Toll Free: 1.877.290.9507 | Direct:708.689.0131

CASP Training

CompTIA Advanced Security Practitioner Boot Camp

The CompTIA Advanced Security Practitioner (CASP) certification designates IT professionals with advanced-level security skills and knowledge.

The CASP certification is an international, vendor-neutral exam that proves competency in enterprise security; risk management; research and analysis; and integration of computing, communications, and business disciplines.

The exam covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers. For more detailed information, view the exam objectives.

While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

CompTIA is an ANSI accredited Certifier - 0731. The CASP program is included in the scope of this accreditation. The CASP certification may be kept current through the CompTIA Continuing Education program.

 

Information about this course:

$-,---

View Course Pricing

Note: This course is currently only offered as an onsite

CASP Course Highlights
  • Highest Pass-Rates. Exam Pass Guarantee!
  • Extending mentoring by CompTIA instructors
  • Immersive and refined training environment. Leave Certified.

The lists of examples provided in bulleted format below each objective are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each objective may also be included on the exam although not listed or covered in this objectives document.

1.0 Enterprise Security

1.1 Distinguish which cryptographic tools and techniques are appropriate for a givensituation.

  • Cryptographic applications and proper implementation
  • Advanced PKI concepts
    • Wild card
    • OCSP vs. CRL
    • Issuance to entities
    • Users
    • Systems
    • Applications
  • Implications of cryptographic methods and design
    • Strength vs. performance vs. feasibility to implement vs. interoperability
  • Transport encryption
  • Digital signature
  • Hashing
  • Code signing
  • Non-repudiation
  • Entropy
  • Pseudo random number generation
  • Perfect forward secrecy
  • Confusion
  • Diffusion

1.2 Distinguish and select among different types of virtualized, distributed and shared computing

  • Advantages and disadvantages of virtualizing servers and minimizing physical space requirements
  • VLAN
  • Securing virtual environments, appliances and equipment
  • Vulnerabilities associated with a single physical server hosting multiple companies’ virtual machines
  • Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines
  • Secure use of on-demand / elastic cloud computing
    • Provisioningo
    • De-provisioning
    • Data remnants
  • Vulnerabilities associated with co-mingling of hosts with different security requirements
  • VMEscape Privilege elevation
  • Virtual Desktop Infrastructure (VDI)
  • Terminal services

1.3 Explain the security implications of enterprise storage

  • Virtual storage
  • NAS
  • SAN
  • vSAN
  • iSCSI
  • FCOE
  • LUN masking
  • HBA allocation
  • Redundancy (location)
  • Secure storage management
    • Multipath
    • Snapshots
    • Deduplication

1.4 Integrate hosts, networks, infrastructures, applications and storage into secure comprehensive solutions

  • Advanced network design
    • Remote access
    • Placement of security devices
    • Critical infrastructure / Supervisory Control and Data Acquisition
    • (SCADA)
    • VoIP
    • IPv6
  • Complex network security solutions for data flow
  • Secure data flows to meet changing business needs
  • Secure DNS
    • Securing zone transfer
    • TSIG
  • Secure directory services
    • LDAP
    • AD
    • Federated ID
    • Single sign on
  • Network design consideration
    • Building layouts
  • Multitier networking data design considerations
  • Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
  • Secure infrastructure design (e.g. decide where to place certain devices)
  • Storage integration (security considerations)
  • Advanced configuration of routers, switches and other network devices
    • Transport security
    • Trunking security
    • Route protection
  • ESB
  • SOA
  • SIEM
  • Database Access Monitor (DAM)
  • Service enabled
  • WS-security

1.5 Distinguish among security controls for hosts

  • Host-based firewalls
  • Trusted OS (e.g. how and when to use it)
  • End point security software
    • Anti-malware
    • Anti-virus
    • Anti-spyware
    • Spam filters
  • Host hardening
    • Standard operating environment
    • Security/group policy implementation
    • Command shell restrictions
    • Warning banners
    • Restricted interfaces
  • Asset management (inventory control)
  • Data exfiltration
  • HIPS / HIDS
  • NIPS/NIDS

 

1.6 Explain the importance of application security

  • Web application security design considerations
    • Secure: by design, by default, by deployment
  • Specific application issues
    • XSS
    • Click-jacking
    • Session management
    • Input validation
    • SQL injection
  • Application sandboxing
  • Application security frameworks
    • Standard libraries
    • Industry accepted approaches
  • Secure coding standards
  • Exploits resulting from improper error and exception handling
  • Privilege escalation
  • Improper storage of sensitive data
  • Fuzzing/false injection
  • Secure cookie storage and transmission
  • Client-side processing vs. server-side processing
    • AJAX
    • State management
    • JavaScript
  • Buffer overflow
  • Memory leaks
  • Integer overflows
  • Race conditions
    • Time of check
    • Time of use
  • Resource exhaustion

 

