Scroll to top button

CompTIA Advanced Security Practitioner

ISBN : 9781616916206

Gain hands-on expertise in CompTIA Advanced Security Practitioner (CASP) certification exam by Pearson: CompTIA Advanced Security Practitioner course and performance-based lab. Performance-based labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training. The course and lab provide complete coverage of CAS-002 exam. The exam involves an application of critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers while managing risk.

The CompTIA Advanced Security Practitioner is a standalone certification from CompTIA with the exam code CAS-001. CASP certification is a vendor-neutral credential designed for advanced-level IT security professionals to conceptualize, design, and engineer secure solutions across complex enterprise environments. This certification validates advanced-level security skills and knowledge internationally.

Glossary of terms
Pre Assessment Questions
Post Assessment Questions
Performance lab
Video tutorials
Exam related FAQs
What is the format of the exam? Multiple choice and performance-based.
How many questions are asked in the exam? The exam contains 90 questions.
What is the duration of the exam? 165 minutes
What is the passing score? Pass/Fail only. No scaled score.
Where can I find more information about this exam? To know more about the pearson-cas-002-complete, click here.
Which certification covers this exam?
  • About the Authors
  • Dedication
  • Acknowledgments
  • About the Reviewers
  • We Want to Hear from You!
  • The Goals of the CASP Certification
  • The Value of the CASP Certification
  • CASP Exam Objectives
  • Steps to Becoming a CASP
  • CompTIA Authorized Materials Use Policy
  • Cryptographic Techniques
  • Cryptographic Concepts
  • Cryptographic Implementations
  • Review All Key Topics
  • Storage Types
  • Storage Protocols
  • Secure Storage Management
  • Review All Key Topics
  • Advanced Network Design (Wired/Wireless)
  • Virtual Networking and Security Components
  • Complex Network Security Solutions for Data Flow
  • Secure Configuration and Baselining of Networking and Security Components
  • Software-Defined Networking
  • Cloud-Managed Networks
  • Network Management and Monitoring Tools
  • Advanced Configuration of Routers, Switches, and Other Network Devices
  • Security Zones
  • Network Access Control
  • Operational and Consumer Network-Enabled Devices
  • Critical Infrastructure/Supervisory Control and ...isition (SCADA)/Industrial Control Systems (ICS)
  • Review All Key Topics
  • Trusted OS
  • Endpoint Security Software
  • Host Hardening
  • Security Advantages and Disadvantages of Virtualizing Servers
  • Cloud-Augmented Security Services
  • Boot Loader Protections
  • Vulnerabilities Associated with Commingling of Hosts with Different Security Requirements
  • Virtual Desktop Infrastructure (VDI)
  • Terminal Services/Application Delivery Services
  • Trusted Platform Module (TPM)
  • Virtual TPM (VTPM)
  • Hardware Security Module (HSM)
  • Review All Key Topics
  • Web Application Security Design Considerations
  • Specific Application Issues
  • Application Sandboxing
  • Application Security Frameworks
  • Secure Coding Standards
  • Software Development Methods
  • Database Activity Monitoring (DAM)
  • Web Application Firewalls (WAF)
  • Client-Side Processing Versus Server-Side Processing
  • Review All Key Topics
  • Risk Management of New Products, New Technologies, and User Behaviors
  • New or Changing Business Models/Strategies
  • Security Concerns of Integrating Diverse Industries
  • Ensuring That Third-Party Providers Have Requisite Levels of Information Security
  • Internal and External Influences
  • Impact of De-perimiterization
  • Review All Key Topics
  • Classify Information Types into Levels of CIA Based on Organization/Industry
  • Incorporate Stakeholder Input into CIA Decisions
  • Implement Technical Controls Based on CIA Requirements and Policies of the Organization
  • Determine the Aggregate CIA Score
  • Extreme Scenario/Worst-Case Scenario Planning
  • Determine Minimum Required Security Controls Based on Aggregate Score
  • Conduct System-Specific Risk Analysis
  • Make Risk Determination
  • Recommend Which Strategy Should be Applied Based on Risk Appetite
  • Risk Management Processes
  • Enterprise Security Architecture Frameworks
  • Continuous Improvement/Monitoring
  • Business Continuity Planning
  • IT Governance
  • Review All Key Topics
  • Policy Development and Updates in Light of New Business, Technology, Risks, and Environment Changes
  • Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
  • Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
  • Use Common Business Documents to Support Security
  • Use General Privacy Principles for Sensitive Information (PII)
  • Support the Development of Various Policies
  • Review All Key Topics
  • E-Discovery
  • Data Breach
  • Design Systems to Facilitate Incident Response
  • Incident and Emergency Response
  • Review All Key Topics
  • Perform Ongoing Research
  • Situational Awareness
  • Vulnerability Management Systems
  • Advanced Persistent Threats
  • Zero-Day Mitigating Controls and Remediation
  • Emergent Threats and Issues
  • Research Security Implications of New Business Tools
  • Global IA Industry/Community
  • Research Security Requirements for Contracts
  • Review All Key Topics
  • Create Benchmarks and Compare to Baselines
  • Prototype and Test Multiple Solutions
  • Cost/Benefit Analysis
  • Metrics Collection and Analysis
  • Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
  • Review Effectiveness of Existing Security Controls
  • Reverse Engineer/Deconstruct Existing Solutions
  • Analyze Security Solution Attributes to Ensure They Meet Business Needs
  • Conduct a Lessons-Learned/After-Action Report
  • Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
  • Review All Key Topics
  • Assessment Tool Types
  • Assessment Methods
  • Review All Key Topics
  • Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
  • Provide Objective Guidance and Impartial Recomme...or Management on Security Processes and Controls
  • Establish Effective Collaboration within Teams to Implement Secure Solutions
  • IT Governance
  • Review All Key Topics
  • Security of Unified Collaboration Tools
  • Remote Access
  • Mobile Device Management
  • Over-the-Air Technologies Concerns
  • Review All Key Topics
  • End-to-End Solution Ownership
  • Systems Development Life Cycle (SDLC)
  • Adapt Solutions to Address Emerging Threats and Security Trends
  • Asset Management (Inventory Control)
  • Review All Key Topics
  • Secure Data Flows to Meet Changing Business Needs
  • Standards
  • Interoperability Issues
  • Technical Deployment Models
  • Logical and Physical Deployment Diagrams of Relevant Devices
  • Secure Infrastructure Design
  • Storage Integration (Security Considerations)
  • Enterprise Application Integration Enablers
  • Review All Key Topics
  • Authentication
  • Authorization
  • Attestation
  • Identity Propagation
  • Federation
  • Advanced Trust Models
  • Review All Key Topics

