CAS-003 CompTIA Advanced Security Practitioner+ (CASP+) Exam
Opis
Egzamin CAS-003 CompTIA Advanced Security Practitioner+ (CASP+) Exam sprawdza, czy kandydaci posiadają zaawansowaną wiedzę i umiejętności z zakresu bezpieczeństwa informacji. A w szczególności wiedzę niezbędną do:
- Opracowywania koncepcji, integracji i wdrażania kompleksowych rozwiązań bezpieczeństwa w złożonych środowiskach
- Podejmowania kluczowych decyzji i osadów w ramach szerokiego spektrum zagadnień bezpieczeństwa w celu proponowania i wdrażania trwałych rozwiązań zabezpieczających, które uwzględniają strategie organizacyjne
- Przenoszenia potrzeb biznesowych na wymagania bezpieczeństwa
- Analizowania wpływu ryzyka
- Właściwego reagowania na zdarzenia związane z bezpieczeństwem
- Rozszerzania punktów kontroli bezpieczeństwa o urządzenia mobilne i urządzenia typu IoT, a także o potencjalne podatności w oprogramowaniu
- Integracji technologii chmurowych i wirtualizacji w ramach bezpiecznej architektury korporacyjnej
- Wdrażania technik kryptograficznych: blockchain, krypto waluty i szyfrowanie urządzeń mobilnych
Przebieg egzaminu:
Egzamin dostępny w języku angielskim.
Maksymalny czas trwania egzaminu: 165 minut
Pytania typu test wyboru oraz zadania do wykonana https://certification.comptia.org/it-career-news/post/view/2012/10/09/what-is-a-performance-based-question- :
- jedna prawidłowa odpowiedź
- wiele prawidłowych odpowiedzi
- odpowiedzi do ręcznego uzupełnienia
- https://www.youtube.com/watch?v=Nq9LnfAkOcM
Maksymalna liczba pytań: 90
Gdzie
Egzamin zdawany za pośrednictwem centrów testowych Pearson VUE
Wymagania
Pozytywny wynik egzaminu. Egzamin podlega ocenie PASS/FAIL nie ma oceny punktowej.
Cena
439 USDZagadnienia
Lista domen wiedzy i ich procentowy udział w pytaniach egzaminacyjnych podczas egzaminu CAS-003 CompTIA Advanced Security Practitioner+ (CASP+) Exam
Risk Management - 19%
Summarize business and industry influences and associated security risks.
- Risk management of new products, new technologies and user behaviors
- New or changing business models/strategies
- Partnerships
- Outsourcing
- Cloud
- Acquisition/merger – divestiture/demerger
- Data ownership
- Data reclassification
- Security concerns of integrating diverse industries
- Rules
- Policies
- Regulations
- Export controls
- Legal requirements
- Geography
- Data sovereignty
- Jurisdictions
- Internal and external influences
- Competitors
- Auditors/audit findings
- Regulatory entities
- Internal and external client requirements
- Top-level management
- Impact of de-perimeterization (e.g., constantly changing network boundary)
- Telecommuting
- Cloud
- Mobile
- BYOD
- Outsourcing
- Ensuring third-party providers have requisite levels of information security
Compare and contrast security, privacy policies and procedures based on organizational requirements.
- Policy and process life cycle management
- New business
- New technologies
- Environmental changes
- Regulatory requirements
- Emerging risks
- Support legal compliance and advocacy by partnering with human resources, legal, management and other entities
- Understand common business documents to support security
- Risk assessment (RA)
- Business impact analysis (BIA)
- Interoperability agreement (IA)
- Interconnection security agreement (ISA)
- Memorandum of understanding (MOU)
- Service-level agreement (SLA)
- Operating-level agreement (OLA)
- Non-disclosure agreement (NDA)
- Business partnership agreement (BPA)
- Master service agreement (MSA)
- Research security requirements for contracts
- Request for proposal (RFP)
- Request for quote (RFQ)
- Request for information (RFI)
- Understand general privacy principles for sensitive information
- Support the development of policies containing standard security practices
- Separation of duties
- Job rotation
- Mandatory vacation
- Least privilege
- Incident response
- Forensic tasks
- Employment and termination procedures
- Continuous monitoring
- Training and awareness for users
- Auditing requirements and frequency
- Information classification
Given a scenario, execute risk mitigation strategies and controls.
