00:20:00

CompTIA SecurityX Practice Test (CAS-005)

Use the form below to configure your CompTIA SecurityX Practice Test (CAS-005). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

Logo for CompTIA SecurityX CAS-005 (V5)
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

CompTIA SecurityX CAS-005 (V5) Information

What is the CompTIA SecurityX Certification?

CompTIA SecurityX is a high-level cybersecurity certification. It used to be called CASP+ but was renamed in 2024 when the CAS-005 exam was released. This certification proves that you can design and manage secure systems in big, complex businesses.

Who is SecurityX For?

SecurityX is meant for advanced IT professionals. You should have at least 10 years of general IT experience and 5 years working directly with cybersecurity. If you're a senior engineer, architect, or lead, this certification is a good fit for you.

What Topics Does It Cover?

The SecurityX exam tests your skills in four main areas:

  • Security Architecture: Building secure systems and networks
  • Security Operations: Handling incidents and keeping systems running safely
  • Governance, Risk, and Compliance: Following laws and managing risk
  • Security Engineering and Cryptography: Using encryption and secure tools

What Is the Exam Like?

  • Questions: Up to 90 questions
  • Types: Multiple-choice and performance-based (real-world problems)
  • Time: 165 minutes
  • Languages: English, Japanese, and Thai
  • Passing Score: Pass/Fail (no number score is shown)

You’ll find out if you passed right after finishing the test.

Why Take the SecurityX Exam?

SecurityX shows that you can handle high-level security work. Many jobs, especially in the government or large companies, ask for this type of certification. It’s also approved by the U.S. Department of Defense (DoD 8140.03M).

Is There a Prerequisite?

There’s no required course or other exam before SecurityX, but CompTIA strongly recommends that you have 10 years in IT and 5 years in security. Without this experience, the exam may be too hard.

Should I take the SecurityX exam?

If you're already working in cybersecurity and want to prove your skills, SecurityX is a great choice. It shows that you’re ready to lead, solve complex problems, and keep organizations secure.

CompTIA SecurityX CAS-005 (V5) Logo
  • Free CompTIA SecurityX CAS-005 (V5) Practice Test

  • 20 Questions
  • Unlimited
  • Governance, Risk, and Compliance
    Security Architecture
    Security Engineering
    Security Operations
Question 1 of 20

Which group is recognized for focusing efforts on raising awareness about issues to influence corporate behavior or public attitudes?

  • Nation-state operatives searching for intellectual property

  • Criminal network seeking data for black market trade

  • Insiders who intend to sabotage for personal revenge

  • Activists who champion social or political agendas

Question 2 of 20

Which method best addresses a newly detected issue that threatens a key business function?

  • Record the discovery in an internal database and inform stakeholders later

  • Postpone any intervention until the next regularly scheduled system refresh

  • Apply a fix in a controlled environment, verify results, then deploy the solution

  • Take the affected system offline for prolonged isolation from the rest of the network

Question 3 of 20

An administrator wants to keep thorough records of changes made to a multi-cloud environment. Later reviews must identify who performed each action, as well as the precise set of modifications. Which technique is the best for keeping these changes tracked and easily referenced for regulatory checks?

  • Maintaining weekly snapshots instead of storing continuous details

  • Using an automated platform that consolidates entries and requires approval gates

  • Keeping logs split among individual environments

  • Posting changes in a read-only area while administrators keep their own logs

Question 4 of 20

Which method provides an isolated hardware-based environment for performing protected cryptographic operations on the same physical device?

  • Automatically deploying patches

  • A tool that allows memory scanning

  • A specialized processor extension that runs code in a dedicated environment

  • An external service for key rotation

Question 5 of 20

Which technique is used by attackers to expand infiltration across connected systems while avoiding detection?

  • Leveraging DNS tunneling to move data out of the perimeter

  • Eliminating malicious services on the first infiltrated system

  • Pivoting through compromised devices to reach additional machines within the same environment

  • Inspecting traffic to capture user passwords on a single gateway

Question 6 of 20

A large enterprise has a new monitoring system that generates a high volume of routine notices. Security personnel get overwhelmed and miss unusual intrusions. Which strategy helps them refine thresholds and rule sets to emphasize activities that could signal a breach?

  • Employ container management technology to scale events processing for automatic filtering

  • Raise scanning scope for all possible actions to gather maximum data

  • Configure correlation rules based on severity and event frequency to produce targeted notifications

  • Use a content distribution network to redirect network activity and reduce traffic

Question 7 of 20

Your organization has adopted a widely recognized standard to enhance safeguards. The board wants a concise explanation of how this resource shapes daily protection strategies. Which explanation best describes its impact?

  • It promotes using a single vendor for protective solutions across the enterprise

  • It offers a coordinated approach to reinforcing protective measures across teams and processes

  • It downplays the need to evaluate external parties, relying on compliance as an adequate measure

  • It indicates that hardware-based methods are prioritized for safeguarding information

Question 8 of 20

An organization issues smartphones to employees and manages them with a mobile device management (MDM) platform. Which MDM policy BEST minimizes the risk that sensitive corporate data on the phone can be read if the device is lost or stolen?

  • Restrict the device to connect only to approved Wi-Fi networks.

  • Require full-device encryption with a passcode.

  • Set the screen timeout to lock after one minute.

  • Disable the device's camera.

Question 9 of 20

A security team is investigating a breach where a threat actor accessed and decrypted several-months-old encrypted data backups. The investigation shows the primary encryption keys for the live database had been rotated since the backups were created. However, logs from the key management system (KMS) indicate the threat actor used a superseded, 'inactive' key to decrypt the data. Which of the following is the most likely root cause of this incident?

