The CompTIA Advanced Security Practitioner (CASP) certification is a popular certification for those in the security field. Although many vendor-specific networking certifications are popular in the industry, the CompTIA CASP certification is unique in that it is vendor neutral. The CompTIA CASP certification often acts as a stepping-stone to more specialized and vendor-specific certifications, such as those offered by ISC2.
In the CompTIA CASP exam, the topics are mostly generic in that they can apply to many security devices and technologies, regardless of vendor. Although the CompTIA CASP is vendor neutral, devices and technologies are implemented by multiple independent vendors. In that light, several of the examples associated with this book include using particular vendors’ configurations and technologies. More detailed training regarding a specific vendor’s software and hardware can be found in books and training specific to that vendor.
The goal of this book is to assist you in learning and understanding the technologies covered in the CASP CAS-003 blueprint from CompTIA. This book also helps you demonstrate your knowledge by passing the CAS-003 version of the CompTIA CASP exam.
To aid you in mastering and understanding the CASP + certification objectives, this book provides the following tools:
Opening topics list: This list defines the topics that are covered in the chapter.
Key Topics icons: These icons indicate important figures, tables, and lists of information that you need to know for the exam. They are sprinkled throughout each chapter and are summarized in table format at the end of each chapter.
Memory tables: These can be found on the companion website and in Appendix B, “Memory Tables,” and Appendix C, “Memory Tables Answer Key.” Use them to help memorize important information.
Key terms: Key terms without definitions are listed at the end of each chapter. Write down the definition of each term and check your work against the Glossary.
For current information about the CompTIA CASP certification exam, visit https://certification.comptia.org/certifications/comptia-advanced-security-practitioner.
Readers of this book will range from people who are attempting to attain a position in the IT security field to people who want to keep their skills sharp or perhaps retain their job when a company policy mandates that they take the new exams.
This book is also for readers who want to acquire additional certifications beyond the CASP certification (for example, the CISSP certification and beyond). The book is designed in such a way to offer easy transition to future certification studies.
Read the chapters in this book, jotting down notes with key concepts or configurations on a separate notepad.
Download the current list of exam objectives by submitting a form at http://certification.comptia.org/examobjectives.aspx.
Use the practice exam, which is included on this book’s companion website. As you work through the practice exam, note the areas where you lack confidence and review those concepts. After you review these areas, work through the practice exam a second time and rate your skills. Keep in mind that the more you work through a practice exam, the more familiar the questions become, and the practice exam becomes a less accurate indicator of your skills.
After you work through a practice exam a second time and feel confident with your skills, schedule the real CompTIA CASP exam (CAS-003). The following website provides information about registering for the exam: www.pearsonvue.com/comptia/.
Table 1 lists general exam topics (objectives) and specific topics under each general topic (subobjectives) for the CompTIA CASP CAS-003 exam. This table lists the primary chapter in which each exam topic is covered. Note that many objectives and subobjectives are interrelated and are addressed in multiple chapters.
