Security ++ , New Certification?

Bl8ckr0uter

CompTIA Advanced Security Practitioner Certification Exam Objectives 1 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
CompTIA Advanced Security Practitioner Certification Exam Objectives (CAS-001)
INTRODUCTION
The CompTIA Advanced Security Practitioner (CASP) Certification is a vendor-neutral credential. The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, “hands-on” focus at the enterprise level.
The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. The candidate will apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.
The CompTIA Advanced Security Practitioner (CASP) Certification is aimed at an IT security professional who has:
 A minimum of 10 years experience in IT administration including at least 5 years of hands-on technical security experience.
This examination blueprint includes domain weighting, test objectives, and example content. Example topics and concepts are included to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination.
The table below lists the domain areas measured by this examination and the approximate extent to which they are represented in the examination:
Domain
% of Examination
1.0 Enterprise Security
40%
2.0 Risk Mgmt, Policy/Procedure and Legal
24%
3.0 Research & Analysis
14%
4.0 Integration of Computing, Communications,
and Business Disciplines
22%
Total
100%
**Note: The lists of examples provided in bulleted format below each objective are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each
CompTIA Advanced Security Practitioner Certification Exam Objectives 2 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
objective may also be included on the exam although not listed or covered in this objectives document.
1.0 Enterprise Security
1.1 Distinguish which cryptographic tools and techniques are appropriate for a given
situation
 Cryptographic applications and proper implementation
 Advanced PKI concepts
o Wild card
o OCSP vs. CRL
o Issuance to entities
o Users
o Systems
o Applications
 Implications of cryptographic methods and design
o Strength vs. performance vs. feasibility to implement vs. interoperability
 Transport encryption
 Digital signature
 Hashing
 Code signing
 Non-repudiation
 Entropy
 Pseudo random number generation
 Perfect forward secrecy
 Confusion
 Diffusion
1.2 Distinguish and select among different types of virtualized, distributed and shared
computing
 Advantages and disadvantages of virtualizing servers and minimizing physical space requirements
 VLAN
 Securing virtual environments, appliances and equipment
 Vulnerabilities associated with a single physical server hosting multiple companies’ virtual machines
 Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines
 Secure use of on-demand / elastic cloud computing
o Provisioning
o De-provisioning
o Data remnants
 Vulnerabilities associated with co-mingling of hosts with different security requirements
o VMEscape
CompTIA Advanced Security Practitioner Certification Exam Objectives 3 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
o Privilege elevation
 Virtual Desktop Infrastructure (VDI)
 Terminal services
1.3 Explain the security implications of enterprise storage
 Virtual storage
 NAS
 SAN
 vSAN
 iSCSI
 FCOE
 LUN masking
 HBA allocation
 Redundancy (location)
 Secure storage management
o Multipath
o Snapshots
o Deduplication
1.4 Integrate hosts, networks, infrastructures, applications and storage into secure
comprehensive solutions
 Advanced network design
o Remote access
o Placement of security devices
o Critical infrastructure / Supervisory Control and Data Acquisition (SCADA)
o VoIP
o IPv6
 Complex network security solutions for data flow
 Secure data flows to meet changing business needs
 Secure DNS
o Securing zone transfer
o TSIG
 Secure directory services
o LDAP
o AD
o Federated IP
o Single sign on
 Network design consideration
o Building layouts
o Facilities management
 Multitier networking data design considerations
 Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
 Secure infrastructure design (e.g. decide where to place certain devices)
CompTIA Advanced Security Practitioner Certification Exam Objectives 4 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
 Storage integration (security considerations)
 Advanced configuration of routers, switches and other network devices
o Transport security
o Trunking security
o Route protection
 ESB
 SOA
 Service enabled
 WS-security
1.5 Distinguish among security controls for hosts
 Host-based firewalls
 Trusted OS (e.g. how and when to use it)
 End point security software
o Anti-malware
o Anti-virus
o Anti-spyware
o Spam filters
 Host hardening
o Standard operating environment
o Security/group policy implementation
o Command shell restrictions
o Warning banners
o Restricted interfaces
 Asset management (inventory control)
 Data exfiltration
 HIPS / HIDS
 NIPS/NIDS
1.6 Explain the importance of application security
 Web application security design considerations
o Secure: by design, by default, by deployment
