top of page

CompTIA SecurityX Sample Questions for CAS-005 Exam Preparation

  • CertiMaan
  • Oct 24, 2025
  • 14 min read

Updated: Dec 16, 2025

Boost your cybersecurity certification journey with this curated set of CompTIA SecurityX sample questions crafted for the CAS-005 exam. These expert-designed practice questions simulate real-world security challenges across domains like enterprise security architecture, risk management, cryptography, and incident response. Perfect for experienced IT professionals aiming to validate their advanced security skills, this guide includes SecurityX dumps, mock exams, and scenario-based exercises to build practical knowledge and exam confidence. Prepare for CompTIA’s toughest security exam with our trusted resource and ensure your readiness to tackle the CAS-005 with success.



CompTIA SecurityX Sample Questions List :


1. A security engineer is assessing a new tool to segment data and communications between domains. The assessment must determine how data transmission controls can be bypassed without detection. Which of the following techniques should the security engineer use?

  1. Machine-learning statistical analysis

  2. Fuzz testing

  3. Covert channel analysis

  4. Protocol analysis

2. A global organization is reviewing potential vendors to outsource a critical payroll function. Each vendor's plan includes using local resources in multiple regions to ensure compliance with all regulations. The organization's Chief Information Security Officer is conducting a risk assessment on the potential outsourcing vendors' subprocessors. Which of the following best explains the need for this risk assessment?

  1. Risk mitigations must be more comprehensive than the existing payroll provider

  2. Due care must be exercised during all procurement activities

  3. The responsibility of protecting PII remains with the organization

  4. Specific regulatory requirements must be met in each jurisdiction

3. An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?

  1. SASE

  2. CMDB

  3. SBoM

  4. SIEM

4. A company hired a third-party consultant to run a cybersecurity incident simulation in order to identify security gaps and prepare stakeholders for a potential incident. Which of the following best describes this activity?

  1. Tabletop exercise

  2. Walk-through review

  3. Lessons learned

  4. Business impact analysis

5. A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?

  1. TPM

  2. Secure boot

  3. NX bit

  4. HSM

6. A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would best support multiple domain names while minimizing the amount of certificates needed?

  1. OCSP

  2. CRL

  3. SAND. CA

7. Which of the following best describes a risk associated with using facial recognition to locally authenticate to a mobile device?

  1. Data remanence

  2. Deepfake

  3. Metadata scraping

  4. Biometric impersonation

8. A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site. Which of the following should the team do to help mitigate these issues?

  1. Create a firewall rule to prevent those users from accessing sensitive data

  2. Restrict uploading activity to only authorized sites

  3. Enable packet captures to continue to run for the source and destination related to the file transfer

  4. Disable login activity for those users after business hours

9. A security researcher tells a company that one of its solutions is vulnerable to buffer overflow, leading to a malicious coding execution. Which of the following is the best way to avoid this vulnerability in future versions?

  1. Testing for CSRF vulnerabilities before the application goes to production

  2. Using SAST tools to find vulnerabilities as part of the pipeline

  3. Implementing canary protection in an earlier life-cycle stage

  4. Implementing pair programming to improve development capabilities

10. A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

  1. Use a secrets management tool

  2. Save secrets in key escrow

  3. Store the secrets inside the Dockerfiles

  4. Run all Dockerfiles in a randomized namespace

11. A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?

  1. Containers

  2. Type 1 hypervisor

  3. Type 2 hypervisor

  4. Virtual desktop infrastructure

  5. Emulation

12. Users are experiencing a variety of issues when trying to access corporate resources. Examples include: • Connectivity issues between local computers and file servers between branch offices • Inability to download corporate applications on mobile endpoints while working remotely • Certificate errors when accessing internal web applications Which of the following actions are the most relevant when troubleshooting the reported issues? (Choose two.)

  1. Review VPN throughput

  2. Check IDS rules

  3. Restore static content on the CDN

  4. Enable secure authentication using NAC

  5. Implement advanced WAF rules

  6. Validate MDM asset compliance

13. A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform. This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries. Which of the following should the organization most likely leverage to facilitate this activity? (Choose two.)

  1. CWPP

  2. YARA

  3. ATT&CK

  4. STIX

  5. TAXII

  6. JTAG

14. An ISAC supplied recent threat intelligence information about pictures used on social media that provide reconnaissance of systems in use in secure facilities. In response, the Chief Information Security Officer (CISO) wants several configuration changes implemented via the MDM to ensure the following: • Camera functions and location services are blocked for corporate mobile devices. • All social media is blocked on the corporate and guest wireless networks. Which of the following is the CISO practicing to safeguard against the threat?

