Skip to main content
Cybersecurity ⭐ Premium

CompTIA SecurityX (CAS-005) - 340 Questions

By Webmaster Certland ❤️ 0 likes

Practice exam for the CompTIA SecurityX CAS-005 certification. Covers all 4 official exam domains: Governance, Risk, and Compliance; Security Architecture; Security Engineering; and Security Operations. Designed for advanced security practitioners and architects with 10+ years of IT security experience.

🔒

Premium Content

This exam is exclusive to Premium users. Upgrade to get unlimited access!

Become Premium

👁️ Free Preview (5 of 340 questions)

1. A CISO at a multinational financial services company is redesigning the security governance framework. The board has requested a model that clearly separates governance objectives from management activities, aligns IT goals with enterprise goals, and provides a set of enablers that can be measured. Which framework best satisfies these requirements?

A COBIT 2019, because it provides a goals cascade from enterprise goals to IT goals to enabler goals, with a clear governance/management separation
B ISO 27001, because it provides an ISMS with Annex A controls that can be mapped to business objectives and measured via KPIs
C NIST CSF 2.0, because the new Govern function provides board-level oversight and the five remaining functions cover all management activities
D ITIL 4, because the Service Value System integrates governance, management, and continual improvement into a single measurable model

2. A security architect is building a policy hierarchy for a large healthcare organization. The board has approved a high-level mandate that PHI must be protected in accordance with applicable regulations. The architect needs to define the relationship between the top-level document and the lower-level documents that specify how to configure encryption on endpoint devices. Which document order correctly represents the policy hierarchy from most authoritative to most prescriptive?

A Standard → Policy → Procedure → Guideline
B Policy → Standard → Procedure → Guideline
C Policy → Guideline → Standard → Procedure
D Policy → Procedure → Standard → Guideline

3. A CISO is implementing NIST CSF 2.0 across a critical infrastructure organization. The organization has strong detection and response capabilities but has never formally established risk governance processes, security roles and responsibilities, or a supply chain risk management program. According to NIST CSF 2.0, which function should the CISO prioritize to address these gaps?

A Govern, because it specifically addresses organizational context, risk management strategy, roles and responsibilities, and supply chain risk management
B Identify, because it covers asset management and risk assessment activities that must precede all other functions
C Protect, because implementing safeguards requires defined roles and a supply chain vetting process
D Respond, because governance gaps become most visible during incident response when authority is unclear

4. A security program manager needs to present security performance to the board of directors. The board wants to understand both the organization's current security posture and early warning indicators of emerging risks. Which combination of metrics best satisfies the board's requirements?

A Total vulnerability counts by severity and monthly patch compliance percentages
B Mean time to detect (MTTD), mean time to respond (MTTR), and total incident counts by quarter
C Key Performance Indicators (KPIs) for security posture and Key Risk Indicators (KRIs) for emerging risk signals
D CVSS score distributions and threat intelligence feed subscription coverage rates

5. A CISO at a financial institution is standing up a new security operations function. The organization wants to clearly define which teams make decisions, which teams are consulted before decisions, which teams must be informed of decisions, and which team owns the actual execution. Which tool should the CISO use to document these relationships?

A A security charter that documents the authority, scope, and organizational boundaries of the security function
B A governance framework such as COBIT 2019 that maps governance objectives to management processes
C A policy hierarchy that delegates authority from board policy down to operational procedures
D A RACI matrix that assigns Responsible, Accountable, Consulted, and Informed roles for each security activity

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium Premium
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Get Premium

Information

Questions 340
Time 2h 45min
Difficulty Hard
Minimum Score 75.00%
▶ Try 5 questions — no account needed 🔒 Unlock all questions — Premium 🤍 Like

Related Exams

⭐ Premium

Microsoft Azure Security Technologies (AZ-500) - 340 Questions

340 questions · 0 attempts
⭐ Premium

Microsoft Cybersecurity Architect (SC-100) - 340 Questions

340 questions · 0 attempts
⭐ Premium

Microsoft Identity and Access Administrator (SC-300) - 340 Questions

340 questions · 0 attempts
⭐ Premium

AWS Certified Security Specialty (SCS-C03) - 340 Questions

340 questions · 0 attempts

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.