CASP: Overview Of Domains

February 28, 2018 by Lester Obbayi

Introduction – What domains are covered on the CASP exam?

CASP candidates should expect the exam to cover five domains. These are structured to contain a maximum of 80 multiple-choice and performance-based questions, which are to be completed in 165 minutes. Candidates either pass or fail only, as there is no scaled score.

In this article, we discuss the various domains that are tested by the examination. We gain an understanding of what candidates will need to know prior to taking the examination, how frequently the content is updated or reviewed, and the knowledge and task statements that will need to be grasped. By the end of this article, candidates will be better positioned to understand the primary focus of the examination.

Once candidates have completed the training and are confident enough to take the exam, they can head to the CompTIA Marketplace and purchase an exam voucher that will be required to sign up for the test.

After the voucher has been purchased, candidates can find a testing location and schedule the test. The five domains are:

  • Enterprise Security: Within this domain, candidates will be given different scenarios and required to show knowledge of the different aspects of enterprise security. These will include:
    • Cryptographic concepts and techniques. Various techniques such as perfect forward secrecy, transport encryption, data-at-rest-encryption and code signing are tested, while related concepts such as diffusion, non-repudiation, integrity and chain-of-trust or root-of-trust are covered and tested as well. Candidates will also be tested on the security implications associated with enterprise storage, including different storage types like cloud and virtual storage, storage protocols including NFS, CIFS and FCoE, and also the management of secure storage using technologies such as HBA allocation, dynamic disk pools, taking snapshots and deduplication.
    • Network security components and architectures are a priority and will be tested as well. Candidates should focus on network security devices such as SIEM, HSM, Firewalls, UTM, NIPS, NIDS and INE, placement and configuration of these devices, network security solutions for data flow such as SSL inspection and network packet inspection using various tools such as Wireshark and tcpdump. The exam requires that candidates are familiar with various security controls for hosts. These may include the hardening of hosts by applying the necessary controls, such as application whitelisting, command shell restrictions, access control lists, peripheral restrictions, etc.
  • Risk Management and Incident Response: In this domain, candidates will be tested on their ability to perform various risk management and incident response activities. Candidates must be able to interpret business and industry influences and explain associated security risks. This will be characterized by the ability to perform risk management of new products, technologies and user behaviors, learning new or changing business models or strategies such as partnerships, outsourcing, and merger and demergers. The different security implications of integrating diverse industries, taking into consideration the rules, policies, regulations and geography of different geographic locations and cultures must be well grasped. The exam will also test the internal and external influences, including but not limited to competitors, auditors and audit findings, C-level management, and internal and external client requirements. Candidates also must grasp the impact of de-perimeterization, such as BYOD, outsourcing, telecommuting, and the Cloud.Candidates will be required to be able to execute risk mitigation planning, strategies and controls. For example, depending on the shared scenario, you will need to recommend which strategy should be applied based on the risk appetite, i.e. can the risk be avoided, transferred, mitigated or accepted? Can information be classified into levels of CIA based on the organization or industry? Can stakeholder input be incorporated into CIA decisions and can system-specific risk analysis be performed? Candidates must also be able to conduct incident response and recovery procedures. These may include response and recovery procedures affecting electronic discovery, such as electronic inventory, asset control, and data breaches, such as detection and collection of data. Candidates will be tested on their abilities to design systems that are instrumental in facilitating incident response as well as their ability to establish and review system audit and security logs.
  • Research, Analysis and Assessment: This domain will test candidates’ ability to apply different research, analysis, and assessment methods to determine industry trends and impact to the enterprise. Candidates will be required to be able to:
    • Perform ongoing research on best practices, new technologies, new security systems and services. Conduct situational awareness based on latest client-side attacks, knowledge of current vulnerabilities and threats, zero-day mitigation, controls and remediation and research security requirements for contracts, i.e. familiarization with request for proposals (RFP), request for quotes (RFQ), request for information (RFI), and agreements. The exam will also test candidates’ abilities to analyze scenarios to secure the enterprise. The tested concepts will include the ability to perform metrics collection and analysis, perform cost/benefit analysis, review effectiveness of existing security controls, reverse engineer existing solutions, conduct a lessons-learned or after-action report, and use judgment to solve difficult problems that do not have a best solution.Different scenarios will require candidates to select methods or tools that allow them to appropriately conduct an assessment and analyze the results. Different tools may include port scanners, vulnerability scanners, password crackers, fuzzers and HTTP interceptors. These tools need to be adequately applied on vulnerability assessments, malware sandboxing, memory dumping, penetration testing, social engineering, etc.
  • The Integration of Computing, Communications and Business Disciplines domain will test candidates’ ability to:
    • Facilitate collaboration across diverse business units to achieve security goals. This will require candidates be able to interpret the security requirements and goals to communicate with stakeholders from other disciplines for example sales staff, programmers, database administrators and network administrators. The ability to provide guidance and impartial recommendations to staff and senior management on security processes and controls will also be beneficial.
    • Select the appropriate control to secure communications and collaboration solutions. The ability to secure unified collaboration tools used for instant messaging, web conferencing, email, telephony, desktop sharing and remote assistance will also be beneficial to the candidate.
    • Implement security activities across the technology life cycle. Candidates should ensure that they master security activities, including end-to-end solution ownership (which entails operational activities, maintenance, commissioning and decommissioning, asset disposal, and general change management), securing the SDLC through assessing the security requirements traceability matrix (SRTM), adapting solutions to address emerging threats and security trends, and managing assets by implementing device tracking techniques.
  • Technical Integration of Enterprise Components: This domain will require candidates to master certain integration of enterprise components, including:
    • The integration of hosts, storage, networks and applications into a secure enterprise architecture. This will include the ability to design secure data flows to meet the changing business needs, the ability to manage and adhere to different standards, such as open and competing standards, the ability to solve interoperability issues between legacy and current systems, in-house, commercial and commercial-customized systems, and the ability to manage technical deployment models, whether acquired through outsourcing, insourcing or through partnerships. These may include cloud and virtualization services, resources provisioning and de-provisioning, i.e. users, servers, applications etc., and enterprise application integration enablers for CRM, ERP, CMS, SOA, directory services, and more.
    • The integration of advanced authentication and authorization technologies to support enterprise objectives. These may include single sign-on and certificate-based authentication, OAUTH, SPML and XACML authorization, and advanced trust models that may include RADIUS configurations, LDAP, and Active Directory.

