People used these CompTIA dumps to get 100% marks

it is unbelieveable, however CAS-002 real questions are availabe right here.

CAS-002 exam answers | CAS-002 model question | CAS-002 test sample | CAS-002 practice test | CAS-002 bootcamp - bigdiscountsales.com

CAS-002 - CompTIA Advanced Security Practitioner (CASP) - Dump Information

Vendor	:	CompTIA
Exam Code	:	CAS-002
Exam Name	:	CompTIA Advanced Security Practitioner (CASP)
Questions and Answers	:	532 Q & A
Updated On	:	November 13, 2017
PDF Download Mirror	:	CAS-002 Brain Dump
Get Full Version	:	Pass4sure CAS-002 Full Version

Try these Actual test questions for CAS-002 exam.

I passed. proper, the examination become tough, so I simply got past it attributable to killexams.com Q&A and examSimulator. i am upbeat to document that I passed the CAS-002 examination and feature as of past due obtained my statement. The framework inquiries were the component i was most harassed over, so I invested hours honing on thekillexams.com exam simulator. It beyond any doubt helped, as consolidated with distinct segments.

Start preparing these CAS-002 questions answers and chillout.

The killexams.com Questions & solutions made me effective enough to break up this examination. I endeavored 90/ninety five questions in due time and exceeded effectively. I never considered passing. a lot obliged killexams.com for help me in passing the CAS-002. With a complete time paintings and an authentic diploma readiness aspect by way of side made me greatly occupied to equip myself for the CAS-002 exam. by one method or every other I came to reflect onconsideration on killexams.

I feel very confident by preparing CAS-002 actual test questions.

i might probably advise it to my companions and accomplices. I got 360 of imprints. i used to be enchanted with the results I were given with the assist study manual CAS-002 exam route cloth. I generally idea authentic and extensive researchwere the reaction to any or all exams, until I took the assistance of killexams.com brain sell off to pass my exam CAS-002. extraordinarily satisfy.

Found an accurate source for real CAS-002 Actual Questions.

Im inspired to look the feedback that CAS-002 braindump is up to date. The modifications are very new and that i did no longer anticipate to discover them everywhere. I just took my first CAS-002 examination so this one can be the following step. Gonna order soon.

Do you know the fastest manner to clear CAS-002 examination? i have were given it.

i used to be a lot disappointed in the ones days due to the fact I didnt any time to prepare for CAS-002 examination prep because of my a few each day routine paintings I ought to spend maximum time at the way, a long distance from my domestic to my paintings region. i used to be so much concerned about CAS-002 examination, due to the fact time is so near, then in the future my pal informed approximately killexams, that turned into the flip to my life, the answer of my all troubles. I should do my CAS-002 exam prep at the way easily through the use of my computer and killexams.com is so dependable and extremely good.

I sense very assured through preparing CAS-002 present day Braindumps.

I have been using the killexams.com for a while to all my exams. Last week, I passed with a great score in the CAS-002 exam by using the Q&A study resources. I had some doubts on topics, but the material cleared all my doubts. I have easily found the solution for all my doubts and issues. Thanks for providing me the solid and reliable material. It is the best product as I know.

Just try these real questions and success is yours.

I efficiently comprehended the troublesome themes like shipping Competence and content material expertise effectsfrom killexams. I correctly score ninety% marks. All credits to killexams.com. i used to be looking for a reference guidewhich helped me in planning for the CAS-002 examination. My occupied calendar simply permitted me to extra time of twohours by using one approach or another. through booking and deciding to buy the killexams.com Questions/solutionsand examination simulaotr, I were given it at my entryway mission internal one week and commenced planning.

amazed to peer CAS-002 real questions!

i am over the moon to mention that I exceeded the CAS-002 exam with ninety two% rating. killexams.com Questions & answers notes made the entire issue substantially easy and clean for me! maintain up the notable work. inside the wake of perusing your direction notes and a chunk of practice structure exam simulator, i used to be efficiently ready to bypass the CAS-002 examination. clearly, your direction notes in reality supported up my actuality. a few topics like instructor conversation and Presentation abilties are achieved very nicely.

Observed maximum CAS-002 Questions in braindumps that I prepared.

I dont feel alone during exams anymore because I have a wonderful study partner in the form of this killexams. Not only that but I also have teachers who are ready to guide me at any time of the day. This same guidance was given to me during my exams and it didnt matter whether it was day or night, all my queries were answered. I am very thankful to the teachers here for being so nice and friendly and helping me in clearing my very tough exam with CAS-002 study material and CAS-002 study and yes even CAS-002 self study is awesome.

I got CAS-002 certified in 2 days preparation.

To get success in CAS-002 exam. people believe that a student must possess sharp mind. Although it is true but it is not entirely true since along with the student, the coach or the instructor must also be well qualified and educated. I feel blessed that I was acquainted with this Killexams.com where I met such great educators who taught me how to clear my CAS-002 test and got me through them with a breeze. I thank them with the bottom of my heart.

