CompTIA Advanced Security Practitioner


This course includes

Gain hands-on expertise in CompTIA Advanced Security Practitioner (CASP) certification exam by Pearson: CompTIA Advanced Security Practitioner course and performance-based lab. Performance-based labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training. The course and lab provide complete coverage of CAS-002 exam. The exam involves an application of critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers while managing risk.

Here's what you will get

The CompTIA Advanced Security Practitioner is a standalone certification from CompTIA with the exam code CAS-001. CASP certification is a vendor-neutral credential designed for advanced-level IT security professionals to conceptualize, design, and engineer secure solutions across complex enterprise environments. This certification validates advanced-level security skills and knowledge internationally.


18+ Lessons | 39+ Exercises | 160+ Quizzes | 647+ Flashcards | 647+ Glossary of terms


80+ Pre Assessment Questions | 1+ Full Length Tests | 75+ Post Assessment Questions | 75+ Practice Test Questions

Hands-On Labs

53+ LiveLab | 17+ Video tutorials | 16+ Minutes

Here's what you will learn

Download Course Outline

Lessons 1: CompTIA® Advanced Security Practitioner (CASP) CAS-002 Cert Guide

  • About the Authors
  • Dedication
  • Acknowledgments
  • About the Reviewers
  • We Want to Hear from You!


  • The Goals of the CASP Certification
  • The Value of the CASP Certification
  • CASP Exam Objectives
  • Steps to Becoming a CASP
  • CompTIA Authorized Materials Use Policy

Lessons 3: Cryptographic concepts and Techniques

  • Cryptographic Techniques
  • Cryptographic Concepts
  • Cryptographic Implementations
  • Review All Key Topics

Lessons 4: Enterprise Storage

  • Storage Types
  • Storage Protocols
  • Secure Storage Management
  • Review All Key Topics
  • Advanced Network Design (Wired/Wireless)
  • Virtual Networking and Security Components
  • Complex Network Security Solutions for Data Flow
  • Secure Configuration and Baselining of Networking and Security Components
  • Software-Defined Networking
  • Cloud-Managed Networks
  • Network Management and Monitoring Tools
  • Advanced Configuration of Routers, Switches, and Other Network Devices
  • Security Zones
  • Network Access Control
  • Operational and Consumer Network-Enabled Devices
  • Critical Infrastructure/Supervisory Control and ...isition (SCADA)/Industrial Control Systems (ICS)
  • Review All Key Topics

Lessons 5: Security controls for hosts

  • Trusted OS
  • Endpoint Security Software
  • Host Hardening
  • Security Advantages and Disadvantages of Virtualizing Servers
  • Cloud-Augmented Security Services
  • Boot Loader Protections
  • Vulnerabilities Associated with Commingling of Hosts with Different Security Requirements
  • Virtual Desktop Infrastructure (VDI)
  • Terminal Services/Application Delivery Services
  • Trusted Platform Module (TPM)
  • Virtual TPM (VTPM)
  • Hardware Security Module (HSM)
  • Review All Key Topics

Lessons 6: Application Vulnerabilities and Security Controls

  • Web Application Security Design Considerations
  • Specific Application Issues
  • Application Sandboxing
  • Application Security Frameworks
  • Secure Coding Standards
  • Software Development Methods
  • Database Activity Monitoring (DAM)
  • Web Application Firewalls (WAF)
  • Client-Side Processing Versus Server-Side Processing
  • Review All Key Topics

Lessons 7: Business Influences and Associated Security Risks

  • Risk Management of New Products, New Technologies, and User Behaviors
  • New or Changing Business Models/Strategies
  • Security Concerns of Integrating Diverse Industries
  • Ensuring That Third-Party Providers Have Requisite Levels of Information Security
  • Internal and External Influences
  • Impact of De-perimiterization
  • Review All Key Topics

Lessons 8: Risk Mitigation Planning, Strategies, and Controls

  • Classify Information Types into Levels of CIA Based on Organization/Industry
  • Incorporate Stakeholder Input into CIA Decisions
  • Implement Technical Controls Based on CIA Requirements and Policies of the Organization
  • Determine the Aggregate CIA Score
  • Extreme Scenario/Worst-Case Scenario Planning
  • Determine Minimum Required Security Controls Based on Aggregate Score
  • Conduct System-Specific Risk Analysis
  • Make Risk Determination
  • Recommend Which Strategy Should be Applied Based on Risk Appetite
  • Risk Management Processes
  • Enterprise Security Architecture Frameworks
  • Continuous Improvement/Monitoring
  • Business Continuity Planning
  • IT Governance
  • Review All Key Topics

Lessons 9: Security, Privacy Policies, and Procedures

  • Policy Development and Updates in Light of New Business, Technology, Risks, and Environment Changes
  • Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
  • Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
  • Use Common Business Documents to Support Security
  • Use General Privacy Principles for Sensitive Information (PII)
  • Support the Development of Various Policies
  • Review All Key Topics

Lessons 10: Incident Response and Recovery Procedures

  • E-Discovery
  • Data Breach
  • Design Systems to Facilitate Incident Response
  • Incident and Emergency Response
  • Review All Key Topics

