CompTIA Advanced Security Practitioner CASP

54 students review
CompTIA® Advanced Security Practitioner (CASP) (Exam CAS-002)

Course Description

You have experience in the increasingly crucial field of information security, and now you're ready to take that experience to the next level. CompTIA Advanced Security Practitioner (CASP) (Exam CAS-002) is the course you will need to take if your job responsibilities include securing complex enterprise environments. In this course, you will expand on your knowledge of information security to apply more advanced principles that will keep your organization safe from the many ways it can be threatened. Today's IT climate demands individuals with demonstrable skills, and the information and activities in this course can help you develop the skill set you need to confidently perform your duties as an advanced security professional.

This course can also benefit you if you intend to pass the CompTIA Advanced Security Practitioner (CAS-002) certification examination. What you learn and practice in this course can be a significant part of your preparation.


Course Objectives:

In this course, you will analyze and apply advanced security concepts, principles, and implementations that contribute to enterprise-level security.

What you will learn:

  • Manage risk in the enterprise.
  • Integrate computing, communications, and business disciplines in the enterprise.
  • Use research and analysis to secure the enterprise.
  • Integrate advanced authentication and authorization techniques.
  • Implement cryptographic techniques.
  • Implement security controls for hosts.
  • Implement security controls for storage.
  • Analyze network security concepts, components, and architectures, and implement controls.
  • Implement security controls for applications.
  • Integrate hosts, storage, networks, and applications in a secure enterprise architecture.
  • Conduct vulnerability assessments.
  • Conduct incident and emergency responses.
Target Student:

This course is designed for IT professionals who want to acquire the technical knowledge and skills needed to conceptualize, engineer, integrate, and implement secure solutions across complex enterprise environments. The target student should aspire to apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies; translate business needs into security requirements; analyze risk impact; and respond to security incidents.

This course is also designed for students who are seeking the CompTIA Advanced Security Practitioner (CASP) certification and who want to prepare for Exam CAS-002. Students seeking CASP certification should have at least 10 years of experience in IT management, with at least 5 years of hands-on technical security experience.


To be fit for this advanced course, you should have at least a foundational knowledge of information security. You can obtain this level of knowledge by taking the CompTIA Security+ (SY0-401) course offered. You may also demonstrate this level of knowledge by passing the Security+ (SY0-401) exam.

Although not required, we suggest that you either take the following courses or possess the equivalent knowledge in the areas of computer networking and computer maintenance:

  • CompTIA Network+ (N10-007) or CompTIA® Network+® (N10-007)
  • CompTIA A+: A Comprehensive Approach (Exams 220-901 and 220-902)

Course-specific Technical Requirements


For this course, you will need one Windows Server 2012 R2 computer for each student and for the instructor. Make sure that each computer meets the minimum hardware specifications, as well as the classroom hardware specifications:

  • 2 gigahertz (GHz) 64-bit processor that supports the VT-x or AMD-V virtualization instruction set.
  • 6 gigabytes (GB) of Random Access Memory (RAM) recommended. (4 GB is the minimum.)
  • 80 GB hard disk or larger.
  • Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1,024 x 768 pixels, at least a 256-color display, and a video adapter with at least 4 MB of memory.
  • Bootable DVD-ROM or USB drive.
  • Keyboard and mouse or a compatible pointing device.
  • Gigabit Ethernet adapter (10/100/1000BaseT) and cabling to connect to the classroom network.
  • IP addresses that do not conflict with other portions of your network.
  • Internet access (contact your local network administrator).
  • The instructor computer will need a display system to project the instructor's computer screen.
  • At least one removable USB drive for students to share if they do not have their own.
  • Windows Server® 2012 R2 Standard Edition with sufficient licenses.

Windows Server 2012 R2 requires activation unless you have volume-licensing agreements. There is a grace period for activation. If the duration of your class will exceed the activation grace period (for example, if you are teaching the class over the course of an academic semester), you should activate the installations at some point before the grace period expires. Otherwise, the operating system may stop working before the class ends.

  • Microsoft® Office 2013, or an open source alternative such as LibreOffice or Apache OpenOffice™.
  • Adobe® Reader® XI.
  • Internet Explorer® 11.
  • Kali Linux™ version 1.0.9a.

The steps to download the Kali Linux system image are described in the course setup that follows. Note that the URL path to this download may have changed after this course was written.

