CompTIA SecurityX Practice Test (CAS-005)
Use the form below to configure your CompTIA SecurityX Practice Test (CAS-005). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA SecurityX CAS-005 (V5) Information
What is the CompTIA SecurityX Certification?
CompTIA SecurityX is a high-level cybersecurity certification. It used to be called CASP+ but was renamed in 2024 when the CAS-005 exam was released. This certification proves that you can design and manage secure systems in big, complex businesses.
Who is SecurityX For?
SecurityX is meant for advanced IT professionals. You should have at least 10 years of general IT experience and 5 years working directly with cybersecurity. If you're a senior engineer, architect, or lead, this certification is a good fit for you.
What Topics Does It Cover?
The SecurityX exam tests your skills in four main areas:
- Security Architecture: Building secure systems and networks
- Security Operations: Handling incidents and keeping systems running safely
- Governance, Risk, and Compliance: Following laws and managing risk
- Security Engineering and Cryptography: Using encryption and secure tools
What Is the Exam Like?
- Questions: Up to 90 questions
- Types: Multiple-choice and performance-based (real-world problems)
- Time: 165 minutes
- Languages: English, Japanese, and Thai
- Passing Score: Pass/Fail (no number score is shown)
You’ll find out if you passed right after finishing the test.
Why Take the SecurityX Exam?
SecurityX shows that you can handle high-level security work. Many jobs, especially in the government or large companies, ask for this type of certification. It’s also approved by the U.S. Department of Defense (DoD 8140.03M).
Is There a Prerequisite?
There’s no required course or other exam before SecurityX, but CompTIA strongly recommends that you have 10 years in IT and 5 years in security. Without this experience, the exam may be too hard.
Should I take the SecurityX exam?
If you're already working in cybersecurity and want to prove your skills, SecurityX is a great choice. It shows that you’re ready to lead, solve complex problems, and keep organizations secure.
Free CompTIA SecurityX CAS-005 (V5) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:Governance, Risk, and ComplianceSecurity ArchitectureSecurity EngineeringSecurity Operations
A large financial institution relies on a critical legacy system to process high-volume payment data. The system is no longer supported by its vendor, and its architecture prevents direct modification of its authentication mechanisms. A security architect must implement a compensating control to strengthen security for administrative accounts without disrupting operations. Which of the following solutions is the MOST effective and least disruptive?
Mandate the integration of native multifactor authentication (MFA) for all administrative accounts on the system.
Deploy an agent-based Endpoint Detection and Response (EDR) solution on the legacy system.
Implement a Privileged Access Management (PAM) solution to act as a gateway for all administrative access.
Isolate the system on a new network segment protected by a stateful firewall.
Answer Description
A Privileged Access Management (PAM) solution is the most appropriate choice. PAM acts as a compensating control by creating a secure, proxied gateway for administrative access. It can enforce strong authentication (like MFA) and provide detailed session logging and monitoring without modifying the legacy system itself, thus meeting the requirements of enhanced security with no operational disruption. Mandating native MFA integration is likely infeasible on an unsupported legacy system that cannot be modified. Isolating the system with a firewall is a good security practice but does not strengthen the authentication process for privileged users who already have network access. Deploying a modern EDR agent may not be possible on an obsolete operating system and could cause performance issues, disrupting high-throughput processing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Privileged Access Management (PAM) solution?
Why can't native Multifactor Authentication (MFA) be used for legacy systems?
How does isolating a legacy system with a stateful firewall differ from using PAM?
An organization relies on a widely used component that exhibits potential overflow issues. The developers have not detected an active exploit, but the security team wants to reduce the chance of problems while maintaining current operations. Which measure provides the most effective risk reduction?
Upgrade to the vendor’s latest release and validate patches in a controlled setting
Implement an allow listing approach that restricts usage by unapproved processes
Stop using that component in production
Depend on monitoring solutions that notice suspicious usage signatures
Answer Description
Upgrading to the vendor’s latest release and then validating patches in a controlled setting addresses the known flaw while preserving existing functionality. Stopping usage may break key operations and does not ensure a proper fix. An allow listing approach limits which processes can access the component but still leaves the flaw in place. Monitoring unusual activity may detect suspicious events, but it does not address the fundamental weakness.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a buffer overflow, and why is it a concern?