 Specific application issues
o XSS
o Click-jacking
o Session management
o Input validation
o SQL injection
 Application sandboxing
 Application security frameworks
o Standard libraries
o Industry accepted approaches
 Secure coding standards
 Exploits resulting from improper error and exception handling
 Privilege escalation
CompTIA Advanced Security Practitioner Certification Exam Objectives 5 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
 Improper storage of sensitive data
 Fuzzing/false injection
 Secure cookie storage and transmission
 Client-side processing vs. server-side processing
o AJAX
o State management
o JavaScript
 Buffer overflow
 Memory leaks
 Integer overflows
 Race conditions
o Time of check
o Time of use
 Resource exhaustion
1.7 Given a scenario, distinguish and select the method or tool that is appropriate to
conduct an assessment
 Tool type
o Port scanners
o Vulnerability scanners
o Protocol analyzer
o Switchport analyzer
o Network enumerator
o Password cracker
o Fuzzer
o HTTP interceptor
o Attacking tools/frameworks
 Methods
o Vulnerability assessment
o Penetration testing
o Blackbox
o Whitebox
o Graybox
o Fingerprinting
o Code review
o Social engineering
2.0 Risk Management, Policy / Procedure and Legal
2.1 Analyze the security risk implications associated with business decisions
 Risk management of new products, new technologies and user behaviors
 New or changing business models/strategies
o Partnerships
o Outsourcing
o Mergers
CompTIA Advanced Security Practitioner Certification Exam Objectives 6 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
 Internal and external influences
o Audit findings
o Compliance
o Client requirements
o Top level management
 Impact of de-perimiterization (e.g. constantly changing network boundary)
o Considerations of enterprise standard operating environment (SOE) vs. allowing personally managed devices onto corporate networks
2.2 Execute and implement risk mitigation strategies and controls
 Classify information types into levels of CIA based on organization/industry
 Determine aggregate score of CIA
 Determine minimum required security controls based on aggregate score
 Conduct system specific risk analysis
 Make risk determination
o Magnitude of impact
o Likelihood of threat
 Decide which security controls should be applied based on minimum requirements
o Avoid
o Transfer
o Mitigate
o Accept
 Implement controls
 Continuous monitoring
2.3 Explain the importance of preparing for and supporting the incident response and
recovery process
 E-Discovery
o Electronic inventory and asset control
o Data retention policies
o Data recovery and storage
o Data ownership
o Data handling
 Data breach
o Recovery
o Minimization
o Mitigation and response
 System design to facilitate incident response taking into account types of violations
o Internal and external
o Private policy violations
o Criminal actions
o Establish and review system event and security logs
 Incident and emergency response
CompTIA Advanced Security Practitioner Certification Exam Objectives 7 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
2.4 Implement security and privacy policies and procedures based on organizational
requirements
 Policy development and updates in light of new business, technology and environment changes
 Process/procedure development and updated in light of policy, environment and business changes
 Support legal compliance and advocacy by partnering with HR, legal, management and other entities
 Use common business documents to support security
o Interconnection Security Agreement (ISA)
o Memorandum of Understanding (MOU)
o Service Level Agreement (SLA)
o Operating Level Agreement (OLA)
o Non-Disclosure Agreement (NDA)
o Business Partnership Agreement (BPA)
 Use general privacy principles for PII / Sensitive PII
 Support the development of policies that contain
o Separation of duties
o Job rotation
o Mandatory vacation
o Least privilege
o Incident response
o Forensic tasks
o On-going security
o Training and awareness for users
o Auditing requirements and frequency
3.0 Research and Analysis
3.1 Analyze industry trends and outline potential impact to the enterprise
 Perform on-going research
o Best practices
o New technologies
o New security systems and services
o Technology evolution (e.g. RFCs, ISO)
 Situational awareness
o Latest client-side attacks
o Threats
o Counter zero day
o Emergent issues
 Research security implications of new business tools
o Social media/networking
o Integration within the business (e.g. advising on the placement of company material for the general public)
CompTIA Advanced Security Practitioner Certification Exam Objectives 8 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
 Global IA industry/community
o Conventions
o Attackers
o Emerging threat sources
 Research security requirements for contracts
o Request for Proposal (RFP)
o Request for Quote (RFQ)
o Request for Information (RFI)
o Agreements
3.2 Carry out relevant analysis for the purpose of securing the enterprise