  1. Adversary emulation

  2. Operational security

  3. Open-source intelligence

  4. Social engineering

15. A security analyst received the following finding from a cloud security assessment tool: Virtual Machine Data Disk is encrypted with the default encryption key. Because the organization hosts highly sensitive data files, regulations dictate it must be encrypted so It is unreadable to the CSP. Which of the following should be implemented to remediate the finding and meet the regulatory requirement? (Choose two.)

  1. Disk encryption with customer-provided keys

  2. Disk encryption with keys from a third party

  3. Row-level encryption with a key escrow

  4. File-level encryption with cloud vendor-provided keys

  5. File-level encryption with customer-provided keys

  6. Disk-level encryption with a cross-signed certificate

16. A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs. Which of the following should be used by the organization to accomplish this goal?

  1. Tabletop exercise

  2. Penetration test

  3. Sandbox detonation

  4. Honeypot

17. A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?

  1. Key splitting

  2. Key escrow

  3. Key rotation

  4. Key encryption

  5. Key stretching

18. Several unlabeled documents in a cloud document repository contain cardholder information. Which of the following configuration changes should be made to the DLP system to correctly label these documents in the future?

  1. Digital rights management

  2. Network traffic decryption

  3. Regular expressions

  4. Watermarking

19. A security engineer needs to ensure production containers are automatically scanned for vulnerabilities before they are accepted into the production environment. Which of the following should the engineer use to automatically incorporate vulnerability scanning on every commit?

  1. Code repository

  2. CI/CD pipeline

  3. Integrated development environment

  4. Container orchestrator

20. While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application. Which of the following should the analyst implement to mitigate the issues reported? (Choose two.)

  1. Configure firewall rules to block all external traffic

  2. Enable input validation for all fields

  3. Enable automatic updates to be installed on all servers

  4. Configure the security group to enable external traffic

  5. Set up a DLP policy to alert for exfiltration on all application servers

  6. Enable nightly vulnerability scans

21. During an adversarial simulation exercise, an external team was able to gain access to sensitive information and systems without the organization detecting this activity. Which of the following mitigation strategies should the organization use to best resolve the findings?

  1. Configuring a honeypot for adversary characterization

  2. Leveraging simulators for attackers

  3. Setting up a honey network for attackers

  4. Utilizing decoy accounts and documents

22. Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

  1. Incomplete mathematical primitives

  2. No use cases to drive adoption

  3. Quantum computers not yet capable

  4. Insufficient coprocessor support

23. Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?

  1. Federation

  2. RADIUS

  3. TACACS+

  4. MFA

  5. ABAC

24. A company is developing an application that will be used to perform e-commerce transactions for a subscription-based service. The application must be able to use previously saved payment methods to perform recurring transactions. Which of the following is the most appropriate?

  1. Tokenization through an HSM

  2. Self-encrypting disks with field-level encryption

  3. NX/XN Implementation to minimize data retention

  4. Token-based access for application users

  5. Address space layout randomization

25. An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task?

  1. Systems administrator

  2. Data owner

  3. Data processor

  4. Data custodian

  5. Data steward

26. A security analyst identified a vulnerable and deprecated runtime engine that Is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

  1. Shutting down the systems until the code is ready

  2. Uninstalling the impacted runtime engine

  3. Selectively blocking traffic on the affected port

  4. Configuring IPS and WAF with signatures

27. The Chief Information Security Officer of a large multinational organization has asked the security risk manager to use risk scenarios during a risk analysis. Which of the following is the most likely reason for this approach?

  1. To connect risks to business objectives

  2. To ensure a consistent approach to risk

  3. To present a comprehensive view of risk

  4. To provide context to the relevancy of risk

28. Which of the following is the best way to protect the website browsing history for an executive who travels to foreign countries where internet usage is closely monitored?

  1. DOH

  2. EAP-TLS

  3. Geofencing

  4. Private browsing mode

29. A company wants to implement hardware security key authentication for accessing sensitive information systems. The goal is to prevent unauthorized users from gaining access with a stolen password. Which of the following models should the company implement to best solve this issue?

  1. Rule-based

  2. Time-based

  3. Role-based

  4. Context-based

30. A security engineer is implementing security measures on new hardware in preparation for its launch. During the development phase, a risk related to protections at the UEFI level was found. Which of the following should the engineer recommend to reduce this risk?