Why is upgrading to the latest vendor patch often the best risk mitigation strategy?
What is the difference between allow listing and monitoring solutions in risk management?
A transit administrator oversees older equipment used to manage an automated track system. Reports indicate infiltration attempts from an external source. The team needs to keep the equipment running while stopping unauthorized activities. Which option is the best approach to meet this goal?
Establish distinct network segments for the older system and leverage specialized gateways
Schedule a lengthy shutdown to replace legacy components with modern devices
Apply security updates and shut all remote interfaces to prevent external traffic
Elevate administrative permissions so personnel can react whenever suspicious events occur
Answer Description
Segmentation with monitored gateways helps limit infiltration attempts. Disabling external connections could block valid maintenance processes. A major hardware replacement may cause significant downtime and might not address all vulnerabilities. Granting broad privileges to administrators can weaken security. Segmenting the environment preserves functionality and reduces access to critical assets.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation and why is it useful for securing legacy systems?
How do specialized gateways enhance network security for legacy systems?
Why is disabling external connections not always the best solution for security?
After a red team exercise tested an enterprise from an external vantage point, which method best confirms that the security team tracked the simulated intrusion attempts throughout the environment?
Gathering feedback from the group that performed the simulation about systems they targeted
Checking user training records to confirm that employees reported suspicious communication
Asking workforce members to set new passwords after the evaluation ended
Examining detection logs to confirm that monitors recognized each critical step in the exercise
Answer Description
Examining detection logs reveals whether intrusion detection tools recognized unauthorized behaviors. Gathering secondhand feedback from the group that performed the simulation does not validate defenders’ actual detection or alerting. Checking user training records addresses social engineering tactics but does not confirm whether the environment captured technical indicators. Asking workforce members to set new passwords does not demonstrate whether suspicious activity generated alerts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are detection logs and why are they important?
What is the purpose of a red team exercise in cybersecurity?
How does monitoring technical indicators differ from social engineering detection?
Which approach describes the practice of regularly updating cryptographic secrets on a dedicated timetable to protect data from extended compromise?
Creating detailed tabletop exercises for incident response
Applying multi-factor authentication in access control
Implementing scheduled changes of cryptographic materials after a specified period
Monitoring system events for anomalous behavior
Answer Description
Scheduling the replacement of cryptographic materials limits the usefulness of older credentials. An unauthorized party who gains access to outdated secrets finds them invalid after the refresh period. Other listed measures support security controls but do not involve routine updates of encryption secrets.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are cryptographic secrets?
Why is it important to update cryptographic secrets regularly?
How can organizations implement scheduled updates of cryptographic materials?
An organization obtains suspicious logs from multiple external data providers and wishes to combine them with local sources for deeper analysis. Which method is BEST for maintaining a scalable, adaptable process for adding new providers swiftly?
Implement a scanning tool that queries each external data provider separately for suspicious indicators
Keep logs in separate repositories for each source and merge them manually when necessary
Adopt a unified platform that structures logs from external and internal sources under one flexible data model
Archive all event logs in a shared folder system to be searched on demand
Answer Description
Utilizing a single platform that merges external and local logs in a flexible data structure supports advanced correlation and rapid integration of new sources. Storing each feed separately or relying entirely on export or manual searching introduces inefficiencies and inconsistent views of the data, limiting the ability to correlate events effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does a 'unified platform' mean in this context?
Why is maintaining a flexible data model important for scalability?
What are the disadvantages of separate log repositories for each source?
An organization uses a content delivery network to serve media files to a global audience. Which approach provides the highest level of confidentiality and integrity for transmitted data?
Using cryptographic checksums for media files stored at remote endpoints
Implementing location-based routing to direct traffic to the nearest data center
Transferring content between the user's device and the origin with consistent encryption
Deactivating encryption at edge servers for performance gains, then re-encrypting afterward
Answer Description
Establishing an unbroken line of secure communication from user devices to the final system ensures that data remains protected even when passing through multiple nodes. Terminating and re-establishing secure connections at edge servers can introduce points of exposure. Location-based routing simplifies access, and cryptographic checksums support file integrity, but neither alone guarantees data confidentiality during transit.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Content Delivery Network (CDN)?
