CompTIA · Advanced

CompTIA SecurityX (CAS-005) (CAS-005) practice exam & study guide

CompTIA SecurityX (CAS-005) is CompTIA’s advanced, vendor-neutral certification for senior security engineers and architects. The renamed successor to CASP+, it validates the ability to govern risk and compliance, architect and engineer secure enterprise solutions, and lead security operations — including securing AI, cryptography, and zero-trust architectures.

CAS-005 is an expert-level, hands-on exam. Questions test how you design and engineer enterprise security across governance, architecture, engineering, and operations — including performance-based tasks — not just recall of concepts.

This free hub gives you everything you need to prepare: a syllabus breakdown by exam domain, realistic scenario-style practice questions with teacher-style explanations, a glossary of the enterprise-security concepts the exam relies on, and full-length timed mock exams that mirror the real testing experience.

75
Questions
165 min
Time limit
75%
Mock pass %
4
Domains

Start studying CAS-005

New here? Follow the three steps below in order. Everything is free and needs no account.

  1. 1
    Learn the plan

    See all 4 domains in exam-weight order.

    Open study path
  2. 2
    Drill by domain

    Practice one topic at a time with explained answers.

    Start with the first domain
  3. 3
    Sit a timed mock

    75 questions · 165 min · 75% to pass our mock.

    Take the mock exam

All CAS-005 study resources

CAS-005 exam domains

The CAS-005 exam is weighted across 4 domains. Pick any domain below to drill it — or read the full breakdown in the FAQ.

Exam domainExam weightPractice
Governance, Risk, and Compliance20%Practice this topic
Security Architecture27%Practice this topic
Security Engineering31%Practice this topic
Security Operations22%Practice this topic

Sample CAS-005 questions

A sample of the CAS-005 questions on this hub. Each links through to the full question, the correct answer, and an explanation of why every other option is wrong.

Key CAS-005 terms

Start with these terms, then explore the full glossary. Each links to a plain-English definition written for the CAS-005 exam.

CAS-005 frequently asked questions

What is the CAS-005 certification?+

CompTIA positions SecurityX as a mastery-level credential for practitioners who architect, engineer, and lead cybersecurity across complex enterprise environments.

It is the rebranded evolution of CASP+ (CAS-004) and adds heavier emphasis on securing AI/ML systems, modern cryptography, zero trust, and DevSecOps.

What topics are on the CAS-005 exam?+

The CAS-005 exam is organised into four weighted domains. The percentages below are CompTIA’s official weightings for scored content, so bias your study toward the heavier domains — Security Engineering and Security Architecture together are well over half the exam.

Governance, Risk, and Compliance (20%)

Covers implementing governance components, performing enterprise risk management (including third-party and supply-chain risk), meeting legal/regulatory and framework compliance, and managing data governance, privacy, and threat intelligence.

Security Architecture (27%)

Covers designing resilient enterprise architectures — zero trust, SASE, segmentation, secure cloud/hybrid/on-premises infrastructure, identity and access management, and data security (classification, DLP, encryption).

Security Engineering (31%)

The largest domain. Covers implementing and troubleshooting secure network, endpoint, and application solutions; cryptography and PKI (including post-quantum); securing AI/ML and emerging technologies; secure automation/DevSecOps; and hardening systems, containers, and OT/IoT.

Security Operations (22%)

Covers monitoring, detection, and response (SIEM, threat hunting, UEBA), incident response and forensics at scale, vulnerability management and testing, and improving resilience through recovery and lessons learned.

Is the CAS-005 hard?+

CAS-005 is an advanced exam that expects real architecture and engineering judgment across the whole enterprise, not memorization. Scenario and performance-based questions dominate.

The difficulty comes from the breadth — governance through hands-on engineering — plus newer AI-security and post-quantum content. Substantial security experience is assumed (CompTIA recommends roughly 10 years of IT with 5 in security).

How many questions are on the CAS-005 exam and how long is it?+

CompTIA SecurityX presents a maximum of 90 questions — a mix of multiple-choice and performance-based — in up to 165 minutes.

Our full-length practice mock uses a 75-question, 165-minute session so you can rehearse pacing under realistic time pressure before test day.

What score do you need to pass the CAS-005?+

CompTIA scores CAS-005 as pass/fail — unlike most CompTIA exams, there is no scaled 100–900 score for SecurityX. There is no penalty for guessing, so answer every question. Our practice mock uses a 75% threshold as a study checkpoint; aim comfortably beyond it before test day.

How much does the CAS-005 exam cost?+

The CAS-005 exam fee is set by CompTIA and varies by region — check the CompTIA site for current pricing. CompTIA certifications are valid for three years and can be renewed through continuing education. Everything on this hub is free.

Who should take the CAS-005?+

CAS-005 is aimed at senior security engineers, security architects, and technical leads responsible for enterprise cybersecurity.

CompTIA recommends roughly ten years of general IT experience with at least five years of hands-on security, though there is no formal prerequisite.

What jobs and salaries can the CAS-005 lead to?+

SecurityX maps to roles such as security architect, senior security engineer, security lead, and SOC/technical manager.

How much any certification affects pay depends heavily on geography, seniority, and hands-on experience, so treat any single salary figure with caution. CAS-005 is best viewed as validation of advanced, mastery-level security skill.

How long does it take to study for the CAS-005?+

Given the advanced scope, candidates often need two to four months even with security experience. The most efficient path is to study each domain while working through enterprise scenarios and performance-based labs.

Review every explanation, including for questions you answered correctly, because CAS-005 distractors are built from plausible but incorrect architecture and engineering choices. Use the per-domain results here to find and shore up your weakest area, then finish with full-length timed mocks.

How should you prepare for the CAS-005?+

Study the four domains above, giving the heaviest weight to Security Engineering and Architecture, then drill scenario questions domain by domain. Every MockAPI question reveals a full explanation and tells you why each wrong answer is wrong — essential for a mastery-level exam.

When you can answer scenarios comfortably, move to full-length timed mocks. Use the glossary to keep concepts like zero trust, PKI, AI security, and DevSecOps straight, and aim to score consistently above the checkpoint before you book.

Can you take the CAS-005 exam online?+

Yes. CompTIA delivers CAS-005 through Pearson VUE, so you can test at a physical Pearson VUE centre or online with remote proctoring. The online exam requires a private, quiet room, a clear workspace, a webcam and microphone, a stable connection, and government-issued photo ID, with a proctor monitoring you and a room scan before you start.

If you do not pass, CompTIA lets you retake immediately once; a 14-day wait applies before a third and any subsequent attempts.

What certification should you take after the CAS-005?+

SecurityX is a capstone credential; after it, practitioners often specialise (cloud security, red team, GRC) or pursue vendor architect certifications to complement the vendor-neutral foundation.

For many, the real next step is leading enterprise security architecture in production. Pairing CAS-005 with hands-on delivery is what turns the certificate into a career.