- Categorize data types by impact levels based on CIA
- Incorporate stakeholder input into CIA impact-level decisions
- Determine minimum-required security controls based on aggregate score
- Select and implement controls based on CIA requirements and organizational policies
- Extreme scenario planning/worst-case scenario
- Conduct system-specific risk analysis
- Make risk determination based upon known metrics
- Magnitude of impact based on ALE and SLE
- Likelihood of threat
- Motivation
- Source
- ARO
- Trend analysis
- Return on investment (ROI)
- Total cost of ownership
- Translate technical risks in business terms
- Recommend which strategy should be applied based on risk appetite
- Avoid
- Transfer
- Mitigate
- Accept
- Risk management processes
- Exemptions
- Deterrence
- Inherent
- Residual
- Continuous improvement/monitoring
- Business continuity planning
- RTO
- RPO
- MTTR
- MTBF
- IT governance
- Adherence to risk management frameworks
- Enterprise resilience
Analyze risk metric scenarios to secure the enterprise.
- Review effectiveness of existing security controls
- Gap analysis
- Lessons learned
- After-action reports
- Reverse engineer/deconstruct existing solutions
- Creation, collection and analysis of metrics
- KPIs
- KRIs
- Prototype and test multiple solutions
- Create benchmarks and compare to baselines
- Analyze and interpret trend data to anticipate cyber defense needs
- Analyze security solution metrics and attributes to ensure they meet business needs
- Performance
- Latency
- Scalability
- Capability
- Usability
- Maintainability
- Availability
- Recoverability
- ROI
- TCO
- Use judgment to solve problems where the most secure solution is not feasible
Enterprise Security Architecture – 25%
Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
- Physical and virtual network and security devices
- UTM
- IDS/IPS
- NIDS/NIPS
- INE
- NAC
- SIEM
- Switch
- Firewall
- Wireless controller
- Router
- Proxy
- Load balancer
- HSM
- MicroSD HSM
- Application and protocol-aware technologies
- WAF
- Firewall
- Passive vulnerability scanners
- DAM
- Advanced network design (wired/wireless)
- Remote access
- VPN
- IPSec
- SSL/TLS
- SSH
- RDP
- VNC
- VDI
- Reverse proxy
- IPv4 and IPv6 transitional technologies
- Network authentication methods
- 1x
- Mesh networks
- Placement of fixed/mobile devices
- Placement of hardware and applications
- Complex network security solutions for data flow
- DLP
- Deep packet inspection
- Data flow enforcement
- Network flow (S/flow)
- Data flow diagram
- Secure configuration and baselining of networking and security components
- Software-defined networking
- Network management and monitoring tools
- Alert definitions and rule writing
- Tuning alert thresholds
- Alert fatigue
- Advanced configuration of routers, switches and other network devices
- Transport security
- Trunking security
- Port security
- Route protection
- DDoS protection
- Remotely triggered black hole
- Security zones
- DMZ
- Separation of critical assets
- Network segmentation
- Network access control
- Quarantine/remediation
- Persistent/volatile or non-persistent agent
- Agent vs. agentless
- Network-enabled devices
- System on a chip (SoC)
- Building/home automation systems
- IP video
- HVAC controllers
- Sensors
- Physical access control systems
- A/V systems
- Scientific/industrial equipment
- Critical infrastructure
- Supervisory control and data acquisition (SCADA)
- Industrial control systems (ICS)
Analyze a scenario to integrate security controls for host devices to meet security requirements.
- Trusted OS (e.g., how and when to use it)
- SELinux
- SEAndroid
- TrustedSolaris
- Least functionality
- Endpoint security software
- Anti-malware
- Antivirus
- Anti-spyware
- Spam filters
- Patch management
- HIPS/HIDS
- Data loss prevention
- Host-based firewalls
- Log monitoring
- Endpoint detection response
- Host hardening
- Standard operating environment/configuration baselining
- Application whitelisting and blacklisting
- Security/group policy implementation
- Command shell restrictions
- Patch management
- Manual
- Automated
- Scripting and replication
- Configuring dedicated interfaces
- Out-of-band management
- ACLs
- Management interface
- Data interface
- External I/O restrictions
- USB
- Wireless
- Bluetooth
- NFC
- IrDA
- RF
- 11
- RFID
- Drive mounting
- Drive mapping
- Webcam
- Recording mic
- Audio output
- SD port
- HDMI port
- File and disk encryption
- Firmware updates
- Standard operating environment/configuration baselining
- Boot loader protections
- Secure boot
- Measured launch
- Integrity measurement architecture
- BIOS/UEFI
- Attestation services
- TPM
- Vulnerabilities associated with hardware
- Terminal services/application delivery services
Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
- Enterprise mobility management
- Containerization
- Configuration profiles and payloads
- Personally owned, corporate-enabled
