CASP+ CompTIA Advanced Security Practitioner (CAS-004)
CompTIA CAS-004.AE1
CASP+ CompTIA Advanced Security Practitioner (CAS-004)
ISBN: 978-1-64459-392-9CompTIA CAS-004.AE1
CompTIA Advanced Security Practitioner
(pearson-cas-002-complete) / ISBN : 978-1-61691-620-6
This course includes
Lessons
TestPrep
Lab
114
Review
About This Course
Gain hands-on expertise in CompTIA Advanced Security Practitioner (CASP) certification exam by Pearson: CompTIA Advanced Security Practitioner course and performance-based lab. Performance-based labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training. The course and lab provide complete coverage of CAS-002 exam. The exam involves an application of critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers while managing risk.
Skills You’ll Get
Get the support you need. Enroll in our Instructor-Led Course.
Lessons
18+ Lessons | 39+ Exercises | 160+ Quizzes | 647+ Flashcards | 647+ Glossary of terms
TestPrep
80+ Pre Assessment Questions | 1+ Full Length Tests | 75+ Post Assessment Questions | 75+ Practice Test Questions
Hands-On Labs
53+ LiveLab | 17+ Video tutorials | 16+ Minutes
1
CompTIA® Advanced Security Practitioner (CASP) CAS-002 Cert Guide
- About the Authors
- Dedication
- Acknowledgments
- About the Reviewers
- We Want to Hear from You!
2
INTRODUCTION
- The Goals of the CASP Certification
- The Value of the CASP Certification
- CASP Exam Objectives
- Steps to Becoming a CASP
- CompTIA Authorized Materials Use Policy
3
Cryptographic concepts and Techniques
- Cryptographic Techniques
- Cryptographic Concepts
- Cryptographic Implementations
- Review All Key Topics
4
Enterprise Storage
- Storage Types
- Storage Protocols
- Secure Storage Management
- Review All Key Topics
- Advanced Network Design (Wired/Wireless)
- Virtual Networking and Security Components
- Complex Network Security Solutions for Data Flow
- Secure Configuration and Baselining of Networking and Security Components
- Software-Defined Networking
- Cloud-Managed Networks
- Network Management and Monitoring Tools
- Advanced Configuration of Routers, Switches, and Other Network Devices
- Security Zones
- Network Access Control
- Operational and Consumer Network-Enabled Devices
- Critical Infrastructure/Supervisory Control and ...isition (SCADA)/Industrial Control Systems (ICS)
- Review All Key Topics
5
Security controls for hosts
- Trusted OS
- Endpoint Security Software
- Host Hardening
- Security Advantages and Disadvantages of Virtualizing Servers
- Cloud-Augmented Security Services
- Boot Loader Protections
- Vulnerabilities Associated with Commingling of Hosts with Different Security Requirements
- Virtual Desktop Infrastructure (VDI)
- Terminal Services/Application Delivery Services
- Trusted Platform Module (TPM)
- Virtual TPM (VTPM)
- Hardware Security Module (HSM)
- Review All Key Topics
6
Application Vulnerabilities and Security Controls
- Web Application Security Design Considerations
- Specific Application Issues
- Application Sandboxing
- Application Security Frameworks
- Secure Coding Standards
- Software Development Methods
- Database Activity Monitoring (DAM)
- Web Application Firewalls (WAF)
- Client-Side Processing Versus Server-Side Processing
- Review All Key Topics
7
Business Influences and Associated Security Risks
- Risk Management of New Products, New Technologies, and User Behaviors
- New or Changing Business Models/Strategies
- Security Concerns of Integrating Diverse Industries
- Ensuring That Third-Party Providers Have Requisite Levels of Information Security
- Internal and External Influences
- Impact of De-perimiterization
- Review All Key Topics
8
Risk Mitigation Planning, Strategies, and Controls
- Classify Information Types into Levels of CIA Based on Organization/Industry
- Incorporate Stakeholder Input into CIA Decisions
- Implement Technical Controls Based on CIA Requirements and Policies of the Organization
- Determine the Aggregate CIA Score
- Extreme Scenario/Worst-Case Scenario Planning
- Determine Minimum Required Security Controls Based on Aggregate Score
- Conduct System-Specific Risk Analysis
- Make Risk Determination
- Recommend Which Strategy Should be Applied Based on Risk Appetite
- Risk Management Processes
- Enterprise Security Architecture Frameworks
- Continuous Improvement/Monitoring
- Business Continuity Planning
- IT Governance
- Review All Key Topics
9
Security, Privacy Policies, and Procedures
- Policy Development and Updates in Light of New Business, Technology, Risks, and Environment Changes
- Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
- Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
- Use Common Business Documents to Support Security
- Use General Privacy Principles for Sensitive Information (PII)
- Support the Development of Various Policies
- Review All Key Topics
10
Incident Response and Recovery Procedures
- E-Discovery
- Data Breach
- Design Systems to Facilitate Incident Response
- Incident and Emergency Response
- Review All Key Topics
11
Industry Trends
- Perform Ongoing Research
- Situational Awareness