 Benchmark
 Prototype and test multiple solutions
 Cost benefit analysis (ROI, TCO)
 Analyze and interpret trend data to anticipate cyber defense aids
 Review effectiveness of existing security
 Reverse engineer / deconstruct existing solutions
 Analyze security solutions to ensure they meet business needs
o Specify the performance
o Latency
o Scalability
o Capability
o Usability
o Maintainability
 Conduct a lessons-learned / after-action review
 Use judgment to solve difficult problems that do not have a best solution
 Conduct network traffic analysis
4.0 Integration of Computing, Communications and Business Disciplines
4.1 Integrate enterprise disciplines to achieve secure solutions
 Interpreting security requirements and goals to communicate with other disciplines
o Programmers
o Network engineers
o Sales staff
 Use judgment to provide guidance and recommendations to staff and senior management on security processes and controls
 Establish effective collaboration within teams to implement secure solutions
 Disciplines
o Programmer
o Database administrator
o Network administrator
o Management
CompTIA Advanced Security Practitioner Certification Exam Objectives 9 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
o Stake holders
o Financial
o HR
o Emergency response team
o Facilities manager
o Physical security manager
4.2 Explain the security impact of inter-organizational change
 Security concerns of interconnecting multiple industries
o Rules, policies and regulations
 Design considerations during mergers, acquisitions and de-mergers
 Assuring third party products - only introduce acceptable risk
o Custom developed
o COTS
 Network secure segmentation and delegation
 Integration of products and services
4.3 Select and distinguish the appropriate security controls with regard to
communications and collaboration
 Unified communication security
o Web conferencing
o Video conferencing
o Instant messaging
o Desktop sharing
o Remote assistance
o Presence
o Email
o Telephony
 VoIP security
 VoIP implementation
 Remote access
 Enterprise configuration management of mobile devices
 Secure external communications
 Secure implementation of collaboration platforms
 Prioritizing traffic (QoS)
 Mobile devices
o Smart phones, IP cameras, laptops, IP based devices
4.4 Explain advanced authentication tools, techniques and concepts
 Federated identity management (SAML)
 XACML
 SOAP
 Single sign on
 Certificate based authentication
 Attestation
CompTIA Advanced Security Practitioner Certification Exam Objectives 10 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
4.5 Carry out security activities across the technology life cycle
 End to end solution ownership
 Understanding results of solutions in advance
o Operational activities
o Maintenance
o Decommissioning
o General change management
 Systems Development Life Cycle
o Security System Development Life Cycle (SSDLC) / Security Development Life Cycle (SDL)
o Security Requirements Traceability Matrix (SRTM)
 Adapt solutions to address emerging threats and security trends
 Validate system designs
CompTIA Advanced Security Practitioner Certification Exam Objectives 11 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
CASP ACRONYMS
3DES – Triple Digital Encryption Standard
AAA – Authentication, Authorization, and Accounting
ACL – Access Control List
AD—Active Directory
AES - Advanced Encryption Standard
AES256 – Advanced Encryption Standards 256bit
AH - Authentication Header
ALE - Annualized Loss Expectancy
AP - Access Point
ARO - Annualized Rate of Occurrence
ARP - Address Resolution Protocol
AUP - Acceptable Use Policy
BCP – Business Continuity Planning
BIOS – Basic Input / Output System
BOTS – Network Robots
BPA--Business Partnership Agreement
CA – Certificate Authority
CAC - Common Access Card
CAN - Controller Area Network
CCMP – Counter-Mode/CBC-Mac Protocol
CCTV - Closed-circuit television
CERT – Computer Emergency Response Team
CHAP – Challenge Handshake Authentication Protocol
CIA--Cryptographic Information Application
CIRT – Computer Incident Response Team
CRC – Cyclical Redundancy Check
CRL – Certification Revocation List
DAC – Discretionary Access Control
DDOS – Distributed Denial of Service
DEP – Data Execution Prevention
DES – Digital Encryption Standard
DHCP – Dynamic Host Configuration Protocol
DLL - Dynamic Link Library
DLP - Data Loss Prevention
DMZ – Demilitarized Zone
DNS – Domain Name Service (Server)
DOS – Denial of Service
DRP – Disaster Recovery Plan
DSA – Digital Signature Algorithm
EAP - Extensible Authentication Protocol
CompTIA Advanced Security Practitioner Certification Exam Objectives 12 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
ECC - Elliptic Curve Cryptography
EFS – Encrypted File System
EMI – Electromagnetic Interference
ESB—Enterprise Service Bus
ESP – Encapsulated Security Payload
FCOE – Fiber Channel Over Ethernet
FTP – File Transfer Protocol
GPU - Graphic Processing Unit
GRE - Generic Routing Encapsulation
HBA – Host Based Authentication