1.7 Given a scenario, distinguish and select the method or tool that is appropriate to conduct an assessment

  • Tool type
    • Port scanners
    • Vulnerability scanners
    • Protocol analyzer
    • Switchport analyzer
    • Network enumerator
    • Password cracker
    • Fuzzer
    • HTTP interceptor
    • Attacking tools/frameworks
  • Methods
    • Vulnerability assessment
    • Penetration testing
    • Black box
    • White box
    • Grey Box
    • Fingerprinting
    • Code review
    • Social engineering

 

2.0 Risk Management, Policy / Procedure and Legal

2.1 Analyze the security risk implications associated with business decisions

  • Risk management of new products, new technologies and user behaviors
  • New or changing business models/strategies
    • Partnerships
    • Outsourcing
    • Mergers
  • Internal and external influences
    • Audit findings
    • Compliance
    • Client requirements
    • Top level management
  • Impact of de-perimiterization (e.g. constantly changing network boundary)
    • Considerations of enterprise standard operating environment (SOE) vs. allowing personally managed devices onto corporate networks

2.2 Execute and implement risk mitigation strategies and controls

  • Classify information types into levels of CIA based on organization/industry
  • Determine aggregate score of CIA
  • Determine minimum required security controls based on aggregate score
  • Conduct system specific risk analysis
  • Make risk determination
    • Magnitude of impact
    • Likelihood of threat
  • Decide which security controls should be applied based on minimum requirements
    • Avoid
    • Transfer
    • Mitigate
    • Accept
  • Implement controls
  • ESA frameworks
  • Continuous monitoring

2.3 Explain the importance of preparing for and supporting the incident response and recovery process

  • E-Discovery
    • Electronic inventory and asset control
    • Data retention policies
    • Data recovery and storage
    • Data ownership
    • Data handling
  • Data breach
    • Recovery
    • Minimization
    • Mitigation and response
  • System design to facilitate incident response taking into account types of violations
    • Internal and external
    • Privacy policy violations
    • Criminal actions
    • Establish and review system event and security logs
  • Incident and emergency response

2.4 Implement security and privacy policies and procedures based on organizational requirements.

  • Policy development and updates in light of new business, technology and environment changes
  • Process/procedure development and updated in light of policy, environment and business changes
  • Support legal compliance and advocacy by partnering with HR, legal, management and other entities
  • Use common business documents to support security
    • Interconnection Security Agreement (ISA)
    • Memorandum of Understanding (MOU)
    • Service Level Agreement (SLA)
    • Operating Level Agreement (OLA)
    • Non-Disclosure Agreement (NDA)
    • Business Partnership Agreement (BPA)
  • Use general privacy principles for PII / Sensitive PII
  • Support the development of policies that contain
    • Separation of duties
    • Job rotation
    • Mandatory vacation
    • Least privilege
    • Incident response
    • Forensic tasks
    • On-going security
    • Training and awareness for users
    • Auditing requirements and frequency

3.0 Research and Analysis

3.1 Analyze industry trends and outline potential impact to the enterprise

  • Perform on-going research
    • Best practices
    • New technologies
    • New security systems and services
    • Technology evolution (e.g. RFCs, ISO)
  • Situational awareness
    • Latest client-side attacks
    • Threats
    • Counter zero day
    • Emergent issues
  • Research security implications of new business tools
    • Social media/networking
    • Integration within the business (e.g. advising on the placement of company material for the general public)
  • Global IA industry/community
    • Conventions
    • Attackers
    • Emerging threat sources
  • Research security requirements for contracts
    • Request for Proposal (RFP)
    • Request for Quote (RFQ)
    • Request for Information (RFI)
    • Agreements

3.2 Carry out relevant analysis for the purpose of securing the enterprise

  • Benchmark
  • Prototype and test multiple solutions
  • Cost benefit analysis (ROI, TCO)
  • Analyze and interpret trend data to anticipate cyber defense aids
  • Review effectiveness of existing security
  • Reverse engineer / deconstruct existing solutions
  • Analyze security solutions to ensure they meet business needs
    • Specify the performance
    • Latency
    • Scalability
    • Capability
    • Usability
    • Maintainability
    • Availability (MTTR, MTBF)
  • Conduct a lessons-learned / after-action review
  • Use judgment to solve difficult problems that do not have a best solution
  • Conduct network traffic analysis

 

4.0 Integration of Computing, Communications and Business Disciplines

4.1 Integrate enterprise disciplines to achieve secure solutions

  • Interpreting security requirements and goals to communicate with other disciplines
    • Programmers
    • Network engineers
    • Sales staff
  • Provide guidance and recommendations to staff and senior management on security processes and controls
  • Establish effective collaboration within teams to implement secure solutions
  • Disciplines
    • Programmer
    • Database administrator
    • Network administrator
    • Management
    • Stake holders
    • Financial
    • HR
    • Emergency response team
    • Facilities manager
    • Physical security manager

4.2 Explain the security impact of inter-organizational change

  • Security concerns of interconnecting multiple industries
    • Rules, policies and regulations
  • Design considerations during mergers, acquisitions and de-mergers
  • Assuring third party products - only introduce acceptable risk
    • Custom developed
    • COTS
  • Network secure segmentation and delegation
  • Integration of products and services

