Professional Documents
Culture Documents
Comptia Advanced Security Practitioner (Casp) Certification Exam Objectives
Comptia Advanced Security Practitioner (Casp) Certification Exam Objectives
Security Practitioner
(CASP) Certification
Exam Objectives
EXAM NUMBER: CAS-003
About the Exam
The CompTIA Advanced Security Practitioner (CASP) CAS-003 certification is a vendor-neutral credential.
The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge.
The CASP exam will certify the successful candidate has the technical knowledge and skills required to:
• Conceptualize, engineer, integrate and implement secure solutions across
complex environments to support a resilient enterprise
• pply critical thinking and judgment across a broad spectrum of security disciplines
A
to propose, implement and advocate sustainable security solutions that map to
organizational strategies, balance security requirements with business/regulatory
requirements, analyze risk impact and respond to security incidents
The CASP certification is aimed at IT security professionals who have:
• A minimum of ten years of experience in IT administration, including at
least five years of hands-on technical security experience
• The following recommended prerequisites: CompTIA Network+, Security+, CySA+
or equivalent experience
EXAM ACCREDITATION
The CASP certification exam is accredited by ANSI to show compliance with the ISO 17024
standard and, as such, undergoes regular reviews and updates to the exam objectives.
EXAM DEVELOPMENT
CompTIA exams result from subject-matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an entry-level IT professional.
CompTIA AUTHORIZED MATERIALS USE POLICY
CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka “brain dumps”), he/she should contact CompTIA at examsecurity@comptia.org to confirm.
PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes or tasks pertaining to each objective may also be included on the exam,
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current and the security
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be valid.
**Candidates should have basic knowledge of vendor-specific tools and technologies, as this knowledge
may be required for the CASP certification exam. CompTIA has included a sample list of hardware and
software at the end of this document to assist candidates as they prepare for the CASP exam. This list may
also be helpful for training companies that wish to create a lab component for their training offering.
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
TEST DETAILS
Required exam CAS-003
Number of questions Maximum of 90
Types of questions Multiple choice and performance-based
Length of test 165 minutes
Recommended experience Ten years of experience in IT administration, including at least
five years of hands-on technical security experience
Passing score Pass/Fail only. No scaled score.
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
1.0 Risk Management
1.1 Summarize business and industry influences
and associated security risks.
• Risk management of new products, - Policies • Impact of de-perimeterization (e.g.,
new technologies and user behaviors - Regulations constantly changing network boundary)
• New or changing business - Export controls - Telecommuting
models/strategies - Legal requirements - Cloud
- Partnerships - Geography - Mobile
- Outsourcing - Data sovereignty - BYOD
- Cloud - Jurisdictions - Outsourcing
- Acquisition/merger – • Internal and external influences - Ensuring third-party providers
divestiture/demerger - Competitors have requisite levels of
- Data ownership - Auditors/audit findings information security
- Data reclassification - Regulatory entities
• Security concerns of integrating - Internal and external
diverse industries client requirements
- Rules - Top-level management
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
1.0 Risk Management
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
2.0 Enterprise Security Architecture
2.1 Analyze a scenario and integrate network and security components,
concepts and architectures to meet security requirements.
• Physical and virtual network - IPv4 and IPv6 transitional • Security zones
and security devices technologies - DMZ
- UTM - Network authentication methods - Separation of critical assets
- IDS/IPS - 802.1x - Network segmentation
- NIDS/NIPS - Mesh networks • Network access control
- INE - Placement of fixed/mobile devices - Quarantine/remediation
- NAC - Placement of hardware - Persistent/volatile or
- SIEM and applications non-persistent agent
- Switch • Complex network security - Agent vs. agentless
- Firewall solutions for data flow • Network-enabled devices
- Wireless controller - DLP - System on a chip (SoC)
- Router - Deep packet inspection - Building/home automation systems
- Proxy - Data flow enforcement - IP video
- Load balancer - Network flow (S/flow) - HVAC controllers
- HSM - Data flow diagram - Sensors
- MicroSD HSM • Secure configuration and baselining of - Physical access control systems
• Application and protocol-aware networking and security components - A/V systems
technologies • Software-defined networking - Scientific/industrial equipment
- WAF • Network management • Critical infrastructure
- Firewall and monitoring tools - Supervisory control and
- Passive vulnerability scanners - Alert definitions and rule writing data acquisition (SCADA)
- DAM - Tuning alert thresholds - Industrial control systems (ICS)
• Advanced network design - Alert fatigue
(wired/wireless) • Advanced configuration of routers,
- Remote access switches and other network devices
- VPN - Transport security
- IPSec - Trunking security
- SSL/TLS - Port security
- SSH - Route protection
- RDP - DDoS protection
- VNC - Remotely triggered black hole
- VDI
- Reverse proxy
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
2.0 Enterprise Security Architecture
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
2.0 Enterprise Security Architecture
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
2.0 Enterprise Security Architecture
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
3.0 Enterprise Security Operations
3.1 Given a scenario, conduct a security assessment
using the appropriate methods.