HDD – Hard Disk Drive
HIDS – Host Based Intrusion Detection System
HIPS – Host Based Intrusion Prevention System
HMAC – Hashed Message Authentication Code
HSM – Hardware Security Module
HTTP – Hypertext Transfer Protocol
HTTPS – Hypertext Transfer Protocol over SSL
HVAC – Heating, Ventilation Air Conditioning
IaaS - Infrastructure as a Service
ICMP - Internet Control Message Protocol
ID – Identification
IKE – Internet Key Exchange
IM - Instant messaging
IMAP4 - Internet Message Access Protocol v4
IP - Internet Protocol
IPSEC – Internet Protocol Security
IRC - Internet Relay Chat
ISA--Interconnection Security Agreement
ISP – Internet Service Provider
IV - Initialization Vector
KDC - Key Distribution Center
L2TP – Layer 2 Tunneling Protocol
LANMAN – Local Area Network Manager
LDAP – Lightweight Directory Access Protocol
LEAP – Lightweight Extensible Authentication Protocol
LUN – Link Uninhibit
MAC – Mandatory Access Control / Media Access Control
MAC - Message Authentication Code
MAN - Metropolitan Area Network
MBR – Master Boot Record
MD5 – Message Digest 5
MOU--Memorandum of Understanding
CompTIA Advanced Security Practitioner Certification Exam Objectives 13 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
MSCHAP – Microsoft Challenge Handshake Authentication Protocol
MTU - Maximum Transmission Unit
NAC – Network Access Control
NAS- Network Attached Storage
NAT – Network Address Translation
NDA--Non-Disclosure Agreement
NIDS – Network Based Intrusion Detection System
NIPS – Network Based Intrusion Prevention System
NIST – National Institute of Standards & Technology
NOS – Network Operating System
NTFS - New Technology File System
NTLM – New Technology LANMAN
NTP - Network Time Protocol
OCSP—Online Certificate Status Protocol
OLA--Operating Level Agreement
OS – Operating System
OVAL – Open Vulnerability Assessment Language
PAP – Password Authentication Protocol
PAT - Port Address Translation
PBX – Private Branch Exchange
PEAP – Protected Extensible Authentication Protocol
PED - Personal Electronic Device
PGP – Pretty Good Privacy
PII – Personally Identifiable Information
PII-Personal Identifiable Information
PKI – Public Key Infrastructure
POTS – Plain Old Telephone Service
PPP - Point-to-point Protocol
PPTP – Point to Point Tunneling Protocol
PSK – Pre-Shared Key
PTZ – Pan-Tilt-Zoom
QoS- Quality of Service
RA – Recovery Agent
RAD - Rapid application development
RADIUS – Remote Authentication Dial-in User Server
RAID – Redundant Array of Inexpensive Disks
RAS – Remote Access Server
RBAC – Role Based Access Control
RBAC – Rule Based Access Control
RFI- Request for Information
RFP- Request for Proposal
RFQ- Request for Quote
CompTIA Advanced Security Practitioner Certification Exam Objectives 14 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
RSA – Rivest, Shamir, & Adleman
RTO – Recovery Time Objective
RTP – Real-Time Transport Protocol
S/MIME – Secure / Multipurpose internet Mail Extensions
SaaS - Software as a Service
SAML--Security Assertions Markup Language
SAN – Storage Area Network
SCADA—Supervisory Control and Data Acquisition
SCAP - Security Content Automation Protocol
SCSI - Small Computer System Interface
SDL- Security Development Life Cycle
SDLC - Software Development Life Cycle
SDLM - Software Development Life Cycle Methodology
SHA – Secure Hashing Algorithm
SHTTP – Secure Hypertext Transfer Protocol
SIM – Subscriber Identity Module
SLA – Service Level Agreement
SLA--Service Level Agreement
SLE - Single Loss Expectancy
SMS - Short Message Service
SMTP – Simple Mail Transfer Protocol
SNMP - Simple Network Management Protocol
SOAP--Simple Object Access Protocol
SOA--State of Authority
SONET – Synchronous Optical Network Technologies
SPIM - Spam over Internet Messaging
SSDLC-- Security System Development Life Cycle
SSH – Secure Shell
SSL – Secure Sockets Layer
SSO – Single Sign On
STP – Shielded Twisted Pair
TACACS – Terminal Access Controller Access Control System
TCP/IP – Transmission Control Protocol / Internet Protocol
TKIP - Temporal Key Integrity Protocol
TLS – Transport Layer Security
TPM – Trusted Platform Module
TSIG- Transaction Signature Interoperability Group
UAT - User Acceptance Testing
UPS - Uninterruptable Power Supply
URL - Universal Resource Locator
USB – Universal Serial Bus
UTP – Unshielded Twisted Pair
CompTIA Advanced Security Practitioner Certification Exam Objectives 15 of 15
Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
The CASP Certification Exam Objectives are subject to change without notice.
VDI—Virtual Desktop Infrastructure
VLAN – Virtual Local Area Network
VoIP - Voice over IP
VPN – Virtual Private Network
vSAN – Virtual Storage Area Network
VTC – Video Teleconferencing
WAF- Web-Application Firewall
WAP – Wireless Access Point
WEP – Wired Equivalent Privacy
WIDS – Wireless Intrusion Detection System
WIPS – Wireless Intrusion Prevention System
WPA – Wireless Protected Access
XSRF - Cross-Site Request Forgery
XSRF- Cross-Site Request Forgery
XSS - Cross-Site Scripting