4.3 Select and distinguish the appropriate security controls with regard to communications and collaboration

  • Unified communication security
    • Web conferencing
    • Video conferencing
    • Instant messaging
    • Desktop sharing
    • Remote assistance
    • Presence
    • Email
    • Telephony
  • VoIP security
  • VoIP implementation
  • Remote access
  • Enterprise configuration management of mobile devices
  • Secure external communications
  • Secure implementation of collaboration platforms
  • Prioritizing traffic (QoS)
  • Mobile devices
    • Smart phones, IP cameras, laptops, IP based devices

4.4 Explain advanced authentication tools, techniques and concepts

  • Federated identity management (SAML)
  • XACML
  • SOAP
  • Single sign on
  • SPML
  • Certificate based authentication
  • Attestation

4.5 Carry out security activities across the technology life cycle

  • End to end solution ownership
  • Understanding results of solutions in advance
    • Operational activities
    • Maintenance
    • Decommissioning
    • General change management
  • Systems Development Life Cycle
    • Security System Development Life Cycle (SSDLC) / Security
  • Development Life Cycle (SDL)
    • Security Requirements Traceability Matrix (SRTM)
  • Adapt solutions to address emerging threats and security trends
  • Validate system designs

Click here to get more information about this class!

Instantly View Course Syllabus and price

View Course Calendar

Unfortuantely, no public enrollment courses currently match your criteria. Contact Us Here to find out other options with this class.

Click Here for Live Online Network+ Boot Camp

Select the type of training that best fits your schedule and learning style!

Live, Online, Self-Paced, Classroom - contact us for details on each.

Self-Paced

Streaming Only

Base Course. Best for refresher courses

  • Easy Online Access
  • Expert Instructor
  • High Quality Content
  • Self-Paced Training
Self-Paced

Mentored Online

Most popular self-pace option.

  • Online & Offline Playback (DVD,mobile)
  • Expert Instructor
  • Highest Quality Content
  • Self-Paced Mentored Training
  • Mentor & Live Instructor Support
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Hands-On Exercises
Classroom

Instructor-Led

Our top rated trainign experience

  • Live Classroom
  • Expert Instructor constantly available
  • Highest Quality Content
  • Self-Paced Training (optional add-on)
  • Extensive Live Instructor Support
  • Our highest pass rate course version
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Hands-On Exercises
Classroom

Live Online

As close to the classroom from home

  • Live Classroom
  • Expert Instructor constantly available
  • Highest Quality Content - 90% Pass
  • Self-Paced Training (optional add-on)
  • Extensive Live Instructor Support
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Hands-On Exercises

See what our students are saying:

The course materials were clear and to the point. The labs really help you understand what was going on. I had an amazing instructor. I was overly impressed by his knowledge and skills.

- Anthony Pierce
ICF International - Jacob & Sundstrom

awesome. The course was exciting and not only covered exam prep, but also explained how things work in the wild.

- Vincent Chapman
US Army

Great instructor. He was very open to conversation and well versed in the material. Enjoyed his teaching style.

- Jeffrey Wiley
US Census Bureau

Best instructor I have had in IT field

- Dominic Monteleone - 10DPT
Mountain Lion Consulting

Awesome! I couldn't have asked for a better teacher.

- Sergio Silva
Compustar C.A.

Instructor was very intelligent and had lots of experience to draw on, outside of the written paterial that made it more interesting. I was very pleased with him.

- Sandra L. Speck
Sandra Speck Company

Instructor demonstrated advanced knowledge of the subject matter as well as INFOSEC in general. He provided us with all of the tools and reference materials we needed to perform the DIACAP process. The course materials are great!

- TR Piller
none

Excellent instructor. One of the best I have had in over 27 years in the IT business. Genuinely cared about the students understanding the subject material and their success in passing the exam. She taught how to think and reason to pass the test. That is something not found in any text book.

- Craig Calder
[[Unknown]]

The instructor was very knowledgeable about the pen testing and ethical hacking. He was great in delivering the lectures, lab and was very helpful in having us complete the capture the flag exercises. In addition, he provided valuable insight about security in general and pen testing in particular.

- Tijan Drammeh
University of Maryland University College

Prerequisites?

**Candidates should have basic knowledge of vendor specific tools and technologies, as this knowledge may be required for the CompTIA CASP Certification Exam.

CASP Proposed Hardware and Software List

Equipment

  • Laptops
  • Virtualized appliances (firewall, IPS, SIEM solution, RSA authentication, Asterisk PBX)
  • Basic server hardware (Email server/active directory server, trusted OS)
  • Basic NAS (―Free NAS‖)
  • Tokens
  • Mobile devices
  • 2 switches (managed switch) – IPv6 capable
  • Router - IPv6 capable
  • Gateway
  • WAP
  • WAF
  • IPv6 and IPv4
  • Proxy server
  • Load balancer
  • CA server

Spare hardware

  • NICs
  • Power supplies
  • External USB flash drive
  • Access points
Certifications

ASA

States