CompTIA SecurityX (CAS-005, formerly CASP+) Practice Exam

What the CompTIA SecurityX (CAS-005, formerly CASP+) exam covers

• Governance, Risk, and Compliance61 questions
• Security Architecture73 questions
• Security Engineering76 questions
• Security Operations90 questions

Free CompTIA SecurityX (CAS-005, formerly CASP+) sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 300.

1. Question 1Governance, Risk, and Compliance

   What is the primary goal of an enterprise risk management program?

   • ATo avoid documenting anything
   • BTo eliminate all risk completely
   • CTo maximize the number of controls regardless of value
   • DTo identify, assess, prioritize, and treat risks in alignment with business objectives and risk appetiteCorrect
   ✓ Correct answer: D

   Enterprise Risk Management (ERM) programs provide a structured approach to identifying, assessing, prioritizing, and treating risks.

   Why the other options are wrong

   • ATo avoid documenting anything is incorrect because documentation is essential for compliance, audit, and evidence of control implementation B. To eliminate all risk completely is incorrect because eliminating all risk is impractical; organizations must accept residual risk C.
   • BThe primary objective is to align risk responses with organizational risk appetite and business objectives, not to eliminate all risk or maximize controls. ERM frameworks typically include regular risk assessment cycles, control testing, residual risk monitoring, and periodic strategy review. This systematic approach ensures resources are allocated to controls that address the most critical risks. Board and executive oversight of the ERM program ensures accountability and alignment with organizational strategy.
   • CTo maximize the number of controls regardless of value is incorrect because this option is incomplete and does not address the full requirement
2. Question 2Security Engineering

   What does Perfect Forward Secrecy (PFS) provide?

   • AFaster plaintext transfer
   • BPublic sharing of private keys
   • Ccompromise of a long-term key does not expose past session keys/traffic (ephemeral session keys)Correct
   • DA way to skip encryption
   ✓ Correct answer: C

   This answer directly addresses the key concept tested in this security certification question. Understanding this topic is essential for compliance and effective risk management. Organizations must implement this practice as part of their overall security and governance program. Regular assessment and improvement of this area ensures alignment with industry standards and regulatory requirements. This represents a critical control point in the security architecture.

   Why the other options are wrong

   • AFaster plaintext transfer is incorrect because this option is incomplete and does not address the full requirement B.
   • BPublic sharing of private keys is incorrect because this option is incomplete and does not address the full requirement D.
   • DA way to skip encryption is incorrect because skipping this step introduces risk and non-compliance
3. Question 3Security Engineering

   Per-operation calls to a cloud key vault for envelope encryption are adding latency and cost at high request volume. Which approach BEST optimizes performance and cost while keeping keys protected?

   • AHardcode a single static key in the application to avoid vault calls
   • BDisable encryption to remove the vault dependency
   • Cuse envelope encryption with a cached data encryption key (DEK), wrapping/unwrapping the DEK with the vault key only as neededCorrect
   • DCall the vault to encrypt every individual record directly
   ✓ Correct answer: C

   Encryption protects data confidentiality by making it unreadable to unauthorized parties. Symmetric encryption uses a single shared key (fast but requires secure key exchange); asymmetric encryption uses public/private key pairs (slower but enables secure key exchange). Encryption in transit (using TLS/SSL) protects data crossing networks. Encryption at rest protects stored data from unauthorized access. Key management is critical; encryption is only effective if keys are protected and rotated regularly.

   Why the other options are wrong

   • AHardcode a single static key in the application to avoid vault calls is incorrect because this option is incomplete and does not address the full requirement B.
   • BDisable encryption to remove the vault dependency is incorrect because this option is incomplete and does not address the full requirement D.
   • DCall the vault to encrypt every individual record directly is incorrect because this option is incomplete and does not address the full requirement
4. Question 4Security Engineering

   Which OpenSSL command inspects the contents of a certificate file cert.pem in human-readable text?

   • Aopenssl dgst -sha256 cert.pem -show
   • Bopenssl rand -in cert.pem -text
   • Copenssl genrsa -in cert.pem -text
   • Dopenssl x509 -in cert.pem -noout -textCorrect
   ✓ Correct answer: D

   This answer directly addresses the key concept tested in this security certification question. Understanding this topic is essential for compliance and effective risk management. Organizations must implement this practice as part of their overall security and governance program. Regular assessment and improvement of this area ensures alignment with industry standards and regulatory requirements. This represents a critical control point in the security architecture.

   Why the other options are wrong

   • Aopenssl dgst -sha256 cert.pem -show is incorrect because this option is incomplete and does not address the full requirement B.
   • Bopenssl rand -in cert.pem -text is incorrect because this option is incomplete and does not address the full requirement C.
   • Copenssl genrsa -in cert.pem -text is incorrect because this option is incomplete and does not address the full requirement
5. Question 5Security Architecture

   A team must choose between a single large monolithic trust zone and tiered zones (web, app, data) for a three-tier application. What is the PRIMARY architectural tradeoff favoring tiered zones?

   • ATiered zones remove all latency from the application
   • BTiered zones make public exposure mandatory
   • CTiered zones eliminate the need for any authentication
   • Dtiered zones limit lateral movement and contain compromise at the cost of added routing/policy complexityCorrect
   ✓ Correct answer: D

   This answer directly addresses the key concept tested in this security certification question. Understanding policy is essential for compliance and effective risk management. Organizations must implement this practice as part of their overall security and governance program. Regular assessment and improvement of this area ensures alignment with industry standards and regulatory requirements. This represents a critical control point in the security architecture.