This looks pretty dope. I really think this will probably be as hard or harder than the CISSP

erpadmin

Bl8ckr0uter wrote: »

This looks pretty dope. I really think this will probably be as hard or harder than the CISSP

I, umm...don't quite share that opinion.

I would still take it, but I don't expect to study for it that hard as I would the CISSP. I think this exam MIGHT be closer to the SSCP and even that's a stretch, IMO.

cabrillo24

I think it will be difficult to gauge the difficulty of this test. I do hope that it's a challenging exam, as it will have more credibility. When I first got my Security+ I was very excited, but this disheartened to learn that pass rates were high, especially when people (even those in my organization) were passing brain **** to one another and bragging about getting perfect scores on the exam.

That's why I went after my CISSP, CISA and now CISM to separate myself. I really do want to see this new certification succeed, be challenging and constantly evolving. I actually like studying, learning, and re-enforcing what I know, or change my way of thinking and seeing the bigger picture when it comes to security. Off my soap box now.

Bl8ckr0uter

erpadmin wrote: »

I, umm...don't quite share that opinion.

I would still take it, but I don't expect to study for it that hard as I would the CISSP. I think this exam MIGHT be closer to the SSCP and even that's a stretch, IMO.

I don't know about you but some of those objectives look pretty intense. This makes the SSCP look sort of weak (not saying it would be easy but the objectives look much more in depth ).

steve13ad

Bl8ckr0uter wrote: »

I don't know about you but some of those objectives look pretty intense. This makes the SSCP look sort of weak (not saying it would be easy but the objectives look much more in depth ).

Comptia has had great success with Sec+, so it only makes sense for them to develop a more advanced version test/cert to cash in on.

cabrillo, give the a**hats enough time there will be **** for this just like all of the others.

