions. Which strategy helps them refine thresholds and rule sets to emphasize activities that could signal a breach?
Employ container management technology to scale events processing for automatic filtering
Raise scanning scope for all possible actions to gather maximum data
Configure correlation rules based on severity and event frequency to produce targeted notifications
Use a content distribution network to redirect network activity and reduce traffic
Answer Description
Adjusting correlation and priority settings ensures that alerts reflect real threats rather than routine traffic. The effective approach involves tuning severity levels for different event types. Increasing the scanning scope generates more data, which can further overwhelm the team. Relying on a specialized distribution platform or container handling does not directly target the root issue of setting rules that filter repetitive events and highlight events likely to be malicious.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are correlation rules in monitoring systems?
How does event frequency impact monitoring systems?
What are severity thresholds in security monitoring?
Your organization has adopted a widely recognized standard to enhance safeguards. The board wants a concise explanation of how this resource shapes daily protection strategies. Which explanation best describes its impact?
It promotes using a single vendor for protective solutions across the enterprise
It offers a coordinated approach to reinforcing protective measures across teams and processes
It downplays the need to evaluate external parties, relying on compliance as an adequate measure
It indicates that hardware-based methods are prioritized for safeguarding information
Answer Description
Recognized security standards enable unified defense by aligning teams under consistent goals, risk assessments, and technical safeguards. Rather than promoting one-size-fits-all tools or compliance for its own sake, these frameworks empower coordinated, evidence-based security practices at every level of the organization. Other options focus too narrowly on vendor reliance, prioritize particular methods without proper context, or minimize assessment of outside groups by relying excessively on compliance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are recognized security standards in cybersecurity?
How do unified defense strategies help an organization?
Why is compliance not enough for evaluating external groups?
An organization issues smartphones to employees and manages them with a mobile device management (MDM) platform. Which MDM policy BEST minimizes the risk that sensitive corporate data on the phone can be read if the device is lost or stolen?
Restrict the device to connect only to approved Wi-Fi networks.
Require full-device encryption with a passcode.
Set the screen timeout to lock after one minute.
Disable the device's camera.
Answer Description
Requiring full-device encryption ensures that data on the smartphone's internal storage is unreadable without the user's passcode. Even if an attacker removes the storage medium or uses forensic tools, the encrypted data cannot be accessed. Settings such as short screen-lock timeouts, camera restrictions, or Wi-Fi whitelisting provide security benefits but do not protect data at rest when the device is physically out of the company's control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is full-device encryption, and why is it important for securing data?
How does a passcode enhance the effectiveness of full-device encryption?
Why don't screen timeouts or camera restrictions provide the same level of protection as encryption?
A security team is investigating a breach where a threat actor accessed and decrypted several-months-old encrypted data backups. The investigation shows the primary encryption keys for the live database had been rotated since the backups were created. However, logs from the key management system (KMS) indicate the threat actor used a superseded, 'inactive' key to decrypt the data. Which of the following is the most likely root cause of this incident?
Failure to enforce the deletion of superseded cryptographic keys.
Lack of continuous monitoring on the KMS.
Using symmetric instead of asymmetric encryption for the data backups.
An insufficiently frequent key rotation schedule.
Answer Description
The root cause is the failure to properly delete or destroy superseded cryptographic keys after their intended lifecycle. Merely marking a key as 'inactive' or 'disabled' is insufficient, as an attacker with sufficient privileges within the KMS may be able to reactivate or use it. Proper key deletion is a critical step in a key management lifecycle to prevent unauthorized access to historical encrypted data. While key rotation was performed, the failure to delete the old key created the vulnerability. The type of encryption is irrelevant to the key management failure, and while monitoring was useful for the investigation, it did not cause the breach.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a Key Management System (KMS)?
Why is deleting inactive cryptographic keys important?
What is the difference between key rotation and key deletion?
After applying newly developed threat filters, a company noticed that legitimate transactions were falsely flagged as threats. Which strategy best addresses these incorrect alerts while still keeping functional protection in place?
Put flagged requests into a silent log mode to minimize alerts
Fine-tune the newly added filters to reduce incorrect alerts on expected traffic
Deactivate detection features until proper testing is completed
Restrict known services to prevent unauthorized activity
Answer Description
Adjusting the updated filters helps reduce erroneous triggers and ensures genuine malicious traffic is still identified. Temporarily disabling detection leaves gaps in coverage. Placing flagged traffic into a silent log does not solve the root cause and allows problematic alerts to persist. Restricting known services does not resolve the misconfigurations and might disrupt normal processes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is fine-tuning in the context of threat filters?
Why is temporarily disabling detection features not a good strategy?
How does silent logging differ from solving false positives?