See more CompTIA dumps

FC0-U41 | TK0-201 | EK0-001 | LX0-104 | SK0-004 | JK0-801 | PK0-003 | PD0-001 | SK0-003 | N10-006 | JK0-023 | CS0-001 | JK0-U11 | 220-902 | JK0-022 | CV0-001 | CLO-001 | 220-901 | CD0-001 | FC0-U51 | FC0-U11 | ISS-001 | PK0-004 | JK0-019 | MB0-001 | SY0-401 | JK0-802 | CAS-002 | CN0-201 | JK0-U21 | JK0-U31 | LX0-103 | FC0-TS1 |

Latest Exams added on bigdiscountsales

1Z0-453 | 210-250 | 300-210 | 500-205 | 500-210 | 70-765 | 9A0-409 | C2010-555 | C2090-136 | C9010-260 | C9010-262 | C9020-560 | C9020-568 | C9050-042 | C9050-548 | C9050-549 | C9510-819 | C9520-911 | C9520-923 | C9520-928 | C9520-929 | C9550-512 | CPIM-BSP | C_TADM70_73 | C_TB1200_92 | C_TBW60_74 | C_TPLM22_64 | C_TPLM50_95 | DNDNS-200 | DSDPS-200 | E20-562 | E20-624 | E_HANABW151 | E_HANAINS151 | JN0-1330 | JN0-346 | JN0-661 | MA0-104 | MB2-711 | NSE6 | OMG-OCRES-A300 | P5050-031 |

See more dumps on bigdiscountsales

HP0-J33 | 00M-664 | C4040-224 | 648-244 | 000-956 | MSC-121 | 9A0-039 | ST0-086 | 642-415 | C2090-463 | 642-885 | MB2-704 | CCA-500 | 77-881 | 000-048 | HP0-096 | 70-564-CSharp | 920-352 | 510-888 | 000-540 | 000-575 | HP2-N31 | MOS-EXP | C9550-512 | 00M-241 | 650-754 | HP2-Z37 | 156-410-12 | A00-205 | JN0-346 | 000-559 | 050-v70-CSEDLPS02 | A2040-403 | 310-812 | 1V0-604 | 100-105 | 000-371 | HP2-005 | 000-N01 | 005-002 | 000-N19 | LOT-800 | 00M-657 | 000-107 | NS0-111 | 1Z0-460 | Adwords-Reporting | 1Z0-066 | HP2-Z30 | LOT-803 |

CAS-002 Questions and Answers

QUESTION: 517

A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications’ compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? (Select TWO).

1. Establish the security control baseline to be assessed
2. Build the application according to software development security standards
3. Write the systems functionality requirements into the security requirements traceability matrix
4. Review the results of user acceptance testing
5. Categorize the applications according to use
6. Consult with the stakeholders to determine which standards can be omitted

Answer: A, E

QUESTION: 518

Company XYZ is building a new customer facing website which must access some corporate resources. The company already has an internal facing web server and a separate server supporting an extranet to which suppliers have access. The extranet web server is located in a network DMZ. The internal website is hosted on a laptop on the internal corporate network. The internal network does not restrict traffic between any internal hosts. Which of the following locations will BEST secure both the intranet and the customer facing website?

1. The existing internal network segment
2. Dedicated DMZ network segments
3. The existing extranet network segment
4. A third-party web hosting company

Answer: B

QUESTION: 519

A security analyst is tasked to create an executive briefing, which explains the activity and motivation of a cyber adversary. Which of the following is the MOST important content for the brief for management personnel to understand?

1. Threat actor types, threat actor motivation, and attack tools
2. Unsophisticated agents, organized groups, and nation states
3. Threat actor types, attack sophistication, and the anatomy of an attack
4. Threat actor types, threat actor motivation, and the attack impact

Answer: D

QUESTION: 520

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string: user@hostname:~$ sudo nmap –O 192.168.1.54

Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:

TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778

Based on this information, which of the following operating systems is MOST likely running on the unknown node?

1. Linux
2. Windows
3. Solaris
4. OSX

Answer: C

QUESTION: 521

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?

1. Least privilege
2. Job rotation
3. Mandatory vacation
4. Separation of duties

Answer: B

QUESTION: 522

A company wishes to purchase a new security appliance. A security administrator has extensively researched the appliances, and after presenting security choices to the company’s management team, they approve of the proposed solution. Which of the following documents should be constructed to acquire the security appliance?

1. SLA
2. RFQ
3. RFP
4. RFI

Answer: B

QUESTION: 523

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO).

1. Availability
2. Authentication
3. Integrity
4. Confidentiality
5. Encryption

Answer: B, C

QUESTION: 524

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).

1. Facilities management
2. Human resources
3. Research and development
4. Programming
5. Data center operations
6. Marketing
7. Information technology

Answer: A, E, G

QUESTION: 525

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

1. Physical penetration test of the datacenter to ensure there are appropriate controls.
2. Penetration testing of the solution to ensure that the customer data is well protected.
3. Security clauses are implemented into the contract such as the right to audit.
4. Review of the organizations security policies, procedures and relevant hosting certifications.
5. Code review of the solution to ensure that there are no back doors located in the software.

Answer: C, D

QUESTION: 526

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?

1. The tool could show that input validation was only enabled on the client side
2. The tool could enumerate backend SQL database table and column names
3. The tool could force HTTP methods such as DELETE that the server has denied
4. The tool could fuzz the application to determine where memory leaks occur

Answer: A

QUESTION: 527

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution?

1. Implement an IPS to block the application on the network
2. Implement the remote application out to the rest of the servers
3. Implement SSL VPN with SAML standards for federation
4. Implement an ACL on the firewall with NAT for remote access

Answer: C

QUESTION: 528

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?