I'm cautiously optimistic about taking the Beta!

cabrillo24

steve13ad wrote: »

Comptia has had great success with Sec+, so it only makes sense for them to develop a more advanced version test/cert to cash in on.

cabrillo, give the a**hats enough time there will be **** for this just like all of the others.

I'm cautiously optimistic about taking the Beta!

Security+ got a major push thanks for it's ability to be an elective for MSCA/MSCE as well as it's incorporation into DoD 8570.

There will be **** for all test, but doesn't mean its good quality or it will show up on the test. When I have colleagues who have taken the CISSP 3-4 times and are constantly looking for brain **** and exchanging it with other test takers, and are continuously fail.

I think ISC2 and ISACA have good models when it comes to their testing banks which I wish CompTIA would, but the higher the pass rate and backing of DoD 8570, it wouldn't behoove them to turn people off from taking their exams. Just my opinion.

steve13ad

cabrillo24 wrote: »

Security+ got a major push thanks for it's ability to be an elective for MSCA/MSCE as well as it's incorporation into DoD 8570.

There will be **** for all test, but doesn't mean its good quality or it will show up on the test. When I have colleagues who have taken the CISSP 3-4 times and are constantly looking for brain **** and exchanging it with other test takers, and are continuously fail.

I think ISC2 and ISACA have good models when it comes to their testing banks which I wish CompTIA would, but the higher the pass rate and backing of DoD 8570, it wouldn't behoove them to turn people off from taking their exams. Just my opinion.

I absolutely agree with you Cabrillo. With their shift to CE, Comptia has created a great revenue source while complying with 8570.

erpadmin

Bl8ckr0uter wrote: »

I don't know about you but some of those objectives look pretty intense. This makes the SSCP look sort of weak (not saying it would be easy but the objectives look much more in depth ).

If it weren't a CompTIA exam, I would be more inclined to agree with you. Mind you, I have failed a CompTIA exam once (by one or three questions, mind you), but that was when there were very little study materials and I was extremely weak in Novell. (I was supporting a Novell environment, but we were phasing those out to switch to W2K/Active Directory).

Plus, if the CASP follows the same MO as the other exams, something like "Click-Jacking", for example would require you just know what it is and answer it. Even the opposite can be true, if you know what the other answers refer to, you can use process of elimination to guess correctly.

No question, it's too early to place a wager on this horse. I just can't see this exam as being harder than any ISC(2) exam though....we will have to wait and see.


Does anyone know when the Beta for this will be available? I'm really shocked CompTIA hasn't sent me any information about this...especially since I hold 4 CompTIA certs......

If I got a Beta, I would google whatever I didn't know from the objectives and call it a day. (Pass or fail. )

erpadmin

cabrillo24 wrote: »

I think ISC2 and ISACA have good models when it comes to their testing banks which I wish CompTIA would, but the higher the pass rate and backing of DoD 8570, it wouldn't behoove them to turn people off from taking their exams. Just my opinion.

Keep in mind that the higher pass rate for Security+ could be attributed to Darril Gibson as well. I have never dealt with any certification that could have been passed with one book (actually...Project+ falls into that as well, but that's neither here nor there).


I would like to think it's not all dumpers, as you said in your earlier post.

cabrillo24

erpadmin wrote: »

Keep in mind that the higher pass rate for Security+ could be attributed to Darril Gibson as well. I have never dealt with any certification that could have been passed with one book (actually...Project+ falls into that as well, but that's neither here nor there).


I would like to think it's not all dumpers, as you said in your earlier post.

I'm not saying it's the sole factor in why there is a high success rate, or undermining anyone on here who have CompTIA certs (I hold several), but the **** are too readily available and I've witnessed first hand in security and DoD organizations in which these are being made readily available and encouraged to use.

I'm not saying all companies do this, but it's done. It's cheaper to pass **** around then to send people to training (which usually comes from overhead).

If CompTIA were to refresh their exams on a yearly basis or even semi annual basis, one could make the argument that there would be a substantial drop in newly certified personnel. I think there would be a slight drop in interest, as Security+ doesn't provide that great of a return on investment, so people would flock towards ISACA or ISC2. I think CompTIA realizes this, as why they don't address the "****" issue.

