Passing the CASP - © 2012 Eric Conrad

Passing the CompTIA CASP Exam

Eric Conradhttp://ericconrad.comeric@backshore.net

Title of Course - © 2009 SANS 2Passing the CASP - ©2012 Eric Conrad 2

The CASP (CAS-001) Exam

• The CompTIA Advanced Security Practitioner Certification Exam is a logical follow-on to Security+– Exam is vendor-neutral

• According to CompTIA:The exam covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.1

[1] http://certification.comptia.org/getCertified/certifications/casp.aspx

Title of Course - © 2009 SANS 3Passing the CASP - ©2012 Eric Conrad 3

CASP Compared to Other Exams

• CASP is like a harder version of Security+– More in-depth knowledge required– Performance-based questions also

(currently) set it apart • …or a more technical CISSP

– Less fuzzy– Somewhat easier, depending on your

strengths

Title of Course - © 2009 SANS 4Passing the CASP - ©2012 Eric Conrad 4

Mastery-Level Certification

• CASP is CompTIA’s first mastery-level certification

• A higher level than their professional Series, which includes:– Security+– Network+– A+– Etc...

Title of Course - © 2009 SANS 5Passing the CASP - ©2012 Eric Conrad 5

CASP Prerequisites

• CompTIA recommends 10 years of IT experience including 5 years hands-on

While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, ―hands-on focus at the enterprise level.1

• This is a recommendation only: no experience requirement is enforced

[1] http://www.comptia.org/Libraries/Exam_Objectives/casp_objectives.sflb.ashx

Title of Course - © 2009 SANS 6Passing the CASP - ©2012 Eric Conrad 6

CASP Exam Questions

• Must answer up to 80 questions in 150 minutes– Recent exam featured 73 questions– Questions are multiple choice and also include

drag/drop simulations– Exam includes unmarked research questions

that do not count towards final score• Immediate pass/fail result is provided at

exam completion– No numeric score is provided

Title of Course - © 2009 SANS 7Passing the CASP - ©2012 Eric Conrad 7

CASP Exam Review

• Exam takers may flag questions for later review

• If there is time remaining at the end of the exam, a summary of answered questions appears– Flagged questions are highlighted

• Exam taker may change answers at this point:– Review any question– Review all questions

Title of Course - © 2009 SANS 8Passing the CASP - ©2012 Eric Conrad 8

CASP Questions

• Most of the exam questions are multiple choice– Each question has 4 or more answers– Must choose the best 1, 2 or 3 answers– Number of required answers is clearly

indicated• Exam requires the BEST or MOST

correct answer

Title of Course - © 2009 SANS 9Passing the CASP - ©2012 Eric Conrad 9

Performance-based Questions

• Each exam will feature a number of “performance-based” questions:Performance-based questions require exam candidates to perform a task or solve a problem within a simulated IT environment to demonstrate specific knowledge or skills1

• Security+, Network+ and A+ will have these kinds of questions added shortly

[1] http://certification.comptia.org/news/12-08-07/CompTIA_Exams_to_Include_Performance-Based_Questions.aspx

Title of Course - © 2009 SANS 10Passing the CASP - ©2012 Eric Conrad 10

Performance-based Questions Description

• Similar to (but simpler than) simulation questions featured in Cisco exams

• Include:– Drag-drop solution in a simulated

application– Simple command-line

• These questions may take considerably more time to answer than multiple choice questions

Title of Course - © 2009 SANS 11Passing the CASP - ©2012 Eric Conrad 11

Exam Prep: Sample Questions

• CompTIA has 10 CASP sample questions available– http://certification.comptia.org/Training/

testingcenters/samplequestions.aspx– Very representative of multiple choice exam

questions– No official performance-based sample

questions yet• Darril Gibson also has unofficial (but

excellent) sample CASP questions available– http://blogs.getcertifiedgetahead.com/casp-sample-

questions/

Title of Course - © 2009 SANS 12Passing the CASP - ©2012 Eric Conrad 12

Exam Prep: Read the Objectives

• Download the CASP exam objectives– http://www.comptia.org/Libraries/

Exam_Objectives/casp_objectives.sflb.ashx

• Read the whole thing– Including the glossary– Understand every concept described– Be able to map every acronym,

forwards and backwards

Title of Course - © 2009 SANS 13Passing the CASP - ©2012 Eric Conrad 13

Exam Advice: Acronyms Are Key

• Mapping acronyms forwards and backwards is a key exam skill

• For example: “Which of the following allows logical access control to a shared drive?”A. LUNB. HBAC. iSCSID. FCoE

• Answer: A. LUN (Logical Unit Number), which acts as an ACL for a networked file system