How Often are the Domains Updated?

In order to remain relevant, changes to the CASP certification are sometimes made, though not that frequently. The last version of the exam CAS-002 was released on January 20, 2015, and the next version (CAS-003) will arrive on April 2, 2018. This new revision seeks to ensure that the exam covers the most relevant topics and has been modified to reflect new standards and changes on the security landscape. More information on the changes to the exam will be covered soon.

How Much Weight is Each Domain Given on the Final Exam?

Domain coverage within an examination is quite important in allowing candidates to make an accurate estimate of the amount of time and effort to apply on each aspect of their study.

Candidates who properly plan their studies end up spending less energy on lower-priority topics and are most likely to pass the examination.

The CASP exam is structured as follows:

  • Enterprise Security: 30%
  • Risk Management and Incident Response: 20%
  • Research and Analysis: 18%
  • Integration of Computing, Communications and Business Disciplines: 16%
  • Technical Integration of Enterprise Components: 16%

What Topics (Task/Knowledge Statements) are Covered in Each Domain?

Candidates will encounter a variety of objectives within the exam. Each domain has its own set of objectives per chapter visited. Let’s have a look at a summary of these.

ANSI has organized the CASP Study Guide CAS-002 to contain sub-objectives within each chapter objective as well. The sub-objectives narrow down on the specifics of what should be mastered within each chapter.

The following table gives a summary of the exam objectives and sub-objectives:

If you are interested in CASP boot camp-style training, click here to receive an overview of what the course can offer you as well as current pricing. The course will allow candidates to develop the necessary skill set to fit into the current and ever-growing information security industry and is in line with today’s acceptable industry standards. Because of its concentrated duration, candidates can complete their study in a fraction of the time of a standard class, while also ensuring that the material that they’ve studied will still be fresh in the mind when it’s time to take the exam at the end of the week.


After reading this article, candidates should have obtained an overview of the relative weight of each of the five domains of the CASP, and which areas to focus upon when devoting time to study. Hopefully, this article has helped you to structure your time to focus on your weaknesses within the test’s concepts, conduct a basic overview of your strengths, and come to the exam confident that you have made optimal use of your preparation and study time.

Posted: February 28, 2018
Articles Author
Lester Obbayi
View Profile

Lester Obbayi is a Cyber Security Consultant with one of the largest Cyber Security Companies in East and Central Africa. He has a deep interest in Cyber Security and spends most of his free time doing freelance Penetration Tests and Vulnerability Assessments for numerous organizations.

Leave a Reply

Your email address will not be published. Required fields are marked *