CompTIA SecurityX (CAS-005) Practice Questions & Study Guide
Advanced practitioner security certification (the CASP+ rebrand) at the architect/engineer level: governance and risk, security architecture, security engineering with applied cryptography, and security operations.
What's included
Every SecurityX question includes a worked explanation and hints. Question formats mirror the real exam: multiple choice, multiple select, short answer and drag-and-drop matching. A full timed final exam reports per-domain analytics so you know exactly where you stand before test day.
A sample SecurityX lesson
Risk Management Frameworks and Quantification (NIST RMF, ISO 31000, SLE/ARO/ALE)
Risk management frameworks provide structured processes for identifying, analyzing, evaluating, treating, and monitoring risks to organizational objectives. NIST SP 800-37 Rev. 2 and ISO 31000:2018 are the two dominant frameworks; both define risk as the effect of uncertainty on objectives. Quantitative risk assessment methods — using Single Loss Expectancy (SLE), Annualized Rate of Occurrence (ARO), and Annualized Loss Expectancy (ALE) — enable financially defensible prioritization of security investments.
NIST Risk Management Framework (SP 800-37 Rev. 2)
NIST SP 800-37 Rev. 2 defines the Risk Management Framework (RMF) as a seven-step lifecycle: Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor. The Prepare step — added in Rev. 2 — establishes the organizational and system-level context before categorization, ensuring risk management decisions are rooted in mission and business objectives. Categorize (Step 2) applies FIPS 199 and NIST SP 800-60 to determine the impact level (Low, Moderate, High) of an information system based on confidentiality, integrity, and availability. Select (Step 3) chooses a baseline control set from NIST SP 800-53 appropriate to the impact level, then tailors it. Implement (Step 4) deploys the controls. Assess (Step 5) evaluates control effectiveness. Authorize (Step 6) is a formal senior official acceptance of residual risk — the Authorization to Operate (ATO) or denial thereof. Monitor (Step 7) provides continuous monitoring of control effectiveness and system changes, feeding updated risk information back to the Authorize step. The RMF integrates with the NIST Cybersecurity Framework (CSF) 2.0 by aligning CSF Functions (Govern, Identify, Protect, Detect, Respond, Recover) to RMF lifecycle steps.
ISO 31000:2018 Risk Management
This is one of 50 concept lessons in the full SecurityX track.
Exam facts
- Exam codeCAS-005
- VendorCompTIA
- FormatUp to 90 questions · 165 minutes
- Exam cost$509 USD
- Renewal3 years
Pricing
Your first foundational certification is free when you sign up — no card required.
SecurityX FAQ
- How much does the CompTIA SecurityX exam cost?
- The official CompTIA CAS-005 exam voucher is $509 USD. CyberStudy is separate, affordable practice and is not the exam voucher.
- How many questions are on the SecurityX exam?
- The CAS-005 exam is Up to 90 questions · 165 minutes.
- How long is SecurityX valid?
- CompTIA SecurityX is valid for 3 years.
- How much SecurityX practice does CyberStudy include?
- 150 exam-style practice questions across every domain plus a full timed mock exam with analytics, and 50 concept lessons.