Code signing uses cryptographic digital signatures to prove that software or updates come from a trusted source and have not been altered. In the SecurityX CAS-005 objectives, this is covered under security engineering and cryptographic assurance mechanisms.
* Envelope encryption protects confidentiality but does not authenticate the source.
* File integrity monitoring detects file changes but does not confirm the origin of the update.
* Application control manages which software can run but does not ensure authenticity of distributed files.
Only code signing meets all three objectives: verifying the source, ensuring authorization, and proving integrity.

The strings utility extracts human-readable text from binary files. Security analysts use it to identify Indicators of Compromise (IoCs) such as URLs, IP addresses, filenames, and commands embedded in the malware.
* Option A (reconstructing timeline) would require event logs or forensic timeline tools.
* Option C (replicating the attack) involves execution in a sandbox, not static string extraction.

The requirements for archiving data and immutable backups directly align with legal hold compliance (E) and ransomware resilience (F).
Legal hold compliance ensures that organizations can retain data in a tamper-proof manner when required for litigation, regulatory mandates, or audits. Immutable backups satisfy this by preventing unauthorized changes or deletion, ensuring evidence and records are preserved.
Ransomware resilience is also a key factor. Immutable backups allow recovery from ransomware attacks, as attackers cannot encrypt or delete data stored in read-only or write-once media. This reduces downtime and supports business continuity.
Options A (crypto-export), B (supply chain), C (device attestation), and D (quality assurance) do not relate directly to data archiving or immutable storage.
CAS-005 stresses aligning security controls with business continuity and compliance requirements. By focusing on legal and ransomware-related considerations, the organization ensures both regulatory and operational resilience.

A Content Delivery Network (CDN) caches and distributes static and dynamic web content across multiple geographically distributed edge servers, reducing latency for global users. This directly addresses page-loading delays caused by distance from the primary data centers.
RASP is for runtime application security, not latency.
Remote journaling is for data replication, not performance optimization.
SASE can improve security and WAN routing, but a CDN is purpose-built for content delivery performance.

The best answer is D. Deploying heterogeneous security solutions to offer a layered approach . The requirements emphasize redundancy , resilience , and avoiding a situation where a single supply chain attack could disable security operations. A heterogeneous, layered design reduces common-mode failure risk because different products, vendors, and control layers are less likely to fail in the same way at the same time.
This also improves resilience against zero-day vulnerabilities , since one vendor's unknown weakness is less likely to compromise every control simultaneously. CompTIA's SecurityX objectives explicitly include
"Security controls: preventive, detective, corrective, compensating, and deterrent" and "Architecture patterns:
resilience, scalability, and performance." Those objective themes directly support a diverse, layered-control approach.
Why the other options are not best:
A may add support capacity, but it does not inherently provide redundant, diverse technical controls. B is the opposite of the requirement because a single-vendor stack increases supply-chain concentration risk. C may change hosting model, but cloud migration alone does not guarantee redundancy against supply-chain compromise or zero-day resilience. A layered heterogeneous design is the strongest match to all three requirements.
References:
CompTIA SecurityX official exam objectives summary, especially Security Architecture themes of layered controls and resilience.