1. What are the protections against MITM?
2. What accountability is built into the remote support application?
3. What encryption standards are used in tracking database?
4. What snapshot or “undo” features are present in the application?
5. What encryption standards are used in remote desktop and file transfer functionality?

Answer: B

QUESTION: 529

The Chief Executive Officer (CEO) has asked the IT administrator to protect the externally facing web server from SQL injection attacks and ensure the backend database server is monitored for unusual behavior while enforcing rules to terminate unusual behavior. Which of the following would BEST meet the CEO’s requirements?

1. WAF and DAM
2. UTM and NIDS
3. DAM and SIEM
4. UTM and HSM
5. WAF and SIEM

Answer: A

QUESTION: 530

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

1. Demonstration of IPS system
2. Review vendor selection process
3. Calculate the ALE for the event
4. Discussion of event timeline
5. Assigning of follow up items

Answer: D, E

QUESTION: 531

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).

1. Web cameras
2. Email
3. Instant messaging
4. BYOD
5. Desktop sharing
6. Presence

Answer: C, E

QUESTION: 532

A company has decided to move to an agile software development methodology. The company gives all of its developers security training. After a year of agile, a management review finds that the number of items on a vulnerability scan has actually increased since the methodology change. Which of the following best practices has MOST likely been overlooked in the agile implementation?

1. Penetration tests should be performed after each sprint.
2. A security engineer should be paired with a developer during each cycle.
3. The security requirements should be introduced during the implementation phase.
4. The security requirements definition phase should be added to each sprint.

Answer: D

CompTIA CAS-002 Exam (CompTIA Advanced Security Practitioner (CASP)) Detailed Information

CAS-002 - CompTIA Advanced Security Practitioner (CASP)

---

CAS-002 Test Objectives

---

CompTIA Advanced

Security Practitioner Certification

Exam Objectives

EXAM NUMBER: CAS-002

About the Exam

The CompTIA Advanced Security Practitioner (CASP) CAS-002 certification is a vendor-neutral credential. The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. Candidates are encouraged to use this document to help prepare for the CASP exam, which measures necessary skills for IT security professionals. Successful candidates will have the knowledge required to:

• Conceptualize, engineer, integrate and implement secure solutions across complex environments
• Apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies
• Translate business needs into security requirements
• Analyze risk impact
• Respond to security incidents
  These content examples are meant to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination.
  EXAM ACCREDITATION
  CASP is accredited by ANSI to show compliance with the ISO 17024 Standard and, as such, undergoes regular reviews and updates to the exam objectives.
  
  
  TEST DETAILS
  Required exam CASP CAS-002 Number of questions Maximum of 90
  Types of questions Multiple choice and performance-based Length of test 165 minutes
  Recommended experience Ten years of experience in IT administration, including at least
  five years of hands-on technical security experience
  Passing score CASP CAS-002: Pass/Fail only. No scaled score.
  EXAM OBJECTIVES (DOMAINS)
  The table below lists the domains measured by this examination and the extent to which they are represented:

  DOMAIN PERCENTAGE OF EXAMINATION

  1.0 Enterprise Security	30%
  2.0 Risk Management and Incident Response	20%
  3.0 Research and Analysis	18%
  4.0 Integration of Computing, Communications
  and Business Disciplines	16%
  5.0 Technical Integration of Enterprise Components	16%
  Total	100%

  1.0 Enterprise Security

  1.1

  Given a scenario, select appropriate cryptographic concepts and techniques.
  • Techniques
    • Key stretching
    • Hashing
    • Code signing
    • Pseudorandom number generation
    • Perfect forward secrecy
    • Transport encryption
    • Data-at-rest encryption
    • Digital signature
  • Concepts
    • Entropy
    • Diffusion
    • Confusion
    • Non-repudiation
    • Confidentiality
    • Integrity
      • Chain of trust, root of trust
      • Cryptographic applications and proper/improper implementations
      • Advanced PKI concepts
        • Wild card
        • OCSP vs. CRL
        • Issuance to entities
        • Users
        • Systems
        • Applications
        • Key escrow
      • Steganography
      • Implications of cryptographic methods and design
        • Stream
        • Block
          • Modes
          • ECB
          • CBC
          • CFB
          • OFB
          • Known flaws/weaknesses
          • Strength vs. performance vs. feasibility to implement
            vs. interoperability
  • Implementations
    • DRM
    • Watermarking
    • GPG
    • SSL
    • SSH
    • S/MIME

      1.2

      Explain the security implications associated with enterprise storage.
  • Storage types
    • Virtual storage
    • Cloud storage
    • Data warehousing
    • Data archiving
    • NAS
    • SAN
    • vSAN
  • Storage protocols
    • iSCSI
    • FCoE
    • NFS, CIFS
  • Secure storage management
    • Multipath
    • Snapshots
    • Deduplication
    • Dynamic disk pools
    • LUN masking/mapping
    • HBA allocation
    • Offsite or multisite replication
      • Encryption
        • Disk
        • Block
        • File
        • Record
        • Port

      1.3

      Given a scenario, analyze network and security components, concepts and architectures.

