Exam Number: CAS-003
The CompTIA Advanced Security Practitioner (CASP) CAS-003 certification is a vendor-neutral credential.
The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge.
- The CASP exam will certify the successful candidate has the technical knowledge and skills required to: Conceptualize, engineer, integrate and implement secure solutions across
complex environments to support a resilient enterprise.
- Apply critical thinking and judgment across a broad spectrum of security disciplines
to propose, implement and advocate sustainable security solutions that map to organizational strategies, balance security requirements with business/regulatory
requirements, analyze risk impact and respond to security incidents.
The CASP certification is aimed at IT security professionals who have:
- A minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience.
- The following recommended prerequisites: CompTIA Network+, Security+, CySA+ or equivalent experience.
1.0 Risk Management
-Summarize business and industry influences and associated security risks.
-Compare and contrast security, privacy policies and procedures based on organizational requirements.
-Given a scenario, execute risk mitigation strategies and controls.
-Analyze risk metric scenarios to secure the enterprise.
2.0 Enterprise Security Architecture
-Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
-Analyze a scenario to integrate security controls for host devices to meet security requirements.
-Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
-Given software vulnerability scenarios, select appropriate security controls.
3.0 Enterprise Security Operations
-Given a scenario, conduct a security assessment using the appropriate methods.
-Analyze a scenario or output, and select the appropriate tool for a security assessment.
-Given a scenario, implement incident response and recovery procedures.
4.0 Technical Integration of Enterprise Security
-Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture.
-Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture.
-Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives.
-Given a scenario, implement cryptographic techniques.
-Given a scenario, select the appropriate control to secure communications and collaboration solutions.
5.0 Research, Development and Collaboration
-Given a scenario, apply research methods to determine industry trends and their impact to the enterprise.
-Given a scenario, implement security activities across the technology life cycle.
-Explain the importance of interaction across diverse business units to achieve security goals.