- Application wrapping
- Remote assistance access
- VNC
- Screen mirroring
- Application, content and data management
- Over-the-air updates (software/firmware)
- Remote wiping
- SCEP
- BYOD
- COPE
- VPN
- Application permissions
- Side loading
- Unsigned apps/system apps
- Context-aware management
- Geolocation/geofencing
- User behavior
- Security restrictions
- Time-based restrictions
- Security implications/privacy concerns
- Data storage
- Non-removable storage
- Removable storage
- Cloud storage
- Transfer/backup data to uncontrolled storage
- USB OTG
- Device loss/theft
- Hardware anti-tamper
- eFuse
- TPM
- Rooting/jailbreaking
- Push notification services
- Geotagging
- Encrypted instant messaging apps
- Tokenization
- OEM/carrier Android fragmentation
- Mobile payment
- NFC-enabled
- Inductance-enabled
- Mobile wallet
- Peripheral-enabled payments (credit card reader)
- Tethering
- USB
- Spectrum management
- Bluetooth 3.0 vs. 4.1
- Authentication
- Swipe pattern
- Gesture
- Pin code
- Biometric
- Facial
- Fingerprint
- Iris scan
- Malware
- Unauthorized domain bridging
- Baseband radio/SOC
- Augmented reality
- SMS/MMS/messaging
- Data storage
- Wearable technology
- Devices
- Cameras
- Watches
- Fitness devices
- Glasses
- Medical sensors/devices
- Headsets
- Security implications
- Unauthorized remote activation/deactivation of devices or features
- Encrypted and unencrypted communication concerns
- Physical reconnaissance
- Personal data theft
- Health privacy
- Digital forensics of collected data
- Devices
Given software vulnerability scenarios, select appropriate security controls.
- Application security design considerations
- Secure: by design, by default, by deployment
- Specific application issues
- Unsecure direct object references
- XSS
- Cross-site request forgery (CSRF)
- Click-jacking
- Session management
- Input validation
- SQL injection
- Improper error and exception handling
- Privilege escalation
- Improper storage of sensitive data
- Fuzzing/fault injection
- Secure cookie storage and transmission
- Buffer overflow
- Memory leaks
- Integer overflows
- Race conditions
- Time of check
- Time of use
- Resource exhaustion
- Geotagging
- Data remnants
- Use of third-party libraries
- Code reuse
- Application sandboxing
- Secure encrypted enclaves
- Database activity monitor
- Web application firewalls
- Client-side processing vs. server-side processing
- JSON/REST
- Browser extensions
- ActiveX
- Java applets
- HTML5
- AJAX
- SOAP
- State management
- JavaScript
- Operating system vulnerabilities
- Firmware vulnerabilities
Enterprise Security Operations – 20%
Given a scenario, conduct a security assessment using the appropriate methods.
- Methods
- Malware sandboxing
- Memory dumping, runtime debugging
- Reconnaissance
- Fingerprinting
- Code review
- Social engineering
- Pivoting
- Open source intelligence
- Social media
- Whois
- Routing tables
- DNS records
- Search engines
- Types
- Penetration testing
- Black box
- White box
- Gray box
- Vulnerability assessment
- Self-assessment
- Tabletop exercises
- Internal and external audits
- Color team exercises
- Red team
- Blue team
- White team
- Penetration testing
Analyze a scenario or output, and select the appropriate tool for a security assessment.
- Network tool types
- Port scanners
- Vulnerability scanners
- Protocol analyzer
- Wired
- Wireless
- SCAP scanner
- Network enumerator
- Fuzzer
- HTTP interceptor
- Exploitation tools/frameworks
- Visualization tools
- Log reduction and analysis tools
- Host tool types
- Password cracker
- Vulnerability scanner
- Command line tools
- Local exploitation tools/frameworks
- SCAP tool
- File integrity monitoring
- Log analysis tools
- Antivirus
- Reverse engineering tools
- Physical security tools
- Lock picks
- RFID tools
- IR camera
Given a scenario, implement incident response and recovery procedures.
- E-discovery
- Electronic inventory and asset control
- Data retention policies
- Data recovery and storage
- Data ownership
- Data handling
- Legal holds
- Data breach
- Detection and collection
- Data analytics
- Mitigation
- Minimize
- Isolate
- Recovery/reconstitution
- Response
- Disclosure
- Detection and collection
- Facilitate incident detection and response
- Hunt teaming
- Heuristics/behavioral analytics
- Establish and review system, audit and security logs
- Incident and emergency response
- Chain of custody
- Forensic analysis of compromised system
- Continuity of operations
- Disaster recovery
- Incident response team
- Order of volatility
- Incident response support tools
- dd
- tcpdump
- nbtstat
- netstat
- nc (Netcat)
- memdump
- tshark
- foremost
- Severity of incident or breach
- Scope
- Impact
- Cost
- Downtime
- Legal ramifications
- Post-incident response
- Root-cause analysis
- Lessons learned
- After-action report
Technical Integration of Enterprise Security – 23%
Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture.
