How to prepare for the CompTIA CASP+ exam

The CompTIA Advanced Security Practitioner certification is ideal for IT professionals looking to improve or refresh their technical skills. While many advanced security certifications focus on managerial skills, such as how security policies are implemented or frameworks, CASP+ content focuses on the technical skills needed to secure enterprise environments.

“Anyone in IT with this certification will be in good shape,” said Troy McMillan, author of CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guidepublished by Pearson.

CASP+, which has no formal prerequisites, is designed for practitioners – not managers – with at least 10 years of IT experience, including five years of technical security experience. Professionals with less experience are recommended to complete these Security+ by CompTIA and Cybersecurity Analyst+ before attempting CASP+.

Introduced in 2011, CASP+ was designed to meet the requirements of Department of Defense Policy 8570 (now part of the larger DoDD 8140), which requires government technical and information security professionals to meet certain criteria to be part of the DoD workforce.

The latest version of the exam, CAS-004, released in October 2021, covers four areas:

• Security Architecture (29%)
• Security Operations (30%)
• Security engineering and cryptography (26%)
• Governance, risk and compliance (15%)

Here, McMillan offers certification advice, including study tips and exam preparation, as well as the benefits of passing the exam and possible career paths.

Editor’s note: This transcript has been edited for length and clarity.

Click here to learn more about it

Title by Pearson.

What are the benefits of CASP+ certification?

Troy McMillan: CASP+ is respected among all cybersecurity certifications. As far as employment goes, many people in security are changing jobs right now – you hear it as “The Big Layoff”. People don’t just stop; They take on new jobs with higher salaries.

The CASP+ certification is beneficial for anyone trying to keep their job or looking for a new job. It’s a great piece of technical knowledge about security that more people need to know and understand. That’s the great thing – it makes you stand out from other candidates.

What are the differences between CASP+ and CISSP?

McMillan: There’s a lot of overlap in the exams, but the focus is different. The P in CASP stands for practitioner, meaning that the certification is intended for the actual person performing security duties. The P in CISSP is professional and more focused on leaders. The topics of the CISSP exam come more from the perspective of the CIO. These aren’t the people who make things – they manage the people who make things.

The person with the CASP+ will know more about the actual basics, while the CIO with the CISSP will be less interested in how to configure certain things and more interested in how this concept fits into security.

CASP+ conforms to ISO 17024 standards and is approved to meet DoDD 8140. What does this mean for the certification holder?

McMillan: The Department of Defense recognized that it had to make sure that people in the military were safe. In other words, there was a need to ensure employees had the right level of security knowledge based on their role. The DoD is even trying to get people who only use computers on the DoD network to take the Security+ exam because they want everyone to adopt secure cybersecurity habits.

Many security-related certifications – CASP+, CySA+, CISSP – are now part of DoD training. The Department of Defense will say, “If you have this job in the military, you must pass this certification.” The Department of Defense isn’t looking for military personnel to keep everything from the exam, but if people get certification, they’ll remember the important things.

What is the career path for CASP+ certification holders?

McMillan: Individuals who receive this certification will be practitioners, such as security analysts. The exam is suitable for people who work in smaller organizations and have multiple security roles. It’s also good for anyone who wants to become a network admin or security admin. It’s difficult to use specific job titles because companies use strange names when posting jobs. One company’s network administrator is another company’s support engineer. However, CASP+ is suitable for all tasks involving general maintenance of network security.

What are your top tips for preparing for the exam?

McMillan: Start by getting yourself a good book – there are a lot of good ones out there. Make sure the book for the latest version of the exam is CAS-004. You also want to get a good practice test.

I would be less than honest if I didn’t say there are cheat sheets out there to help you pass the exam. The problem, however, is that you take the job not knowing what you’re doing and then you get fired.

So I suggest taking a practice test that isn’t a cheat sheet. In fact, I would get a few practice exams – you can never have too many. Getting a few labs is also good. A number of companies produce labs where you can get hands-on experience with topics covered on the exam. You often read about how to do something, but it really doesn’t work until you do it yourself.

What area of ​​the test excites test-takers the most?

McMillan: The biggest challenge people face is cryptography and encryption. When you start talking about it, people’s eyes light up and they get confused. Let’s face it, crypto must be complicated to work with. In a way, you just have to remember it—like which protocols are asymmetric or symmetric.

Troy McMillan

About the author
Troy McMillan, CASP, is a product developer and technical writer for CyberVista and a full-time trainer. He became a professional trainer 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless courses. McMillan has written and contributed to more than a dozen projects, including authors CISSP Cert Guide (Pearson) and CompTIA CySA+ CS0-002 Cert Guide (Pearson).