Chapter |
CAS-003 Exam Objective |
CAS-003 Exam Subobjective |
1 Business and Industry Influences and Associated Security Risks |
1.1 Summarize business and industry influences and associated security risks. |
|
2 Security, Privacy Policies, and Procedures |
1.2 Compare and contrast security, privacy policies and procedures based on organizational requirements. |
|
3 Risk Mitigation Strategies and Controls |
1.3 Given a scenario, execute risk mitigation strategies and controls. |
|
4 Risk Metric Scenarios to Secure the Enterprise |
1.4 Analyze risk metric scenarios to secure the enterprise. |
|
5 Network and Security Components, Concepts, and Architectures |
2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements. |
|
6 Security Controls for Host Devices |
2.2 Analyze a scenario to integrate security controls for host devices to meet security requirements. |
|
7 Security Controls for Mobile and Small Form Factor Devices |
2.3 Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements. |
|
8 Software Vulnerability Security Controls |
2.4 Given software vulnerability scenarios, select appropriate security controls. |
|
9 Security Assessments |
3.1 Given a scenario, conduct a security assessment using the appropriate methods. |
|
10 Select the Appropriate Security Assessment Tool |
3.2 Analyze a scenario or output, and select the appropriate tool for a security assessment. |
|
11 Incident Response and Recovery |
3.3 Given a scenario, implement incident response and recovery procedures. |
|
12 Host, Storage, Network, and Application Integration |
4.1 Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture. |
|
13 Cloud and Virtualization Technology Integration |
4.2 Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture. |
|
14 Authentication and Authorization Technology Integration |
4.3 Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives. |
|
15 Cryptographic Techniques |
4.4 Given a scenario, implement cryptographic techniques. |
|
16 Secure Communication and Collaboration |
4.5 Given a scenario, select the appropriate control to secure communications and collaboration solutions. |
|
17 Industry Trends and Their Impact to the Enterprise |
5.1 Given a scenario, apply research methods to determine industry trends and their impact to the enterprise. |
|
18 Security Activities Across the Technology Life Cycle |
5.2 Given a scenario, implement security activities across the technology life cycle. |
|
19 Business Unit Interaction |
5.3 Explain the importance of interaction across diverse business units to achieve security goals. |
|
Although this book could be read cover-to-cover, it is designed to be flexible and allow you to easily move between chapters and sections of chapters to cover just the material that you need more work with. However, if you do intend to read all the chapters, the order in the book is an excellent sequence to use.
In addition to the 19 main chapters, this book includes tools to help you verify that you are prepared to take the exam. The companion website also includes a practice test and memory tables that you can work through to verify your knowledge of the subject matter.
Register this book to get access to the Pearson Test Prep practice test software and other study materials plus additional bonus content. Check this site regularly for new and updated postings written by the author that provide further insight into the more troublesome topics on the exam. Be sure to check the box that you would like to hear from us to receive updates and exclusive discounts on future editions of this product or related products.
To access this companion website, follow these steps:
Go to www.pearsonITcertification.com/register and log in or create a new account.
Enter the ISBN: 9780789759443.
Answer the challenge question as proof of purchase.
Click the Access Bonus Content link in the Registered Products section of your account page, to be taken to the page where your downloadable content is available.
Please note that many of our companion content files can be very large, especially image and video files.
If you are unable to locate the files for this title by following the steps just listed, please visit www.pearsonITcertification.com/contact and select the Site Problems/Comments option. Our customer service representatives will assist you.
As noted previously, this book comes complete with the Pearson Test Prep practice test software, containing two full exams. These practice tests are available to you either online or as an offline Windows application. To access the practice exams that were developed with this book, please see the instructions in the card inserted in the sleeve in the back of the book. This card includes a unique access code that enables you to activate your exams in the Pearson Test Prep software.
Note
The cardboard sleeve in the back of this book includes a piece of paper. The paper lists the activation code for the practice exams associated with this book. Do not lose the activation code. On the opposite side of the paper from the activation code is a unique, one-time-use coupon code for the purchase of the Premium Edition eBook and Practice Test.
The online version of the Pearson Test Prep software can be used on any device with a browser and connectivity to the Internet, including desktop machines, tablets, and smartphones. To start using your practice exams online, simply follow these steps:
Select Pearson IT Certification as your product group.
Enter the email/password for your account. If you don’t have an account on PearsonITCertification.com or CiscoPress.com, you need to establish one by going to PearsonITCertification.com/join.
In the My Products tab, click the Activate New Product button.
Enter the access code printed on the insert card in the back of your book to activate your product. The product is now listed in your My Products page.
Click the Exams button to launch the exam settings screen and start your exam.
If you wish to study offline, you can download and install the Windows version of the Pearson Test Prep software. There is a download link for this software on the book’s companion website, or you can just enter this link in your browser: http://www.pearsonitcertification.com/content/downloads/pcpt/engine.zip.