      	- NextGen firewalls
      - Remote access	- IPS	switches and other network devices
      - VPN	- Passive vulnerability scanners	- Transport security
      - SSH	- DAM	- Trunking security
      - RDP		- Route protection
      - VNC	security components
      - SSL	- Switches	- Data flow enforcement
      - IPv6 and associated	- Firewalls	- DMZ
      transitional technologies	- Wireless controllers	- Separation of critical assets
      - Transport encryption	- Routers
      - Network authentication methods	- Proxies	- Quarantine/remediation
      - 802.1x
      - Mesh networks	solutions for data flow	network-enabled devices
      	- SSL inspection	- Building automation systems
      - UTM	- Network flow data	- IP video
      - NIPS		- HVAC controllers
      - NIDS	networking and security components	- Sensors
      - INE	- ACLs	- Physical access control systems
      - SIEM	- Change monitoring	- A/V systems
      - HSM	- Configuration lockdown	- Scientific/industrial equipment
      - Placement of devices	- Availability controls
      - Application and protocol		Control and Data Acquisition (SCADA)/
      aware technologies		Industrial Control Systems (ICS)
      - WAF

      • Advanced network design (wired/wireless)
      • Advanced configuration of routers,
      • Virtual networking and
      • Security zones
      • Network access control
      • Complex network security
      • Operational and consumer
      • Security devices
      • Secure configuration and baselining of
      • Critical infrastructure/Supervisory
      • Software-defined networking
      • Cloud-managed networks
      • Network management and
      monitoring tools

      1.4

      Given a scenario, select and troubleshoot security controls for hosts.
      • Trusted OS (e.g., how and when to use it)
      • Endpoint security software
        • Anti-malware
        • Antivirus
        • Anti-spyware
        • Spam filters
        • Patch management
        • HIPS/HIDS
        • Data loss prevention
        • Host-based firewalls
        • Log monitoring
      • Host hardening
        • Standard operating environment/ configuration baselining
          - Application whitelisting and blacklisting
        • Security/group policy implementation
        • Command shell restrictions
        • Patch management
        • Configuring dedicated interfaces
          • Out-of-band NICs
          • ACLs
          • Management interface
          • Data interface
      • Peripheral restrictions
        • USB
        • Bluetooth
        • Firewire
      • Full disk encryption
      • Security advantages and disadvantages of virtualizing servers
        • Type I
        • Type II
        • Container-based
      • Cloud augmented security services
        • Hash matching
          • Antivirus
          • Anti-spam
          • Vulnerability scanning
        • Sandboxing
          • Content filtering
      • Boot loader protections
        • Secure boot
        • Measured launch
        • Integrity Measurement Architecture (IMA)
        • BIOS/UEFI
      • Vulnerabilities associated with
        co-mingling of hosts with different security requirements
        • VM escape
        • Privilege elevation
        • Live VM migration
        • Data remnants
      • Virtual Desktop Infrastructure (VDI)
      • Terminal services/application delivery services
      • TPM
      • VTPM
      • HSM

      1.5

      Differentiate application vulnerabilities and select appropriate security controls.
      • Web application security design considerations
        • Secure: by design, by default, by deployment
      • Specific application issues
        • Cross-Site Request Forgery (CSRF)
        • Click-jacking
        • Session management
        • Input validation
        • SQL injection
        • Improper error and exception handling
        • Privilege escalation
        • Improper storage of sensitive data
        • Fuzzing/fault injection
        • Secure cookie storage and transmission
        • Buffer overflow
        • Memory leaks
        • Integer overflows
        • Race conditions
          • Time of check
          • Time of use
        • Resource exhaustion
        • Geo-tagging
        • Data remnants
• Application sandboxing
• Application security frameworks
  • Standard libraries
  • Industry-accepted approaches
  • Web services security (WS-security)
• Secure coding standards
• Database Activity Monitor (DAM)
• Web Application Firewalls (WAF)
• Client-side processing vs. server-side processing
  • JSON/REST
  • Browser extensions
    • ActiveX
    • Java Applets
    • Flash
  • HTML5
  • AJAX
  • SOAP
  • State management
  • JavaScript
  2.0 Risk Management and Incident Response

  2.1

  Interpret business and industry influences and explain associated security risks.
  • Risk management of new products, new technologies and user behaviors
  • New or changing business models/strategies
    • Partnerships
    • Outsourcing
    • Cloud
    • Merger and demerger/divestiture
  • Security concerns of integrating diverse industries
    • Rules
    • Policies
    • Regulations
    • Geography
  • Ensuring third-party providers have requisite levels of information security
  • Internal and external influences
    • Competitors
    • Auditors/audit findings
    • Regulatory entities
  • Internal and external client requirements
  • Top level management
  • Impact of de-perimeterization (e.g., constantly changing network boundary)
    • Telecommuting
    • Cloud
    • BYOD
    • Outsourcing

      2.2

      Given a scenario, execute risk mitigation planning, strategies and controls.
      • Classify information types into levels of CIA based on organization/industry
      • Incorporate stakeholder input into CIA decisions
      • Implement technical controls based on CIA requirements and policies of the organization
      • Determine aggregate score of CIA
      • Extreme scenario planning/ worst case scenario
      • Determine minimum required security controls based on aggregate score
      • Conduct system specific risk analysis
      • Make risk determination
        • Magnitude of impact
          • ALE
          • SLE
        • Likelihood of threat
          • Motivation
          • Source
          • ARO
          • Trend analysis
        • Return On Investment (ROI)
        • Total cost of ownership
      • Recommend which strategy should be applied based on risk appetite
        • Avoid
        • Transfer
        • Mitigate
        • Accept
      • Risk management processes
        • Exemptions
        • Deterrance
        • Inherent
        • Residual
      • Enterprise security architecture frameworks
      • Continuous improvement/monitoring
      • Business continuity planning
      • IT governance

