CompTIA Advanced Security Practitioner (CASP) CAS-002

40 Hours / 12 Months / Self-Paced

Course Overview:

CompTIA CASP CAS-002 is retiring on October 2, 2018.

Gain hands-on expertise in CompTIA Advanced Security Practitioner (CASP) certification exam with this course. CASP certification is a vendor-neutral credential designed for advanced-level IT security professionals to conceptualize, design, and engineer secure solutions across complex enterprise environments. The CAS-002 exam involves an application of critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers while managing risk.  There is no required prerequisite for this course however, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

This course prepares a student to take the CompTIA Advanced Security Practitioner (CASP) CAS-002 certification exam.

Course Outline:

Lesson 1: CompTIA® Advanced Security Practitioner (CASP) CAS-002 Cert Guide
  • About the Authors
  • Dedication
  • Acknowledgments
  • About the Reviewers
  • We Want to Hear from You!
Lesson 2: Introduction
  • The Goals of the CASP Certification
  • The Value of the CASP Certification
  • CASP Exam Objectives
  • Steps to Becoming a CASP
  • CompTIA Authorized Materials Use Policy
Lesson 3: Cryptographic concepts and Techniques
  • Cryptographic Techniques
  • Cryptographic Concepts
  • Cryptographic Implementations
  • Review All Key Topics
Lesson 4: Enterprise Storage
  • Storage Types
  • Storage Protocols
  • Secure Storage Management
  • Review All Key Topics
Lesson 5: Network and security components, concepts, and Architectures
  • Advanced Network Design (Wired/Wireless)
  • Virtual Networking and Security Components
  • Complex Network Security Solutions for Data Flow
  • Secure Configuration and Baselining of Networking and Security Components
  • Software-Defined Networking
  • Cloud-Managed Networks
  • Network Management and Monitoring Tools
  • Advanced Configuration of Routers, Switches, and Other Network Devices
  • Security Zones
  • Network Access Control
  • Operational and Consumer Network-Enabled Devices
  • Critical Infrastructure/Supervisory Control and ...isition (SCADA)/Industrial Control Systems (ICS)
  • Review All Key Topics
Lesson 6: Security controls for hosts
  • Trusted OS
  • Endpoint Security Software
  • Host Hardening
  • Security Advantages and Disadvantages of Virtualizing Servers
  • Cloud-Augmented Security Services
  • Boot Loader Protections
  • Vulnerabilities Associated with Commingling of Hosts with Different Security Requirements
  • Virtual Desktop Infrastructure (VDI)
  • Terminal Services/Application Delivery Services
  • Trusted Platform Module (TPM)
  • Virtual TPM (VTPM)
  • Hardware Security Module (HSM)
  • Review All Key Topics
Lesson 7: Application Vulnerabilities and Security Controls
  • Web Application Security Design Considerations
  • Specific Application Issues
  • Application Sandboxing
  • Application Security Frameworks
  • Secure Coding Standards
  • Software Development Methods
  • Database Activity Monitoring (DAM)
  • Web Application Firewalls (WAF)
  • Client-Side Processing Versus Server-Side Processing
  • Review All Key Topics
Lesson 8: Business Influences and Associated Security Risks
  • Risk Management of New Products, New Technologies, and User Behaviors
  • New or Changing Business Models/Strategies
  • Security Concerns of Integrating Diverse Industries
  • Ensuring That Third-Party Providers Have Requisite Levels of Information Security
  • Internal and External Influences
  • Impact of De-perimiterization
  • Review All Key Topics
Lesson 9: Risk Mitigation Planning, Strategies, and Controls
  • Classify Information Types into Levels of CIA Based on Organization/Industry
  • Incorporate Stakeholder Input into CIA Decisions
  • Implement Technical Controls Based on CIA Requirements and Policies of the Organization
  • Determine the Aggregate CIA Score
  • Extreme Scenario/Worst-Case Scenario Planning
  • Determine Minimum Required Security Controls Based on Aggregate Score
  • Conduct System-Specific Risk Analysis
  • Make Risk Determination
  • Recommend Which Strategy Should be Applied Based on Risk Appetite
  • Risk Management Processes
  • Enterprise Security Architecture Frameworks
  • Continuous Improvement/Monitoring
  • Business Continuity Planning
  • IT Governance
  • Review All Key Topics
Lesson 10: Security, Privacy Policies, and Procedures
  • Policy Development and Updates in Light of New Business, Technology, Risks, and Environment Changes
  • Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
  • Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
  • Use Common Business Documents to Support Security
  • Use General Privacy Principles for Sensitive Information (PII)
  • Support the Development of Various Policies
  • Review All Key Topics
Lesson 11: Incident Response and Recovery Procedures
  • E-Discovery
  • Data Breach
  • Design Systems to Facilitate Incident Response
  • Incident and Emergency Response
  • Review All Key Topics
Lesson 12: Industry Trends
  • Perform Ongoing Research
  • Situational Awareness
  • Vulnerability Management Systems
  • Advanced Persistent Threats
  • Zero-Day Mitigating Controls and Remediation
  • Emergent Threats and Issues
  • Research Security Implications of New Business Tools
  • Global IA Industry/Community
  • Research Security Requirements for Contracts
  • Review All Key Topics
Lesson 13: Securing the Enterprise
  • Create Benchmarks and Compare to Baselines
  • Prototype and Test Multiple Solutions
  • Cost/Benefit Analysis
  • Metrics Collection and Analysis
  • Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
  • Review Effectiveness of Existing Security Controls
  • Reverse Engineer/Deconstruct Existing Solutions
  • Analyze Security Solution Attributes to Ensure They Meet Business Needs
  • Conduct a Lessons-Learned/After-Action Report
  • Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
  • Review All Key Topics
Lesson 14: Assesment Tools and Methods
  • Assessment Tool Types
  • Assessment Methods
  • Review All Key Topics
Lesson 15: Business Unit Collaboration
  • Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
  • Provide Objective Guidance and Impartial Recomme...or Management on Security Processes and Controls
  • Establish Effective Collaboration within Teams to Implement Secure Solutions
  • IT Governance
  • Review All Key Topics
Lesson 16: Secure Communication and Collaboration
  • Security of Unified Collaboration Tools
  • Remote Access
  • Mobile Device Management
  • Over-the-Air Technologies Concerns
  • Review All Key Topics
Lesson 17: Security Across the Technology Life Cycle
  • End-to-End Solution Ownership
  • Systems Development Life Cycle (SDLC)
  • Adapt Solutions to Address Emerging Threats and Security Trends
  • Asset Management (Inventory Control)
  • Review All Key Topics
Lesson 18: Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture
  • Secure Data Flows to Meet Changing Business Needs
  • Standards
  • Interoperability Issues
  • Technical Deployment Models
  • Logical and Physical Deployment Diagrams of Relevant Devices
  • Secure Infrastructure Design
  • Storage Integration (Security Considerations)
  • Enterprise Application Integration Enablers
  • Review All Key Topics
Lesson 19: Authenticatication and Authorization Technologies
  • Authentication
  • Authorization
  • Attestation
  • Identity Propagation
  • Federation
  • Advanced Trust Models
  • Review All Key Topics


