CompTIA certifications for IT professionals. Part 5 of 7. CompTIA CASP (Advanced Security Practitioner)
CompTIA certifications for IT professionals. Part 1 of 7: CompTIA A +
CompTIA certifications for IT professionals. Part 4 of 7. CompTIA Security +
CompTIA certifications for IT professionals. Part 6 of 7. CompTIA Storage +
CompTIA certifications for IT professionals. Part 7 of 7. CompTIA CTT + (Certified Technical Trainer)
Certification CASP in the nomenclature of certifications of the operator CompTIA is the youngest (if we recall that Storage + has ceased to exist) and is positioned as advanced in relation to certification on the basics of information security + Security . The target audience for CASP is protection architects, design engineers, and technical writers whose work requires:
a) understanding of the methodology of designing automated systems in protected execution
b) and features of its application when using technologies of specific manufacturers of equipment and software
CASP certification is just trying to cover the first part of these requirements without reference to the technologies of a particular manufacturer and, judging by the recognition of the US DOD and the explosive growth of vacancies in the US / EU / Gulf labor market with the requirements of having a CASP, it succeeds.
')
Unlike expert vendor-independent certifications like CISSP and CISA, which require not only passing the exam, but also confirmation of many years of work experience, CASP only requires passing the exam in a controlled environment of an authorized VUE testing center. But still this exam is expensive, long and difficult.
Attempting to pass the exam costs $ 416, but the simplest Google search will allow you to easily find a code for a 10% discount on a voucher purchase for the exam in the CompTIA online store — then you just spend this voucher when ordering an exam on the VUE test provider portal
The exam lasts 165 minutes (plus 30 minutes if you are not a native speaker and are taking an exam not in an English speaking country) and includes up to 90 questions. Actual at the time of writing, article 2 of the exam with the CAS-002 code includes about 10 questions in a Performance-based format, which involves emulating a graphical or command-line interface of the protection mechanism in a widely used operating system, browser or network equipment (such as a Cisco router) and solve a specific problem. There are also possible questions in the format of the network’s structural diagram and the task to design its perimeter protection in accordance with the requirements of the scenario. The remaining questions are presented in the Multiple-choice test format, in which you need to select all the correct answers.
Exam CAS-002 examines the knowledge and skills of candidates in 5 domains of knowledge and skills in organizing and conducting IS surveys of an organization, evaluating (qualitative and quantitative) IS risks, as well as developing and implementing a set of measures to minimize the identified risks with a focus on technical protection measures.
Domain Enterprise security affects the development and application of technical measures of protection in terms of cryptography, protection of networks and storage systems, protection of the perimeter of the network, hosts and business applications.
Domain Risk Management and Incident Response focuses on organizational protection measures: categorization of information resources, qualitative and quantitative risk assessment, the development of a set of organizational and administrative documentation on information security issues, as well as a security incident response plan.
Domain Research Analysis and Assessments examines the understanding of the methodology of information security in organizations, as well as experience in developing a system of metrics and information security indicators.
Domain Integration of Computing, Communications and Business Disciplines considers the features of integrating organizational, technical and physical protection measures into a single complex, as well as the use of this complex at different stages of the life-cycle model of automated information systems.
Domain Technical Integration of Enterprise Components proposes to identify the necessary minimum in understanding how to implement a secure computing environment using the cloud model of IT services consumption.
In fact, in the CAS-002 exam, you can find a lot of intersections with the CISSP, CISA and CEH domains. In the case of a lack of knowledge of how to implement attacks on business applications and practical skills of configuring Cisco network equipment in terms of packet filtering and working with audit logs, you can take a free online course preparing for CASP certification from brutal Kelly Hendermann on Cybrary portal - poor quality of shooting her lectures and stinginess of the educational material were easily compensated by the charisma and extensive knowledge of the information security expert. And for practicing practical skills, you can use the self-help manual recommended on the certification operator's website - it contained comprehensive instructions for deploying a virtual stand and several dozen interesting labs.
Relatively recently, the US DoD made CASP equivalent to the CISSP expert certification from the operator (ISC) 2 for some positions in the Information Assurance Workforce. Given the lack of need to confirm 5 years of experience, as well as a half annual amount ($ 50 from CASP versus $ 85 from CISSP) of the membership fee to maintain certification, CASP is becoming very attractive for employees of companies with operations with the largest economies in the world.
Also, for those who have not read other articles from the CompTIA Certification series, it is worth noting that in many American universities, undergraduate / graduate programs, as well as additional professional education, CompTIA certification counts, saving time and money for training.
Send questions about training and certification CompTIA by mail .
»Video recording and presentation of the webinar“ To entrust information security ”:
»Presentation:
Information security courses at the MUK Training Center.
