Is CASP easier than CISSP?

Is CASP easier than CISSP? What material or books to you recommend for CASP?

Find more posts tagged with

Comments

I'm not going to be much help since I have not taken either exam, but there is CASP material available for free from Cybrary.

https://www.cybrary.it/course/comptia-casp/

Ertaz

Ranjnas wrote: »

Is CASP easier than CISSP? What material or books to you recommend for CASP?

I took the CISSP first and studied more for it. It is definitely more broad than the CASP, but it's much less in-depth. CASP is more about the technologies than about procedures. There is a lot of overlap between the two, but passing both requires separate materials. I recommend the pearson book for CASP and the Sybex book for the CISSP. Search the forums here. There are several threads here with notes on what it takes to pass the exam.

trueshrewkmc

I sat CASP in July 2016 and CISSP in October 2016. I thought CASP was easier than CISSP. CISSP + renewal fees to CompTIA will renew CASP if you sit CISSP second. CASP counts as 1 year of the 5 year experience requirement for CISSP. If you don't have enough paid experience to fit into the CISSP domains, you won't be a full CISSP. (Associate of ISC2 instead) There's that to consider too. (By now you're seeing my pro-CASP bias. CASP makes a nice foundation for CISSP study and you are fully CASP certified as soon as you pass.)

I agree with Ertaz on the book recommendations. If the Sybex book lags too much for you, try Eric Conrad's (Conrad, Meisnar, and Feldman) CISSP Study Guide 3rd ed. The SSCP CISSP forum is full of CISSP advice.

Mike7

I took CISSP and CASP within 3 weeks of each other. There is quite a lot of overlap between the two.

CASP has simulation questions which you will find challenging if you do not have network and systems operations experience. The theoretical questions are fairly straight forward in CASP when compared to CISSP.

Do the CASP first and CISSP later. Use the CISSP to fulfil CASP CPE renewal requirements.

ZzBloopzZ

Mike7 wrote: »

I took CISSP and CASP within 3 weeks of each other. There is quite a lot of overlap between the two.

CASP has simulation questions which you will find challenging if you do not have network and systems operations experience. The theoretical questions are fairly straight forward in CASP when compared to CISSP.

Do the CASP first and CISSP later. Use the CISSP to fulfil CASP CPE renewal requirements.

Think CASP is worth it for someone that already has the CISSP? I have never heard anyone talk about it outside of these forums. And yet I keep pondering about it.

DatabaseHead

From a national job perspective with the locale wide open, you are looking at ~1,000 position on Indeed listing it in their job req.

CEH ~2,200

CISSP ~11,500

Mike7

CASP is good for that 8570/8140 DoD position and the simulation questions makes it more a "performance-based" and less of a paper-based certification.

The simulations may not be very in-depth but do cover areas such as network switching, firewalls and patching. I expect a CASP to be more hands-on and will not be surprised if a CISSP is unable to do network subletting.

trueshrewkmc

Subnetting / subletting? Gadzooks, have you no subnet calculator or an IPV6 network? I have 4 certs (Sec+, C|EH, TCP/IP in the Enterprise aka MS MCP/MCSE, CASP) where subnetting could have come up, but I don't think I've ever had to do it for a test.

Moldygr33nb3an

ZzBloopzZ wrote: »

Think CASP is worth it for someone that already has the CISSP? I have never heard anyone talk about it outside of these forums. And yet I keep pondering about it.

No.

CASP was designed for government to supplement the CISSP requirement without having the 5 years of mandatory experience.

If you have the CISSP, you're good.

I merely did my CASP as a stepping stone to the CISSP. Plus I wanted to master CompTIA's certs. Thank OCD

Mike7

trueshrewkmc wrote: »

Subnetting / subletting? Gadzooks, have you no subnet calculator or an IPV6 network? I have 4 certs (Sec+, C|EH, TCP/IP in the Enterprise aka MS MCP/MCSE, CASP) where subnetting could have come up, but I don't think I've ever had to do it for a test.

Subnetting.. typo..
What I mean is that if you ask a CISSP about network subnets, he may not be able to answer you.

trueshrewkmc

I have to re-study subnetting every time I encounter it. It just never stuck with me. After my endorsement's done, I guess I'll be another CISSP (she) who can't answer the subnetting question. Maybe I'll just call for a CASP or a Cisco certified person to answer that subnetting question.