• Methods - Routing tables - Internal and external audits
- Malware sandboxing - DNS records - Color team exercises
- Memory dumping, runtime debugging - Search engines - Red team
- Reconnaissance • Types - Blue team
- Fingerprinting - Penetration testing - White team
- Code review - Black box
- Social engineering - White box
- Pivoting - Gray box
- Open source intelligence - Vulnerability assessment
- Social media - Self-assessment
- Whois - Tabletop exercises
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
3.0 Enterprise Security Operations
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
4.0 Technical Integration of Enterprise Security
4.1 Given a scenario, integrate hosts, storage, networks and
applications into a secure enterprise architecture.
• Adapt data flow security to meet • Resources provisioning
changing business needs and deprovisioning
• Standards - Users
- Open standards - Servers
- Adherence to standards - Virtual devices
- Competing standards - Applications
- Lack of standards - Data remnants
- De facto standards • Design considerations during mergers,
• Interoperability issues acquisitions and demergers/divestitures
- Legacy systems and • Network secure segmentation
software/current systems and delegation
- Application requirements • Logical deployment diagram and
- Software types corresponding physical deployment
- In-house developed diagram of all relevant devices
- Commercial • Security and privacy considerations
- Tailored commercial of storage integration
- Open source • Security implications of integrating
- Standard data formats enterprise applications
- Protocols and APIs - CRM
• Resilience issues - ERP
- Use of heterogeneous components - CMDB
- Course of action - CMS
automation/orchestration - Integration enablers
- Distribution of critical assets - Directory services
- Persistence and non- - DNS
persistence of data - SOA
- Redundancy/high availability - ESB
- Assumed likelihood of attack
• Data security considerations
- Data remnants
- Data aggregation
- Data isolation
- Data ownership
- Data sovereignty
- Data volume
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
4.0 Technical Integration of Enterprise Security
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
4.0 Technical Integration of Enterprise Security
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
5.0 Research, Development
and Collaboration
5.1 Given a scenario, apply research methods to determine
industry trends and their impact to the enterprise.
• Perform ongoing research • Research security implications
- Best practices of emerging business tools
- New technologies, security - Evolving social media platforms
systems and services - Integration within the business
- Technology evolution (e.g., RFCs, ISO) - Big Data
• Threat intelligence - AI/machine learning
- Latest attacks • Global IA industry/community
- Knowledge of current - Computer emergency
vulnerabilities and threats response team (CERT)
- Zero-day mitigation - Conventions/conferences
controls and remediation - Research consultants/vendors
- Threat model - Threat actor activities
- Emerging threat sources
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
5.0 Research, Development and Collaboration
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
CASP Acronyms
The following is a list of acronyms that appear on the CASP exam. Candidates
are encouraged to review the complete list and attain a working knowledge of
all listed acronyms as part of a comprehensive exam preparation program.