This course prepares a student to take the CompTIA Advanced Security Practitioner (CASP) CAS-002 certification exam.

System Requirements:

Internet Connectivity Requirements:
  • Cable and DSL internet connections are recommended.

Hardware Requirements:
  • Minimum Pentium 400 Mhz CPU or G3 Macintosh. 1 GHz or greater CPU recommended.
  • 256MB RAM minimum. 1 GB RAM recommended.
  • 800x600 video resolution minimum. 1025x768 recommended.
  • Speakers/Headphones to listen to Dialogue steaming audio sessions.
  • A microphone to speak in Dialogue streaming audio sessions.
Operating System Requirements:
  • Windows Vista, 7, 8, 8.1, 9, 10
  • Mac OSX 10 or higher.
  • OpenSUSE Linux 9.2 or higher.
Web Browser Requirements:
  • Google Chrome is recommended.
  • Firefox 13.x or greater.
  • Internet Explorer 6.x or greater.
  • Safari 3.2.2 or greater.
Software Requirements:
  • Adobe Flash Player 6 or greater.
  • Oracle Java 7 or greater.
  • Adobe Reader 7 or greater.
Web Browser Settings:
  • Accept Cookies
  • Disable Pop-up Blocker.

**Outlines are subject to change, as courses and materials are updated.**