CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003

Book Preface

The CASP+ certification was developed by the Computer Technology Industry Association
(CompTIA) to provide an industry- wide means of certifying the competency of security pro-fessionals who have a minimum of 10 years’ general hands- on IT experience with at least 5 years’ hands- on IT security experience. The security professional’s job is to protect the confi-dentiality, integrity, and availability of an organization’s valuable information assets. As such, these individuals need to have the ability to apply critical thinking and judgment.

According to CompTIA, the CASP+ certification is a vendor- neutral cre-dential. CASP+ validates advanced- level security skills and knowledge internationally. There is no prerequisite, but CASP+ certification is intended to follow CompTIA Network+, Security+, CySA+, Cloud+, and PenTest+ or equivalent certifications/experience and has a technical, “hands- on” focus at the enterprise level.

Many certification books present material for you to memorize before the exam, but this book goes a step further in that it offers best practices, tips, and hands- on exercises that help those in the field of security better protect critical assets, build defense in depth, and accu-rately assess risk.

If you’re preparing to take the CASP+ exam, it is a good idea to find out as much information as possible about computer security practices and techniques. Because this test is designed for those with years of experience, you will be better prepared by having the most hands- on experience possible; this study guide was written with this in mind. We have included hands- on exercises, real- world scenarios, and review questions at the end of each chapter to give you some idea as to what the exam is like. You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam; if you’re unable to do so, reread the problematic chapters and try the questions again. Your score should improve.

Before You Begin the CompTIA CASP+ Certification Exam

Before you begin studying for the exam, it’s good for you to know that the CASP+ certification is offered by CompTIA (an industry association responsible for many certifica-tions) and is granted to those who obtain a passing score on a single exam. Before you begin studying for the exam, learn all you can about the certification.

A list of the CASP+ CAS- 004 exam objectives is presented in this intro-duction. See the section “The CASP+ Exam Objective Map.”

Obtaining CASP+ certification demonstrates that you can help your organization design and maintain system and network security services to secure the organization’s assets. By obtaining CASP+ certification, you show that you have the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.

Who Should Read This Book

The CompTIA CASP+ Study Guide: Exam CAS- 004, Fourth Edition, is designed to give you insight into the working world of IT security, and it describes the types of tasks and activ-ities that a security professional with 5–10 years of experience carries out. Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment.

College classes, training classes, and boot camps are recommended ways to gain proficiency with the tools and techniques discussed in the book. However, nothing delivers hands- on learning like experiencing your own attempts, successes, and mistakes— on a home lab. More on home labs later.

What You Will Learn

This CompTIA CASP+ Study Guide covers all you need to know to pass the CASP+ exam. The exam is based on exam objectives, and this study guide is based on the current iteration of the CASP+ exam, version CAS- 004.

Per the CASP+ CompTIA objectives for exam version CAS- 004, the four domains include the following:

■ Domain 1.0 Security Architecture
■ Domain 2.0 Security Operations
■ Domain 3.0 Security Engineering and Cryptography
■ Domain 4.0 Governance, Risk, and Compliance

Each of these four domains further divide into objectives. For example, the fourth domain, “Governance, Risk, and Compliance,” is covered across three objectives:

4.1 Given a set of requirements, apply the appropriate risk strategies. 4.2 Explain the importance of managing and mitigating vendor risk.
4.3 Explain compliance frameworks and legal considerations, and their organiza-tional impact.
4.4 Explain the importance of business continuity and disaster recovery concepts.

These objectives read like a job task, but they are more akin to a named subset of knowledge. Many subobjectives and topics are found under each objective. These are listed hierarchically, ranging from 20 to 50 topics per objective. Yes, that’s a lot of topics when you add it all up. In short, there is a lot of material to cover. Next, we address how the book tackles it all.

How This Book Is Organized

Remember how we just explained the CASP+ exam is based on domains and objectives? Your goal for exam preparation is essentially to cover all of those subobjectives and
topics. That was our goal, too, in writing this study guide, so that’s how we structured this book— around the same exam objectives, specifically calling out every subobjective and topic. If a topic or phrase from the exam objectives list isn’t specifically called out, the con-cepts and understanding behind that topic or phrase are discussed thoroughly in the relevant chapters.

Nonetheless, CompTIA didn’t structure the exam objectives to make for good reading or an easy flow. It would be simple to tell you that each chapter correlates exactly to two or three objectives. Instead, the book is laid out to create a balance between a relevant flow of information for learning and relatable coverage of the exam objectives. This book structure then serves to be most helpful for identifying and filling any knowledge gaps that you might have in a certain area and, in turn, best prepare you for the exam.