Passed CASP

MickyDeeMickyDee Member Posts: 32 ■■■□□□□□□□
I passed the CASP exam yesterday, and let me tell you, it was quite the doozy. My test had 80 questions, with nine of them being simulations! 5 of them were drag and drop and the other ones involved modifying firewall rules, downloading and installing a patch, one that involved crashing a server and another about implementing controls within a certain budget.

Prep:

I used the Abernathy book and the question bank from that.
I used the Sybex book for the question bank only.
I listened to Kelly Handerhan’s audio for the CASP while traveling back and forth to work.
I used the CASP exam objectives and ensured I knew something about each item on the objectives. Google and YouTube are your friends to fill in gaps.
I also recently finished a MS in InfoSec; this is unnecessary for the exam ;).

Tips:
Know SaaS, PaaS, and all of the cloud based iterations and acronyms.
Know SLE, ALE, etc.
Know what DNSSEC is and what it is used for.
Know Kerberos, SAML, etc. and what they are used for.
Know your ports, especially HTTP and HTTPS.
This is both a technical and a managerial test. However, I found that more of the managerial answers were the most correct to the questions.

Finally, don’t take this exam lightly. I felt pretty good for the bulk of the questions, but I was still unsure if I was going to pass when I hit submit; mainly due to the difficulty of some of the sims. Some of the questions I had no idea about and had to guess, others I was able to narrow down to two correct answers.

As for me, I am glad that I am finished with the exam. My next cert goal will be the CySA+, because of the DoD and future employment plans. I plan on taking the CISSP sometime next year, as I don’t have the time to focus on the exam at the moment. Feel free to reach out if you have any questions, especially as CAS-002 will be expiring soon and I have a feeling CompTIA will be making all of their exams more difficult going forwards.

Comments

  • mikey88mikey88 CISSP, CySA+, Security+, Network+ and others Member Posts: 493 ■■■■■■□□□□
    MickyDee wrote: »
    My next cert goal will be the CySA+, because of the DoD and future employment plans.

    Congrats on the pass. You already achieved a higher level cert though.
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • MickyDeeMickyDee Member Posts: 32 ■■■□□□□□□□
    Yes, but the CySA+ covers most of the CSSP boxes in the 8570 chart and I have no intention of wasting my time or money on the CEH; since it has so many negative reviews.
  • johndoeejohndoee Member Posts: 152 ■■■□□□□□□□
    MickyDee wrote: »
    Yes, but the CySA+ covers most of the CSSP boxes in the 8570 chart and I have no intention of wasting my time or money on the CEH; since it has so many negative reviews.


    I don't see how you could say 8570 and CEH in the same sentence and come up with something bad. Truth be told CYSA produces a two digit response on indeed. CASP produces around 1400 and CEH around twice the amount of CASP.

    Are you a leader or a follower? It's about a position, job security, money. You have to take more into consideration. I am neutral though. But, don't let us dictate your future. I could bet money that recruiters are more familiar with CEH for various reasons than other certs you mentioned.
  • TK1799_stTK1799_st Member Posts: 111
    MickyDee wrote: »
    Yes, but the CySA+ covers most of the CSSP boxes in the 8570 chart and I have no intention of wasting my time or money on the CEH; since it has so many negative reviews.

    DOD is now re-vamping everything they thought about CEH. You are right, right now inside the IT domains of DOD they are dumping CEH because it's not what everyone thinks it is....they are looking towards and in most cases, looking at CySA+ or something else. CASP is also equal to most positions unless the hiring manager is a CISSP, then they will require it. The 8750 is goign out and the 8140 is inbound. It really comes down to resume language and interviewing by passing the knowledge over -- most clients in DOD will accept it and realize that some cert's that were once required - now are open to others. Like the OSCP - eLearnSecurity is just as good -- so, it comes down to the technical interview and proving you know what you have via cert's. Right now, they are re-designing their pen test teams and the red teaming aspects where CEH is totally been dropped off the list of requirements. Not saying if you have it -- but they want to see more than just CEH.

    Security+ce, CASP, eCPPT, CPTE, CISSP, GCIH, GFOR, GPEN, OSCP are usually the bases for alot of cyber positions.... big companies like NSS Plus told me personally that CySA+ is becoming the minimal cert they want to have for their cyber sec analyst. Just what I'm seeing on the DoD level right now...
  • averageguy72averageguy72 Senior Member Member Posts: 320 ■■■■□□□□□□
    Congrats!
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • PersianImmortalPersianImmortal Member Posts: 124
    Congratulations!!!
  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Member Posts: 400 ■■■□□□□□□□
    Congrats on the pass!
    Three year plan: (2018) CISSP [X] and eJPT [ ]; (2019) eCPPT [ ]; (2020) OSCP [ ]
  • roxerroxer Member Posts: 130 ■■■□□□□□□□
    Thanks for the information and Excellent JOB!! I want to take it before the test changes. I am hoping it is a bit easier than the CISSP study material wise. Hopefully my CISSP knowledge is adequate for a start.
  • novicenovice1novicenovice1 Registered Users Posts: 2 ■□□□□□□□□□
    First off, congratulations on your
    CASP
    ! This question can be for anyone who wishes to respond. I have my Sec+ and am going for my
    CASP
    , but I need to understand what the
    CASP
    objectives are asking. How does one study for each objective when they are vague and there are multiple systems/applications/solutions in use? How does one "decipher" what the objectives are talking about? From my research,
    CASP
    is a big jump from SEC+. Thanks.
Sign In or Register to comment.