CompTIA Advanced Security Practitioner (CASP) CAS-002 with CompTIA Accredited E-Book Study Guide




CompTIA’s CASP – CompTIA Advanced Security Practitioner , is a vendor-neutral certification that validates IT professionals with advanced-level security skills and knowledge. This certification course covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers, while managing risk.
There is no required prerequisite for this course however, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.
This CASP training course follows the CompTIA authorized objectives, ensuring you receive the training and knowledge needed to succeed.
CompTIA CASP – CompTIA Advanced Security Practitioner Exam Objectives:
Domain and percentage of Examination:
1.0 Enterprise Security: 30%
2.0 Risk Management and Incident Response: 20%
3.0 Research and Analysis: 18%
4.0 Integration of Computing, Communications and Business Disciplines: 16%
5.0 Technical Integration of Enterprise Components: 16%
Course Syllabus:
CompTIA CASP – CompTIA Advanced Security Practitioner – Course CAS-002 Curriculum
Course Overview

Module 1 – Business Influences and Associated Security Risks

Risk Management
Business Model Strategies
Integrating Diverse Industries
Third Party Information Security and Providers
Internal and External Influences
Impact of De-Perimeterization
Module 2 – Risk Mitigation Planning – Strategies and Controls
CIA Triad
Business Classifications
Information Life Cycle and Steak-Holder Input
Implementing Technical Controls
Determine Aggregate CIA Score
Worst Case Scenario Planning
Calculation Tools and Attacker Motivation
Return Of Investment
Total Cost of Ownership and Risk Strategies
Risk Management Process
Identifying Vulnerabilities and Threats
Security Architecture Frameworks
Business Continuity Planning
IT Governance
Security Policies
Module 3 – Security-Privacy Policies and Procedures
Policy Development Updates
Developing Processes and Procedures
Legal Compliance
Security Policy Business Documents
Outage Impact and Estimating Downtime Terms
Sensitive Information-Internal Security Policies
Incident Response Process
Forensic Tasks
Employment and Termination Procedures
Network Auditing
Module 4 – Incident Response and Recovery Procedures
E-Discovery and Data Retention Policies
Data Recovery-Storage and Backup Schemes
Data Owner and Data Handling
Disposal Terms and Concepts
Data Breach and Data Analysis
Incident Response Guidelines
Incident and Emergency Response
Media-Software and Network Analysis
Order of Volatility
Module 5 – Industry Trends
Performing Ongoing Research
Security Practices
Evolution of Technology
Situational Awareness and Vulnerability Assessments
Researching Security Implications
Global Industry Security Response
Threat Actors
Contract Security Requirements
Contract Documents
Module 6 – Securing the Enterprise
Benchmarks and Baselines
Prototyping and Testing Multiple Solutions
Cost/Benefit Analysis
Metrics Collection and Trend Data
Security Controls-Reverse Engineering and Deconstructing
Security Solutions Business Needs
Lesson Learned- After Action Report
Module 7 – Assessment Tools and Methods
Port Scanners and Vulnerability Scanners
Protocol Analyzer- Network Enumerator-Password Cracker
Fuzzers and HTTP Interceptors
Exploitation Tools
Passive Reconnaissance Tools
Vulnerability Assessments and Malware Sandboxing
Memory Dumping and Penetration Testing
Reconnaissance and Fingerprinting
Code Review
Social Engineering
Module 8 – Social Cryptographic Concepts and Techniques
Cryptographic Benefits and Techniques
Hashing Algorithms
Message Authentication Code
Cryptographic Concepts
Transport Encryption Protocol
Symmetric Algorithms
Asymmetric Algorithms
Hybrid Encryption and Digital Signatures
Public Key Infrastructure
Digital Certificate Classes and Cypher Types
Des Modes
Cryptographic Attacks
Strength vs Performance and Cryptographic Implementations
Module 9 – Enterprise Storage
Virtual Storage Types and Challenges
Cloud Storage
Data Warehousing
Data Archiving
Storage Area Networks (SANs) and (VSANs)
Network Attached Storage (NAS)
Storage Protocols and Fiber Channel over Ethernet (FCoE)
Storage Network File Systems
Secure Storage Management Techniques
LUN Masking/Mapping and HBA Allocation
Replication and Encryption Methods
Module 10 – Network and Security Components-Concepts-Security Architectures
Remote Access Protocols
IPv6 and Transport Encryption
Network Authentication Methods
802.1x and Mesh Networks
Security Devices
Network Devices
Wireless Controllers
Router Security and Port Numbers
Network Security Solutions
Availability Controls-Terms and Techniques
Advanced Router and Switch Configuration
Data Flow Enforcement of Applications and Networks
Network Device Accessibility and Security
Module 11 – Security Controls for Hosts
Trusted Operation Systems
Endpoint Security Software and Data Loss Prevention
Host Based Firewalls
Log Monitoring and Host Hardening
Standard Operating Environment and Group Policy Security
