General security

CompTIA Advanced Security Practitioner (CASP) Exam Overview

Introduction

Cyberspace and its underlying infrastructure are vulnerable to various risks which stem from both physical and cyber threats. Cyber criminals exploit these vulnerabilities to acquire sensitive information and hamper the delivery of essential IT services to users. To overcome this issue, various solid solutions have been developed, including several certification programs.

The CompTIA Advanced Security Practitioner (CASP) is a vendor-neutral and expert-level certification offered by the CompTIA organization. CASP-certified professionals provide the best information security solutions and protection for both governmental and Non-Governmental Organizations (NGOs). Since hacking is a global issue, the CASP certification is recognized worldwide.

Moreover, the CASP certificate meets the ISO-17024 standard and is validated by the US Department of Defense. Therefore, the CASP has gained tremendous popularity in the IT security industry. According to the Robert Blanchard, the director of services at Aspen Skiing Co, “the person with CASP certification immediately gets hired.”

CASP Exam Details

The CASP exam code is CAS-002, and it was introduced on January 20, 2015. The essential elements of this exam are outlined below.

CASP Domains

The CASP consists of five domains:

1. Enterprise Security—30%
2. Risk Management, Policies/Procedures and Legal—20%
3. Research and Analysis—18%
4. Integration of Computing, Business Disciplines and Communications—16%
5. Technical Integration of Enterprise Components—16%

Exam Format

The exam includes 90 questions, which are asked within the time frame of 2 hours and 45 minutes. The types of questions are Multiple choice and performance-based. Moreover, the students would pass or fail only, which means there is no scaled score. CASP’s official language is English and its validity is three years.

Performance-based questions (PBQs) test candidates’ ability to solve problems in a simulated environment. Candidates can manage their time wisely when working on the PBQs. The exam requires the student to solve a specific problem for each performance-based question. Thereafter, a simulated environment is provided in which the student completes the required steps. Also, the candidates cannot see a clock when solving the PBQs.

The PBQs test candidates’ knowledge and skills about real-world computer scenarios. The simulated environment may comprise the different areas of IT infrastructure, such as Windows or networking environments and command prompts.

The following example describes the performance-based question and its solution as well.

Question: Consider that the firewall is installed on a Web Server as shown in the following diagram. The network administrator wants the firewall to discriminate both secured and unsecured web pages. So, what rules should be added to the firewall to perform this discrimination?

The answer can be provided in the following table:

Solutions:

The following table shows the answer to the above question:

The candidate must note that both HTTP (port 80) and HTTPS (port 443) are allowed through the firewall because both secured and unsecured pages would be served. Since the network traffic is flowing from the internet, all the source IP addresses should be allowed.

Exam Day Rules

Candidates must bring their two identification forms to the examination center. Moreover, electronic devices are prohibited during the test. These devices include:

• Notebook computer
• Tablet
• Smartphone
• Smart watches

CASP Pricing

The CASP certification is offered in several countries, and the following table includes the pricing for each country.

Country Currency Price

USA USD 426

Emerging Market USDe 400

Japan JPY 45,270

Malaysia MYR 1,518

South Africa ZAR 2,770

Australia AUD 425

EURO EURO 387

Great Britain GBP 267

New Zealand NZD 456

Switzerland CHF 548

Thailand THB 13,320

Recommended Experiences

The CASP requires ten years of experience in IT administration, including at least five years of hands-on technical security experience.

Exam Scheduling

The aspirant should follow some steps to schedule the exam, such as:

1. Buy exam voucher: In fact, the exam voucher has a unique code whereby the candidate is authorized to take the exam at a testing center.
2. Create login account: Create a testing account with Pearson VUE, a global testing partner, for exam scheduling. Registration is confirmed through a confirmation E-mail.
3. Find a testing center: The Pearson VUE authorizes the nearest testing centers to each candidate. The candidate can select the testing center of his/her choice by visiting Pearson VUE’s website or by contacting via phone. Information regarding rescheduling or canceling an exam appointment is also available on the website.
4. Save exam details: The candidate must save his/her sensitive information, such as the information required in the testing center and login account details.

Exam Rescheduling

Exam rescheduling must be undertaken at least 24 hours before the exam’s appointment time. After the deadline, the candidate’s exam fee will be forfeited and he/she has to pay it again to take the exam. Disabled candidates have special accommodations for rescheduling.

Renewal Cycle

The CompTIA offers Continuing Education (CE) program whereby the candidates can keep their certification up-to-date to sustain longevity in their IT careers. As IT is a dynamic field, new challenges and opportunities are being created every day. The CE program assists candidates to stay current with new technologies and emerging trends in IT security.

As aforementioned, the CASP credential is valid for three years. The candidate can extend his/her certification in 3-year intervals with the help of the CE program. To do so, the participation in several activities and training programs is necessary for candidates.

Automatic Renewal allows the candidate to automatically renew his/her certification by collection a minimum of 75 Continuing Education Units (CEUs) in three years. The candidate should upload CEUs in the certification account to automatically renew the credential. Renewal charges are required for the aspirants. The due dates of fee are based on the CE renewal process, not on calendar year. When the expiry date approaches, the student is informed through periodic E-mails that remind him/her to upload CEU documentation. The annual CE fee is $50 USD and $150 USD for a three-year period.

Easy Payment allows students to pay fees with the following payment methods.

* Using a current PayPal account

* Using a debit or credit card (American Express, Master card, Visa, Discover)

Note: Aspirants don’t need a PayPal account to pay with a debit or credit card.

If the candidate has multiple CompTIA certifications, he/she doesn’t need to pay for each to renew them. Instead, he/she would only pay the CE fees for the highest-level CompTIA credential; the lower-level credentials will automatically be renewed without paying any additional fee.

The CompTIA also provides CE Tokens to its employees to facilitate them in paying their CE fees.

How to Retake the Exam

The candidate can retake the exam by purchasing a new voucher and scheduling the exam again. There is no time delay after the first attempt, meaning that the candidate could immediately reappear for the second attempt. However, if the candidate fails the second attempt as well, he/she will be required to wait for 14 days.

The successful candidate cannot retake the exam with the same exam code. Besides, the candidate is not allowed to take CompTIA’s beta exams for more than one time. The violation of retaking polices causes the candidate’s suspension or permanent suspension if the violations occur repeatedly.

Identification Requirements

The candidate must have acceptable forms of identification, prior to exam registration. The CompTIA’s list of acceptable identification is given below.

• The candidate’s first and last name uses for registration must match the first and last name on both identifications that are demonstrated in the testing center.
• The candidate is required to attain all identifications from the country in which the test is being conducted. This test hosting country issues the primary identification (ID) to the candidate. If the candidate could not attain the primary ID, he/she must have International Travel Passport (ITP) along with the secondary ID.
• The candidate also need to present original IDs, instead of presenting photo copies or expired IDs.

The types of primary IDs include:

• ITP
• Driving license
• Military ID
• Identification card (state/province/national)
• Alien registration card (visa, permanent resident, green card)

Secondary ID has the following information.

• Any ID which contains at least a signature and name, or a recent photo.

InfoSec’s CASP Boot Camp

Do you want to take the CompTIA CASP exam? Fortunately, InfoSec Institute offers a uniquely designed CASP Boot Camp for the candidates aspiring for the CASP examination. The goal of this course is to provide IT experts with the most comprehensive accelerated environment for the CASP exam. You can enroll this course to acquire a professional CASP certification.

Moreover, the InfoSec has been one of the most awarded (42 industry awards) and trusted information security training vendors for 17 years.

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Get Your Plan

InfoSec also offers thousands of articles on a variety of security topics.