- Vulnerability Management Systems
- Advanced Persistent Threats
- Zero-Day Mitigating Controls and Remediation
- Emergent Threats and Issues
- Research Security Implications of New Business Tools
- Global IA Industry/Community
- Research Security Requirements for Contracts
- Review All Key Topics
12
Securing the Enterprise
- Create Benchmarks and Compare to Baselines
- Prototype and Test Multiple Solutions
- Cost/Benefit Analysis
- Metrics Collection and Analysis
- Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
- Review Effectiveness of Existing Security Controls
- Reverse Engineer/Deconstruct Existing Solutions
- Analyze Security Solution Attributes to Ensure They Meet Business Needs
- Conduct a Lessons-Learned/After-Action Report
- Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
- Review All Key Topics
13
Assesment Tools and Methods
- Assessment Tool Types
- Assessment Methods
- Review All Key Topics
14
Business Unit Collaboration
- Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
- Provide Objective Guidance and Impartial Recomme...or Management on Security Processes and Controls
- Establish Effective Collaboration within Teams to Implement Secure Solutions
- IT Governance
- Review All Key Topics
15
Secure Communication and Collaboration
- Security of Unified Collaboration Tools
- Remote Access
- Mobile Device Management
- Over-the-Air Technologies Concerns
- Review All Key Topics
16
Security Across the Technology Life Cycle
- End-to-End Solution Ownership
- Systems Development Life Cycle (SDLC)
- Adapt Solutions to Address Emerging Threats and Security Trends
- Asset Management (Inventory Control)
- Review All Key Topics
17
Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture
- Secure Data Flows to Meet Changing Business Needs
- Standards
- Interoperability Issues
- Technical Deployment Models
- Logical and Physical Deployment Diagrams of Relevant Devices
- Secure Infrastructure Design
- Storage Integration (Security Considerations)
- Enterprise Application Integration Enablers
- Review All Key Topics
18
Authenticatication and Authorization Technologies
- Authentication
- Authorization
- Attestation
- Identity Propagation
- Federation
- Advanced Trust Models
- Review All Key Topics
Cryptographic concepts and Techniques
- Understanding cryptographic terms
- Identifying symmetric algorithms
- Identifying sequence of sender's process for hybrid encryption
- Identifying sequence of sender's process for digital signatures
- Identifying cryptographic attacks
- Understanding steganography
- Launching Windows certificates manager
- Identifying password cracking ways
- Identifying symmetric and asymmetric encryptions
- Identifying asymmetric encryption algorithms
- Identifying public key infrastructure components
Enterprise Storage
- Identifying encryption types
Security controls for hosts
- Identifying TCSEC divisions levels
- Identifying endpoint security solutions
- Creating a virtual PC machine
- Identifying hashing algorithms
- Identifying cloud-augmented security services
Application Vulnerabilities and Security Controls
- Identifying tracking vulnerabilities in software
- Understanding cross-site scripting
- Identifying XSS vulnerabilities
- Viewing cookies and temporary files in IE
- Understanding application sandboxing
- Identifying secure coding tests
- Understanding SOAP
Risk Mitigation Planning, Strategies, and Controls
- Identifying attributes of symmetric and asymmetric encryption
- Identifying quantitative analysis
- Identifying employee controls uses
- Identifying security governance plan
- Identifying information security policy components
Security, Privacy Policies, and Procedures
- Identifying information security laws
- Understanding incident response plan
- Identifying incident responses models
- Identifying employee controls
- Identifying stages of building security controls
Incident Response and Recovery Procedures
- Identifying data backup types
- Understanding facets of an investigation
Securing the Enterprise
- Identifying security solution performances
Assesment Tools and Methods
- Identifying fuzzing tools
- Identifying the handshake process for CHAP
- Running a security scanner to identify vulnerabilities
- Identifying port scanning techniques
- Cracking encrypted passwords
- Identifying penetration testing steps
Secure Communication and Collaboration
- Identifying protocols security issues
- Arranging the VoIP protocols in the protocol stack
- Identifying 802.11 standards
- Creating and configuring a network
Security Across the Technology Life Cycle
- Understanding SDLC activities
Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture
- Setting up a DMZ on a SOHO router
- Configuring a VPN client
Authenticatication and Authorization Technologies
- Identifying biometric systems
- Creating a remote access VPN connection
- Identifying drawbacks of Kerberos authentication
Any questions?Check out the FAQs
Still have unanswered questions and need to get in touch?
Contact Us NowThe exam contains 90 questions.
165 minutes
Pass/Fail only. No scaled score.