Cart Subtotal: $0.00

Welcome Student!

  • Contact Us
  • (888) 840-2378
  • Tech Support: (866) 830-9276
  • Click here to chat!

CompTIA Advanced Security Practitioner - CASP - CAS-002

SKU# 188405

Availability: In stock

$199.00

$59.00

Secure shopping trustmarks

Quick Overview

CompTIA Advanced Security Practitioner - CASP - CAS-002

QuickCert Exam Pass Guarantee

QuickCert’s online IT training programs are guaranteed to get you certified – or we will pay for your make-up exam. Our quality online IT courseware, packed with instruction, exercises, practice exams and test simulators will ensure you pass the exam. Learn more.

Course Description

CompTIA's CASP - CompTIA Advanced Security Practitioner , is a vendor-neutral certification that validates IT professionals with advanced-level security skills and knowledge. This certification course covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers, while managing risk.

There is no required prerequisite for this course however, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

This CASP training course follows the CompTIA authorized objectives, ensuring you receive the training and knowledge needed to succeed.

CompTIA CASP - CompTIA Advanced Security Practitioner Exam Objectives


Domain % of Examination
1.0 Enterprise Security 30%
2.0 Risk Management and Incident Response 20%
3.0 Research and Analysis 18%
4.0 Integration of Computing, Communications and Business Disciplines 16%
5.0 Technical Integration of Enterprise Components 16%
Syllabus

CompTIA CASP - CompTIA Advanced Security Practitioner - Course CAS-002 Curriculum

Introduction

Course Overview

Module 1 - Business Influences and Associated Security Risks

Risk Management
Business Model Strategies
Integrating Diverse Industries
Third Party Information Security and Providers
Internal and External Influences
Impact of De-Perimeterization

Module 2 - Risk Mitigation Planning - Strategies and Controls

CIA Triad
Business Classifications
Information Life Cycle and Steak-Holder Input
Implementing Technical Controls
Determine Aggregate CIA Score
Worst Case Scenario Planning
Calculation Tools and Attacker Motivation
Return Of Investment
Total Cost of Ownership and Risk Strategies
Risk Management Process
Identifying Vulnerabilities and Threats
Security Architecture Frameworks
Business Continuity Planning
IT Governance
Security Policies

Module 3 - Security-Privacy Policies and Procedures

Policy Development Updates
Developing Processes and Procedures
Legal Compliance
Security Policy Business Documents
Outage Impact and Estimating Downtime Terms
Sensitive Information-Internal Security Policies
Incident Response Process
Forensic Tasks
Employment and Termination Procedures
Network Auditing

Module 4 - Incident Response and Recovery Procedures

E-Discovery and Data Retention Policies
Data Recovery-Storage and Backup Schemes
Data Owner and Data Handling
Disposal Terms and Concepts
Data Breach and Data Analysis
Incident Response Guidelines
Incident and Emergency Response
Media-Software and Network Analysis
Order of Volatility

Module 5 - Industry Trends

Performing Ongoing Research
Security Practices
Evolution of Technology
Situational Awareness and Vulnerability Assessments
Researching Security Implications
Global Industry Security Response
Threat Actors
Contract Security Requirements
Contract Documents

Module 6 - Securing the Enterprise

Benchmarks and Baselines
Prototyping and Testing Multiple Solutions
Cost/Benefit Analysis
Metrics Collection and Trend Data
Security Controls-Reverse Engineering and Deconstructing
Security Solutions Business Needs
Lesson Learned- After Action Report

Module 7 - Assessment Tools and Methods

Port Scanners and Vulnerability Scanners
Protocol Analyzer- Network Enumerator-Password Cracker
Fuzzers and HTTP Interceptors
Exploitation Tools
Passive Reconnaissance Tools
Vulnerability Assessments and Malware Sandboxing
Memory Dumping and Penetration Testing
Reconnaissance and Fingerprinting
Code Review
Social Engineering

Module 8 - Social Cryptographic Concepts and Techniques

Cryptographic Benefits and Techniques
Hashing Algorithms
Message Authentication Code
Cryptographic Concepts
Transport Encryption Protocol
Symmetric Algorithms
Asymmetric Algorithms
Hybrid Encryption and Digital Signatures
Public Key Infrastructure
Digital Certificate Classes and Cypher Types
Des Modes
Cryptographic Attacks
Strength vs Performance and Cryptographic Implementations

