CompTIA Advanced Security Practitioner

(pearson-cas-002-complete) / ISBN : 978-1-61691-620-6
This course includes
Interactive Lessons
Gamified TestPrep
Lab
114 Reviews
Get A Free Trial

About This Course

Gain hands-on expertise in CompTIA Advanced Security Practitioner (CASP) certification exam by Pearson: CompTIA Advanced Security Practitioner course and performance-based lab. Performance-based labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training. The course and lab provide complete coverage of CAS-002 exam. The exam involves an application of critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers while managing risk.

Skills You’ll Get

The CompTIA Advanced Security Practitioner is a standalone certification from CompTIA with the exam code CAS-001. CASP certification is a vendor-neutral credential designed for advanced-level IT security professionals to conceptualize, design, and engineer secure solutions across complex enterprise environments. This certification validates advanced-level security skills and knowledge internationally.

1

CompTIA® Advanced Security Practitioner (CASP) CAS-002 Cert Guide

  • About the Authors
  • Dedication
  • Acknowledgments
  • About the Reviewers
  • We Want to Hear from You!
2

INTRODUCTION

  • The Goals of the CASP Certification
  • The Value of the CASP Certification
  • CASP Exam Objectives
  • Steps to Becoming a CASP
  • CompTIA Authorized Materials Use Policy
3

Cryptographic concepts and Techniques

  • Cryptographic Techniques
  • Cryptographic Concepts
  • Cryptographic Implementations
  • Review All Key Topics
4

Enterprise Storage

  • Storage Types
  • Storage Protocols
  • Secure Storage Management
  • Review All Key Topics
  • Advanced Network Design (Wired/Wireless)
  • Virtual Networking and Security Components
  • Complex Network Security Solutions for Data Flow
  • Secure Configuration and Baselining of Networking and Security Components
  • Software-Defined Networking
  • Cloud-Managed Networks
  • Network Management and Monitoring Tools
  • Advanced Configuration of Routers, Switches, and Other Network Devices
  • Security Zones
  • Network Access Control
  • Operational and Consumer Network-Enabled Devices
  • Critical Infrastructure/Supervisory Control and ...isition (SCADA)/Industrial Control Systems (ICS)
  • Review All Key Topics
5

Security controls for hosts

  • Trusted OS
  • Endpoint Security Software
  • Host Hardening
  • Security Advantages and Disadvantages of Virtualizing Servers
  • Cloud-Augmented Security Services
  • Boot Loader Protections
  • Vulnerabilities Associated with Commingling of Hosts with Different Security Requirements
  • Virtual Desktop Infrastructure (VDI)
  • Terminal Services/Application Delivery Services
  • Trusted Platform Module (TPM)
  • Virtual TPM (VTPM)
  • Hardware Security Module (HSM)
  • Review All Key Topics
6

Application Vulnerabilities and Security Controls

  • Web Application Security Design Considerations
  • Specific Application Issues
  • Application Sandboxing
  • Application Security Frameworks
  • Secure Coding Standards
  • Software Development Methods
  • Database Activity Monitoring (DAM)
  • Web Application Firewalls (WAF)
  • Client-Side Processing Versus Server-Side Processing
  • Review All Key Topics
7

Business Influences and Associated Security Risks

  • Risk Management of New Products, New Technologies, and User Behaviors
  • New or Changing Business Models/Strategies
  • Security Concerns of Integrating Diverse Industries
  • Ensuring That Third-Party Providers Have Requisite Levels of Information Security
  • Internal and External Influences
  • Impact of De-perimiterization
  • Review All Key Topics
8

Risk Mitigation Planning, Strategies, and Controls

  • Classify Information Types into Levels of CIA Based on Organization/Industry
  • Incorporate Stakeholder Input into CIA Decisions
  • Implement Technical Controls Based on CIA Requirements and Policies of the Organization
  • Determine the Aggregate CIA Score
  • Extreme Scenario/Worst-Case Scenario Planning
  • Determine Minimum Required Security Controls Based on Aggregate Score
  • Conduct System-Specific Risk Analysis
  • Make Risk Determination
  • Recommend Which Strategy Should be Applied Based on Risk Appetite
  • Risk Management Processes
  • Enterprise Security Architecture Frameworks
  • Continuous Improvement/Monitoring
  • Business Continuity Planning
  • IT Governance
  • Review All Key Topics
9

Security, Privacy Policies, and Procedures

  • Policy Development and Updates in Light of New Business, Technology, Risks, and Environment Changes
  • Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
  • Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
  • Use Common Business Documents to Support Security
  • Use General Privacy Principles for Sensitive Information (PII)
  • Support the Development of Various Policies
  • Review All Key Topics
10

Incident Response and Recovery Procedures

  • E-Discovery
  • Data Breach
  • Design Systems to Facilitate Incident Response
  • Incident and Emergency Response
  • Review All Key Topics
11