  • Miscellaneous third-party software, some of which is included in the course data files:
  • Microsoft Baseline Security Analyzer version 2.3 (MBSASetup-x64-EN.msi).
  • Bitvise SSH Server version 6.07 (BvSshServer-Inst.exe).
  • PuTTY version 0.63 (putty-0.63-installer.exe).
  • Oracle® VM VirtualBox version 4.3.12 (VirtualBox-4.3.12-93733-Win.exe).
  • Autopsy® version 3.0.10 (autopsy-3.0.10-64bit.msi).

Due to licensing restrictions, Microsoft Baseline Security Analyzer (MBSA) and Bitvise SSH Server are not distributed with the course data files. The steps to download these tools are described in the course setup that follows. Note that the URL path to these downloads may have changed after this course was written. PuTTY is distributed with the course data files under the MIT License. VirtualBox is distributed with the course data files under version 2 of the GNU General Public License (GPL). Autopsy is distributed with the course data files under Apache License 2.0.

In order for VirtualBox virtualization to work, your processor's Intel virtualization (VT-x) or AMD virtualization (AMD-V) must be enabled. You can check if virtualization is enabled by entering your computer's BIOS. You can typically find this feature in the advanced settings of the BIOS under Intel/AMD virtualization or VT-x/AMD-V.

The activities in this course were written to the versions of the software noted previously. If new versions of MBSA, Bitvise SSH Server, Adobe Reader, or Kali Linux have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.

  • If necessary, software for viewing the course slides. (Instructor machine only.)
Course Content

Managing Risk .

Identify the Importance of Risk Management
Assess Risk
Mitigate Risk
Integrate Documentation into Risk Management

Integrating Computing, Communications, and Business Disciplines

Facilitate Collaboration Across Business Units
Secure Communications and Collaboration Solutions
Implement Security Activities Throughout the Technology Life Cycle

Using Research and Analysis to Secure the Enterprise

Determine Industry Trends and Effects on the Enterprise
Analyze Scenarios to Secure the Enterprise

Integrating Advanced Authentication and Authorization Techniques

Implement Authentication and Authorization Technologies
Implement Advanced Identity Management

Implementing Cryptographic Techniques

Describe Cryptographic Concepts
Choose Cryptographic Techniques
Choose Cryptographic Implementations

Implementing Security Controls for Hosts

Select Host Hardware and Software
Harden Hosts
Virtualize Servers and Desktops
Implement Cloud Augmented Security Services
Protect Boot Loaders

Implementing Security Controls for Enterprise Storage

Identify Storage Types and Protocols
Implement Secure Storage Controls

Analyzing and Implementing Network Security

Analyze Network Security Components and Devices
Analyze Network-Enabled Devices
Analyze Advanced Network Design
Configure Controls for Network Security

Implementing Security Controls for Applications

Identify General Application Vulnerabilities
Identify Web Application Vulnerabilities
Implement Application Security Controls

Integrating Hosts, Storage, Networks, and Applications in a Secure Enterprise Architecture

Implement Security Standards in the Enterprise
Select Technical Deployment Models
Secure the Design of the Enterprise Infrastructure
Secure Enterprise Application Integration Enablers

Conducting Vulnerability Assessments

Select Vulnerability Assessment Methods
Select Vulnerability Assessment Tools

Responding to and Recovering from Incidents

Design Systems to Facilitate Incident Response
Conduct Incident and Emergency Responses

Appendix A: Mapping Course Content to CompTIA Advanced Security Practitioner (CASP) Exam CAS-002

5 Hours a Day 4 Days a Week
Guaranteed to Run (GTR)
09/04/2018 to 09/14/2018
5 Hours a Day 4 Days a Week
11/01/2018 to 11/14/2018
5 Hours a Day 4 Days a Week
Guaranteed to Run (GTR)
01/07/2019 to 01/18/2019
5 Hours a Day 4 Days a Week
03/04/2019 to 03/15/2019
5 Hours a Day 4 Days a Week
Guaranteed to Run (GTR)
05/06/2019 to 05/17/2019
5 Hours a Day 4 Days a Week
Guaranteed to Run (GTR)
07/08/2019 to 07/19/2019
5 Hours a Day 4 Days a Week
to Run (GTR)
$2,500.00 Enroll Now
5 Hours a Day 4 Days a Week
to Run (GTR)
$2,500.00 Enroll Now
5 Hours a Day 4 Days a Week
to Run (GTR)
$2,500.00 Enroll Now
5 Hours a Day 4 Days a Week
$2,500.00 Enroll Now
5 Hours a Day 4 Days a Week
to Run (GTR)
$2,500.00 Enroll Now
5 Hours a Day 4 Days a Week
to Run (GTR)
$2,500.00 Enroll Now
  • CompTIA
  • EC-Council