To access the book’s companion website and the software, simply follow these steps:
Register your book by going to PearsonITCertification.com/register and entering the ISBN: 9780789759443.
Respond to the challenge questions.
Go to your account page and select the Registered Products tab.
Click the Access Bonus Content link under the product listing.
Click the Install Pearson Test Prep Desktop Version link under the Practice Exams section of the page to download the software.
When the software finishes downloading, unzip all the files on your computer.
Double-click the application file to start the installation and follow the onscreen instructions to complete the registration.
When the installation is complete, launch the application and click Activate Exam button on the My Products tab.
Click the Activate a Product button in the Activate Product Wizard.
Enter the unique access code found on the card in the sleeve in the back of your book and click the Activate button.
Click Next and then the Finish button to download the exam data to your application.
You can now start using the practice exams by selecting the product and clicking the Open Exam button to open the exam settings screen.
Note that the offline and online versions will sync together, so saved exams and grade results recorded on one version will be available to you on the other as well.
When you are in the exam settings screen, you can choose to take exams in one of three modes:
Study Mode
Practice Exam Mode
Flash Card Mode
Study Mode allows you to fully customize your exams and review answers as you are taking the exam. This is typically the mode you would use first to assess your knowledge and identify information gaps. Practice Exam Mode locks certain customization options, as it is presenting a realistic exam experience. Use this mode when you are preparing to test your exam readiness. Flash Card Mode strips out the answers and presents you with only the question stem. This mode is great for late stage preparation when you really want to challenge yourself to provide answers without the benefit of seeing multiple choice options. This mode will not provide the detailed score reports that the other two modes will, so it should not be used if you are trying to identify knowledge gaps.
In addition to these three modes, you will be able to select the source of your questions. You can choose to take exams that cover all of the chapters or you can narrow your selection to just a single chapter or the chapters that make up specific parts in the book. All chapters are selected by default. If you want to narrow your focus to individual chapters, simply deselect all the chapters then select only those on which you wish to focus in the Objectives area.
You can also select the exam banks on which to focus. Each exam bank comes complete with a full exam of questions that cover topics in every chapter. The two exams printed in the book are available to you as well as two additional exams of unique questions. You can have the test engine serve up exams from all four banks or just from one individual bank by selecting the desired banks in the exam bank area.
There are several other customizations you can make to your exam from the exam settings screen, such as the time of the exam, the number of questions served up, whether to randomize questions and answers, whether to show the number of correct answers for multiple answer questions, or whether to serve up only specific types of questions. You can also create custom test banks by selecting only questions that you have marked or questions on which you have added notes.
If you are using the online version of the Pearson Test Prep software, you should always have access to the latest version of the software as well as the exam data. If you are using the Windows desktop version, every time you launch the software, it will check to see if there are any updates to your exam data and automatically download any changes that were made since the last time you used the software. This requires that you are connected to the Internet at the time you launch the software.
Sometimes, due to many factors, the exam data may not fully download when you activate your exam. If you find that figures or exhibits are missing, you may need to manually update your exams.
To update a particular exam you have already activated and downloaded, simply select the Tools tab and select the Update Products button. Again, this is only an issue with the desktop Windows application.
If you wish to check for updates to the Pearson Test Prep exam engine software, Windows desktop version, simply select the Tools tab and select the Update Application button. This will ensure you are running the latest version of the software engine.
Exam candidates never really know whether they are adequately prepared for the exam until they have completed about 30% of the questions. At that point, if you are not prepared, it is too late. The best way to determine your readiness is to work through the chapter questions at the end of each chapter and to review the foundation and key topics. It is best to work your way through the entire book unless you can complete each subject without having to do any research or look up any answers.
This book also includes an exclusive offer for 70% off the Premium Edition eBook and Practice Tests edition of this title. Please see the coupon code included with the cardboard sleeve for information on how to purchase the Premium Edition.
3.95.231.212