I passed CAS-003!!
I have been a long time lerker and created an account because there really has not been any recent posts about the CASP. First off, I was under the gun to get this certification rather quickly. I failed once after studying for a few months, and just retook the exam today. I still thought I failed. As for my background, I am a a contractor for the DoD as a sys admin right now, and have 6 years of experience in numerous analyst/sysadmin/security roles. I have A BS in Computer Information Systems as well as an MBA in Information Security management. As far as certs are concerned, I have A+, Security+, MCSA Server 2012, and MCSE Server/Cloud infrastructure. Right off the bat I want to say this. Do not attempt to **** this test. The few who did in my shop failed miserably, and even ones from the most "popular sites" contained completely wrong answers from what I could see when they were studying. So what did I use?
Sybex CAS-002 Study Guide- Read this front to back, it was old but a lot of the concepts still apply.
Wiley CAS-003 Study guide -Read this cover to cover. Did the practice questions. Well worth the money.
Cybrary CASP Course - This course is nowhere near what you need to pass. However, I would highly suggest researching security analysis and application security. I have only taken programming in college, and had to brush up on it to understand some of the code and sql analysis questions on the test.
The Exam- There were 4 sims right off the bat. Two drag and drops (know SAML, OTP, Kerberos, Gap control, All the different cloud models including community vs private and Iaas, SaaS, and Paas). The third sim was download a file, verify the hash, and install. Only download from HTTPS sites. If the hash mismatches its not the right one, if the hash matches and the install flags untrusted after you attempt to execute it, its wrong. It has to be trusted and the hash has to match. Once installed go on to the next sim. The Redhat sim was the hardest and definitely brush up on the names of different services (do not go beyond this, the commands are available in help and pretty straight forward. ps -A lists the services. You kill the services it requests (I ended up doing httpd, mysql, lpd, wpa,bluetooth, and sendmail) by PID based on what the question was asking. You then use chkconfig --list to see what services are running at level 3 (means they will re-enable at restart) and you use chkconfig --level 3 <service name> off to turn off the services you just killed. Once you do this, the sim is done and you can move on. You do not have to do anything with ports and anyone telling you otherwise is lying, there are only two commands you can even run in the Redhat sim and you can't grep crap. IT IS NOT HARD.
Here is my strategy for the questions: Think of what you would do as a technician. That answer is wrong. Think of what a manager would do. That answer is wrong. What would the DoD or private sector professionals do in this situation? That answer is wrong. Whatever is left over is the BS CompTIA answer, and that is how you pass this exam! In all seriousness, know your stuff. Brush up on SQL and basic coding security, a bit of quantitative analysis and qualitative definitions, etc. The "think as manager" advice for the CISSP definitely applies here, but there is another that I think REALLY applies here. Do not solve problems, and "think about who you are talking to". If you are drafting a report, guess who sees it? Senior management. Senior management does not know your technobabble that you use on a day-to-day basis. They communicate in terms of risk and dollar sense.
I am going to get a beer. This test sucked. I know I am not much help with the questions, but I hope I at least shed some light on the sims as noone else really talked about them in detail in quite a while. Here is to joining the club of idiots who pay an obscene amount of money to say they are security professionals!