Title of Course - © 2009 SANS 14Passing the CASP - ©2012 Eric Conrad 14

Exam Advice: Manage Time

• You will have roughly 2 minutes per question– Simulation questions will take longer– Even advanced test takers have reported

some time pressure during the exam• If you are stuck on a question for a long

time, answer it quickly and flag it for later review

• Extra practice quizzing before your exam will help increase your exam speed and stamina

Title of Course - © 2009 SANS 15Passing the CASP - ©2012 Eric Conrad 15

CASP Exam Outline

Domain % of Exam

Enterprise Security 40

Risk Management, Policy/Procedure and Legal

24

Research & Analysis 14

Integration of Computing, Communications, and Business Disciplines

22

Title of Course - © 2009 SANS 16Passing the CASP - ©2012 Eric Conrad 16

Domain 1

• Enterprise Security (40% of exam)– Virtualized, distributed and shared computing– Cryptographic tools and techniques – Enterprise storage– Network infrastructure, and secure applications and

storage– Host-based security– Application security– Security Assessment tools

Title of Course - © 2009 SANS 17Passing the CASP - ©2012 Eric Conrad 17

Domain 2

• Risk Management, Policy / Procedure and Legal (24% of exam)– Analyze the security risk implications associated with

business decisions– Execute and implement risk mitigation strategies and

controls– Explain the importance of preparing for and

supporting the incident response and recovery process

– Implement security and privacy policies and procedures based on organizational requirements.

Title of Course - © 2009 SANS 18Passing the CASP - ©2012 Eric Conrad 18

Domain 3

• Research & Analysis (14% of exam)– Analyze industry trends and outline potential impact

to the enterprise– Carry out relevant analysis for the purpose of

securing the enterprise

Title of Course - © 2009 SANS 19Passing the CASP - ©2012 Eric Conrad 19

Domain 4

• Integration of Computing, Communications and Business Disciplines (22% of exam)– Primary focus is on successful integration of

security process into an enterprise business– Security permeates the entire enterprise– Key roles and their security responsibilities– Ensuring business communications are secured– Organizational Authentication frameworks– Ensure security is considered during the entire

lifecycle of data and systems

Title of Course - © 2009 SANS 20Passing the CASP - ©2012 Eric Conrad 20

Notable Topics Not on the Exam

• The CASP objectives are specific– And fairly exclusionary

• If a major topic isn’t mentioned in the objectives, there are no in-depth exam questions

• For example: wireless is not covered beyond general best practices– For example, encrypt data in motion

Title of Course - © 2009 SANS 21Passing the CASP - ©2012 Eric Conrad 21

Scheduling an Exam

• Exams are held at 3rd-party computer-based testing centers– Pearson Vue currently offers the CASP exam

• To schedule an exam, go to CompTIA’s exam page– http://certification.comptia.org/getCertified/

certifications/casp.aspx– Click on “Find a testing center”

• Current US exam cost is $329– Costs for other countries listed at:

http://certification.comptia.org/Training/testingcenters/examprices.aspx

– Exam is currently offered in English only

Title of Course - © 2009 SANS 22Passing the CASP - ©2012 Eric Conrad 22

CASP Updates Other CompTIA Certs

• If you hold another CompTIA certification such as Security+, passing the CASP renews it

• Keeping CASP CEU’s up to date keeps all other CompTIA certifications current– If you have multiple CompTIA certifications

you only need to pay the annual fees and earn CEU’s for the highest level certification you are renewing. By earning a ‘ce’ designation on the highest level cert you would automatically be granted ‘ce’ designations for the lower level certifications as well.1

Title of Course - © 2009 SANS 23Passing the CASP - ©2012 Eric Conrad 23

CASP Renewal

• The CASP certification is valid for 3 years• Two renewal options:

– 75 Continuing Education Units (CEU) per cycle– Retaking the exam

• Each CEU requires roughly 1 hour of information security training– Writing or presenting information security information

generates more CEUs– CEU program requires $49 annual administration fee

Title of Course - © 2009 SANS 24Passing the CASP - ©2012 Eric Conrad 24

SANS Security 528

• SANS Security 528 is a brand-new 5-day course covering the CASP exam

• We are planning to schedule a beta run in a few months, most likely in the DC area

• If you are interested (including outside the DC area), please let me know– If there’s enough interest in a given area, I will

try and make it happen there– Email me at eric@backshore.net

Title of Course - © 2009 SANS 25Passing the CASP - ©2012 Eric Conrad 25

Thank you!

• Email eric@backshore.net with any questions

• I posted a copy of these slides to http://ericconrad.com