   Why the other options are wrong

   • ATiered zones remove all latency from the application is incorrect because this option is incomplete and does not address the full requirement B.
   • BTiered zones make public exposure mandatory is incorrect because this option is incomplete and does not address the full requirement C.
   • CTiered zones eliminate the need for any authentication is incorrect because this option is incomplete and does not address the full requirement
6. Question 6Security Engineering

   A team must store user passwords. Which choice best resists offline GPU/ASIC cracking of leaked hashes?

   • AA memory-hard KDF such as Argon2id with a per-user saltCorrect
   • BA single round of MD5 with a global salt
   • CSHA-256 of the password with no salt
   • DAES-encrypting the password with a key stored next to the database
   ✓ Correct answer: A

   This answer directly addresses the key concept tested in this security certification question. Understanding this topic is essential for compliance and effective risk management. Organizations must implement this practice as part of their overall security and governance program. Regular assessment and improvement of this area ensures alignment with industry standards and regulatory requirements. This represents a critical control point in the security architecture.

   Why the other options are wrong

   • BA single round of MD5 with a global salt is incorrect because this option is incomplete and does not address the full requirement C.
   • CSHA-256 of the password with no salt is incorrect because this option is incomplete and does not address the full requirement D.
   • DAES-encrypting the password with a key stored next to the database is incorrect because this option includes unnecessary or incorrect components not part of the required solution
7. Question 7Security Operations

   Which log source is MOST useful for reconstructing process execution and command-line activity on a compromised Windows endpoint?

   • APrinter spooler logs
   • BNTP synchronization logs
   • CDHCP lease logs
   • DSysmon (Event ID 1) process creation logs with command line captureCorrect
   ✓ Correct answer: D

   This answer directly addresses the key concept tested in this security certification question. Understanding this topic is essential for compliance and effective risk management. Organizations must implement this practice as part of their overall security and governance program. Regular assessment and improvement of this area ensures alignment with industry standards and regulatory requirements. This represents a critical control point in the security architecture.

   Why the other options are wrong

   • APrinter spooler logs is incorrect because this option is incomplete and does not address the full requirement B.
   • BNTP synchronization logs is incorrect because this option is incomplete and does not address the full requirement C.
   • CDHCP lease logs is incorrect because this option is incomplete and does not address the full requirement
8. Question 8Security Architecture

   During a lift-and-shift migration of legacy VMs to the cloud, which approach BEST reduces the inherited attack surface before cutover?

   • AAssign each VM a public IP for easier access
   • BDisable patching to avoid breaking the migrated workload
   • CReplicate the existing disks exactly so nothing changes
   • DRe-platform with hardened golden images, removing unused services and applying current baselinesCorrect
   ✓ Correct answer: D

   This answer directly addresses the key concept tested in this security certification question. Understanding this topic is essential for compliance and effective risk management. Organizations must implement this practice as part of their overall security and governance program. Regular assessment and improvement of this area ensures alignment with industry standards and regulatory requirements. This represents a critical control point in the security architecture.

   Why the other options are wrong

   • AAssign each VM a public IP for easier access is incorrect because this option is incomplete and does not address the full requirement B.
   • BDisable patching to avoid breaking the migrated workload is incorrect because this option is incomplete and does not address the full requirement C.
   • CReplicate the existing disks exactly so nothing changes is incorrect because this option is incomplete and does not address the full requirement
9. Question 9Security Operations

   After migration, you want continuous compliance reporting fed automatically to auditors. Which integration is BEST?

   • Acontinuous controls monitoring that collects evidence automatically and produces dashboards/reportsCorrect
   • BDisabling logging to simplify the audit scope
   • CA once-a-year manual screenshot collection effort
   • DA verbal status update in a hallway
   ✓ Correct answer: A

   This answer directly addresses the key concept tested in this security certification question. Understanding compliance, control is essential for compliance and effective risk management. Organizations must implement this practice as part of their overall security and governance program. Regular assessment and improvement of this area ensures alignment with industry standards and regulatory requirements. This represents a critical control point in the security architecture.

   Why the other options are wrong

   • BDisabling logging to simplify the audit scope is incorrect because this option is incomplete and does not address the full requirement C.
   • CA once-a-year manual screenshot collection effort is incorrect because this option is incomplete and does not address the full requirement D.
   • DA verbal status update in a hallway is incorrect because this option is incomplete and does not address the full requirement
10. Question 10Security OperationsSelect all that apply

    After a major incident is fully contained and recovered, the team holds a post-incident review. Which TWO outcomes are the primary goals of this phase? (Choose TWO)

    • ADelete all incident artifacts so the event is forgotten
    • BDocument root cause and timeline to capture lessons learnedCorrect
    • CIdentify and assign improvements to controls, detections, and playbooksCorrect
    • DAssign personal blame to a single employee for the breach
    ✓ Correct answer: B, C

    This answer directly addresses the key concept tested in this security certification question. Understanding control, incident is essential for compliance and effective risk management. Organizations must implement this practice as part of their overall security and governance program. Regular assessment and improvement of this area ensures alignment with industry standards and regulatory requirements. This represents a critical control point in the security architecture.

    Why the other options are wrong

    • ADelete all incident artifacts so the event is forgotten is incorrect because this option is incomplete and does not address the full requirement D.
    • DAssign personal blame to a single employee for the breach is incorrect because this option is incomplete and does not address the full requirement

CompTIA SecurityX (CAS-005, formerly CASP+) practice exam FAQ