  1. Configuring paravirtualization protection

  2. Enabling Secure Boot

  3. Installing cryptography at the operational system level

  4. Implementing hardware root of trust

31. A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution. Which of the following must happen first?

  1. Use Distinguished Encoding Rules (DER) for the certificate

  2. Extract the private key from the certificate

  3. Use an out-of-band method to obtain the certificate

  4. Compare the retrieved certificate with the embedded certificate

32. Which of the following is the main reason quantum computing advancements are leading companies and countries to deploy new encryption algorithms?

  1. Encryption systems based on large prime numbers will be vulnerable to exploitation

  2. Zero Trust security architectures will require homomorphic encryption

  3. Perfect forward secrecy will prevent deployment of advanced firewall monitoring techniques

  4. Quantum computers will enable malicious actors to capture IP traffic in real time

33. Which of the following is the best reason for obtaining file hashes from a confiscated laptop?

  1. To prevent metadata tampering on each file

  2. To later validate the integrity of each file

  3. To generate unique identifiers for each file

  4. To preserve the chain of custody of files

34. A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware stack of a domain controller. The forensic team cryptographically validated that both the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LDAP. Which of the following is the best way to reduce the risk of reoccurrence?

  1. Enforcing allow lists for authorized network ports and protocols

  2. Measuring and attesting to the entire boot chain

  3. Rolling the cryptographic keys used for hardware security modules

  4. Using code signing to verify the source of OS updates

35. Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

  1. Securing data transfer between hospitals

  2. Providing for non-repudiation of data

  3. Reducing liability from identity theft

  4. Protecting privacy while supporting portability

36. A security technician is trying to connect a remote site to the central office over a site-to-site VPN. The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating: An error has occurred during Phase 1 handshake. Deleting keys and retrying... Which of the following is most likely the reason the connection is failing?

  1. The IKE hashing algorithm uses different key lengths on each VPN device

  2. The IPSec settings allow more than one cipher suite on both devices

  3. The Diffie-Hellman group on both sides matches but is a legacy group

  4. The remote VPN is attempting to connect with a protocol other than SSL/TLS

37. A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter’s debugging information, which includes the interpreter’s version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk?

  1. Include routines in the application for message handling

  2. Adopt a compiled programming language instead

  3. Perform SAST vulnerability scans on every build

  4. Validate user-generated input

38. A security engineer is performing a vulnerability management scan on multihomed Linux systems. The engineer notices that the vulnerability count is high due to the fact that each vulnerability is multiplied by the number of NICs on each system. Which of the following should the engineer do to deduplicate the vulnerabilities and to associate the vulnerabilities with a particular host?

  1. Use a SCAP scanner

  2. Deploy an agent

  3. Initiate a discovery scan

  4. Perform an Nmap scan

39. An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages. Which of the following features is the most appropriate for the company to implement?

  1. Horizontal scalability

  2. Vertical scalability

  3. Containerization

  4. Static code analysis

  5. Caching

40. IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?

  1. FIM

  2. SASEC. UEBA

  3. CSPM

  4. EAP

41. A systems administrator is working with the SOC to identify potential intrusions associated with ransomware. The SOC wants the systems administrator to perform network-level analysis to identify outbound traffic from any infected machines. Which of the following is the most appropriate action for the systems administrator to take?

  1. Monitor for IoCs associated with C&C communications

  2. Tune alerts to Identify changes to administrative groups

  3. Review NetFlow logs for unexpected increases in egress traffic

  4. Perform binary hash comparisons to identify infected devices

42. While performing threat-hunting functions, an analyst is using the Diamond Model of Intrusion Analysis. The analyst identifies the likely adversary, the infrastructure involved, and the target. Which of the following must the threat hunter document to use the model effectively?

  1. Knowledge

  2. Capabilities

  3. Phase

  4. Methodologies

43. An engineer has had scaling issues with a web application hosted on premises and would like to move to a serverless architecture. Which of the following cloud benefits would be best to utilize for this project?

  1. Cost savings for hosting

  2. Automation of resource provisioning

  3. Providing geo-redundant hosting

  4. Eliminating need to patch

44. An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.)

  1. Are there opportunities for legal recourse against the originators of the spear-phishing campaign?

  2. What internal and external stakeholders need to be notified of the breach?

  3. Which methods can be implemented to increase speed of offline backup recovery?

  4. What measurable user behaviors were exhibited that contributed to the compromise?

  5. Which technical controls, if implemented, would provide defense when user training fails?

  6. Which user roles are most often targeted by spear phishing attacks?

45. A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

  1. Steganography

  2. E-signature

  3. Watermarking

  4. Cryptography

46. To bring digital evidence in a court of law, the evidence must be:

  1. material

  2. tangible

  3. consistent

  4. conserved

47. A system of globally distributed certificate servers connected to HSMs provide certificate security services for a publicly available PKI. These services include OCSP, certificate revocation list issuance, and certificate signing/issuance. The HSMs are all physical devices. All other servers are virtualized. Each global site has a network load balancer, and the sites are configured to load balance between sites. Users report occasional but persistent log-on failures to different PKI-enabled websites. There is no apparent pattern to the failures. Some OCSP responses must be signed by the HSM. Each HSM is connected to a physical server containing multiple VMs for the local site with CAT 6e network cable. The backplane connecting the VMs is fiber based. Which of the following would best reduce the OCSP response time in order to rule out the connection between the certificate server and HSM as a cause of the user-reported issues?