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
EAP Extensible Authentication Protocol IR Incident Response
ECB Event Control Block IRC Internet Relay Chat
ECC Elliptic Curve Cryptography IS-IS Intermediate System to Intermediate System
EDR Endpoint Detection Response ISA Interconnection Security Agreement
EFS Encrypted File System ISAC Information Sharing Analysis Center
EMI Electromagnetic Interference ISMS Information Security Management System
ERP Enterprise Resource Planning ISP Internet Service Provider
ESA Enterprise Security Architecture IV Initialization Vector
ESB Enterprise Service Bus JSON JavaScript Object Notation
ESP Encapsulated Security Payload KDC Key Distribution Center
EV Extended Validation (Certificate) KPI Key Performance Indicator
FDE Full Disk Encryption KRI Key Risk Indicator
FIM File Integrity Monitoring KVM Keyboard, Video, Mouse
FTP File Transfer Protocol LAN Local Area Network
GPG GNU Privacy Guard L2TP Layer 2 Tunneling Protocol
GPO Group Policy Object LDAP Lightweight Directory Access Protocol
GPU Graphic Processing Unit LEAP Lightweight Extensible Authentication Protocol
GRC Governance, Risk and Compliance LTE Long-Term Evolution
GRE Generic Routing Encapsulation LUN Logical Unit Number
GUI Graphical User Interface MAC Mandatory Access Control
HDD Hard Disk Drive MAC Media Access Control
HIDS Host-based Intrusion Detection System MAC Message Authentication Code
HIPS Host-based Intrusion Prevention System MAM Mobile Application Management
HMAC Hashed Message Authentication Code MAN Metropolitan Area Network
HOTP HMAC-based One-Time Password MBR Master Boot Record
HSM Hardware Security Module MD5 Message Digest 5
HSTS HTTP Strict Transport Security MDM Mobile Device Management
HVAC Heating, Ventilation and Air Conditioning MEAP Mobile Enterprise Application Platform
IaaS Infrastructure as a Service MFA Multifactor Authentication
ICMP Internet Control Message Protocol MFD Multifunction Device
ICS Industrial Control System MITM Man in the Middle
IDE Integrated Development Environment MOA Memorandum of Agreement
IdM Identity Management MOU Memorandum of Understanding
IdP Identity Provider MPLS Multiprotocol Label Switching
IDS Intrusion Detection System MSA Master Service Agreement
IETF Internet Engineering Task Force MSCHAP Microsoft Challenge Handshake
IKE Internet Key Exchange Authentication Protocol
IM Instant Messaging MSS Managed Security Service
IMAP Internet Message Access Protocol MSSP Managed Security Service Provider
INE Inline Network Encryptor MTA Message Transfer Agent
IOC Indicator of Compromise MTBF Mean Time Between Failure
IoT Internet of Things MTD Maximum Tolerable Downtime
IP Internet Protocol MTP Media Transfer Protocol
IPMI Internet Protocol Multicast Initiative MTTR Mean Time to Recovery
IPS Intrusion Prevention Systems MTU Maximum Transmission Unit
IPSec Internet Protocol Security NAC Network Access Control
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
NAS Network Attached Storage QoS Quality of Service
NAT Network Address Translation R&D Research and Development
NDA Non-Disclosure Agreement RA Recovery Agent
NFC Near Field Communication RA Registration Authority
NFS Network File System RADIUS Remote Authentication Dial-in User Server
NGFW Next Generation Firewall RAID Redundant Array of Inexpensive/Independent Disks
NIDS Network Intrusion Detection System RAS Remote Access Server
NIPS Network Intrusion Prevention System RBAC Role-Based Access Control
NIST National Institute of Standards and Technology RBAC Rule-Based Access Control
NLA Network-Level Authentication RDP Remote Desktop Protocol
NOS Network Operating System REST Representational State Transfer
NSP Network Service Provider RFC Request for Comments
NTFS New Technology File System RFI Request for Information
NTLM New Technology LAN Manager RFID Radio Frequency Identification
NTP Network Time Protocol RFP Request for Proposal
OCSP Online Certificate Status Protocol RFQ Request for Quote
OLA Operating-Level Agreement ROI Return on Investment
OOB Out-of-Band RPO Recovery Point Objective
OS Operating System RSA Rivest, Shamir and Adleman
OSI Open Systems Interconnection RTBH Remotely Triggered Black Hole
OSPF Open Shortest Path First RTO Recovery Time Objective
OTP One-Time Password RTP Real-time Transport Protocol
OVAL Open Vulnerability Assessment Language S/MIME Secure/Multipurpose Internet Mail Extensions
OWASP Open Web Application Security Project SaaS Software as a Service
P2P Peer-to-Peer SAML Security Assertions Markup Language
PaaS Platform as a Service SAN Subject Alternative Name
PAP Password Authentication Protocol SAN Storage Area Network
PAT Port Address Translation SAS Statement on Auditing Standards
PBKDF2 Password-Based Key Derivation Function 2 SATCOM Satellite Communications
PBX Private Branch Exchange SCADA Supervisory Control and Data Acquisition
PCI-DSS Payment Card Industry Data Security Standard SCAP Security Content Automation Protocol
PDP Policy Distribution Point SCEP Simple Certificate Enrollment Protocol
