CASP-Advanced Security Practitioner V2.0 (Course & Lab)

(CAS-002-complete)/ISBN:978-1-61691-542-1

This course includes
Lessons
TestPrep
Lab

Gain hands-on expertise in the CompTIA CASP certification exam with CASP Advanced Security Practitioner V2.0 course and performance-based labs. Performance-based labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training. The study guide provides complete coverage of the CompTIA CASP CAS-002 exam objectives and includes topics such as risk impact analysis, responding to security incidents, translating business needs into security requirements, and many more. The CompTIA CASP course is designed for advanced-level IT security professionals to conceptualize, design, and engineer secure solutions across complex enterprise environments.

Here's what you will get

The CompTIA CASP certification is a globally-recognized widely-trusted vendor-neutral credential. This certification validates your expertise in the field of enterprise security; risk management and incident response; technical integration of enterprise components; integration of computing; communications and business disciplines. This certification exam can take you the to dignified group of professionals that will enhance your career prospects.

Lessons

10+ Lessons | 200+ Exercises | 102+ Quizzes | 269+ Flashcards | 166+ Glossary of terms

TestPrep

90+ Pre Assessment Questions | 2+ Full Length Tests | 81+ Post Assessment Questions | 161+ Practice Test Questions

Hand on lab

98+ LiveLab | 33+ Video tutorials | 22+ Minutes

Here's what you will learn

Download Course Outline

Lessons 1: Cryptographic Tools and Techniques

  • The History of Cryptography
  • Cryptographic Services
  • Symmetric Encryption
  • Asymmetric Encryption
  • Hybrid Encryption
  • Hashing
  • Digital Signatures
  • Public Key Infrastructure
  • Implementation of Cryptographic Solutions
  • Cryptographic Attacks
  • Summary
  • Exam Essentials

Lessons 2: Comprehensive Security Solutions

  • Advanced Network Design
  • TCP/IP
  • Secure Communication Solutions
  • Secure Facility Solutions and Network Infrastructure Design
  • Summary
  • Exam Essentials

Lessons 3: Securing Virtualized, Distributed, and Shared Computing

  • Enterprise Security
  • Cloud Computing
  • Virtualization
  • Virtual LANs
  • Virtual Networking and Security Components
  • Enterprise Storage
  • Summary
  • Exam Essentials

Lessons 4: Host Security

  • Firewalls and Network Access Control Lists
  • Trusted Operating System
  • Endpoint Security Software
  • Anti-malware
  • Host Hardening
  • Asset Management
  • Data Exfiltration
  • Intrusion Detection and Prevention
  • Network Management, Monitoring, and Security Tools
  • Summary
  • Exam Essentials

Lessons 5: Application Security and Penetration Testing

  • Application Security Testing
  • Specific Application Issues
  • Application Sandboxing and Application Security Framework
  • Secure Coding Standards
  • Application Exploits
  • Cookie Storage and Transmission
  • Malware Sandboxing
  • Process Handling at the Client and Server
  • Security Assessments and Penetration Testing
  • Summary
  • Exam Essentials

Lessons 6: Risk Management

  • Risk Terminology
  • Identifying Vulnerabilities
  • Operational Risks
  • The Risk Assessment Process
  • Summary
  • Exam Essentials

Lessons 7: Policies, Procedures, and Incident Response

  • A High-Level View of Documentation
  • Business Documents Used to Support Security
  • Documents and Controls Used for Sensitive Information
  • Auditing Requirements and Frequency
  • The Incident Response Framework
  • Incident and Emergency Response
  • Summary
  • Exam Essentials

Lessons 8: Security Research and Analysis

  • Apply Research Methods to Determine Industry Trends and Impact to the Enterprise
  • Analyze Scenarios to Secure the Enterprise
  • Summary
  • Exam Essentials

Lessons 9: Enterprise Security Integration

  • Integrate Enterprise Disciplines to Achieve Secure Solutions
  • Integrate Hosts, Storage, Networks, and Applications into a Secure Enterprise Architecture
  • Summary
  • Exam Essentials

Lessons 10: Security Controls for Communication and Collaboration

  • Selecting the Appropriate Control to Secure Communications and Collaboration Solutions
  • Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives
  • Implement Security Activities across the Technology Life Cycle
  • Summary
  • Exam Essentials

Hands-on LAB Activities (Performance Labs)

