CASP+: overview of domains [2019 update]

November 13, 2019 by Daniel Brecht


Whether you are an IT security professional or a security analyst who wants to advance their career in cybersecurity, the CompTIA Advanced Security Practitioner (CASP+) certification provides a way to work in one of the fastest-growing fields in the U.S. The master-level CASP+ sets the benchmark for what a cybersecurity analyst needs to know and can validate a professional’s advanced IT security behavioral analytics skills, which can clearly be of great value to an employer looking to hire the right resource.

With today’s talent shortage, professionals who are CASP+-certified can benefit from competitive salaries throughout their career. Those who are interested in this credential, however, will need to prepare themselves for a certification exam that has been recently updated.

About the CASP+ credential

The CASP+ is a perfect certification for any IT security practitioners and ideal for professionals who still want to keep immersed in all technical aspects of their profession despite reaching a senior level. The CASP exam is internationally regarded as a validation of advanced-level security skills and practical knowledge and will certify that the successful candidate has the abilities “to conceptualize, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise,” according to CompTIA.

This vendor-neutral credential, then, is aimed at pros who have the essential skill sets acquired through hands-on experience and working knowledge tied to implementing solutions with analytics tools. Credential holders will need to be familiar with analyzing risk impact and responding to security events, within cybersecurity policies and frameworks.

Accredited by ANSI and compliant with the ISO 17024 standard, the credential also meets the requirements for DoD directive 8140/8570.01-M; in fact, it is listed as possible choices for IAT Level III, IAM Level II, as well as IASAE I and II. To maintain its status, the certification undergoes regular reviews and updates to the exam objectives (most recently in 2018).

CASP+ exam details

Number of questions: Maximum of 90 questions
Type of questions: Multiple-choice and performance-based
Length of test: 165 minutes
Passing score: Pass/Fail only. No scaled score.
Price: $439 USD

Note: The previous version of the exam (CAS-002) was released on January 20, 2015 and retired on October 2, 2018. The next version is expected in three years.

What’s new in this version of CASP+?

As of April 2, 2018, CompTIA launched a new version of its CASP+ exam. How does this test differ from the previous one? Definitely not in the general scope, as it continues to test on incident response, hacking techniques and cloud migration. However, there is a stronger focus on enterprise security and on advances in technical aspects than before.

CAS-002 CAS-003
Enterprise Security — 30% Risk Management — 19%
Risk Management, Policies/Procedures and Legal — 20% Enterprise Security Architecture — 25%
Research and Analysis — 18% Enterprise Security Operations — 20%
Integration of Computing, Business Disciplines and Communications — 16% Technical Integration of Enterprise Security — 23%
Technical Integration of Enterprise Components — 16% Research, Development and Collaboration — 13%

Here are some of the changes from CAS-002 to CAS-003, as released by CompTIA: 

  • Expansion of the section covering enterprise security coverage to include operations and architecture concepts, techniques and requirements
  • More questions on interpreting data to identify risks and the needs of the company in terms of cybersecurity to support its mission
  • Stronger focus on security control, including mobile devices and software vulnerability
  • More questions on how cloud and virtualization technologies can become part of an infrastructure while still able to maintain adequate security
  • New section on newer topics focused around cryptographic techniques, such as blockchain, cryptocurrency and mobile device encryption

CASP+ domains: The areas measured by this examination

Now it’s time to know what specific domains appear on the CASP+ exam code CAS-003.

  1. Risk Management
    • Awareness of risks inherent to new technologies and products
    • Familiarity with new business models to include tools like cloud, outsourcing, mergers
    • Security, privacy policies and procedures based on organizational requirements
    • Familiarity with risk mitigation strategies and controls
    • Risk metric scenarios to secure the enterprise
  2. Enterprise Security Architecture
    • Look into integrating network and security components, concepts and architectures to meet security requirements
    • Explore how to integrate security controls for host devices to meet security requirements
    • Examine ways to integrate security controls for mobile and small form factor devices to meet security requirements
    • Appropriate security controls
  3. Enterprise Security Operations
    • Methods for a proper security assessment
    • Realize how to select the appropriate tool for a security assessment
    • Ways to implement incident response and recovery procedures
  4. Technical Integration of Enterprise Security
    • Integrate hosts, storage, networks and applications into a secure enterprise architecture
    • How to integrate cloud and virtualization technologies into a secure enterprise architecture
    • How to integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives
    • Know how to implement cryptographic techniques
    • Select the appropriate control to secure communications and collaboration solutions
  5. Research, Development and Collaboration
    • Know of research methods to determine industry trends and their impact to the enterprise
    • Implement security activities across the technology life cycle
    • Recognize the importance of interaction across diverse business units to achieve security goals

Note:complete breakdown of these specific areas is available on the CompTIA site.

CASP+ exam qualifications: What candidates must meet in order to be eligible

Let’s take a look at what qualifications are needed in order to be eligible to sit in for the CASP+ exam:

  • A minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience
  • The following recommended prerequisites: CompTIA Network+, Security+, CySA+ or equivalent experience

How do I prepare for the CASP+ test?

Passing the CASP+ exam is not impossible, but preparation is key, as this is an expert-level exam. Professionals preparing for the test can definitely use CompTIA CertMaster Labs, which provides hands-on experience in real virtual environments for the CASP+ certification. However, they can also peruse the many options available online from reputable providers. Infosec offers a uniquely designed CASP Boot Camp for the candidates aspiring to pass this examination. 

Once ready, students can schedule their test on the Pearson VUE website.


As one of the industry’s most respected certifications, it’s possible to take your cybersecurity skills to the next level by becoming a CompTIA Advanced Security Practitioner (CASP+). The importance of this credential is that it is one of the few options that advanced-level professionals who are not in managerial roles have to certify their skills properly. This is possible, thanks to the test that has a strong focus on performance and simulations. 

Professionals who earn the CASP+ certification can apply for many IT security jobs, including security engineer positions or cybersecurity architect roles, which are growing in demand across the globe, according to CyberSeek’s Interactive Map.



  1. CompTIA’s New CASP Exam Is Here: Keep Your Hands on the Keyboard, CompTIA
  2. Infographic: 5 Skills Mastered with the Updated CompTIA Advanced Security Practitioner (CASP), CompTIA
  3. CompTIA Advanced Security Practitioner (CASP+), CompTIA
  4. CompTIA Advanced Security Practitioner (CASP+): Validating Cybersecurity Skills for Government and Corporate Teams, CompTIA
  5. CompTIA Advanced Security Practitioner (CASP) Certification Exam Objectives, CompTIA
  6. What Jobs Can I Get with CASP+ Certification?, CompTIA
Posted: November 13, 2019
Articles Author
Daniel Brecht
View Profile

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.

Leave a Reply

Your email address will not be published. Required fields are marked *