My Experience With CompTIA's CASP Exam (Pt. II)!

All -

First, I apologize due to my previous posting disappearing. Not sure what happened there.

I thought I would post my thoughts and experience with the new CASP exam. There was so little information out there on what to expect and this forum had a few valuable postings that helped me out. Ergo, I figured I would at least return the favor and tell you about my experience.

About me: I've been in the IT industry for about 7 years. I'm in a incident response / risk management position that isn't overly technical but gives me enough knowledge to be able to hold my own. Currently, I hold the standard CompTIA certs (e.g. A+, Net+, Sec+, Server+) and picked up my CISSP last year. I also have a few investigative certs (e.g. CCE, EnCE, ACE). I'm also studying for the CISA that I hope to pass in June. I have a bachelors and masters in an IT related discipline.

Why I took the CASP: I had some 'use it or lose it' money for my education and burned it on the CASP. I fully recognize that this cert won't take me places; however, resume fluff never hurts and I try to get at least 1 - 2 certs per year.

What I did to study: I bought the Sybex CASP book. Generally, I love the Sybex books because they come with a decent test bank and a good book. Same thing with this CASP book; however, you could tell the book was rushed as it was filled with spelling/grammar/formatting errors. Highly recommend the book when you consider there aren't many other alternatives. Also, I bought the ucertify test package. Again, I've used them in the past and ucertify was most helpful. All in all, I studied for two weeks.

My Experience: Overall, the test was quality. It wasn't insanely hard, but it had some challenging components. There were only a handful of true 'brain ****' style questions that are common on other CompTIA tests. Comparing it to the CISSP, it was more technical and less managerial. The questions were in a format that required in-depth knowledge of several areas in order to fully understand and provide an answer. My understanding is that CompTIA is trying put this in between the Security+ and the CISSP; I feel the test achieves this goal. I also didn't like the pass/fail grade. I passed but have no idea by how much. In typical CompTIA fashion, the printout stated the objectives that I missed. The printout identified about 15 objectives leading me to believe I got about 80% correct.

I did like the simulation questions. The simulation questions, like most of the test, require a lot of knowledge from different areas in order to get them right. I'm making the assumption they're also partial credit. Knowing the labs at the end of the Sybex book are very helpful for the simulation questions. There were about six simulation questions.

Out of the 2.5 hours (I think?), I used almost two hours. If you're a slow reader or are bad at prioritising, you're going to have a rough time.

CompTIA recommends some experience to take this cert. I can honestly say that there were several questions that my work experience helped me through. Not essential, but darn helpful.

Other CASP thoughts: Why get this exam? At the current time it has zero recognition and has yet to gain very much traction. At ~$350 a pop, it's some pricey fluff to get to your resume. A quick search on Monster.com is also telling: 880 hits on CISSP; 1 on CASP and it's unrelated to CompTIA's cert. Unless CompTIA gets a DoD approval and more people get certified, it's not worth it. If you have to get a certification beyond Sec+, go big and get your CISSP. Don't have the experience? Get the CISSP Associate (cert pending the work experience).

Hope this helps someone out there and good luck with whatever path you take.

Find more posts tagged with

Comments

crashdump

questiontheknown wrote: »

I did like the simulation questions. The simulation questions, like most of the test, require a lot of knowledge from different areas in order to get them right. I'm making the assumption they're also partial credit. Knowing the labs at the end of the Sybex book are very helpful for the simulation questions. There were about six simulation questions.

First thank you for your review. There are very less CASP info on the net.I didn't know about simulation questions. Please tell me more.

cyberguypr

Excellent review. Thanks.

questiontheknown

crashdump wrote: »

First thank you for your review. There are very less CASP info on the net.I didn't know about simulation questions. Please tell me more.

Hi there -

The scenario was above and beyond the typical multiple choice answer. It would give you a graphical representation of the topic (network schematic, etc.)

I'll try to avoid just giving away the scenario questions (that I remember) and try to give you a made up example.

An example may involve providing a network schematic and asking you to state what ports need to be open on certain devices in order to allow a service to pass. You can then select the devices in order to learn configurations of each of the settings. So, if the question said, "Diagnose why SSH services aren't connecting to Server A," you then need to look at the diagram, determine where SSH is disabled (required knowledge of what port SSH operates on, perhaps how to modify a firewall list and diagnose issues, what devices may be blocking SSH, etc.), and play with the interactive components of the scenario to correct the problem.

The simulation questions don't require any additional studying. You should know how to answer the questions based on studying the CASP material or from your work experience. Also, the labs at the end of the Sybex book are somewhat worthwhile and prep you for examples you may face in the scenario.

Also, CompTIA's CASP recommendation of 10 years IT administration experience is nuts. If you're not prepared for this test after a few years hands on experience and some studying, you may not be working on computers. Five years is probably more appropriate for the CISSP.

Hope this helps.

quinnyfly

Thank you for sharing the info, very insightful and helpful for people such as myself who are looking at taking this cert to renew my Sec+ in about 2 yrs.

Congratz on the pass and thanks again.

Darril

Congratulations on the pass and thanks for taking the time to do a thoughtful review.

I've heard rumors that CompTIA is planning on doing "performance-based" questions on the next A+ exam (220-801 and 220-802). They won't be anywhere near the difficulty of the CASP, but they may be using a simular simulation style that you saw on the CASP.

Good luck on the CISA.

walterbyrd

1) congratulation on passing.

2) I have found the sybex book to be **awful**. Not only poorly edited, but loaded with inaccuracies. You can find my review on amazon. I have completely given up on the sybex book, and I am using the outline to look up subjects on wikipedia. Wikipedia is far better written, and far more accurate, and it costs less. The sybex book is pure garbage.

3) To answer your question:
> Why get this exam? At the current time it has zero recognition and has yet to gain very much traction.

I think a lot has to do with DoD directive 8570.01-M. Environments that are regulated by that directive require something more than the Sec+ for tech-3, or manager-2 positions. There is a *lot* of business to be had here, I don't think CompTIA likes to see ISC2 getting all that business.

ITforyears

Unknown is totally correct on how the test is based. I am a DoD employee and this cert will replace CISSP.

Cheers,

CASP, Security +, Network+, A+, CCNA, MCSA.

da_vato

I'm not sure I agree with you on this but I do think this cert will start gaining some traction in the next year or two. Congrats on your pass

ITforyears

Thank you vato lol. But it is replacing the CISSP, because it costs the Dod more money than CASP to train and test. And with the current pinch, the Dod is doing whatever it can to save on costs.

Psyco32

Guys, CASP is NOT going to replace the CISSP. As a matter of fact, CASP was just added to 8570.01M cert baseline:

DoD 8570 Information Assurance Workforce Improvement Program

DoD removed SANS courses GSE (REALLY BAD to remove this) and GISF also. Moving foward from DIACAP to DIARMF maybe DoD may make more changes to it's baselines though.

JDMurray

I think the idea is of removing the CISSP because it is overkill for the knowledge requirements for 8570.01. Mid-level InforSec certs, like CASP and SSCP, are more aligned with what the DoD needs. I'm also thinking that CEHv8 has been beefed-up specifically to keep it from getting the boot off 8570.01 for being too simplistic.

The GSE was removed because the GCIH was already on 8570.01 and is part of the GSE requirements, so it really made no sense to have both. Besides, the GSE is an enormous challenge to acquire, somewhat like the CCIE. The GSE is for InfoSec SMEs and is way, way overkill for the generalized, compartmentalized workforce covered by 8570.01.

romeospadre

Thanks for the info .....even if its a few years l8