Cryptographic Tools and Techniques

  • Understanding cryptographic terms
  • Identifying symmetric algorithms
  • Identifying symmetric and asymmetric encryptions
  • Identifying asymmetric encryption algorithms
  • Identifying sequence of sender's process for hybrid encryption
  • Identifying hashing algorithms
  • Identifying sequence of sender's process for digital signatures
  • Identifying attributes of symmetric and asymmetric encryption
  • Identifying public key infrastructure components
  • Launching Windows certificates manager
  • Identifying encryption types
  • Identifying the handshake process for CHAP
  • Understanding steganography
  • Creating a user password
  • Identifying cryptographic attacks

Comprehensive Security Solutions

  • Creating and configuring a network
  • Identifying network authentication methods
  • Identifying 802.11 standards
  • Identifying the network topology
  • Identifying remote access methods
  • Configuring NPS network policy
  • Configuring NPS to provide RADIUS authentication
  • Creating a remote access VPN connection
  • Arranging the VoIP protocols in the protocol stack
  • Performing a wireless site survey
  • Using Windows remote access
  • Configuring a VPN client
  • Spoofing MAC addresses with SMAC
  • Identifying TCP/IP protocol layers
  • Identifying TCP/IP layers
  • Identifying IPV4 and IPV6 differences
  • Configuring IPv4 address
  • Configuring and testing IPv6 addresses
  • Understanding the ipconfig command
  • Analyzing the TCP/IP configuration with netstat
  • Identifying IPv4 classful address ranges
  • Identifying IPv4 header
  • Identifying IPv6 header
  • Identifying protocols security issues
  • Analyzing network paths with tracert
  • Using the netsh command
  • Releasing and renewing an IP address
  • Testing the existence of other hosts
  • Identifying drawbacks of Kerberos authentication
  • Filtering entries in Event Viewer
  • Configuring Internet settings on a router
  • Setting up a DMZ on a SOHO router

Securing Virtualized, Distributed, and Shared Computing

  • Understanding software-defined networking
  • Identifying cloud services model
  • Identifying cloud-augmented security services
  • Identifying virtual network components
  • Creating a virtual PC machine
  • Setting VLAN ID on a network adapter
  • Working with a host-based IDS

Host Security

  • Identifying traffic command syntax formats
  • Identifying Information models
  • Identifying evaluation assurance levels
  • Identifying endpoint security solutions
  • Installing security software
  • Installing MBSA
  • Running the MBSA tool
  • Running a security scanner to identify vulnerabilities
  • Using the Windows command-line interface (CLI)
  • Identifying the change management process
  • Identifying data exfiltration methods
  • Identifying IDS components
  • Identifying Intrusion detection key terms
  • Identifying sequence in which the IDS instructs the TCP to reset connections

Application Security and Penetration Testing

  • Identifying application test types
  • Understanding cross-site scripting
  • Understanding application sandboxing
  • Understanding SDLC activities
  • Identifying secure coding tests
  • Viewing cookies and temporary files in IE
  • Identifying DoS tools
  • Identifying password cracking ways
  • Identifying penetration testing steps
  • Identifying port scanning techniques
  • Identifying fuzzing tools

Risk Management

  • Identifying tracking vulnerabilities in software
  • Identifying information security laws
  • Identifying quantitative analysis

Policies, Procedures, and Incident Response

  • Identifying information security policy components
  • Identifying employee controls
  • Understanding incident response plan
  • Identifying incident responses models

Security Research and Analysis

  • Identifying XSS vulnerabilities
  • Identifying biometric systems
  • Cracking encrypted passwords
  • Exploring the Nagios tool
  • Identifying security solution performances

Enterprise Security Integration

  • Identifying stages of building security controls
  • Identifying security governance plan
  • Identifying employee controls uses
  • Identifying risk tests

Security Controls for Communication and Collaboration

  • Using TeamViewer to connect two computers
  • Understanding SOAP
  • Identifying TCSEC divisions levels

Exam FAQs

  • Minimum ten years of experience in IT administration
  • Minimum five years of hands-on technical security experience

USD 439

Pricing and taxes may vary from country to country.

Multiple choice and performance-based questions

The exam contains 90 questions.

165 minutes

Pass/Fail only. No scaled score is provided.

CAS-002 examination, CompTIA's retake policies are:

  1. If a Candidate has passed an exam (or multiple exams) and achieved a certification, he/she cannot take the exam again, using the same exam code, without prior consent from CompTIA.
  2. CompTIA beta examinations may only be taken one time by each candidate.
  3. A test found to be in violation of the retake policy will be invalidated and the candidate may be subject to a suspension period. Repeat violators will be permanently banned from participation in the CompTIA Certification Program.
  4. Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer any free re-tests or discounts on retakes.

CompTIA CASP certification are valid for three years from the date the candidate is certified, after which the certification holder will need to renew their certification via CompTIA's Continuing Education Program.