CAS-005 cheat sheet
A one-page reference for the CompTIA SecurityX (CAS-005) exam: the format, how the domains are weighted, and the glossary terms for this exam.
Exam at a glance
Vendor
CompTIA
Level
Advanced
Questions
75
Time
165 min
Mock pass mark
75%
Domains
4
Practice Qs
120
Code
CAS-005
Domain weightings
How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.
Key terms
- Zero Trust
- Zero Trust is a security model that verifies every request explicitly, enforces least privilege, and assumes breach rather than trusting the network perimeter. SecurityX covers designing zero-trust architectures across the enterprise.
- SASE
- SASE (Secure Access Service Edge) converges networking and security services — such as SD-WAN, SWG, CASB, and ZTNA — into a single cloud-delivered service. SecurityX covers SASE as a modern secure-access architecture.
- Microsegmentation
- Microsegmentation divides a network into small, isolated zones so that workloads can be secured and access controlled individually. SecurityX covers it as a core zero-trust and segmentation technique.
- PKI
- PKI (Public Key Infrastructure) is the framework of certificate authorities, keys, and policies that issues and manages digital certificates. SecurityX covers PKI design, key management, and certificate lifecycle.
- Certificate lifecycle
- The certificate lifecycle is the full set of stages a digital certificate passes through — issuance, deployment, renewal, and revocation. SecurityX covers managing this lifecycle within an enterprise PKI.
- Post-quantum cryptography
- Post-quantum cryptography refers to cryptographic algorithms designed to resist attacks by quantum computers. SecurityX covers post-quantum considerations when planning long-term cryptographic strategy.
- Prompt injection
- Prompt injection is an attack that plants adversarial instructions in the input to a generative AI system to subvert its intended behavior. SecurityX covers mitigating AI-specific threats including prompt injection.
- Model poisoning
- Model poisoning is an attack that corrupts an AI/ML model by tampering with its training data or parameters to degrade or manipulate its outputs. SecurityX covers securing AI/ML systems against poisoning.
- AI security
- AI security is the practice of protecting AI/ML systems and the data they use from threats such as prompt injection, model poisoning, and data leakage. SecurityX covers securing emerging AI technologies as part of security engineering.
- DevSecOps
- DevSecOps integrates security practices — such as scanning, secrets management, and policy-as-code — directly into the DevOps CI/CD pipeline. SecurityX covers secure automation and DevSecOps at enterprise scale.
- Secrets management
- Secrets management is the secure storage, rotation, and controlled access of credentials, keys, and tokens using tools such as vaults. SecurityX covers it within secure automation and DevSecOps.
- IaC
- IaC (Infrastructure as Code) provisions and manages infrastructure through version-controlled definition files rather than manual configuration. SecurityX covers securing IaC and cloud posture.
- Threat hunting
- Threat hunting is the proactive search through networks and endpoints for threats that evade automated detection. SecurityX covers threat hunting within enterprise security operations.
- UEBA
- UEBA (User and Entity Behavior Analytics) detects threats by modeling normal behavior and flagging anomalies for users and entities. SecurityX covers UEBA as a detection capability in security operations.
- Attack surface management
- Attack surface management is the continuous discovery, inventory, and reduction of an organization's exposed assets and entry points. SecurityX covers it within vulnerability management and testing.