What is encryption and why is consistent encryption important?
How do cryptographic checksums support data integrity?
An organization is located in an area that often faces extended service disruptions. Leadership wants to ensure vital functions remain operational with minimal delay if an incident occurs. Which approach best addresses their goal?
Maintaining a second location equipped for operations with replication of operational data in near real-time
Storing hardware in a remote location until needed to rebuild systems
Periodic backups stored in an offsite archive
Configuring a dormant environment with occasional functionality testing
Answer Description
A second location equipped for operations and replicating data in near real-time supports prompt availability. Storing hardware remotely can increase delays if software and configurations are not kept current. Periodic backups in an offsite archive help with data recovery but do not meet pressing uptime demands. A dormant site with occasional testing might overlook hidden issues and slow down resumption of services.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is near real-time data replication?
How does a second operational location support business continuity?
What are the limitations of periodic backups for maintaining uptime?
A cloud-hosted generative-AI platform allows users to install community plug-ins that extend core functionality. During a security review, engineers notice that several third-party plug-ins request administrator-level API scopes and perform no authorization checks before invoking privileged back-end services.
Which of the following controls would MOST effectively prevent a malicious or compromised plug-in from executing unintended high-privilege actions in the production environment?
Store plug-in service credentials in environment variables instead of source code
Enable verbose audit logging of all plug-in activity and review the logs weekly
Increase the default OAuth token lifetime so plug-ins do not need to re-authenticate frequently
Enforce role-based access control and least-privilege scopes for each plug-in, combined with sandbox isolation
Answer Description
Isolating each plug-in and granting it only the minimal API scopes it needs enforces the principle of least privilege and prevents a plug-in from invoking sensitive functions outside its intended purpose. Verbose logging (option 2) helps detection but does not stop the attack. Moving credentials to environment variables (option 3) addresses secret management, not authorization. Extending OAuth token lifetimes (option 4) actually increases risk by keeping broad privileges valid for longer.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is role-based access control (RBAC), and how does it support least-privilege principles?
What is sandbox isolation, and why is it important in mitigating risks from third-party plug-ins?
How does enforcing least-privilege API scopes improve cloud platform security?
Your board of directors wants to adopt a widely recognized framework from a professional association to unify enterprise goals and technology oversight in order to measure and improve security controls across various business processes. Which approach achieves this goal effectively?
Implement a set of guidelines that defines responsibilities, measurable targets, and control requirements across multiple domains to strengthen governance
Follow an agile software development reference that highlights frequent feature releases and code integration events
Use a standard mandating financial data controls and vendor contract reviews for payment transactions
Adopt a privacy rule with a focus on handling personal information and administrative documentation
Answer Description
A recognized approach that merges broader business objectives with IT processes establishes a consistent method for planning, implementing, and reviewing security efforts alongside operational goals. Other options concentrate on narrow or unrelated areas, such as data protection only, software development practices, or payment-specific tasks, and do not provide comprehensive governance of the larger enterprise environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of widely recognized frameworks that unify enterprise goals and technology oversight?
What makes a framework effective in enhancing security governance across an enterprise?
How is a framework like COBIT different from privacy or financial-specific standards?
An organization wants to provide unified sign-in across multiple partner groups that manage their own user directories. Which of the following methods best satisfies shared authentication across these distinct environments while avoiding separate credential stores?
Adopt a multi-device validation step before users connect to each environment
Use a trust-based integration among each partner’s identity provider
Require every remote user to register separate domain accounts within the host environment
Create a local directory that consolidates all partner credentials into a single internal system
Answer Description
Establishing a trust relationship among separate identity providers aligns with the concept of federation. It allows each partner to keep its user directories while still passing validated claims between them. Other options, such as merging all credentials into a single directory or issuing separate accounts, add complexity. Trust-based integration is designed for secure single sign-in without duplicating or storing credentials in multiple places.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a trust-based integration in identity management?
What is federation in identity and access management?
How does single sign-on (SSO) benefit organizations in a federated setup?
An organization is setting up a new database in a restricted environment. Which measure helps reduce the threat surface while enabling vital processes to run?
Deactivate unnecessary features and patch core services to reduce risks.