  1. Virtualize the HSMs and convert the virtualized servers to physical systems

  2. Replace the copper-based network infrastructure with fiber

  3. Shorten the time the duration certificates are valid to 72 hours and implement ACME

  4. Reduce the number of global sites while increasing the number of HSMs

48. Which of the following items should be included when crafting a disaster recovery plan?

  1. Redundancy

  2. Testing exercises

  3. Autoscaling

  4. Competitor locations

49. A company is adopting microservice architecture in order to quickly remediate vulnerabilities and deploy to production. All of the microservices run on the same Linux platform. Significant time was spent updating the base OS before deploying code. Which of the following should the company do to make the process efficient?

  1. Use Terraform scripts while creating golden images

  2. Create a cron job to run apt-update every 30 days

  3. Use snapshots to deploy code to existing compute instances

  4. Deploy a centralized update server

50. A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis Indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases. Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?

  1. Static application security testing

  2. Regression testing

  3. Code signing

  4. Sandboxing

51. A help desk technician is troubleshooting an issue with an employee's laptop that will not boot into its operating system. The employee reported the laptop had been stolen but then found it one day later. The employee has asked the technician for help recovering important data. The technician has identified the following: The laptop operating system was not configured with BitLocker. The hard drive has no hardware failures. Data is present and readable on the hard drive, although it appears to be illegible. Which of the following is the most likely reason the technician is unable to retrieve legible data from the hard drive?

  1. The employee's password was changed, and the new password needs to be used

  2. The PKI certificate was revoked, and a new one must be installed

  3. The hard drive experienced crypto-shredding

  4. The technician is using the incorrect cipher to read the data


FAQs


1. What is the CompTIA CASP+ CAS-005 certification exam?

The CompTIA CASP+ CAS-005 is an advanced-level certification that validates enterprise security skills for designing, implementing, and managing cybersecurity solutions.

2. How do I become CompTIA CASP+ CAS-005 certified?

To earn the certification, register for and pass the CAS-005 exam, which tests your technical skills in enterprise security architecture, risk management, and incident response.

3. What are the prerequisites for the CompTIA CASP+ CAS-005 exam?

There are no mandatory prerequisites, but CompTIA recommends Security+ certification and at least 10 years of IT experience (with 5 years in security).

4. How much does the CompTIA CASP+ CAS-005 certification cost?

The exam costs approximately $494 USD, though it may vary by location.

5. How many questions are in the CompTIA CASP+ CAS-005 exam?

The exam includes up to 90 performance-based and multiple-choice questions.

6. What topics are covered in the CompTIA CASP+ CAS-005 exam?

It covers enterprise security, risk analysis, architecture, integration, and technical research.

7. How difficult is the CompTIA CASP+ CAS-005 certification exam?

It’s an expert-level exam that requires a deep understanding of complex cybersecurity principles and hands-on problem-solving.

8. How long does it take to prepare for the CompTIA CASP+ CAS-005 exam?

Most professionals take 10–14 weeks of study and practice to prepare thoroughly.

9. What jobs can I get after earning the CompTIA CASP+ CAS-005 certification?

You can work as a Security Architect, Senior Security Engineer, SOC Manager, or Technical Lead Analyst.

10. How much salary can I earn with a CompTIA CASP+ CAS-005 certification?

Professionals typically earn between $110,000–$140,000 annually, depending on experience and job role.


Recent Posts

See All
CertiMaan Logo

​​

Terms Of Use     |      Privacy Policy     |      Refund Policy    

   

 Copyright © 2011 - 2026  Ira Solutions -   All Rights Reserved

Disclaimer:: 

The content provided on this website is for educational and informational purposes only. We do not claim any affiliation with official certification bodies, including but not limited to Pega, Microsoft, AWS, IBM, SAP , Oracle , PMI, or others.

All practice questions, study materials, and dumps are intended to help learners understand exam patterns and enhance their preparation. We do not guarantee certification results and discourage the misuse of these resources for unethical purposes.

PayU logo
Razorpay logo
bottom of page