INTRODUCTION

Computer and network security is not an easy subject to master quickly. Practitioners take many years to acquire the knowledge and expertise needed to effectively protect their organization’s computer systems and networks—and even then, due to the ever-changing nature of the field, they must constantly study to stay on top of the most current threats and vulnerabilities associated with their systems.

The CompTIA Security+ certification is CompTIA’s entry-level security certification and one that is considered a precursor to the mastery level CompTIA Advanced Security Practitioner certification. The CompTIA Security+ exam is a vendor-neutral certification that is designed to demonstrate an individual’s competency in

Network security

Compliance and operational security

Threats and vulnerabilities

Application, data, and host security

Access control and identity management

Cryptography

The CompTIA Advanced Security Practitioner (CASP) certification is designed to follow the CompTIA Security+ certification. It is also vendor-neutral and is designed to demonstrate an individual’s competency in enterprise security, risk management, research and analysis, and integration of computing, communications, and business disciplines. The exam covers the knowledge that is necessary for an individual to be able to conceptualize, design, and engineer secure solutions across complex enterprise environments and has a technical, hands-on focus at the enterprise level. Although there is no official prerequisite for the CASP certification, it is designed for individuals who have more extensive security experience and have previously earned the Security+ (or equivalent) certification. The exam itself consists of a maximum of 80 questions, with a time limit of 150 minutes in which to complete the exam. There is no scaled scoring for this exam; it is pass/fail only. The recommended level of experience for someone intending on taking the exam is 10 years of experience in IT administration, including at least five years of hands-on technical security experience.

Exam Watch The CASP exam is a pass/fail exam, but the practice exam engine included with this book is not a pass/fail exam simulation due to the limitations of the software. A passing score on the actual CASP exam is calculated using psychometrically determined scores, and is not determined solely using the raw score. This balances test-to-test difficulty and other factors, making all passing scores comparable. Taking a single practice exam does not afford the ability to do this type of scoring, but scores less than 75% during practice should be taken as a sign that additional preparation might be a wise course of action before attempting the real certification exam.

The Four CASP Domains

The CASP certification is not designed for security managers but instead is intended for practitioners with hands-on knowledge of and experience with security. This is reflected in the relative weight given to each of the four domains covered by the certification. The four CASP domains, and their relative weights in terms of coverage, are as follows:

Enterprise Security (40 percent)

Risk Management, Policy/Procedure, and Legal (24 percent)

Research and Analysis (14 percent)

Integration of Computing, Communications, and Business Disciplines (22 percent)

When the domains listed for the CASP certification are compared with the domains provided for the Security+ certification, the hands-on focus is clearly visible. Contrast the preceding list with the 30-percent focus on General Security Concepts in Security+, the 15-percent focus on Operational/Organizational Security, or the 15-percent focus on Basics of Cryptography, and you can clearly see that Security+ is intended as an introductory certification and CASP is aimed at those with much more actual security experience.

Performance-based Exam Questions

According to CompTIA, the CASP certification is designed to be more than just a multiple-choice exam; instead, it is performance-based. The types of questions go beyond the simple multiple-choice type seen in most certification exams. Instead, the exam includes multiple types of questions, such as drag and drop, simulations, and the traditional question/answer. An individual taking the exam will find some questions presented as a scenario and will then need to launch a simulated environment. The environment will be at the level of detail appropriate for an individual with the experience recommended for individuals taking the CASP exam. The individual will then need to perform whatever task is most appropriate, given the scenario and tools or information presented for the question. With this method, CompTIA is able to go beyond a simple “textbook understanding” of the subject and can test the skill level of individuals taking the exam.

To further explain this concept of performance-based questions, we can turn to the description from CompTIA: “For performance-based items, the CASP candidate will be given a scenario/problem, and will be prompted to push a button to launch a simulated environment that is created via software. The simulated environment should be familiar to a security professional with the level of experience recommended for the CASP exam. Once the simulation is launched, the candidate will need to perform whatever tasks s/he believes appropriate, based on the given scenario and the tools/information that are provided in the question.”

CASP-Proposed Hardware and Software

Although the CASP certification is intended to be vendor-neutral, CompTIA nonetheless has provided a list of hardware and software that individuals taking the exam are expected to have some knowledge of. Some items in the list are simply types of tools that an individual might expect to see questions about, whereas others are examples of vendor-specific tools and technologies that individuals are expected to know something about. The list supplied by CompTIA is provided in Tables 1 through 3.

TABLE 1 List of Hardware Examples for the CASP Certification Exam

TABLE 2 List of Software Examples for the CASP Certification Exam

TABLE 3 List of Other Examples for the CASP Certification Exam

The Exam Readiness Checklist

The following checklist has been constructed to allow you to cross-reference the official exam objectives with the objectives as they are presented and covered in this book. This checklist includes all objectives currently listed by CompTIA as being covered on the exam. You should use this checklist as a way to gauge your readiness to take the certification exam.

Exam CAS-001

As you prepare for taking the exam, you can use this list of objectives and the associated technologies, processes, and tasks for each objective as published by CompTIA. Your studies in preparation for the exam should include not only these objectives and their associated technologies, processes, and tasks, but also other security concepts related to each objective. (CompTIA admits that their list does not include all technologies, processes, and tasks that pertain to each objective.) This study guide, therefore, attempts to present the most broad coverage possible.