      2.3

      2.0 Risk Management and Incident Response
      Compare and contrast security, privacy policies and procedures based on organizational requirements.
  • Policy development and updates in light of new business, technology, risks and environment changes
  • Process/procedure development and updates in light of policy, environment and business changes
  • Support legal compliance and advocacy by partnering with HR, legal, management and other entities
  • Use common business documents to support security
    • Risk assessment (RA)/ Statement Of Applicability (SOA)
    • Business Impact Analysis (BIA)
    • Interoperability Agreement (IA)
    • Interconnection Security Agreement (ISA)
    • Memorandum Of Understanding (MOU)
    • Service Level Agreement (SLA)
    • Operating Level Agreement (OLA)
    • Non-Disclosure Agreement (NDA)
    • Business Partnership Agreement (BPA)
  • Use general privacy principles for sensitive information (PII)
• Support the development of policies that contain
  • Separation of duties
  • Job rotation
  • Mandatory vacation
  • Least privilege
  • Incident response
  • Forensic tasks
  • Employment and termination procedures
  • Continuous monitoring
  • Training and awareness for users
  • Auditing requirements and frequency

  2.4

  Given a scenario, conduct incident response and recovery procedures.
  • E-discovery
    • Electronic inventory and asset control
    • Data retention policies
    • Data recovery and storage
    • Data ownership
    • Data handling
    • Legal holds
  • Data breach
    • Detection and collection
      • Data analytics
    • Mitigation
      • Minimize
      • Isolate
    • Recovery/reconstitution
    • Response
    • Disclosure

• Design systems to facilitate incident response
  • Internal and external violations
    • Privacy policy violations
    • Criminal actions
    • Insider threat
    • Non-malicious threats/ misconfigurations
  • Establish and review system, audit and security logs
• Incident and emergency response
  • Chain of custody
  • Forensic analysis of compromised system
  • Continuity Of Operation Plan (COOP)
  • Order of volatility
    3.0 Research, Analysis and Assessment

    3.1

    Apply research methods to determine industry trends and impact to the enterprise.
    • Perform ongoing research
      • Best practices
      • New technologies
      • New security systems and services
      • Technology evolution (e.g., RFCs, ISO)
    • Situational awareness
      • Latest client-side attacks
      • Knowledge of current vulnerabilities and threats
      • Zero-day mitigating controls and remediation
    - Emergent threats and issues
    • Research security implications of new business tools
      • Social media/networking
      • End user cloud storage
      • Integration within the business
    • Global IA industry/community
      • Computer Emergency Response Team (CERT)
      • Conventions/conferences
      • Threat actors
    - Emerging threat sources/ threat intelligence
    • Research security requirements for contracts
      • Request For Proposal (RFP)
      • Request For Quote (RFQ)
      • Request For Information (RFI)
      • Agreements

        3.2

        Analyze scenarios to secure the enterprise.
    • Create benchmarks and compare to baselines
    • Prototype and test multiple solutions
    • Cost benefit analysis
      • ROI
      • TCO
    • Metrics collection and analysis
    • Analyze and interpret trend data to anticipate cyber defense needs
    • Review effectiveness of existing security controls
    • Reverse engineer/deconstruct existing solutions
    • Analyze security solution attributes to ensure they meet business needs
      • Performance
      • Latency
      • Scalability
      • Capability
      • Usability
      • Maintainability
      • Availability
      • Recoverability
    • Conduct a lessons-learned/ after-action report
    • Use judgment to solve difficult problems that do not have a best solution

      3.3

      Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results.
    • Tool type
      • Port scanners
      • Vulnerability scanners
      • Protocol analyzer
      • Network enumerator
      • Password cracker
      • Fuzzer
      • HTTP interceptor
      • Exploitation tools/frameworks
      • Passive reconnaissance and intelligence gathering tools
        • Social media
        • Whois
        • Routing tables
    • Methods
      • Vulnerability assessment
      • Malware sandboxing
      • Memory dumping, runtime debugging
        • Penetration testing
        • Black box
        • White box
        • Grey box
        • Reconnaissance
        • Fingerprinting
        • Code review
        • Social engineering
          4.0 Integration of Computing, Communications and Business Disciplines

          4.1

          Given a scenario, facilitate collaboration across diverse business units to achieve security goals.
    • Interpreting security requirements and goals to communicate with stakeholders from other disciplines
      • Sales staff
      • Programmer
      • Database administrator
      • Network administrator
    • Management/executive management
    • Financial
    • Human resources
    • Emergency response team
    • Facilities manager
    • Physical security manager
• Provide objective guidance and impartial recommendations to staff and senior management on security processes and controls
• Establish effective collaboration within teams to implement secure solutions
• IT governance

  4.2

  Given a scenario, select the appropriate control to secure communications and collaboration solutions.
  • Security of unified collaboration tools
    • Web conferencing
    • Video conferencing
    • Instant messaging
    • Desktop sharing
    • Remote assistance
    • Presence
      • Email
      • Telephony
        • VoIP
      • Collaboration sites
        • Social media
        • Cloud-based
  • Remote access
  • Mobile device management
    • BYOD
  • Over-the-air technologies concerns

    4.3

    Implement security activities across the technology life cycle.
  • End-to-end solution ownership
    • Operational activities
    • Maintenance
    • Commissioning/decommissioning
    • Asset disposal
    • Asset/object reuse
    • General change management
  • Systems development life cycle
    • Security System Development Life Cycle (SSDLC)/Security Development Lifecycle (SDL)
    • Security Requirements Traceability Matrix (SRTM)
    • Validation and acceptance testing
    • Security implications of agile, waterfall and spiral software development methodologies
  • Adapt solutions to address emerging threats and security trends
  • Asset management (inventory control)
    • Device tracking technologies
      - Geo-location/GPS location
      • Object tracking and containment technologies
        • Geo-tagging/geo-fencing
        • RFID

5.0 Technical Integration

of Enterprise Components

5.1

5.2

Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture.