  • Failure to enforce the deletion of superseded cryptographic keys.

  • Lack of continuous monitoring on the KMS.

  • Using symmetric instead of asymmetric encryption for the data backups.

  • An insufficiently frequent key rotation schedule.

Question 10 of 20

After applying newly developed threat filters, a company noticed that legitimate transactions were falsely flagged as threats. Which strategy best addresses these incorrect alerts while still keeping functional protection in place?

  • Put flagged requests into a silent log mode to minimize alerts

  • Fine-tune the newly added filters to reduce incorrect alerts on expected traffic

  • Deactivate detection features until proper testing is completed

  • Restrict known services to prevent unauthorized activity

Question 11 of 20

An analyst wants to create custom threat-hunting signatures to detect suspicious code by specifying text, hex, or wildcard patterns. Which method best accomplishes this goal?

  • A correlational query that aggregates events from multiple network appliances

  • A rule syntax that inspects network traffic flows based on header-level analysis

  • A specialized pattern builder that locates strings or binary sequences in memory or files

  • An automated script that retrieves open-source threat listings for all connected hosts

Question 12 of 20

An organization is expanding into a region with legal mandates requiring that personal information be stored and processed locally. Leadership prefers a unified global system. Which step best fulfills this regulatory requirement?

  • Apply a single encryption plan for a worldwide facility

  • Build regional infrastructure and restrict external relocation

  • Ask customers to consent to cross-border data movement

  • Enable encryption of records processed overseas

Question 13 of 20

A design firm regularly shares secret prototypes with foreign partners through a shared platform. Recently, the security team noticed unusual connections to external domains initiated by staff accounts. Which safeguard is most effective at preventing unwanted distribution of these prototypes?

  • Adopt an incoming filter that blocks suspicious connections originating externally

  • Give staff higher-level permissions for faster file sharing

  • Use a scanning method on outgoing transfers that checks for restricted content

  • Require multiple login credentials for all collaborators

Question 14 of 20

A new member of your development team introduced a library from an external source to add functionality. You want to prevent malicious or outdated code and conflicts with usage requirements. Which measure satisfies this requirement while the additions are still in progress?

  • Carrying out repeated test cycles that confirm new features within a private environment

  • Using a system that scans third-party files for recognized flaws and restricted usage conditions

  • Collecting telemetry with an embedded defense mechanism that reacts to suspicious events

  • Enforcing a manual inspection of all lines to catch errors and logic gaps

Question 15 of 20

Which method is best for confirming that newly introduced features do not introduce weaknesses after multiple iterations?

  • Perform an audit when development milestones are achieved.

  • Perform manual scans at regular intervals.

  • Review advanced components based on project scope and requirements.

  • Conduct systematic checks within an automated pipeline for ongoing feedback.

Question 16 of 20

Which strategy best lowers the chance of a concurrency flaw when multiple tasks run at the same time on a shared resource?

  • Continuously scan memory segments for unexpected changes

  • Store repeated backups whenever new modifications occur

  • Use a structured schedule that orders modifications one after another

  • Check text passages in user inputs to detect overlapping data

Question 17 of 20

An enterprise wants to reduce single points of compromise in its credential management pipeline by adopting a trust arrangement with separate oversight for identity checks and cryptographic distribution. Which solution best achieves that goal?

  • Assign distinct teams, one for verifying authenticity and another for providing keys

  • Use a single procedure that checks identity and issues credentials in the same step

  • Rely on an automated system that completes identity checks and credentials at once

  • Allow departments to handle their own distribution with minimal oversight

Question 18 of 20

An organization is integrating a new scanning solution that checks for software flaws across multiple subnets. Which approach provides the best coverage while balancing resource use and network performance?

  • Rely on manual checks by administrators whenever major changes occur

  • Distribute multiple instances across each segment, managed through a central console

  • Set up a single checking node in one segment to probe internal hosts throughout the environment

  • Exclude lower priority hosts from scans to conserve resources

Question 19 of 20

Security administrators are creating an application allowlisting policy for a set of Windows 11 engineering workstations that must run a vendor's CAD suite. The CAD executables are digitally signed by the vendor and updated quarterly. The workstations also contain several directories that engineers can write to. The team wants to minimize both maintenance overhead and the risk of attackers bypassing the allowlist by copying malware into writable folders.

Which AppLocker rule condition should the administrators use for the CAD executables to BEST meet these requirements?

  • A publisher (digital-signature) rule

  • A complete file-path rule (e.g., C:\Program Files\Vendor\app.exe)

  • A directory-based path rule that allows C:\Program Files\Vendor\

  • A filename rule that allows app.exe regardless of location

Question 20 of 20

During a post-incident review, a security engineer discovers that a production backup Bash script contains hard-coded privileged database credentials assigned to a shell variable:

TOKEN='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

The script runs every night from cron with sudo privileges on a shared Linux jump host. The engineer must redesign the credential handling so that:

  • The script continues to run non-interactively from cron.
  • The credential is never stored in plaintext on disk.
  • The credential's lifetime is limited to the duration of the task.

Which of the following approaches BEST meets these requirements?

  • Have the script request a short-lived token from a centrally managed secrets vault (for example, HashiCorp Vault or AWS Secrets Manager) each time it runs and store the token only in memory.

  • Write the token to a root-owned configuration file with permissions set to 600 and have the script read it at runtime.

  • Base64-encode the token and keep the encoded value in the script, decoding it with the base64 -d command immediately before use.

  • Export the token as a global environment variable in /etc/profile so it is automatically available to any user session, including the cron job.