PEAP Protected Extensible Authentication Protocol SCP Secure Copy
PEP Policy Enforcement Point SCSI Small Computer System Interface
PFS Perfect Forward Secrecy SDL Security Development Life Cycle
PGP Pretty Good Privacy SDLC Software Development Life Cycle
PII Personal Identifiable Information SED Self-Encrypting Drive
PIP Policy Information Point SELinux Security Enhanced Linux
PIR Post Incident Report SFTP Secure File Transfer Protocol
PKI Public Key Infrastructure SHA Secure Hashing Algorithm
PLC Programmable Logic Controller SIEM Security Information Event Management
POC Proof of Concept SIM Subscriber Identity Module
POTS Plain Old Telephone Service SIP Session Initiation Protocol
PPP Point-to-Point Protocol SLA Service-Level Agreement
PPTP Point-to-Point Tunneling Protocol SLE Single Loss Expectancy
PSK Pre-Shared Key SMB Server Message Block
QA Quality Assurance SMS Short Message Service
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
SMTP Simple Mail Transfer Protocol VM Virtual Machine
SNAT Source Network Address Translation VMFS VMware File System
SNMP Simple Network Management Protocol VNC Virtual Network Connection
SOA Service-Oriented Architecture VoIP Voice over IP
SOA Start of Authority VPN Virtual Private Network
SOA Statement of Applicability VRRP Virtual Router Redundancy Protocol
SOAP Simple Object Access Protocol vSAN Virtual Storage Area Network
SOC Security Operations Center VTC Video Teleconferencing
SOC Service Organization Controls vTPM Virtual Trusted Platform Module
SOE Standard Operating Environment WAF Web Application Firewall
SOP Standard Operating Procedure WAP Wireless Access Point
SOW Statement of Work WAYF Where Are You From
SOX Sarbanes-Oxley Act of 2002 WEP Wired Equivalent Privacy
SP Service Provider WIDS Wireless Intrusion Detection System
SPIM Spam over Internet Messaging WIPS Wireless Intrusion Prevention System
SPML Service Provisioning Markup Language WMI Windows Management Interface
SRTM Security Requirements Traceability Matrix WPA Wireless Protected Access
SRTP Secure Real-Time Protocol WRT Work Recovery Time
SRV Service Records WSDL Web Services Description Language
SSD Solid State Drive XACML eXtensible Access Control Markup Language
SSDLC Security System Development Life Cycle XHR XMLHttpRequest
SSH Secure Shell XMPP eXtensible Messaging and Presence Protocol
SSID Service Set Identifier XSS Cross-Site Scripting
SSL Secure Sockets Layer
SSO Single Sign-On
SSP Storage Service Provider
TACACS Terminal Access Controller Access Control System
TCO Total Cost of Ownership
TCP/IP Transmission Control Protocol/Internet Protocol
TKIP Temporal Key Integrity Protocol
TLS Transport Layer Security
TOC/TOU Time of Check/Time of Use
TOS Type of Service
TOTP Time-based One-Time Password
TPM Trusted Platform Module
TSIG Transaction Signature Interoperability Group
TTR Time to Restore
UAC User Access Control
UAT User Acceptance Testing
UDP User Datagram Protocol
UEFI Unified Extensible Firmware Interface
UPS Uninterruptable Power Supply
URL Universal Resource Locator
USB Universal Serial Bus
UTM Unified Threat Management
VDI Virtual Desktop Infrastructure
VLAN Virtual Local Area Network
CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives Version 3.0
(Exam Number: CAS-003)
CASP Proposed Hardware and Software List
CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the CASP exam. This list may also be helpful for
training companies that wish to create a lab component for their training offering.
The bulleted lists below each topic are sample lists and not exhaustive.
EQUIPMENT TOOLS
• Laptops • Spectrum analyzer
• Basic server hardware (email server/ • Antennas
Active Directory server, trusted OS) • RF hacking hardware/SDR
• Tokens
• Mobile devices (Android and iOS) SOFTWARE
• Switches (managed switch) - IPv6 capable • Virtualized appliances
• Router – IPv6 capable (wired/wireless) (firewall, IPS, SIEM solution, RSA
• Gateway authentication, Asterisk PBX)
• Firewall • Windows
• VoIP • Linux distros
• Proxy server • VMWare player/virtual box
• Load balancer • Vulnerability assessment tools
• NIPS • SSH and Telnet utilities
• HSM • Threat modeling tool
• Access points • Host IPS
• Crypto-cards • Helix software
• Smart cards • Kali and all Kali toolsets
• Smart card reader • Remediation software
• Biometric devices • GNS and associated firmware
• Arduino/Raspberry Pi • Log analysis tools
•SCADA device
OTHER
SPARE HARDWARE • Sample logs
• Keyboards • Sample network traffic (packet capture)
• Cables • Sample organizational structure
• NICs • Sample network documentation
• Power supplies • Broadband Internet connection
• External USB flash drives • 3G/4G and/or hotspot
• Computer and mobile peripheral devices
© 2017 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such
programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally.
Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduc-
tion or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 03873-Jun2017