Lessons 11: Industry Trends

  • Perform Ongoing Research
  • Situational Awareness
  • Vulnerability Management Systems
  • Advanced Persistent Threats
  • Zero-Day Mitigating Controls and Remediation
  • Emergent Threats and Issues
  • Research Security Implications of New Business Tools
  • Global IA Industry/Community
  • Research Security Requirements for Contracts
  • Review All Key Topics

Lessons 12: Securing the Enterprise

  • Create Benchmarks and Compare to Baselines
  • Prototype and Test Multiple Solutions
  • Cost/Benefit Analysis
  • Metrics Collection and Analysis
  • Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
  • Review Effectiveness of Existing Security Controls
  • Reverse Engineer/Deconstruct Existing Solutions
  • Analyze Security Solution Attributes to Ensure They Meet Business Needs
  • Conduct a Lessons-Learned/After-Action Report
  • Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
  • Review All Key Topics

Lessons 13: Assesment Tools and Methods

  • Assessment Tool Types
  • Assessment Methods
  • Review All Key Topics

Lessons 14: Business Unit Collaboration

  • Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
  • Provide Objective Guidance and Impartial Recomme...or Management on Security Processes and Controls
  • Establish Effective Collaboration within Teams to Implement Secure Solutions
  • IT Governance
  • Review All Key Topics

Lessons 15: Secure Communication and Collaboration

  • Security of Unified Collaboration Tools
  • Remote Access
  • Mobile Device Management
  • Over-the-Air Technologies Concerns
  • Review All Key Topics

Lessons 16: Security Across the Technology Life Cycle

  • End-to-End Solution Ownership
  • Systems Development Life Cycle (SDLC)
  • Adapt Solutions to Address Emerging Threats and Security Trends
  • Asset Management (Inventory Control)
  • Review All Key Topics

Lessons 17: Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture

  • Secure Data Flows to Meet Changing Business Needs
  • Standards
  • Interoperability Issues
  • Technical Deployment Models
  • Logical and Physical Deployment Diagrams of Relevant Devices
  • Secure Infrastructure Design
  • Storage Integration (Security Considerations)
  • Enterprise Application Integration Enablers
  • Review All Key Topics

Lessons 18: Authenticatication and Authorization Technologies

  • Authentication
  • Authorization
  • Attestation
  • Identity Propagation
  • Federation
  • Advanced Trust Models
  • Review All Key Topics

Hands-on LAB Activities (Performance Labs)

Cryptographic concepts and Techniques

  • Understanding cryptographic terms
  • Identifying symmetric algorithms
  • Identifying sequence of sender's process for hybrid encryption
  • Identifying sequence of sender's process for digital signatures
  • Identifying cryptographic attacks
  • Understanding steganography
  • Launching Windows certificates manager
  • Identifying password cracking ways
  • Identifying symmetric and asymmetric encryptions
  • Identifying asymmetric encryption algorithms
  • Identifying public key infrastructure components

Enterprise Storage

  • Identifying encryption types

Security controls for hosts

  • Identifying TCSEC divisions levels
  • Identifying endpoint security solutions
  • Creating a virtual PC machine
  • Identifying hashing algorithms
  • Identifying cloud-augmented security services

Application Vulnerabilities and Security Controls

  • Identifying tracking vulnerabilities in software
  • Understanding cross-site scripting
  • Identifying XSS vulnerabilities
  • Viewing cookies and temporary files in IE
  • Understanding application sandboxing
  • Identifying secure coding tests
  • Understanding SOAP

Risk Mitigation Planning, Strategies, and Controls

  • Identifying attributes of symmetric and asymmetric encryption
  • Identifying quantitative analysis
  • Identifying employee controls uses
  • Identifying security governance plan
  • Identifying information security policy components

Security, Privacy Policies, and Procedures

  • Identifying information security laws
  • Understanding incident response plan
  • Identifying incident responses models
  • Identifying employee controls
  • Identifying stages of building security controls

Incident Response and Recovery Procedures

  • Identifying data backup types
  • Understanding facets of an investigation

Securing the Enterprise

  • Identifying security solution performances

Assesment Tools and Methods

  • Identifying fuzzing tools
  • Identifying the handshake process for CHAP
  • Running a security scanner to identify vulnerabilities
  • Identifying port scanning techniques
  • Cracking encrypted passwords
  • Identifying penetration testing steps

Secure Communication and Collaboration

  • Identifying protocols security issues
  • Arranging the VoIP protocols in the protocol stack
  • Identifying 802.11 standards
  • Creating and configuring a network

Security Across the Technology Life Cycle

  • Understanding SDLC activities

Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture

  • Setting up a DMZ on a SOHO router
  • Configuring a VPN client

Authenticatication and Authorization Technologies

  • Identifying biometric systems
  • Creating a remote access VPN connection
  • Identifying drawbacks of Kerberos authentication

Exam FAQs

The exam contains 90 questions.

165 minutes

Pass/Fail only. No scaled score.