CompTIA certifications for IT professionals. Part 4 of 7. CompTIA Security +
CompTIA certifications for IT professionals. Part 6 of 7. CompTIA Storage +
CompTIA certifications for IT professionals. Part 7 of 7. CompTIA CTT + (Certified Technical Trainer)
1. History
Certification CASP in the nomenclature of certifications of the operator CompTIA is the youngest (if we recall that Storage + has ceased to exist) and is positioned as advanced in relation to certification on the basics of information security + Security . The target audience for CASP is protection architects, design engineers, and technical writers whose work requires:
a) understanding of the methodology of designing automated systems in protected execution
b) and features of its application when using technologies of specific manufacturers of equipment and software
CASP certification is just trying to cover the first part of these requirements without reference to the technologies of a particular manufacturer and, judging by the recognition of the US DOD and the explosive growth of vacancies in the US / EU / Gulf labor market with the requirements of having a CASP, it succeeds.
')
Unlike expert vendor-independent certifications like CISSP and CISA, which require not only passing the exam, but also confirmation of many years of work experience, CASP only requires passing the exam in a controlled environment of an authorized VUE testing center. But still this exam is expensive, long and difficult.
2. Cost
Attempting to pass the exam costs $ 416, but the simplest Google search will allow you to easily find a code for a 10% discount on a voucher purchase for the exam in the CompTIA online store — then you just spend this voucher when ordering an exam on the VUE test provider portal
3. Duration and format
The exam lasts 165 minutes (plus 30 minutes if you are not a native speaker and are taking an exam not in an English speaking country) and includes up to 90 questions. Actual at the time of writing, article 2 of the exam with the CAS-002 code includes about 10 questions in a Performance-based format, which involves emulating a graphical or command-line interface of the protection mechanism in a widely used operating system, browser or network equipment (such as a Cisco router) and solve a specific problem. There are also possible questions in the format of the network’s structural diagram and the task to design its perimeter protection in accordance with the requirements of the scenario. The remaining questions are presented in the Multiple-choice test format, in which you need to select all the correct answers.
4. Domains
Exam CAS-002 examines the knowledge and skills of candidates in 5 domains of knowledge and skills in organizing and conducting IS surveys of an organization, evaluating (qualitative and quantitative) IS risks, as well as developing and implementing a set of measures to minimize the identified risks with a focus on technical protection measures.
Domain Enterprise security affects the development and application of technical measures of protection in terms of cryptography, protection of networks and storage systems, protection of the perimeter of the network, hosts and business applications.
Domain Risk Management and Incident Response focuses on organizational protection measures: categorization of information resources, qualitative and quantitative risk assessment, the development of a set of organizational and administrative documentation on information security issues, as well as a security incident response plan.
Domain Research Analysis and Assessments examines the understanding of the methodology of information security in organizations, as well as experience in developing a system of metrics and information security indicators.
Domain Integration of Computing, Communications and Business Disciplines considers the features of integrating organizational, technical and physical protection measures into a single complex, as well as the use of this complex at different stages of the life-cycle model of automated information systems.
Domain Technical Integration of Enterprise Components proposes to identify the necessary minimum in understanding how to implement a secure computing environment using the cloud model of IT services consumption.
5. Method of preparation
In fact, in the CAS-002 exam, you can find a lot of intersections with the CISSP, CISA and CEH domains. In the case of a lack of knowledge of how to implement attacks on business applications and practical skills of configuring Cisco network equipment in terms of packet filtering and working with audit logs, you can take a free online course preparing for CASP certification from brutal Kelly Hendermann on Cybrary portal - poor quality of shooting her lectures and stinginess of the educational material were easily compensated by the charisma and extensive knowledge of the information security expert. And for practicing practical skills, you can use the self-help manual recommended on the certification operator's website - it contained comprehensive instructions for deploying a virtual stand and several dozen interesting labs.
6. Perspectives
Relatively recently, the US DoD made CASP equivalent to the CISSP expert certification from the operator (ISC) 2 for some positions in the Information Assurance Workforce. Given the lack of need to confirm 5 years of experience, as well as a half annual amount ($ 50 from CASP versus $ 85 from CISSP) of the membership fee to maintain certification, CASP is becoming very attractive for employees of companies with operations with the largest economies in the world.
Also, for those who have not read other articles from the CompTIA Certification series, it is worth noting that in many American universities, undergraduate / graduate programs, as well as additional professional education, CompTIA certification counts, saving time and money for training.
Send questions about training and certification CompTIA by mail .
»Video recording and presentation of the webinar“ To entrust information security ”:
»Presentation:
Information security courses at the MUK Training Center.
Source: https://habr.com/ru/post/311548/
All Articles