Secure data flows to meet	- Vulnerabilities associated with a	Logical deployment diagram and
changing business needs	single physical server hosting	corresponding physical deployment
Standards	multiple companies’ virtual machines	diagram of all relevant devices
- Open standards	- Vulnerabilities associated with	Secure infrastructure design (e.g., decide
- Adherence to standards	a single platform hosting multiple	where to place certain devices/applications)
- Competing standards	companies’ virtual machines	Storage integration (security considerations)
- Lack of standards	- Secure use of on-demand/	Enterprise application integration enablers
- De facto standards	elastic cloud computing	- CRM
Interoperability issues	- Data remnants	- ERP
- Legacy systems/current systems	- Data aggregation	- GRC
- Application requirements	- Data isolation	- ESB
- In-house developed vs. commercial	- Resources provisioning	- SOA
vs. commercial customized	and deprovisioning	- Directory services
Technical deployment models	- Users	- DNS
(outsourcing/insourcing/	- Servers	- CMDB
managed services/partnership)	- Virtual devices	- CMS
- Cloud and virtualization	- Applications
considerations and hosting options	- Securing virtual environments, services,
- Public	applications, appliances and equipment
- Private	- Design considerations during mergers,
- Hybrid	acquisitions and demergers/divestitures
- Community	- Network secure segmentation
- Multi-tenancy	and delegation
- Single tenancy

Given a scenario, integrate advanced authentication and authorization technologies to support enterprise objectives.

• Authentication
  • Certificate-based authentication
  • Single sign-on
• Authorization
  • OAUTH
  • XACML
  • SPML
• Attestation
• Identity propagation
• Federation
  • SAML
  • OpenID
  • Shibboleth
  • WAYF
• Advanced trust models
  • RADIUS configurations
  • LDAP
  • AD

CASP Acronyms

The following is a list of acronyms that appear on the CASP exam. Candidates are encouraged to review the complete list and attain a working knowledge of all listed acronyms as a part of a comprehensive exam preparation program.

ACRONYM	SPELLED OUT	ACRONYM	SPELLED OUT
3DES	Triple Digital Encryption Standard	CIRT	Computer Incident Response Team
AAA	Authentication, Authorization and Accounting	CISO	Chief Information Security Officer
AAR	After Action Report	CLI	Command Line Interface
ACL	Access Control List	CMDB	Configuration Management Database
AD	Active Directory	CMS	Content Management System
AES	Advanced Encryption Standard	COOP	Continuity Of Operations
AH	Authentication Header	CORS	Cross-Origin Resource Sharing
AIDE	Advanced Intrusion Detection Environment	COTS	Commercial Off-The-Shelf
AJAX	Asynchronous JAVA And XML	CRC	Cyclical Redundancy Check
ALE	Annualized Loss Expectancy	CredSSP	Credential Security Support Provider
AP	Access Point	CRL	Certification Revocation List
API	Application Programming Interface	CRM	Customer Resource Management
APT	Advanced Persistent Threats	CSP	Cryptographic Service Provider
ARO	Annualized Rate of Occurrence	CSRF	Cross-Site Request Forgery
ARP	Address Resolution Protocol	CVE	Collaborative Virtual Environment
AUP	Acceptable Use Policy	DAC	Discretionary Access Control
AV	Antivirus	DAM	Database Activity Monitoring
BCP	Business Continuity Planning	DDoS	Distributed Denial of Service
BGP	Border Gateway Protocol	DEP	Data Execution Prevention
BIOS	Basic Input/Output System	DES	Digital Encryption Standard
BPA	Business Partnership Agreement	DHCP	Dynamic Host Configuration Protocol
BPM	Business Process Management	DLL	Dynamic Link Library
CA	Certificate Authority	DLP	Data Loss Prevention
CaaS	Communication as a Service	DMZ	Demilitarized Zone
CAC	Common Access Card	DNS	Domain Name Service (Server)
CAPTCHA	Completely Automated Public Turning test to tell	DOM	Document Object Model
	Computers and Humans Apart	DoS	Denial of Service
CASB	Cloud Access Security Broker	DRP	Disaster Recovery Plan
CBC	Cipher Block Chaining	DSA	Digital Signature Algorithm
CCMP	Counter-mode/CBC-Mac Protocol	EAP	Extensible Authentication Protocol
CCTV	Closed-Circuit Television	ECB	Event Control Block
CERT	Computer Emergency Response Team	ECC	Elliptic Curve Cryptography
CFB	Cipher Feedback	EFS	Encrypted File System
CHAP	Challenge Handshake Authentication Protocol	ELA	Enterprise License Agreement
CIA	Confidentiality, Integrity and Availability	EMI	Electromagnetic Interference
CIFS	Common Internet File System	ESA	Enterprise Security Architecture

