The organization is most concerned about Generative AI improving phishing and social engineering attacks.
Tools like ChatGPT can generate highly convincing phishing emails, fake websites, and human-like interactions that bypass traditional detection methods. Employees who were trained to spot poor grammar or obvious scams may now struggle to detect AI-crafted exploits.
Option A relates to compliance but not AI-driven threats. Option B (overreliance on AI bots) is operational risk, not phishing. Option D (differential analysis) applies to AI privacy issues, not phishing.
CAS-005 emphasizes adapting training to emerging threats, including AI-enabled social engineering. This ensures users remain resilient against modern attacks, making C the correct answer.

Authenticated scans allow the scanner to verify installed patches and configurations, reducing false positives.
Other options:
A (CMDB updates) improve asset tracking but do not validate patch installations.
C (Advanced fingerprinting) improves accuracy but does not replace authentication.
D (Coordination with teams) is good practice but does not prevent false positives.
Reference: CASP+ CAS-005 - Vulnerability Scanning and RiskManagement

Advancements in quantum computing pose a significant threat to current encryption systems, especially those based on the difficulty of factoring large prime numbers, such as RSA. Quantum computers have the potential to solve these problems exponentially faster than classical computers, making current cryptographic systems vulnerable.
Why Large Prime Numbers are Vulnerable:
* Shor's Algorithm: Quantum computers can use Shor's algorithm to factorize large integers efficiently, which undermines the security of RSA encryption.
* Cryptographic Breakthrough: The ability to quickly factor large prime numbers means that encrypted data, which relies on the hardness of this mathematical problem, can be decrypted.
Other options, while relevant, do not capture the primary reason for the shift towards new encryption algorithms:
* B. Zero Trust security architectures: While important, the shift to homomorphic encryption is not the main driver for new encryption algorithms.
* C. Perfect forward secrecy: It enhances security but is not the main reason for new encryption algorithms.
* D. Real-time IP traffic capture: Quantum computers pose a more significant threat to the underlying cryptographic algorithms than to the real-time capture of traffic.
References:
* CompTIA SecurityX Study Guide
* NIST Special Publication 800-208, "Recommendation for Stateful Hash-Based Signature Schemes"
* "Quantum Computing and Cryptography," MIT Technology Review

The security diagram proposed by the security architect depicts a Zero Trust security model. Zero Trust is asecurity framework that assumes all entities, both inside and outside the network, cannot be trusted and must be verified before gaining access to resources.
Key Characteristics of Zero Trust in the Diagram:
Role-based Access Control: Ensures that users have access only to the resources necessary for their role.
Mandatory Access Control: Additional layer of security requiring authentication for access to sensitive areas.
Network Access Control: Ensures that devices meet security standards before accessing the network.
Multi-factor Authentication (MFA): Enhances security by requiring multiple forms of verification.
This model aligns with the Zero Trust principles of never trusting and always verifying access requests, regardless of their origin.
References:
CompTIA SecurityX Study Guide
NIST Special Publication 800-207, " Zero Trust Architecture "
" Implementing a Zero Trust Architecture, " Forrester Research

The best answer is B. The attacker registered a new domain . The key evidence is in the visible sender fields:
From: [email protected] and Reply-To: [email protected] . The legitimate company domain appears to be example.com , but the fraudulent email uses exampl.com , which is a lookalike domain missing the letter "e" .
That is a classic typosquatting/business email compromise pattern. The headers also show Received-SPF: pass
, which means the message passed SPF for the domain it actually came from, not that it was legitimate for the intended organization. The presence of a DKIM-Signature also shows that lack of domain keys is not the issue. This is therefore best explained by an attacker creating or registering a deceptive domain and sending authenticated email from it. CompTIA SecurityX's Security Operations domain includes activities around analyzing indicators, email artifacts, and attack patterns to identify malicious activity.
Why the other options are incorrect:
A is not the best explanation because the scenario says John Doe's account had been compromised earlier, but the specific headers here point to a spoof-like lookalike domain attack, not necessarily direct reuse of John's real mailbox. C is incorrect because the headers explicitly show a DKIM-Signature , so domain keys were used. D is incorrect because the headers show Received-SPF: pass , not fail. The payment succeeded because the attacker used a deceptive domain that looked close enough to the legitimate one to fool the recipient during the invoice exchange.
References:
CompTIA SecurityX official exam objectives summary, especially Security Operations skills around analyzing malicious activity and indicators.
CompTIA SecurityX CAS-005 exam objectives PDF mirror.