CompTIA CASP+ Intro
CompTIA Advanced Security Practitioner (CASP+) is an advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterprise’s cybersecurity readiness.
Official CompTIA CASP+ (CAS-004) is suited for the following jobs.
- Security Architect
- Senior Security Engineer
- SOC Manager
- Security Analyst
- IT Cybersecurity Specialist/INFOSEC Specialist
- Cyber Risk Analyst
Skills and Competencies Acquired:
- Architect, engineer, integrate, and implement secure solutions across complex environments
to support a resilient enterprise.
- Consider the impact of governance, risk and compliance requirements throughout the enterprise
- CASP+ is the only hands-on, performance-based certification for advanced practitioners
- Unlike other certifications, CASP+ covers both security architecture and engineering
- It is the only certification that qualifies technical leaders to assess cyber readiness within an enterprise, and design and implement solutions to ensure the organization is ready for the next attack.
The Official CompTIA CASP+ (CAS-004) Student Guide eBook
- Content mapped to CASP+ exam objectives (CAS-004)
- Videos present real-world cybersecurity scenarios from experts’ experience
- Practice questions that check for understanding
- Access to the CompTIA Learning Center
Full On-Demand Video Lectures for CompTIA CASP+ (CAS-003)
What you’ll learn
The Official CompTIA CASP+ Student Guide (CAS-004) has been developed by CompTIA for the CompTIA CASP+ candidate. Rigorously evaluated to validate coverage of the CompTIA CASP+ (CAS-004) exam objectives, The Official CompTIA CASP+ Instructor and Student Guides teach the knowledge and skills to understand security architecture, security operations, security engineering and cryptography, governance, risk and compliance, and prepare candidates to take the CompTIA CASP+ certification exam.
Authorized Official CompTIA Course.
You will receive a certificate from Cyber Studies Institute after the course
You will also have the option to sit for the The Official CompTIA CASP+ Exam (CAS-004)
The Official CompTIA Advanced Security Practitioner (CASP+) Student Guide (Exam CAS-004) eBook
Table of Contents
Lesson 1: Perform Risk Management Activities
Lesson 2: Summarizing Governance & Compliance Strategies
Lesson 3: Implementing Business Continuity & Disaster Recovery
Lesson 4: Identifying Infrastructure Services
Lesson 5: Performing Software Integration
Lesson 6: Explain Virtualization, Cloud and Emerging Technology
Lesson 7: Exploring Secure Configurations and System Hardening
Lesson 8: Understanding Security Considerations of Cloud and Specialized Platforms
Lesson 9: Implementing Cryptography
Lesson 10: Implementing Public Key Infrastructure (PKI)
Lesson 11: Architecting Secure Endpoints
Lesson 12: Summarizing IIoT & IoT Concepts
Appendix A: Mapping Course Content to CompTIA CASP+ (CAS-004)
Full On-Demand Video Lectures for CompTIA CASP+ (CAS-003)
Module 1 – Risk Management
In this module, you will learn how to identify and mitigate security risks.
1. Summarize business and industry influences and associated security risks.
• In this topic, you will learn about risk management, emerging business strategies, security
concerns of integrating diverse industries, internal and external influences, and the impact
of de-perimeterization on an organization’s security.
2. Compare and contrast security, privacy policies and procedures based on organizational requirements
• In this topic, you will learn about policy and process life cycle management, supporting legal compliance, common security-related business documents and their requirements, general privacy principles, and developing standard security practice policies.
3. Given a scenario, execute risk mitigation strategies and controls
• In this topic, you will learn how to implement CIA in data categorization, impact-level decisions, and control implementation. You will learn about extreme scenario planning, making risk determinations, translating technical risks into business terms and recommending a risk strategy and management process. You will also learn about continuous process improvement, business continuity planning, IT governance, and enterprise resilience.
4. Analyze risk metric scenarios to secure the enterprise
• In this topic, you will review the effectiveness of, and deconstruct, existing security controls, test and analyze security solutions, compare benchmarks to baselines, interpret
cybersecurity trend data, and use judgment to solve problems.
Module 2 – Enterprise Security Architecture
1. Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements
• In this topic, you will learn about physical and virtual network and security devices, application- and protocol-aware technologies, advanced network design concepts and
device configuration, and complex network security solutions. You will also learn about software-defined networking, network management tools, security zones and network access control, other network-enabled devices, and critical infrastructure.
2. Analyze a scenario to integrate security controls for host devices to meet security requirements
• In this topic, you will learn about Trust OS, endpoint security, host hardening, boot loader protection, hardware vulnerabilities, and terminal services.
3. Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements
• In this topic, you will learn about enterprise mobility management including security and privacy concerns. You will also learn about wearable technology.
4. Given software vulnerability scenarios, select appropriate security controls
• In this topic, you will learn about application security design considerations, specific application issues, sandboxing and encrypted enclaves, database activity monitoring, web application firewalls, client-side and server-side processing, OS vulnerabilities, and firmware vulnerabilities.
Module 3 – Enterprise Security Operations
1. Given a scenario, conduct a security assessment using the appropriate methods
• In this topic, you will learn about security assessment methodologies and types.
2. Analyze a scenario or output, and select the appropriate tool for a security assessment
• In this topic, you will learn about network, host, and physical security tool types.
3. Given a scenario, implement incident response and recovery procedures
• In this topic, you will learn about e-discovery, data breaches, incident detection and emergency response, tools for incident response, incident severity and post-incident response.
Module 4 – Technical Integration of Enterprise Security
1. Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture
• In this topic, you will adapt data flow security to meet changing business needs, incorporate standards, address interoperability and resilience issues, describe data security
considerations, and explain resource provisioning. You will also learn about design considerations during mergers and demergers, secure network segmentation, logical and
physical deployment diagrams, and security implications in storage and enterprise application integration.
2. Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture
• In this topic, you will learn about technical deployment models, virtualization, cloud services, the risk of comingling hosts with different security requirements, data security
considerations and resource provisioning/deprovisioning.
3. Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives
• In this topic, you will learn about authentication, authorization, attestation, identity proofing, identity propagation, federation, and trust models.
4. Given a scenario, implement cryptographic techniques
• In this topic, you will learn about different cryptographic techniques and implementations.
5. Given a scenario, select the appropriate control to secure communications and collaboration solutions
• In this topic, you will learn about remote access and unified collaboration tools.
Module 5 – Research, Development and Collaboration
In this topic, you will update your knowledge of managing Windows 10 in an enterprise, including managing a mobile workforce and an overview of Enterprise Mobility + Security.
1. Given a scenario, apply research methods to determine industry trends and their impact to the enterprise
• In this topic, you will learn about performing ongoing research including threat intelligence, emerging tools, and the global IA industry/community.
2. Given a scenario, implement security activities across the technology life cycle
• In this topic, you will learn about the SDLC and other systems/software development methodologies, adapt solutions to address emerging threats, and asset management.
3. Explain the importance of interaction across diverse business units to achieve security goals
• In this topic, you will learn how to interpret and communicate security goals with diverse stakeholders, provide guidance to staff and senior management on security processes and controls, and establish security collaboration and a governance committee.