ESB	Enterprise Service Bus	JSON	JavaScript Object Notation
ESP	Encapsulated Security Payload	JWT	JSON Web Token
EV	Extended Validation (Certificate)	KDC	Key Distribution Center
FCoE	Fiber Channel over Ethernet	KVM	Keyboard, Video, Mouse
FDE	Full Disk Encryption	LAN	Local Area Network
FIM	File Integrity Monitoring	L2TP	Layer 2 Tunneling Protocol
FTP	File Transfer Protocol	LDAP	Lightweight Directory Access Protocol
GPG	GNU Privacy Guard	LEAP	Lightweight Extensible Authentication Protocol
GPU	Graphic Processing Unit	LOB	Line Of Business
GRC	Governance, Risk and Compliance	LTE	Long-Term Evolution
GRE	Generic Routing Encapsulation	LUN	Logical Unit Number
GUI	Graphical User Interface	MaaS	Monitoring as a Service
HBA	Host Bus Adapter	MAC	Mandatory Access Control
HDD	Hard Disk Drive	MAC	Media Access Control or
HIDS	Host-based Intrusion Detection System		Message Authentication Code
HIPS	Host-based Intrusion Prevention System	MAN	Metropolitan Area Network
HMAC	Hashed Message Authentication Code	MBR	Master Boot Record
HOTP	HMAC-based One-Time Password	MD5	Message Digest 5
HSM	Hardware Security Module	MDF	Main Distribution Frame
HSTS	HTTP Strict Transport Security	MDM	Mobile Device Management
HVAC	Heating, Ventilation and Air Conditioning	MEAP	Mobile Enterprise Application Platform
IaaS	Infrastructure as a Service	MFD	Multifunction Device
ICMP	Internet Control Message Protocol	MITM	Man In The Middle
ICS	Industrial Control System	MOA	Memorandum Of Agreement
IDF	Intermediate Distribution Frame	MOU	Memorandum Of Understanding
IdM	Identity Management	MPLS	Multiprotocol Label Switching
IdP	Identity Provider	MSCHAP	Microsoft Challenge Handshake
IDS	Intrusion Detection System		Authentication Protocol
IETF	Internet Engineering Task Force	MSS	Managed Security Service
IKE	Internet Key Exchange	MTA	Message Transfer Agent
IM	Instant Messaging	MTBF	Mean Time Between Failure
IMAP	Internet Message Access Protocol	MTD	Maximum Tolerable Downtime
INE	Inline Network Encryptor	MTTR	Mean Time To Recovery
IOC	Input/Output Controller	MTU	Maximum Transmission Unit
IP	Internet Protocol	NAC	Network Access Control
IPS	Intrusion Prevention Systems	NAS	Network Attached Storage
IPSec	Internet Protocol Security	NAT	Network Address Translation
IR	Incident Response	NDA	Non-Disclosure Agreement
IRC	Internet Relay Chat	NFS	Network File System
IS-IS	Intermediate System to Intermediate System	NIDS	Network-based Intrusion Detection System
ISA	Interconnection Security Agreement	NIPS	Network-based Intrusion Prevention System
ISAC	Information Sharing Analysis Center	NIST	National Institute of Standards and Technology
iSCSI	Internet Small Computer System Interface	NLA	Network Level Authentication
ISMS	Information Security Management System	NOS	Network Operating System
ISP	Internet Service Provider	NSP	Network Service Provider
IV	Initialization Vector	NTFS	New Technology File System

NTLM	New Technology LANMAN	ROI	Return On Investment
NTP	Network Time Protocol	RPO	Recovery Point Objective
OCSP	Online Certificate Status Protocol	RSA	Rivest, Shamir and Adleman
OFB	Output Feedback	RTO	Recovery Time Objective
OLA	Operating Level Agreement	RTP	Real-time Transport Protocol
OS	Operating System	S/MIME	Secure/Multipurpose Internet Mail Extensions
OSI	Open Systems Interconnection	SaaS	Software as a Service
OSPF	Open Shortest Path First	SAML	Security Assertions Markup Language
OTP	One-Time Password	SAN	Subject Alternative Name or Storage Area Network
OVAL	Open Vulnerability Assessment Language	SAS	Statement on Auditing Standards
OWASP	Open Web Application Security Project	SATCOM	Satellite Communications
P2P	Peer to Peer	SCADA	Supervisory Control And Data Acquisition
PaaS	Platform as a Service	SCAP	Security Content Automation Protocol
PACS	Physical Access Control Server	SCEP	Simple Certificate Enrollment Protocol
PAP	Password Authentication Protocol	SCP	Secure Copy
PAT	Port Address Translation	SCSI	Small Computer System Interface
PBKDF2	Password-Based Key Derivation Function 2	SDL	Security Development Life Cycle
PBX	Private Branch Exchange	SDLC	Software Development Life Cycle
PCI-DSS	Payment Card Industry Data Security Standard	SDLM	Software Development Life Cycle Methodology
PDP	Policy Distribution Point	SELinux	Security Enhanced Linux
PEAP	Protected Extensible Authentication Protocol	SFTP	Secure File Transfer Protocol
PEP	Policy Enforcement Point	SHA	Secure Hashing Algorithm
PFS	Perfect Forward Secrecy	SIEM	Security Information Event Management
PGP	Pretty Good Privacy	SIM	Subscriber Identity Module
PII	Personal Identifiable Information	SIP	Session Initiation Protocol
PIP	Policy Information Point	SLA	Service Level Agreement
PKI	Public Key Infrastructure	SLE	Single Loss Expectancy
PLC	Programmable Logical Controller	SMB	Server Message Block
POTS	Plain Old Telephone Service	SMS	Short Message Service
PPP	Point-to-Point Protocol	SMTP	Simple Mail Transfer Protocol
PPTP	Point-to-Point Tunneling Protocol	SNAT	Secure Network Address Translation
PSK	Pre-Shared Key	SNMP	Simple Network Management Protocol
QA	Quality Assurance	SOA	Service Oriented Architecture or Start Of Authority
QoS	Quality of Service	SOAP	Simple Object Access Protocol
R&D	Research and Development	SOC	Security Operations Center or
RA	Recovery Agent or Registration Authority		Service Organization Controls
RAD	Rapid Application Development	SOE	Standard Operating Environment
RADIUS	Remote Authentication Dial-In User Server	SOP	Same Origin Policy
RAID	Redundant Array of Inexpensive/Independent Disks	SOW	Statement Of Work
RAS	Remote Access Server	SOX	Sarbanes-Oxley Act
RBAC	Role-Based Access Control or	SP	Service Provider
	Rule-Based Access Control	SPIM	Spam Over Internet Messaging
REST	Representational State Transfer	SPIT	Spam over Internet Telephony
RFC	Request For Comments	SPML	Service Provisioning Markup Language
RFI	Request For Information	SRTM	Security Requirements Traceability Matrix
RFP	Request For Proposal	SRTP	Secure Real-Time Protocol
RFQ	Request For Quote	SSD	Solid State Drive