Module 9 - Enterprise Storage

Virtual Storage Types and Challenges
Cloud Storage
Data Warehousing
Data Archiving
Storage Area Networks (SANs) and (VSANs)
Network Attached Storage (NAS)
Storage Protocols and Fiber Channel over Ethernet (FCoE)
Storage Network File Systems
Secure Storage Management Techniques
LUN Masking/Mapping and HBA Allocation
Replication and Encryption Methods

Module 10 - Network and Security Components-Concepts-Security Architectures

Remote Access Protocols
IPv6 and Transport Encryption
Network Authentication Methods
802.1x and Mesh Networks
Security Devices
Network Devices
Firewalls
Wireless Controllers
Router Security and Port Numbers
Network Security Solutions
Availability Controls-Terms and Techniques
Advanced Router and Switch Configuration
Data Flow Enforcement of Applications and Networks
Network Device Accessibility and Security

Module 11 - Security Controls for Hosts

Trusted Operation Systems
Endpoint Security Software and Data Loss Prevention
Host Based Firewalls
Log Monitoring and Host Hardening
Standard Operating Environment and Group Policy Security
Command Shell Restrictions
Configuring and Managing Interface Security
USB-Bluetooth-Firewire Restrictions and Security
Full Disk Encryption
Virtualization Security
Cloud Security Services
Boot Loader Protections
Virtual Host Vulnerabilities
Virtual Desktop Infrastructure
Terminal Services
Virtual TPM

Module 12 - Application Vulnerabilities and Security Controls

Web Application Security Design
Specific Application Issues
Session Management
Input Validation
Web Vulnerabilities and Input Mitigation Issues
Buffer Overflow and other Application Issues
Application Security Framework
Web Service Security and Secure Coding Standards
Software Development Methods
Monitoring Mechanisms and Client-Server Side Processing
Browser Extensions and Other Web Development Techniques

Module 13 - Host-Storage-Network and Application Integration

Securing Data Flows
Standards Concepts
Interoperability Issues
In House Commercial and Customized Applications
Cloud and Virtualization Models
Logical and Physical Deployment Diagrams
Secure Infrastructure Design
Storage Integration Security
Enterprise Application Integration Enablers

Module 14 - Authentication and Authorization Technologies

Authentication and Identity Management
Password Types-Management and Policies
Authentication Factors
Biometrics
Dual-Multi Factor and Certificate Authentication
Single Sign On Issues
Access Control Models and Open Authorization
Extensible Access Control Markup Language (XACML)
Service Provisioning Markup Language (SPML)
Attestation and Identity Propagation
Federation and Security Assertion Markup Language (SAML)
OpenID-Shibboleth and WAYF
Advanced Trust Models

Module 15 - Business Unit Collaboration

Identifying and Communicating Security Requirements
Security Controls Recommendations
Secure Solutions Collaboration

Module 16 - Secure Communication and Collaboration

Web-Video Conferencing-Instant Messaging
Desktop Sharing
Presence Guidelines
Email Messaging Protocol
Telephony-VoIP and Social Media
Cloud Based Collaboration
Remote Access and IPsec
Mobile and Personal Device Management
Over Air Technology Concerns
WLAN Concepts-Terms-Standards
WLAN Security and Attacks

Module 17 - Security Across the Technology Life Cycle

End to End Solution Ownership
System Development Life Cycle
Security Implications of Software Development Methodologies
Asset Management
Course End

Instructor Bio

Troy McMillan
Security+

Troy became a professional trainer 12 years ago teaching Cisco, Microsoft, Comptia and Wireless classes. Troy also is a courseware developer. His work in this area includes wireless training materials for Motorola in 2011 and instructor materials for a series of books by Sybex on Windows Server 2008 R2 in 2011. Troy’s book, CCNA Essentials by Sybex Publishing, was released in November 2011, and has been chosen as the textbook for both online and instructor led classes at several colleges in the US. Troy has also authored, contributed, and/or edited multiple books, guides, and exams covering IT topics including VMware, Network+, Security+, A+, Windows 7, CCNA, CISSP, and CASP. Troy currently resides in Atlanta, Georgia.

Reviews
Write Your Own Review

You're reviewing: CompTIA Advanced Security Practitioner - CASP - CAS-002

  •  
    1 star
    2 stars
    3 stars
    4 stars
    5 stars
    Price
    Value
    Quality

* Required Fields

Free Demo