Skip to main content

V5

SecurityX

SecurityX is an advanced cybersecurity certification for security architects and senior security engineers. It proves you have the skills to design, build, and implement secure solutions across complex environments. You’ll also show you can support a resilient enterprise while addressing governance, risk, and compliance needs.

Xpert SecurityX Certification

Skills you'll learn

Build skills with CompTIA learning and validate them with SecurityX certification.

  • Design, implement, and integrate secure solutions across complex environments to support a resilient enterprise in security architecture and engineering.

  • Use automation, monitoring, detection, and incident response to proactively support ongoing security operations.

  • Apply security practices to cloud, on-premises, and hybrid environments to ensure enterprise-wide protection.

  • Utilize cryptographic technologies and techniques while evaluating the impact of emerging trends, such as artificial intelligence, on information security.

  • Implement governance, compliance, risk management, and threat modeling strategies across the enterprise.

  • Validate advanced, hands-on skills in security architecture and senior security engineering within live environments.

 

Exam details

  • Exam version: V5

  • Exam series code: CAS-005

  • Launch date: December 17, 2024

  • Number of questions: maximum of 90, a mix of multiple-choice and performance-based questions

  • Retirement: usually three years after launch (estimated 2027)

  • Duration: maximum of 165 minutes

  • Passing score: pass/fail only; no scaled score

  • Languages: English, with other languages to be determined

  • Recommended experience: minimum of 10 years of general hands-on IT experience, including 5 years of hands-on security, with Network+, Security+, CySA+, Cloud+, and PenTest+ or equivalent knowledge

  • NICE and DoD 8140 work roles: security architect, systems requirements planner, security control assessor, research and development specialist, and more

Pick the right learning and practice solutions for your skill-building and exam preparation needs

No matter where you are in your journey, CompTIA’s CertMaster products deliver flexible learning and practice experiences to help you build skills, boost confidence and achieve SecurityX exam readiness.

Shop SecurityX Learn and Practice products

 

  Perform Practice Labs
Best for:

Best for those looking to build skills, learn concepts, and gain hands-on experience. No prior related job role experience needed.

Best for those having experience with the skills and concepts.

Best for those looking to gain hands-on experience applying skills.

Primary purpose:

Comprehensive learning with robust set of lab activities in real and simulated environments to practice skills and job readiness.

Confirm exam readiness and close gaps.

Apply skills in real-world scenarios.
Contains:

Instructional content, video, interactives, labs (simulated and live virtual machines), assessments, practice tests

Timed practice exams, objective quizzes, exam objective mastery scores

Live virtual lab environment with guided tasks and real world-scenarios
Estimated duration:

30–60 hours

1020 hours

1525 hours
 

Learn more about CertMaster Perform

Learn more about CertMaster Practice

Learn more about CertMaster Labs

 

Save with popular SecurityX product bundles

Bundle our popular CertMaster products with an Exam Voucher plus Retake Assurance and save!

Shop all SecurityX product bundles

  • Validate your skills and reduce exam risk

    SecurityX Practice and Exam Bundle with Retake

    Know you're ready before you test. Validate your skills and reduce exam-day risk with Practice, plus a built-in exam retake for peace of mind. Bundle includes: CertMaster Practice and a Voucher with Retake Assurance.

    Buy now
  • Everything you need from learning to certification

    SecurityX Complete Bundle with Retake

    Everything you need to go from learning to exam-day confidence. Build skills, practice, and gain hands-on experience with an exam retake for peace of mind. Bundle includes: CertMaster Learn, Labs, Practice, and a Voucher with Retake Assurance.

    Buy now

SecurityX (V5) exam objectives summary

Governance, risk, and compliance (20%)

  • Security program documentation: policies, procedures, standards, and guidelines.
  • Program managementtraining (phishing, security, privacy), communication, reporting, and RACI matrix.
  • Frameworks: COBIT, ITIL, etc.
  • Configuration management: asset life cycle, CMDB, and inventory.
  • GRC tools: mapping, automation, and compliance tracking.
  • Data governance: production, development, testing, and QA.
  • Risk management: impact analysis, risk assessment (quantitative vs. qualitative), third-party risk, confidentiality, integrity, and availability.
  • Threat modeling: actor characteristics, attack patterns, and frameworks (ATT&CK, CAPEC, STRIDE).
  • Attack surface: architecture reviews, data flows, and trust boundaries.
  • Compliance strategies: industry-specific standards (PCI DSS, ISO/IEC 27000).
  • Security frameworks: NIST, CSF, CSA, and others.

Advance your career—Buy SecurityX certification exam or training today.

Security architecture (27%)

  • Cloud capabilities: CASB (API-based, proxy-based), shadow IT detection, shared responsibility model, CI/CD pipeline, Terraform, Ansible, container security, orchestration, and serverless workloads.
  • Cloud data security: data exposure, leakage, remanence, insecure storage, and encryption keys.
  • Cloud control strategies: proactive, detective, and preventative controls; customer-to-cloud connectivity, service integration, and continuous authorization.
  • Network architecture: segmentation, microsegmentation, VPN, always-on VPN, and API integration.
  • Security boundaries: asset identification, management, attestation, data perimeters, and secure zones.
  • Deperimeterization: SASE, SD-WAN, and software-defined networking.
  • Zero trust concepts: defining subject-object relationships.

Security engineering (31%)

  • Automation: scripting (PowerShell, Bash, Python), event triggers, IaC, cloud APIs, generative AI, containerization, patching, SOAR, and workflow automation.
  • Vulnerability management: scanning, reporting, and SCAP (OVAL, XCCDF, CPE, CVE, CVSS).
  • Advanced cryptography: PQC, key stretching, homomorphic encryption, forward secrecy, and hardware acceleration.
  • Cryptographic use cases: data at rest, in transit, and in use; secure email, blockchain, privacy, compliance, and certificate-based authentication.
  • Cryptographic techniques: tokenization, code signing, cryptographic erase, digital signatures, hashing, and symmetric/asymmetric cryptography.


Get exam-ready—Find your training and explore bundles.

Security operations (22%)

  • Monitoring and data analysis: SIEM (event parsing, retention, false positives/negatives), aggregate analysis (correlation, prioritization, trends), and behavior baselines (network, systems, users).
  • Vulnerabilities and attack surface: injection, XSS, insecure configurations, outdated software, and weak ciphers; mitigations include input validation, patching, encryption, and defense-in-depth.
  • Threat hunting:  internal intelligence (honeypots, UBA), external intelligence (OSINT, dark web, ISACs), TIPs, IoC sharing (STIX, TAXII), and rule-based languages (Sigma, YARA, Snort).
  • Incident response: malware analysis (sandboxing, IoC extraction, code stylometry), reverse engineering, metadata analysis, data recovery, and root cause analysis.