Enable remote administration through secure networks for controlled access.
Integrate legacy systems using appropriate modules without relying on unsupported software.
Configure permissions to allow application access when needed.
Answer Description
Deactivating unnecessary components and updating core parts limits paths that attackers can exploit. Broad permission settings or reliance on unsupported software can leave the environment exposed. Remote connections on untrusted channels can increase risks of unauthorized changes or data access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'reducing the threat surface' mean in cybersecurity?
Why is deactivating unnecessary features important in secure environments?
What are core services, and why is patching them essential?
Which technique provides the strongest assurance that stored log data remains untampered and can be validated for forensic or compliance purposes?
Generate a digital fingerprint for each log entry and maintain it in a separate location
Encrypt the logs with a key and save them locally on one repository
Make a copy of the logs on a shared folder that includes restricted user access
Mask specific fields in the logs to conceal details from unauthorized viewers
Answer Description
Digital fingerprinting—typically implemented as cryptographic hashing—ensures the integrity of logs by allowing verification that no changes occurred after storage. By saving the hash separately, any tampering becomes immediately detectable through comparison. This method aligns with controls in NIST SP 800-92 and CIS Control 8 (Audit Log Management). Encryption ensures confidentiality but not change detection. Shared folders and obfuscation fail to provide assurance against post-write modification. Forensic soundness and non-repudiation require verifiable tamper evidence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is cryptographic hashing, and how does it support log integrity?
Why is encryption not sufficient for ensuring the integrity of log files?
What are NIST SP 800-92 and CIS Control 8, and why are they important for log management?
A business has combined operations with another organization, bringing new staff, resources, and networks together. The security department wants to minimize infiltration risks while ensuring daily activities can proceed. Which action best addresses these factors?
Designate incoming systems to a single person who manages access without broader evaluations
Shut down operational services whenever a newly integrated system goes live
Have newly combined teams sign staff agreements and skip further vulnerability checks
Conduct a multi-step security gap assessment with data flow reviews to understand new infiltration channels
Answer Description
A phased assessment that includes data flow reviews and threat modeling helps reveal unknown infiltration points introduced by unifying networks, systems, or staff. It addresses possible seams in the environment while allowing the group to maintain normal functions. Shutting down major systems interrupts business and may miss potential blind spots. Relying on staff agreements alone does not detect or mitigate infiltration issues. Assigning one champion per acquired system lacks a full-spectrum analysis of how these systems interact with the rest of the environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a security gap assessment?
Why is data flow review critical during organizational integration?
What is threat modeling, and how does it help in this scenario?
An online retailer’s security team has observed specialized attacks on its network. The manager proposes joining a membership-based group that focuses on sharing critical data regarding adversary methods with organizations in the same sector. Which approach is most effective for gathering targeted alerts and tactical guidance to improve defenses?
Collaborate with a sector-specific membership group that provides intelligence reports
Engage an external monitoring provider for threat detection services
Rely on publicly available data portals for broad threat feeds
Implement an enterprise honeynet for collecting adversary tactics on the internal network
Answer Description
Collaborating with a group that shares tailored intelligence is the most beneficial because it focuses on threats relevant to the specific operational environment. Other methods propose valuable controls but do not provide the same level of direct threat insight or collaboration among similar entities. A publicly available feed is broader in scope, not always offering the specialized intelligence needed. A honeynet can reveal adversary techniques on a single network, but it does not facilitate knowledge exchange with peers. Outsourced monitoring can provide services but might not integrate industry-specific threat data in the same collaborative way.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a sector-specific membership group for threat intelligence?
How does a honeynet differ from membership-based threat intelligence sharing?
Why are publicly available threat feeds less effective than specialized membership groups?
During a routine audit, the engineering team found suspicious entries in name resolution logs, resulting in misdirection to harmful sites even when employees use correct addresses. Which step best addresses the underlying issue and helps keep record integrity intact going forward?
Deploy cryptographic verification for domain entries
Enable captive portal login for guest connections
Require password changes for all employees
Perform periodic restarts of domain controllers
Answer Description
Deploying cryptographic verification for domain entries (sometimes referred to as DNSSEC) uses digital signatures to protect name resolution data from unauthorized changes. Requiring password changes does not fix altered name resolution information. Captive portals are unrelated to the integrity of domain data and do not remove misdirection. Performing periodic restarts of domain controllers does not eliminate tampered data propagated to other resolvers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNSSEC and why is it important?
