Introduction
The CompTIA Advanced Security Practitioner (CASP) course is a 5-day training course aimed at IT professionals with at least 10 years of experience in enterprise IT Security, who intend on writing the CompTIA CAS-004 exam. In this course, delegates will expand on their knowledge of information security to apply more advanced principles that will keep their organization safe from the many ways it can be threatened.
Delegates will apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies, translate business needs into security requirements, support IT governance and risk management, architect security for hosts, networks, and software, respond to security incidents and more.
Audience profile
This course is designed for IT professionals in the cybersecurity industry whose primary job responsibility is to secure complex enterprise environments. The target student should have real-world experience with the technical administration of these enterprise environments. The target audience includes the following:
- Cyber Security/IS Professionals
- Information Security Analysts
- Security Architects
- IT Specialist
- Cybersecurity Risk Managers
- Cybersecurity Risk Analysts
Pre-requisites
Before attending this course, delegates need to have knowledge of Information Security concepts. This includes, but is not limited to:
- Knowledge of identity and access management (IAM) concepts and common implementations, such as authentication factors and directory services
- Knowledge of cryptographic concepts and common implementations, such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) and public key infrastructure (PKI)
- Knowledge of computer networking concepts and implementations, such as the TCP/IP model and configuration of routers and switches
- Knowledge of common security technologies used to safeguard the enterprise, such as anti-malware solutions, firewalls, and VPNs
It is highly recommended that delegates attending this course have a minimum of 10 years’ experience in IT administration, including at least 5 years of hands-on technical security experience.
Course objectives
In this course, delegates will analyse and apply advanced security concepts, principles, and implementations that contribute to enterprise-level security. Upon successful completion of this course, delegates will be able to:
- Leverage collaboration tools and technology to support enterprise security
- Use research and analysis to secure the enterprise
- Integrate advanced authentication and authorization techniques
- Implement cryptographic techniques
- Implement security controls for hosts
- Implement security controls for mobile devices
- Implement network security
- Implement security in the systems and software development lifecycle
- Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in a secure enterprise architecture
- Conduct security assessments
- Respond to and recover from security incidents
Course content
| Lesson 1: Perform Risk Management Activities |
- Explain Risk Assessment Methods
|
- Summarize the Risk Lifecycle
|
- Assess & Mitigate Vendor Risk
|
|
| Lesson 2: Summarizing Governance & Compliance Strategies |
- Meet Cloud Identifying Critical Data Assets
|
- Design Compare and Contrast Regulation, Accreditation, and Standards
|
- Explain Legal Considerations & Contract Types
|
|
| Lesson 3: Implementing Business Continuity & Disaster Recovery |
- Explain the Role of Business Impact Analysis
|
- Assess Disaster Recovery Plans
|
- Explain Testing and Readiness Activities
|
|
| Lesson 4: Identifying Infrastructure Services |
- Explain Critical Network Services
|
- Explain Defensible Network Design
|
- Implement Durable Infrastructures
|
|
| Lesson 5: Performing Software Integration |
- Explain Secure Integration Activities
|
- Assess Software Development Activities
|
- Analyse Access Control Models & Best Practices
|
- Analyse Development Models & Best Practices
|
| Lesson 6: Explain Virtualization, Cloud, and Emerging Technology |
- Explain Virtualization and Cloud Technology
|
- Explain Emerging Technologies
|
| Lesson 7: Exploring Secure Configurations and System Hardening |
- Analyse Enterprise Mobility Protections
|
- Implement Endpoint Protection
|
| Lesson 8: Understanding Security Considerations of Cloud and Specialized Platforms |
- Understand Impacts of Cloud Technology Adoption
|
- Explain Security Concerns for Sector Specific Technologies
|
| Lesson 9: Implementing Cryptography |
- Implementing Hashing and Symmetric Algorithms
|
- Implementing Appropriate Asymmetric Algorithms and Protocols
|
| Lesson 10: Implementing Public Key Infrastructure (PKI) |
- Analyse Objectives of Cryptography and Public Key Infrastructure (PKI)
|
- Implementing Appropriate PKI Solutions
|
| Lesson 11: Understanding Threat and Vulnerability Management Activities |
- Explore Threat and Vulnerability Management Concepts
|
- Explain Vulnerability and Penetration Test Methods
|
- Explain Technologies Designed to Reduce Risk
|
|
| Lesson 12: Developing Incident Response Capabilities |
- Analysing and Mitigating Vulnerabilities
|
- Identifying and Responding to Indicators of Compromise
|
- Exploring Digital Forensic Concepts
|
|
Associated certifications and exam
This course will prepare delegates to write the CompTIA CASP CAS-004 Exam.
Successfully passing this exam will result in the attainment of the CompTIA Advanced Security Practitioner Certification.
CASP+ covers the technical knowledge and skills required to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise while considering the impact of governance, risk, and compliance requirements.
| Exam Details |
CompTIA CASP+ |
| Exam Title |
CompTIA CASP+ |
| Number of Questions/Practical Challenges |
90 Questions |
| Recommended Experience |
A minimum of ten years of general hands-on IT experience, with at least five years of broad hands-on security experience. |
| Test Duration |
2 Hours 45 Minutes |
| Test Format |
Multiple choice questions and performance-based questions. |
| Test Delivery |
Pearson VUE
Testing Centres
Online Testing |
| Availability |
Pearson VUE |
| Exam Prefix |
CAS-004 |
| Passing Score |
This test has no scale score; it’s pass/fail only. |
| Retirement |
Three years after date of launch. |