SSDLC	Security System Development Life Cycle	VDI	Virtual Desktop Infrastructure
SSH	Secure Shell	VLAN	Virtual Local Area Network
SSID	Service Set Identifier	VM	Virtual Machine
SSL	Secure Sockets Layer	VMFS	Virtual Memory File System
SSO	Single Sign-On	VNC	Virtual Network Connection
SSP	Storage Service Provider	VoIP	Voice over IP
TACACS	Terminal Access Controller Access Control System	VPN	Virtual Private Network
TCO	Total Cost of Ownership	VRRP	Virtual Router Redundancy Protocol
TCP/IP	Transmission Control Protocol/Internet Protocol	vSAN	Virtual Storage Area Network
TKIP	Temporal Key Integrity Protocol	VTC	Video Teleconferencing
TLS	Transport Layer Security	VTPM	Virtual TPM
TOS	Type Of Service	WAF	Web Application Firewall
TOTP	Time-based One-Time Password	WAP	Wireless Access Point
TPM	Trusted Platform Module	WAYF	Where Are You From
TSIG	Transaction Signature Interoperability Group	WEP	Wired Equivalent Privacy
TTR	Time To Restore	WIDS	Wireless Intrusion Detection System
UAC	User Access Control	WIPS	Wireless Intrusion Prevention System
UAT	User Acceptance Testing	WPA	Wireless Protected Access
UDDI	Universal Description Discovery and Integration	WRT	Work Recovery Time
UDP	User Datagram Protocol	WSDL	Web Services Description Language
UEFI	Unified Extensible Firmware Interface	WWN	World Wide Name
UPS	Uninterruptable Power Supply	XACML	eXtensible Access Control Markup Language
URL	Universal Resource Locator	XHR	XMLHttpRequest
USB	Universal Serial Bus	XMPP	eXtensible Messaging and Presence
UTM	Unified Threat Management	XSS	Cross-Site Scripting
VaaS	Voice as a Service

CASP Proposed Hardware and Software List

CompTIA has included this sample list of hardware and software to assist candidates as they prepare for the CASP exam. This list may also be helpful for training companies who wish to create a lab component to their training offering. The bulleted lists below each topic are a sample list and not exhaustive.

EQUIPMENT

• Laptops
• Basic server hardware (email server/ active directory server, trusted OS)
• Basic NAS/SAN
• Tokens
• Mobile devices
• Switches (managed switch) - IPv6 capable
• Router - IPv6 capable
• Gateway
• Firewall
• VoIP
• Proxy server
• Load balancer
• NIPS
• HSM
• Access points
• Crypto-cards
• Smart cards
• Smart card reader
• Biometric devices

  SPARE HARDWARE

• Keyboards
• Cables
• NICs
• Power supplies
• External USB flash drives

  TOOLS

• Spectrum analyzer
• Vulnerability scanner
• Antennas
• Network mapper
• Protocol analyzer

  SOFTWARE

• Virtualized appliances (firewall, IPS, SIEM solution, RSA authentication, Asterisk PBX)
• Packets Sniffer
• Windows
• Linux
• VMware player/virtualbox
• Vulnerability assessment tools
• Port scanner
• SSH and Telnet utilities
• Threat modeling tool
• Host IPS
• Helix software
• Kali
• Remediation software
• Open VAS
• Pentest suite
• Metasploit
• GNS
• Honeypot software

  OTHER

• Sample logs
• Sample network traffic (packet capture)
• Sample organizational structure
• Sample network documentation
• Broadband Internet connection
• 3G/4G and/or hotspot

© 2016 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduc- tion or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 03081-Feb2016