How does cryptographic verification protect DNS records?
What types of attacks can DNSSEC mitigate?
An organization completes a merger and brings in a new set of employees. Some individuals are unsure who reviews alerts or how to share suspicious events. Which condition raises the chance that vulnerabilities get overlooked and hinder modeling?
Centralization of management oversight and guidance
Omission of advanced analysis tools
Deployment of perimeter network protection equipment
Unclear staff responsibilities for incident handling
Answer Description
When roles are not clearly assigned, employees skip reporting issues or assume someone else is in charge, resulting in missed indicators. Advanced machine learning and firewalls focus on technology rather than ensuring each person understands tasks. Consolidated policy enforcement from management sets standards at a high level but does not address the confusion among the newly formed team’s daily obligations. Successful modeling relies on well-defined duties, so confusion among personnel is a major contributor to gaps.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is unclear staff responsibility a major risk for incident handling?
How can an organization define incident handling responsibilities more effectively?
What is meant by 'successful modeling' in incident handling?
A team discovers several weaknesses in an application that is widely used across multiple departments. They want to address these issues using a structured process and reduce the chance of repeated findings in future evaluations. Which measure is most appropriate for this situation?
Remove the application from production and wait for new hardware before reactivating
Develop a structured remediation process with scheduled patch cycles and track the results
Set up manual scans once each year to limit inaccurate readings
Use a single filtering device that stops all inbound activity on the entire network
Answer Description
Developing a process with scheduled patch cycles and monitoring results targets weaknesses in a planned way. This maintains operational continuity and lowers the recurrence of the same weaknesses in the future. Removing the application from production until new hardware arrives disrupts business. Blocking all inbound connections is too broad and affects legitimate access. Conducting manual scans yearly is not frequent enough to track and address weaknesses consistently.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a structured remediation process?
Why are scheduled patch cycles important?
How does tracking remediation results help reduce future weaknesses?
A security architect at a large financial services company discovers that the IT department cannot produce a complete inventory of its server assets. This lack of visibility has led to several security incidents where unpatched, unknown systems were compromised. The architect needs to recommend a foundational solution that will serve as a single source of truth for all IT components and their relationships to improve overall security posture.
Which of the following should the architect recommend implementing?
A Security Information and Event Management (SIEM) system
A federated vulnerability scanning solution
A Configuration Management Database (CMDB)
A Governance, Risk, and Compliance (GRC) tool
Answer Description
A Configuration Management Database (CMDB) is the correct solution because its primary purpose is to store information about hardware and software assets (referred to as configuration items) and their relationships. Implementing a CMDB would provide a centralized, authoritative inventory, addressing the core problem of unknown assets and enabling better change management, vulnerability management, and risk assessment. A SIEM is used for log aggregation and analysis, a GRC tool manages policies and risk at a high level, and a vulnerability scanner identifies weaknesses but does not serve as a comprehensive asset inventory system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Configuration Management Database (CMDB)?
How does a CMDB differ from a Security Information and Event Management (SIEM) system?
Why is a CMDB considered foundational for improving security posture?
Which method is best for confirming that newly introduced features do not introduce weaknesses after multiple iterations?
Review advanced components based on project scope and requirements.
Perform manual scans at regular intervals.
Conduct systematic checks within an automated pipeline for ongoing feedback.
Perform an audit when development milestones are achieved.
Answer Description
Automated pipelines that include security checks provide a scalable, repeatable method for validating code with every update. These checks detect newly introduced vulnerabilities in near-real time and generate feedback quickly, minimizing the risk of regression or lingering flaws. Manual reviews or milestone-based audits introduce delays and gaps, which can leave weaknesses unaddressed between cycles. By contrast, integrated security tooling within CI/CD ensures each change is evaluated consistently, helping maintain a strong security posture across frequent deployments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an automated pipeline in development?
How do security checks in CI/CD pipelines identify vulnerabilities?
Why are manual scans less effective than automated pipelines for security?
Gnarly!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.