Industry Trends

  • Perform Ongoing Research
  • Situational Awareness
  • Vulnerability Management Systems
  • Advanced Persistent Threats
  • Zero-Day Mitigating Controls and Remediation
  • Emergent Threats and Issues
  • Research Security Implications of New Business Tools
  • Global IA Industry/Community
  • Research Security Requirements for Contracts
  • Review All Key Topics
12

Securing the Enterprise

  • Create Benchmarks and Compare to Baselines
  • Prototype and Test Multiple Solutions
  • Cost/Benefit Analysis
  • Metrics Collection and Analysis
  • Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
  • Review Effectiveness of Existing Security Controls
  • Reverse Engineer/Deconstruct Existing Solutions
  • Analyze Security Solution Attributes to Ensure They Meet Business Needs
  • Conduct a Lessons-Learned/After-Action Report
  • Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
  • Review All Key Topics
13

Assesment Tools and Methods

  • Assessment Tool Types
  • Assessment Methods
  • Review All Key Topics
14

Business Unit Collaboration

  • Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
  • Provide Objective Guidance and Impartial Recomme...or Management on Security Processes and Controls
  • Establish Effective Collaboration within Teams to Implement Secure Solutions
  • IT Governance
  • Review All Key Topics
15

Secure Communication and Collaboration

  • Security of Unified Collaboration Tools
  • Remote Access
  • Mobile Device Management
  • Over-the-Air Technologies Concerns
  • Review All Key Topics
16

Security Across the Technology Life Cycle

  • End-to-End Solution Ownership
  • Systems Development Life Cycle (SDLC)
  • Adapt Solutions to Address Emerging Threats and Security Trends
  • Asset Management (Inventory Control)
  • Review All Key Topics
17

Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture

  • Secure Data Flows to Meet Changing Business Needs
  • Standards
  • Interoperability Issues
  • Technical Deployment Models
  • Logical and Physical Deployment Diagrams of Relevant Devices
  • Secure Infrastructure Design
  • Storage Integration (Security Considerations)
  • Enterprise Application Integration Enablers
  • Review All Key Topics
18

Authenticatication and Authorization Technologies

  • Authentication
  • Authorization
  • Attestation
  • Identity Propagation
  • Federation
  • Advanced Trust Models
  • Review All Key Topics

Cryptographic concepts and Techniques

  • Understanding cryptographic terms
  • Identifying symmetric algorithms
  • Identifying sequence of sender's process for hybrid encryption
  • Identifying sequence of sender's process for digital signatures
  • Identifying cryptographic attacks
  • Understanding steganography
  • Launching Windows certificates manager
  • Identifying password cracking ways
  • Identifying symmetric and asymmetric encryptions
  • Identifying asymmetric encryption algorithms
  • Identifying public key infrastructure components

Enterprise Storage

  • Identifying encryption types

Security controls for hosts

  • Identifying TCSEC divisions levels
  • Identifying endpoint security solutions
  • Creating a virtual PC machine
  • Identifying hashing algorithms
  • Identifying cloud-augmented security services

Application Vulnerabilities and Security Controls

  • Identifying tracking vulnerabilities in software
  • Understanding cross-site scripting
  • Identifying XSS vulnerabilities
  • Viewing cookies and temporary files in IE
  • Understanding application sandboxing
  • Identifying secure coding tests
  • Understanding SOAP

Risk Mitigation Planning, Strategies, and Controls

  • Identifying attributes of symmetric and asymmetric encryption
  • Identifying quantitative analysis
  • Identifying employee controls uses
  • Identifying security governance plan
  • Identifying information security policy components

Security, Privacy Policies, and Procedures

  • Identifying information security laws
  • Understanding incident response plan
  • Identifying incident responses models
  • Identifying employee controls
  • Identifying stages of building security controls

Incident Response and Recovery Procedures

  • Identifying data backup types
  • Understanding facets of an investigation

Securing the Enterprise

  • Identifying security solution performances

Assesment Tools and Methods

  • Identifying fuzzing tools
  • Identifying the handshake process for CHAP
  • Running a security scanner to identify vulnerabilities
  • Identifying port scanning techniques
  • Cracking encrypted passwords
  • Identifying penetration testing steps

Secure Communication and Collaboration

  • Identifying protocols security issues
  • Arranging the VoIP protocols in the protocol stack
  • Identifying 802.11 standards
  • Creating and configuring a network

Security Across the Technology Life Cycle

  • Understanding SDLC activities

Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture

  • Setting up a DMZ on a SOHO router
  • Configuring a VPN client

Authenticatication and Authorization Technologies

  • Identifying biometric systems
  • Creating a remote access VPN connection
  • Identifying drawbacks of Kerberos authentication

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

The exam contains 90 questions.

165 minutes

Pass/Fail only. No scaled score.

CompTIA Advanced Security Practitioner

$ 216.72

Buy Now
scroll to top