No_Nerd

I took CASP to meet my requirement for a DOD job. I was hedging... if I didn't pass then I would be out of a job. So I figured why not start with CASP and then go CISSP. I missed both exams before, however life has relaxed a bit and I was able to focus more .

CASP was completed Sep 16th 2016
CISSP was completed November 5th 2016

My advice ..... if you need to hedge then you can go CASP then CISSP like I did. If you just need CISSP then go for that . I felt that CASP was a nice warm-up ( confidence boost) one I passed it . The confidence boost I think helped with CISSP .

ZzBloopzZ

trueshrewkmc wrote: »

I have to re-study subnetting every time I encounter it. It just never stuck with me. After my endorsement's done, I guess I'll be another CISSP (she) who can't answer the subnetting question. Maybe I'll just call for a CASP or a Cisco certified person to answer that subnetting question.

I also have to re-learn subnetting everytime too. I understand the overall concept of it, but the rare few times I needed it I would just use an online calculator. Same with converting bits to decimals, never needed to use that in real life.

Mike7

For some reason, I get subnetting questions in my exams. Guess I was lucky.
Anyway, heard this story about a CISSP who failed the Security+ exam.

Moldygr33nb3an

I sat down and watched the ipv4 subnetting courses on CBT Nuggets. Mastered the **** out of it. I could subnet the entire world with one IP address if asked....

.....then a week went by.

Pretty much forgot it all....

Watch the videos again.... This time I could subnet the galaxy with half an ip address.

Then a week would go by and I would forget it.

I did this - I'm not even kidding - 3 times.

Here I sit. Feeling handicapped. Show me an IPv4 IP address and i'll just scratch my head. Masks and prefixes stuck, but don't you dare ask me to subnet a single IP address.

I think I'll learn it again. I learn it quicker every time.

*SIGH*

Mike7

This week, I had to connect to a subnet and proceed to add a static route with the correct subnet.
Noticed that a PC had a 169.254.X.X IP address.
My ISP DNS was under DDoS attack so I configured my DNS to 8.8.8.8. In a previous engagement, a security consultant told us to block connections from 8.8.8.8 but was unable to explain why.
A co-worker was troubleshooting connectivity issues and asked why internet IP is unable to connect to his box at 172.31.X.X.
While looking through firewall logs, I noticed a lot of connections to 17.0.0.0/8 subnet. Who is using a iOS device?

I still use a subnet calculator for some calculations.
Apply what you learn and you will remember.

Moldygr33nb3an

Help me out Mike. Why would a PC be getting a 169 address unless the DHCP server was down? Plus wouldn't NAT alone still provide a host with a private 192 address? Assuming this device is in a SOHO hiding behind a router. I'm failing to see the how an ISP DNS server would affect a host in a LAN? Was this before NAT?

Mike7

My bad, the above are all unrelated scenarios that involve networks, so do not link them today.

The point is having network knowledge can help in security work. A SANS instructor recalled that in her first job, she reported an attack from internet IP address of 192.168.X.X.

. Having a CISSP does not mean you are a security guru. Neither does it mean that a CASP is very technical hands-on What we can agree is that CASP exam is more technical while CISSP is more managerial in their exam focus. The more you learn, the more you realize you do not know.

GeekyChick

Moldygr33nb3an wrote: »

I sat down and watched the ipv4 subnetting courses on CBT Nuggets. Mastered the **** out of it. I could subnet the entire world with one IP address if asked....

.....then a week went by.

Pretty much forgot it all....

Watch the videos again.... This time I could subnet the galaxy with half an ip address.

Then a week would go by and I would forget it.

I did this - I'm not even kidding - 3 times.

Here I sit. Feeling handicapped. Show me an IPv4 IP address and i'll just scratch my head. Masks and prefixes stuck, but don't you dare ask me to subnet a single IP address.

I think I'll learn it again. I learn it quicker every time.

*SIGH*

That is hilarious!! Sounds familiar too! I forget way too fast. Also, I always have a problem with the broadcast address and I don't know why.

Moldygr33nb3an

Agree. I know some CISSP's that know their stuff. I also know CISSPs that sat through a bootcamp and couldn't tell you the difference between a Trojan and worm. I'm a project manager so I don't get the hands on as much as I want. All my hands-on is done at home behind the scenes. As much as I love my job, I want to **** the presentations and spreadsheets and get back into the fray.