There are many experienced professionals that I work with who are extremely intelligent, but they don't want to put in the time to study for certifications. Whenever I received one, they'd ask me what I used. When I told them "books, online CBTS, official guides" they'd smirk and say "man, I'm just going on ********s and buy the exam."

I know there are MANY of people on here who studied, took the time to learn and EARN their CompTIA certs, and I applaud them, and it's completely unfair that someone can just get a **** and study it for a week and then go take the exam and pass. The pool of certified professionals becomes large and saturated, and the certification doesn't hold as much merit. This was one of the major reasons why I moved on to other certifications. Keep in mind, that CompTIA certs are simply entry level certifications, but nonetheless I feel "****" have ended up saturating what little prestige this certification should entail.

I'm HOPING that this new CompTIA certification really changes how CompTIA does business.

demonfurbie

yay for beta invites

MrAgent

I just got this from CompTIA

Get certified as a CompTIA Advanced Security Practitioner (CASP) — for free!
We have extended the testing deadline for the beta exam. The deadline for taking this exam — at no charge — is now Saturday May 21st.
The target participant is a technical security practitioner with 10 years of experience in IT, and at least 5 years of hands-on information security design and implementation experience at the enterprise level.
This new exam beta is offered only at select Pearson VUE testing centers. If you are close to a participating center, please review the target audience for the new certification, and consider whether you qualify. In order for CompTIA to get useful beta statistics, it is important that those who take the exam are at the experience level that we're targeting.
The exam is free, but will only be available for the first 400 candidates. This is a first come, first served opportunity. After 400 people have taken the exam, no more beta exams will be delivered. (Those who have registered but have not yet taken the exam will be notified by VUE if the exam has been closed.)
***Results from the exam (pass/fail) will not be available until the live exam launches, sometime in the fourth quarter of 2011. Your results will be sent to you directly at that time, no exceptions.***
If you fit the profile of the target candidate for the CompTIA Advanced Security Practitioner, and you are able to travel to one of the confirmed VUE testing centers, we do hope you will take the exam. The CompTIA exam code for the CASP beta, for registration purposes, is CA1-001.
Visit www.pearsonvue.com/comptia/ to enter your zip code, locate your chosen center (remember, choose one from this list), and schedule the test. If you don't have a VUE account, follow the steps to set one up before you register. When you are asked to pay for the exam, enter the discount code caspbetacb to register at no charge. Please do not distribute this code to others, unless they are interested colleagues whose work role and experience fit CompTIA's criteria for the target candidate.

never2late

demonfurbie wrote: »

yay for beta invites

Just got my email. Immediately signed up for next Friday. I'll go over the list and if I pass great. If not, nothing lost and a free look at the test.

colemic

Is there a reason why it is only at limited test centers? To discourage dumping, maybe?

erpadmin

Man, I had a doozy of a time registering for this exam.....

Man, VUE sucks like no other...I didn't even know I had the beta until I saw my inbox. Had to schedule it for May 14th and go all the way to Queens (Jackson Heights...). But I'm scheduled. At least I can drive there...just gonna leave my house about 2 hours early.

I will do no studying...gonna cram with whatever the objectives are two days prior to the exam. I either pass it or I don't, but at least I have a 50/50 shot at getting a free certification.

Good luck to all gunning for the CASP.

colemic

Good luck on the exam. I would take it if there was a test center closer than 300 miles away.

erpadmin

As I said in the other thread, CompTIA/Vue has cancelled the exam on me. They got their 400 person quota before tomorrow....grrrr!!

never2late

erpadmin wrote: »

As I said in the other thread, CompTIA/Vue has cancelled the exam on me. They got their 400 person quota before tomorrow....grrrr!!

Well, I took the CASP test today and don't really know where to begin. The questions were somewhat understandable but I saw scenarios, simulations, and a lot of security policy and procedure questions. And I got a lot of them totally wrong... well lets say I took a lot of educated guesses. There were 92 questions and you had 135 minutes to complete them. I took the better part of 2 hrs and left with my head swimming.