- Adapt data flow security to meet changing business needs
- Standards
- Open standards
- Adherence to standards
- Competing standards
- Lack of standards
- De facto standards
- Interoperability issues
- Legacy systems and software/current systems
- Application requirements
- Software types
- In-house developed
- Commercial
- Tailored commercial
- Open source
- Standard data formats
- Protocols and APIs
- Resilience issues
- Use of heterogeneous components
- Course of action automation/orchestration
- Distribution of critical assets
- Persistence and nonpersistence of data
- Redundancy/high availability
- Assumed likelihood of attack
- Data security considerations
- Data remnants
- Data aggregation
- Data isolation
- Data ownership
- Data sovereignty
- Data volume
- Resources provisioning and deprovisioning
- Users
- Servers
- Virtual devices
- Applications
- Data remnants
- Design considerations during mergers, acquisitions and demergers/divestitures
- Network secure segmentation and delegation
- Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
- Security and privacy considerations of storage integration
- Security implications of integrating enterprise applications
- CRM
- ERP
- CMDB
- CMS
- Integration enablers
- Directory services
- DNS
- SOA
- ESB
Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture.
- Technical deployment models (outsourcing/insourcing/managed services/partnership)
- Cloud and virtualization considerations and hosting options
- Public
- Private
- Hybrid
- Community
- Multi-tenancy
- Single tenancy
- On-premise vs. hosted
- Cloud service models
- SaaS
- IaaS
- PaaS
- Cloud and virtualization considerations and hosting options
- Security advantages and disadvantages of virtualization
- Type 1 vs. Type 2 hypervisors
- Container-based
- vTPM
- Hyperconverged infrastructure
- Virtual desktop infrastructure
- Secure enclaves and volumes
- Cloud augmented security services
- Anti-malware
- Vulnerability scanning
- Sandboxing
- Content filtering
- Cloud security broker
- Security as a service
- Managed security service providers
- Vulnerabilities associated with comingling of hosts with different security requirements
- VMEscape
- Privilege elevation
- Live VM migration
- Data remnants
- Data security considerations
- Vulnerabilities associated with a single server hosting multiple data types
- Vulnerabilities associated with a single platform hosting multiple data types/owners on multiple virtual machines
- Resources provisioning and deprovisioning
- Virtual devices
- Data remnants
Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives.
- Authentication
- Certificate-based authentication
- Single sign-on
- 1x
- Context-aware authentication
- Push-based authentication
- Authorization
- OAuth
- XACML
- SPML
- Attestation
- Identity proofing
- Identity propagation
- Federation
- SAML
- OpenID
- Shibboleth
- WAYF
- Trust models
- RADIUS configurations
- LDAP
- AD
Given a scenario, implement cryptographic techniques.
- Techniques
- Key stretching
- Hashing
- Digital signature
- Message authentication
- Code signing
- Pseudo-random number generation
- Perfect forward secrecy
- Data-in-transit encryption
- Data-in-memory/processing
- Data-at-rest encryption
- Disk
- Block
- File
- Record
- Steganography
- Implementations
- Crypto modules
- Crypto processors
- Cryptographic service providers
- DRM
- Watermarking
- GPG
- SSL/TLS
- SSH
- S/MIME
- Cryptographic applications and proper/improper implementations
- Strength
- Performance
- Feasibility to implement
- Interoperability
- Stream vs. block
- PKI
- Wild card
- OCSP vs. CRL
- Issuance to entities
- Key escrow
- Certificate
- Tokens
- Stapling
- Pinning
- Cryptocurrency/blockchain
- Mobile device encryption considerations
- Elliptic curve cryptography
- P-256 vs. P-384 vs. P521
Given a scenario, select the appropriate control to secure communications and collaboration solutions.
- Remote access
- Resource and services
- Desktop and application sharing
- Remote assistance
- Unified collaboration tools
- Conferencing
- Web
- Video
- Audio
- Storage and document collaboration tools
- Unified communication
- Instant messaging
- Presence
- Telephony and VoIP integration
- Collaboration sites
- Social media
- Cloud-based
- Conferencing
Research, Development and Collaboration – 13%
Given a scenario, apply research methods to determine industry trends and their impact to the enterprise.
