CAS-005 exam domains
The CAS-005 exam is weighted across 4 domains. Pick any domain below to drill it — or read the full breakdown in the FAQ.
| Exam domain | Exam weight | Practice |
|---|---|---|
| Governance, Risk, and Compliance | 20% | Practice this topic |
| Security Architecture | 27% | Practice this topic |
| Security Engineering | 31% | Practice this topic |
| Security Operations | 22% | Practice this topic |
Sample CAS-005 questions
A sample of the CAS-005 questions on this hub. Each links through to the full question, the correct answer, and an explanation of why every other option is wrong.
- A DevSecOps team uses Ansible to orchestrate configuration of thousands of Linux hosts. During a security review, an engineer discovers that database…View question
- A security operations team at a multinational firm has been relying on quarterly authenticated internal vulnerability scans of its known asset invento…View question
- A hospital's security architect is redesigning the backup architecture after a tabletop exercise revealed that a ransomware actor with domain admin cr…View question
- A financial services company must migrate encryption for a regulated SaaS workload to a public cloud provider. Compliance requires that the organizati…View question
- A financial services company is preparing for post-quantum cryptography migration. Leadership asks the security engineering team to first understand w…View question
- A financial services company experienced a production outage when a TLS certificate on a customer-facing API gateway expired without warning. The cert…View question
- A DevSecOps team discovers that a compromised open-source package was pulled during a recent CI build, injecting a malicious script into the resulting…View question
- A financial services firm is migrating a highly regulated trading platform to a public cloud provider. Compliance mandates strict isolation from other…View question
- A retail analytics team must run demographic reports on a dataset containing customer national ID numbers stored in a cloud data warehouse. Legal requ…View question
- A multinational manufacturer must simultaneously demonstrate compliance with ISO 27001, PCI DSS, and a new regional privacy law. The CISO notices the…View question
Key CAS-005 terms
Start with these terms, then explore the full glossary. Each links to a plain-English definition written for the CAS-005 exam.
CAS-005 frequently asked questions
What is the CAS-005 certification?+
CompTIA positions SecurityX as a mastery-level credential for practitioners who architect, engineer, and lead cybersecurity across complex enterprise environments.
It is the rebranded evolution of CASP+ (CAS-004) and adds heavier emphasis on securing AI/ML systems, modern cryptography, zero trust, and DevSecOps.
What topics are on the CAS-005 exam?+
The CAS-005 exam is organised into four weighted domains. The percentages below are CompTIA’s official weightings for scored content, so bias your study toward the heavier domains — Security Engineering and Security Architecture together are well over half the exam.
Governance, Risk, and Compliance (20%)
Covers implementing governance components, performing enterprise risk management (including third-party and supply-chain risk), meeting legal/regulatory and framework compliance, and managing data governance, privacy, and threat intelligence.
Security Architecture (27%)
Covers designing resilient enterprise architectures — zero trust, SASE, segmentation, secure cloud/hybrid/on-premises infrastructure, identity and access management, and data security (classification, DLP, encryption).
Security Engineering (31%)
The largest domain. Covers implementing and troubleshooting secure network, endpoint, and application solutions; cryptography and PKI (including post-quantum); securing AI/ML and emerging technologies; secure automation/DevSecOps; and hardening systems, containers, and OT/IoT.
Security Operations (22%)
Covers monitoring, detection, and response (SIEM, threat hunting, UEBA), incident response and forensics at scale, vulnerability management and testing, and improving resilience through recovery and lessons learned.
Is the CAS-005 hard?+
CAS-005 is an advanced exam that expects real architecture and engineering judgment across the whole enterprise, not memorization. Scenario and performance-based questions dominate.
The difficulty comes from the breadth — governance through hands-on engineering — plus newer AI-security and post-quantum content. Substantial security experience is assumed (CompTIA recommends roughly 10 years of IT with 5 in security).
How many questions are on the CAS-005 exam and how long is it?+
CompTIA SecurityX presents a maximum of 90 questions — a mix of multiple-choice and performance-based — in up to 165 minutes.
Our full-length practice mock uses a 75-question, 165-minute session so you can rehearse pacing under realistic time pressure before test day.
What score do you need to pass the CAS-005?+
CompTIA scores CAS-005 as pass/fail — unlike most CompTIA exams, there is no scaled 100–900 score for SecurityX. There is no penalty for guessing, so answer every question. Our practice mock uses a 75% threshold as a study checkpoint; aim comfortably beyond it before test day.
How much does the CAS-005 exam cost?+
The CAS-005 exam fee is set by CompTIA and varies by region — check the CompTIA site for current pricing. CompTIA certifications are valid for three years and can be renewed through continuing education. Everything on this hub is free.
Who should take the CAS-005?+
CAS-005 is aimed at senior security engineers, security architects, and technical leads responsible for enterprise cybersecurity.
CompTIA recommends roughly ten years of general IT experience with at least five years of hands-on security, though there is no formal prerequisite.
What jobs and salaries can the CAS-005 lead to?+
SecurityX maps to roles such as security architect, senior security engineer, security lead, and SOC/technical manager.
How much any certification affects pay depends heavily on geography, seniority, and hands-on experience, so treat any single salary figure with caution. CAS-005 is best viewed as validation of advanced, mastery-level security skill.
How long does it take to study for the CAS-005?+
Given the advanced scope, candidates often need two to four months even with security experience. The most efficient path is to study each domain while working through enterprise scenarios and performance-based labs.
Review every explanation, including for questions you answered correctly, because CAS-005 distractors are built from plausible but incorrect architecture and engineering choices. Use the per-domain results here to find and shore up your weakest area, then finish with full-length timed mocks.
How should you prepare for the CAS-005?+
Study the four domains above, giving the heaviest weight to Security Engineering and Architecture, then drill scenario questions domain by domain. Every MockAPI question reveals a full explanation and tells you why each wrong answer is wrong — essential for a mastery-level exam.
When you can answer scenarios comfortably, move to full-length timed mocks. Use the glossary to keep concepts like zero trust, PKI, AI security, and DevSecOps straight, and aim to score consistently above the checkpoint before you book.
Can you take the CAS-005 exam online?+
Yes. CompTIA delivers CAS-005 through Pearson VUE, so you can test at a physical Pearson VUE centre or online with remote proctoring. The online exam requires a private, quiet room, a clear workspace, a webcam and microphone, a stable connection, and government-issued photo ID, with a proctor monitoring you and a room scan before you start.
If you do not pass, CompTIA lets you retake immediately once; a 14-day wait applies before a third and any subsequent attempts.
What certification should you take after the CAS-005?+
SecurityX is a capstone credential; after it, practitioners often specialise (cloud security, red team, GRC) or pursue vendor architect certifications to complement the vendor-neutral foundation.
For many, the real next step is leading enterprise security architecture in production. Pairing CAS-005 with hands-on delivery is what turns the certificate into a career.