Command Shell Restrictions
Configuring and Managing Interface Security
USB-Bluetooth-Firewire Restrictions and Security
Full Disk Encryption
Virtualization Security
Cloud Security Services
Boot Loader Protections
Virtual Host Vulnerabilities
Virtual Desktop Infrastructure
Terminal Services
Virtual TPM
Module 12 – Application Vulnerabilities and Security Controls
Web Application Security Design
Specific Application Issues
Session Management
Input Validation
Web Vulnerabilities and Input Mitigation Issues
Buffer Overflow and other Application Issues
Application Security Framework
Web Service Security and Secure Coding Standards
Software Development Methods
Monitoring Mechanisms and Client-Server Side Processing
Browser Extensions and Other Web Development Techniques
Module 13 – Host-Storage-Network and Application Integration
Securing Data Flows
Standards Concepts
Interoperability Issues
In House Commercial and Customized Applications
Cloud and Virtualization Models
Logical and Physical Deployment Diagrams
Secure Infrastructure Design
Storage Integration Security
Enterprise Application Integration Enablers
Module 14 – Authentication and Authorization Technologies
Authentication and Identity Management
Password Types-Management and Policies
Authentication Factors
Dual-Multi Factor and Certificate Authentication
Single Sign On Issues
Access Control Models and Open Authorization
Extensible Access Control Markup Language (XACML)
Service Provisioning Markup Language (SPML)
Attestation and Identity Propagation
Federation and Security Assertion Markup Language (SAML)
OpenID-Shibboleth and WAYF
Advanced Trust Models
Module 15 – Business Unit Collaboration
Identifying and Communicating Security Requirements
Security Controls Recommendations
Secure Solutions Collaboration
Module 16 – Secure Communication and Collaboration
Web-Video Conferencing-Instant Messaging
Desktop Sharing
Presence Guidelines
Email Messaging Protocol
Telephony-VoIP and Social Media
Cloud Based Collaboration
Remote Access and IPsec
Mobile and Personal Device Management
Over Air Technology Concerns
WLAN Concepts-Terms-Standards
WLAN Security and Attacks
Module 17 – Security Across the Technology Life Cycle
End to End Solution Ownership
System Development Life Cycle
Security Implications of Software Development Methodologies
Asset Management
Course End
Course Delivery: Online
About the CompTIA CASP+ CAS-002 Accredited E-Book Study Guide
CASP: CompTIA Advanced Security Practitioner Study Guide: CAS-002 is the updated edition of the bestselling book covering the CASP certification exam. CompTIA approved, this guide covers all of the CASP exam objectives with clear, concise, thorough information on crucial security topics. With practical examples and insights drawn from real-world experience, the book is a comprehensive study resource with authoritative coverage of key concepts. Exam highlights, end-of-chapter reviews, and a searchable glossary help with information retention, and cutting-edge exam prep software offers electronic flashcards and hundreds of bonus practice questions. Additional hands-on lab exercises mimic the exam’s focus on practical application, providing extra opportunities for readers to test their skills.
CASP is a DoD 8570.1-recognized security certification that validates the skillset of advanced-level IT security professionals. The exam measures the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments, as well as the ability to think critically and apply good judgment across a broad spectrum of security disciplines. This study guide helps CASP candidates thoroughly prepare for the exam, providing the opportunity to:

  • Master risk management and incident response
  • Sharpen research and analysis skills
  • Integrate computing with communications and business
  • Review enterprise management and technical component integration

Experts predict a 45-fold increase in digital data by 2020, with one-third of all information passing through the cloud. Data has never been so┬ávulnerable, and the demand for certified security professionals is increasing quickly. The CASP proves an IT professional’s skills, but getting that certification requires thorough preparation. This CASP study guide provides the information and practice that eliminate surprises on exam day.
About the Author:
Michael Gregg has over 20 years of IT experience, and is the COO of IT security firm Superior Solutions, Inc. He’s an expert on security, networking, and Internet technologies, and has written over 15 books focusing on IT security. He holds two associate’s degrees, a bachelor’s degree, a master’s degree, and the following certifications: CASP, CISSP, SSCP, CISA, CISM, MCSE, MCT, CTT+, A+, Network+, Security+, CNA, CCNA, CCE, CEH, and CHFI.
Technical Details:
Title: CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002
Author(s): Micahel Gregg
Publisher: Sybex
Edition: 2nd
ISBN: 9781118930847