Another CASP Pass

cochi78cochi78 MemberHannover, GermanyMember Posts: 72 ■■■□□□□□□□
Finally, I met one of my overambitious goals for this year and cleared the CASP exam this morning. I have to admit, I prepared half-heartedly and mainly did this because my CySA+ was due to expire. I always "upgrade" if possible instead of just redo the test. So that was my strategy here as well.

My preparation consisted of using some practice tests by PocketPrep which were covering the topics quite well while being still far of any ****. It helped a lot to see the weakness areas in the statistics and then go and dig deeper on the terms and concepts. I also took bits and pieces of some video courses available on SafariBooks (my employer generously pays a subscription for me). As I already have more than 10 years of ITSec practice, I did not feel like I had to run through a complete course but focused more on stuff I was not too familiar with.

That being said, more business-oriented terms (BIA, MOU, RFC/RFQ/RFI, ...) have been a good part of my preparations plus things about risk modelling and SDLC which needed a refresh. I did not add onto the technical background, except for some more exotic things which popped up during the practice tests (but not in the real thing).

The exam started with three "performance based" questions, including some mocked Linux/DOS terminals where I had to perform basic tasks. The rest was about 80 MC questions which mainly had a scenario-type intro (3-4 lines of introduction/background) and then the usual four to six options.

While the topics spread from initial acquisition strategies down to reviewing C code for vulnerabilities, most questions had the 50:50 joker included - so two answers basically dropped out immediately. Having seen a lot of other exams, I have to say the distractors were not too obvious in most cases. You had to really read the scenario carefully to see which ones were bogus.

On the other hand, sometimes the answer was a real guessing game even with a solid technical background. I always hate this "select the MOST efficient" style of asking, as often both are valid in reality and you have to guess the intention/mindset of the exam vendor. If I'm not mistaken, that's even discouraged in ISO 17024 but I'd need to look that up.

I finished after roughly 80 minutes and got my pass. Still a bit sad you don't get a percentage to see if you were solid or just barely got away. But still, a pass is a pass.


  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Member Posts: 428 ■■■■□□□□□□
    Congrats on the pass.

    On "selecting the most efficient way of doing stuff", it really does involve assuming things that you could have otherwise clarified with the folks directly involved. The vendor probably wants us exam takers to think of the ideal first step or option which may or may not be available in practice.
    X year plan: (20XX) OSCP [ ], CCSP [ ]
  • KissMyCaspKissMyCasp Member Posts: 2 ■□□□□□□□□□
    Congrats! And thanks for sharing your experience! I've been in military cybersecurity for 4 years and want to take the exam in the fall. Do you think it's wise and/or feasible for me to do this despite never taking  a level 2 course? 
  • cochi78cochi78 Member Hannover, GermanyMember Posts: 72 ■■■□□□□□□□
    Depends on your experience. The CASP content was very wide, from conceptual things and regulations right into reviewing log entries and state attack modes or reviewing C code for vulnerabilities. I'd recommend checking against your knowledge with one of the preparation books/video series or use something like PocketPrep to find your gaps. Their question style is similar, the context area as well - but it's not the real questions.
Sign In or Register to comment.