Hands on Activities (Labs)

  • Understanding cryptographic terms
  • Identifying symmetric algorithms
  • Identifying sequence of sender's process for hybrid encryption
  • Identifying sequence of sender's process for digital signatures
  • Identifying cryptographic attacks
  • Understanding steganography
  • Launching Windows certificates manager
  • Identifying password cracking ways
  • Identifying symmetric and asymmetric encryptions
  • Identifying asymmetric encryption algorithms
  • Identifying public key infrastructure components
  • Identifying encryption types
  • Identifying virtual network components
  • Creating a user password
  • Identifying remote access methods
  • Configuring IPv4 address
  • Using Windows remote access
  • Configuring and testing IPv6 addresses
  • Identifying IPV4 and IPV6 differences
  • Identifying IPv4 classful address ranges
  • Identifying IPv4 header
  • Identifying IPv6 header
  • Identifying IDS components
  • Identifying sequence in which the IDS instructs the TCP to reset connections
  • Working with a host-based IDS
  • Identifying the change management process
  • Using the Windows command-line interface (CLI)
  • Understanding software-defined networking
  • Identifying cloud services model
  • Identifying Intrusion detection key terms
  • Configuring NPS to provide RADIUS authentication
  • Configuring NPS network policy
  • Identifying TCSEC divisions levels
  • Identifying endpoint security solutions
  • Creating a virtual PC machine
  • Identifying hashing algorithms
  • Identifying cloud-augmented security services
  • Identifying tracking vulnerabilities in software
  • Understanding cross-site scripting
  • Identifying XSS vulnerabilities
  • Viewing cookies and temporary files in IE
  • Understanding application sandboxing
  • Identifying secure coding tests
  • Understanding SOAP
  • Identifying attributes of symmetric and asymmetric encryption
  • Identifying quantitative analysis
  • Identifying employee controls uses
  • Identifying security governance plan
  • Identifying information security policy components
  • Identifying information security laws
  • Understanding incident response plan
  • Identifying incident responses models
  • Identifying employee controls
  • Identifying stages of building security controls
  • Identifying data backup types
  • Understanding facets of an investigation
  • Identifying security solution performances
  • Identifying fuzzing tools
  • Identifying the handshake process for CHAP
  • Running a security scanner to identify vulnerabilities
  • Identifying port scanning techniques
  • Cracking encrypted passwords
  • Identifying penetration testing steps
  • Identifying protocols security issues
  • Arranging the VoIP protocols in the protocol stack
  • Identifying 802.11 standards
  • Creating and configuring a network
  • Understanding SDLC activities
  • Identifying biometric systems
  • Creating a remote access VPN connection
  • Identifying drawbacks of Kerberos authentication