- Perform ongoing research
- Best practices
- New technologies, security systems and services
- Technology evolution (e.g., RFCs, ISO)
- Threat intelligence
- Latest attacks
- Knowledge of current vulnerabilities and threats
- Zero-day mitigation controls and remediation
- Threat model
- Research security implications of emerging business tools
- Evolving social media platforms
- Integration within the business
- Big Data
- AI/machine learning
- Global IA industry/community
- Computer emergency response team (CERT)
- Conventions/conferences
- Research consultants/vendors
- Threat actor activities
- Emerging threat sources
Given a scenario, implement security activities across the technology life cycle.
- Systems development life cycle
- Requirements
- Acquisition
- Test and evaluation
- Commissioning/decommissioning
- Operational activities
- Monitoring
- Maintenance
- Configuration and change management
- Asset disposal
- Asset/object reuse
- Software development life cycle
- Application security frameworks
- Software assurance
- Standard libraries
- Industry-accepted approaches
- Web services security (WS-security)
- Forbidden coding techniques
- NX/XN bit use
- ASLR use
- Code quality
- Code analyzers
- Fuzzer
- Static
- Dynamic
- Development approaches
- DevOps
- Security implications of agile, waterfall and spiral software development methodologies
- Continuous integration
- Versioning
- Secure coding standards
- Documentation
- Security requirements traceability matrix (SRTM)
- Requirements definition
- System design document
- Testing plans
- Validation and acceptance testing
- Regression
- User acceptance testing
- Unit testing
- Integration testing
- Peer review
- Adapt solutions to address:
- Emerging threats
- Disruptive technologies
- Security trends
- Asset management (inventory control)
Explain the importance of interaction across diverse business units to achieve security goals.
- Interpreting security requirements and goals to communicate with stakeholders from other disciplines
- Sales staff
- Programmer
- Database administrator
- Network administrator
- Management/executive management
- Financial
- Human resources
- Emergency response team
- Facilities manager
- Physical security manager
- Legal counsel
- Provide objective guidance and impartial recommendations to staff and senior management on security processes and controls
- Establish effective collaboration within teams to implement secure solutions
- Governance, risk and compliance committee
Dodatkowe informacje
Jak się przygotować:
Przed przystąpieniem do egzaminu CAS-003 CompTIA Advanced Security Practitioner+ (CASP+) Exam zaleca się posiadanie już certyfikacji CompTIA Network+, Security+ i CySA+/PenTest+ lub równoważnej wiedzy oraz minimum 10 letniego doświadczenia na stanowisku związanym z administracją systemami IT w tym minimum 5 lat praktycznego doświadczenia na stanowisku związanym z bezpieczeństwem informacji.
Sugerowane
Jak w przypadku wszystkich egzaminów i certyfikacji CompTIA udział w autoryzowanym szkoleniu nie jest wymagany a jedynie jest krokiem sugerowanym.
Udział w następującym szkoleniu stacjonarnym:
lub alternatywnie szkolenie do samodzielnej nauki w trybie online z serii CompTIA CertMaster https://certification.comptia.org/training/certmaster
Wysoce rekomendowane
Upewnienie się, że wszystkie przedstawione zagadnienia egzaminacyjne są Ci bardzo dobrze znane zarówno od strony teoretycznej jak i praktycznej.
Poza zagadnieniami egzaminacyjnymi publikowanymi na naszej stronie zawsze aktualna lista zagadnień jest dostępna tutaj https://certification.comptia.org/training/exam-objectives
Dodatkowe zasoby pozwalające na lepsze przygotowanie się do egzaminu CASP+
- Przykładowe pytania egzaminacyjne https://certification.comptia.org/training/sample-questions
- Darmowe webinaria CompTIA https://www.comptia.org/events/webinars
- Omówienie ścieżki certyfikacyjne w obszarze cyberbezpieczeństwa według CompTIA https://certification.comptia.org/it-career-news/post/view/2016/10/11/introducing-the-comptia-cybersecurity-career-pathway
- Dlaczego warto rozważyć karierę zawodową w obszarze bezpieczeństwa IT https://certification.comptia.org/it-career-news/post/view/2016/10/03/why-you-should-consider-a-career-in-cybersecurity
- 5 najczęściej poszukiwanych specjalizacji zawodowych w obszarze bezpieczeństwa IT https://certification.comptia.org/it-career-news/post/view/2016/10/04/5-cybersecurity-job-roles-to-look-for
- CompTIA Cybersecurity HUB http://www.mylanderpages.com/CompTIA/cybersecurityhub
- Opracowania
- Wsazówki i porady
- Narzędzia