An analyst wants to create custom threat-hunting signatures to detect suspicious code by specifying text, hex, or wildcard patterns. Which method best accomplishes this goal?
A correlational query that aggregates events from multiple network appliances
A rule syntax that inspects network traffic flows based on header-level analysis
A specialized pattern builder that locates strings or binary sequences in memory or files
An automated script that retrieves open-source threat listings for all connected hosts
Answer Description
A specialized pattern-based approach, known as YARA (Yet Another Recursive Acronym), is designed to detect malicious code by matching specific text, hex, or wildcard strings. It is especially effective for scanning memory and files across various operating systems. The other suggested methods focus on different aspects, such as correlating logs, gathering open-source indicators, or analyzing network traffic flows, rather than defining flexible string-based rules for suspicious code.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is YARA and how does it work?
How does YARA compare to traditional antivirus tools?
What types of patterns can YARA match?
An organization is expanding into a region with legal mandates requiring that personal information be stored and processed locally. Leadership prefers a unified global system. Which step best fulfills this regulatory requirement?
Apply a single encryption plan for a worldwide facility
Build regional infrastructure and restrict external relocation
Ask customers to consent to cross-border data movement
Enable encryption of records processed overseas
Answer Description
Data localization laws in jurisdictions such as the European Union (GDPR Art. 44–50), India (DPDP 2023), and China's PIPL prohibit the transfer of certain personal data outside the region without specific authorization or safeguards. Building data centers or storage facilities within the mandated geography and ensuring access controls and backup redundancy remain within regional boundaries satisfies compliance. Encryption alone does not fulfill storage residency requirements, nor do voluntary user consents override legal obligations. A single global infrastructure or encryption schema cannot address jurisdictional boundaries effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are data localization laws?
Why doesn’t encryption alone satisfy data residency requirements?
How can regional infrastructure help meet compliance requirements?
A design firm regularly shares secret prototypes with foreign partners through a shared platform. Recently, the security team noticed unusual connections to external domains initiated by staff accounts. Which safeguard is most effective at preventing unwanted distribution of these prototypes?
Adopt an incoming filter that blocks suspicious connections originating externally
Give staff higher-level permissions for faster file sharing
Use a scanning method on outgoing transfers that checks for restricted content
Require multiple login credentials for all collaborators
Answer Description
Implementing file inspection on outbound traffic helps identify secret details to protect them from departure. Granting broader privileges does not address outbound movement of sensitive items, and focusing on incoming data or user login processes does not avert all unauthorized attempts to export files.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a file scanning method for outgoing transfers?
How does Data Loss Prevention (DLP) work in safeguarding data?
Why are incoming filters insufficient to block data exfiltration?
A new member of your development team introduced a library from an external source to add functionality. You want to prevent malicious or outdated code and conflicts with usage requirements. Which measure satisfies this requirement while the additions are still in progress?
Carrying out repeated test cycles that confirm new features within a private environment
Using a system that scans third-party files for recognized flaws and restricted usage conditions
Collecting telemetry with an embedded defense mechanism that reacts to suspicious events
Enforcing a manual inspection of all lines to catch errors and logic gaps
Answer Description
A dependency scanner checks known flaws and usage obligations in imported components before finalizing the application. Manual review and repeated tests can catch some problems, but they do not give deep insight into the library's background or potential conflicts. Embedded defense tools monitor issues during runtime, rather than examining the integrity and license status of external code artifacts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a dependency scanner, and how does it work?
Why are manual code reviews insufficient for identifying flaws in external libraries?
How does a dependency scanner differ from runtime monitoring like embedded defense tools?
Which method is best for confirming that newly introduced features do not introduce weaknesses after multiple iterations?
Perform an audit when development milestones are achieved.
Perform manual scans at regular intervals.
Review advanced components based on project scope and requirements.
Conduct systematic checks within an automated pipeline for ongoing feedback.
Answer Description
Automated pipelines that include security checks provide a scalable, repeatable method for validating code with every update. These checks detect newly introduced vulnerabilities in near-real time and generate feedback quickly, minimizing the risk of regression or lingering flaws. Manual reviews or milestone-based audits introduce delays and gaps, which can leave weaknesses unaddressed between cycles. By contrast, integrated security tooling within CI/CD ensures each change is evaluated consistently, helping maintain a strong security posture across frequent deployments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an automated pipeline in development?
How do security checks in CI/CD pipelines identify vulnerabilities?
Why are manual scans less effective than automated pipelines for security?
Which strategy best lowers the chance of a concurrency flaw when multiple tasks run at the same time on a shared resource?
Continuously scan memory segments for unexpected changes
Store repeated backups whenever new modifications occur
Use a structured schedule that orders modifications one after another
Check text passages in user inputs to detect overlapping data
Answer Description
A coordinated sequence for each update helps prevent conflicting modifications. Scanning memory examines content but does not regulate updates. Creating more backups does not reliably avert corrupting the shared resource. Text-based checks target input anomalies rather than task overlap.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a concurrency flaw?
Why does a structured schedule lower the chance of a concurrency flaw?
What are race conditions, and how do they relate to concurrency flaws?
An enterprise wants to reduce single points of compromise in its credential management pipeline by adopting a trust arrangement with separate oversight for identity checks and cryptographic distribution. Which solution best achieves that goal?
Assign distinct teams, one for verifying authenticity and another for providing keys
Use a single procedure that checks identity and issues credentials in the same step
Rely on an automated system that completes identity checks and credentials at once
Allow departments to handle their own distribution with minimal oversight
Answer Description
Dividing roles ensures that the group verifying authenticity does not also grant credentials, preventing a single breach from breaking the entire trust model. Combining identity checks and distribution in one place consolidates power and raises risk. Granting departments their own distribution oversight lacks rigorous reviews. Turning all duties over to an automated approach does not involve meaningful separation of responsibilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is separating teams for identity verification and key distribution important?
What is meant by 'single points of compromise' in credential management?
How does automation in credential management increase risk?
An organization is integrating a new scanning solution that checks for software flaws across multiple subnets. Which approach provides the best coverage while balancing resource use and network performance?
Rely on manual checks by administrators whenever major changes occur
Distribute multiple instances across each segment, managed through a central console
Set up a single checking node in one segment to probe internal hosts throughout the environment
Exclude lower priority hosts from scans to conserve resources
Answer Description
Using a distributed approach, where multiple scanning points cover each segment, helps detect flaws throughout the environment and reduces excessive bandwidth usage that could occur with a single scanner. Manual checks after significant changes or skipping certain servers leads to incomplete insight. Having only one scanning node for the entire internal landscape can overload the network as it processes many connections, limiting scalability and coverage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is distributing scanning instances across segments better for network performance?
What is a central console, and how does it manage distributed scanners?
Why is relying on manual checks by administrators not sufficient for detecting software flaws?
Security administrators are creating an application allowlisting policy for a set of Windows 11 engineering workstations that must run a vendor's CAD suite. The CAD executables are digitally signed by the vendor and updated quarterly. The workstations also contain several directories that engineers can write to. The team wants to minimize both maintenance overhead and the risk of attackers bypassing the allowlist by copying malware into writable folders.
Which AppLocker rule condition should the administrators use for the CAD executables to BEST meet these requirements?
A publisher (digital-signature) rule
A complete file-path rule (e.g., C:\Program Files\Vendor\app.exe)
A directory-based path rule that allows C:\Program Files\Vendor\
A filename rule that allows app.exe regardless of location
Answer Description
Publisher (digital-signature) rules verify the signer's certificate and can allow all versions of a signed application without referencing its exact path. Unlike path-based rules-which can be bypassed if an attacker drops a malicious file into an allowed location-publisher rules remain effective even if the file is copied elsewhere and do not need to be updated every time the vendor releases a signed update. Complete or directory-based path rules and filename rules offer less protection against path spoofing and typically require more frequent changes when applications move or are upgraded.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an AppLocker publisher rule?
Why are path-based rules less secure than publisher rules?
How does a digital signature enhance application security?
During a post-incident review, a security engineer discovers that a production backup Bash script contains hard-coded privileged database credentials assigned to a shell variable:
TOKEN='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
The script runs every night from cron with sudo privileges on a shared Linux jump host. The engineer must redesign the credential handling so that:
- The script continues to run non-interactively from cron.
- The credential is never stored in plaintext on disk.
- The credential's lifetime is limited to the duration of the task.
Which of the following approaches BEST meets these requirements?
Have the script request a short-lived token from a centrally managed secrets vault (for example, HashiCorp Vault or AWS Secrets Manager) each time it runs and store the token only in memory.
Write the token to a root-owned configuration file with permissions set to 600 and have the script read it at runtime.
Base64-encode the token and keep the encoded value in the script, decoding it with the
base64 -d
command immediately before use.Export the token as a global environment variable in /etc/profile so it is automatically available to any user session, including the cron job.
Answer Description
Retrieving a short-lived token from a centralized secrets-management service at runtime keeps the credential out of source code and the filesystem, limits its exposure to the memory space of the executing process, and allows the secrets platform to enforce rotation and revocation. The other choices leave the secret in plaintext (or easily reversible Base64) on disk or make it globally accessible through environment variables, defeating the security goals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secrets vault, and why is it important?
Why is Base64 encoding not secure for storing sensitive data?
How does using short-lived tokens improve security?
Woo!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.