SANS Security 528
advertisement
Passing the CompTIA CASP Exam Eric Conrad http://ericconrad.com eric@backshore.net Passing the CASP - © 2012 Eric Conrad The CASP (CAS-001) Exam • The CompTIA Advanced Security Practitioner Certification Exam is a logical follow-on to Security+ – Exam is vendor-neutral • According to CompTIA: The exam covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.1 [1] http://certification.comptia.org/getCertified/certifications/casp.aspx 2 Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 2 CASP Compared to Other Exams • CASP is like a harder version of Security+ – More in-depth knowledge required – Performance-based questions also (currently) set it apart • …or a more technical CISSP – Less fuzzy – Somewhat easier, depending on your strengths Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 3 3 Mastery-Level Certification • CASP is CompTIA’s first mastery-level certification • A higher level than their professional Series, which includes: – Security+ – Network+ – A+ – Etc... Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 4 4 CASP Prerequisites • CompTIA recommends 10 years of IT experience including 5 years hands-on While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, ―hands-on focus at the enterprise level.1 • This is a recommendation only: no experience requirement is enforced [1] http://www.comptia.org/Libraries/Exam_Objectives/casp_objectives.sflb.ashx Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 5 5 CASP Exam Questions • Must answer up to 80 questions in 150 minutes – Recent exam featured 73 questions – Questions are multiple choice and also include drag/drop simulations – Exam includes unmarked research questions that do not count towards final score • Immediate pass/fail result is provided at exam completion – No numeric score is provided Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 6 6 CASP Exam Review • Exam takers may flag questions for later review • If there is time remaining at the end of the exam, a summary of answered questions appears – Flagged questions are highlighted • Exam taker may change answers at this point: – Review any question – Review all questions Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 7 7 CASP Questions • Most of the exam questions are multiple choice – Each question has 4 or more answers – Must choose the best 1, 2 or 3 answers – Number of required answers is clearly indicated • Exam requires the BEST or MOST correct answer Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 8 8 Performance-based Questions • Each exam will feature a number of “performance-based” questions: Performance-based questions require exam candidates to perform a task or solve a problem within a simulated IT environment to demonstrate specific knowledge or skills1 • Security+, Network+ and A+ will have these kinds of questions added shortly [1] http://certification.comptia.org/news/12-0807/CompTIA_Exams_to_Include_Performance-Based_Questions.aspx Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 9 9 Performance-based Questions Description • Similar to (but simpler than) simulation questions featured in Cisco exams • Include: – Drag-drop solution in a simulated application – Simple command-line • These questions may take considerably more time to answer than multiple choice questions Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 10 10 Exam Prep: Sample Questions • CompTIA has 10 CASP sample questions available – http://certification.comptia.org/Training/testingcente rs/samplequestions.aspx – Very representative of multiple choice exam questions – No official performance-based sample questions yet • Darril Gibson also has unofficial (but excellent) sample CASP questions available – http://blogs.getcertifiedgetahead.com/casp-sample-questions/ Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 11 11 Exam Prep: Read the Objectives • Download the CASP exam objectives – http://www.comptia.org/Libraries/Exam_Obj ectives/casp_objectives.sflb.ashx • Read the whole thing – Including the glossary – Understand every concept described – Be able to map every acronym, forwards and backwards Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 12 12 Exam Advice: Acronyms Are Key • Mapping acronyms forwards and backwards is a key exam skill • For example: “Which of the following allows logical access control to a shared drive?” A. B. C. D. LUN HBA iSCSI FCoE • Answer: A. LUN (Logical Unit Number), which acts as an ACL for a networked file system Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 13 13 Exam Advice: Manage Time • You will have roughly 2 minutes per question – Simulation questions will take longer – Even advanced test takers have reported some time pressure during the exam • If you are stuck on a question for a long time, answer it quickly and flag it for later review • Extra practice quizzing before your exam will help increase your exam speed and stamina Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 14 14 CASP Exam Outline Domain % of Exam Enterprise Security 40 Risk Management, Policy/Procedure and Legal 24 Research & Analysis 14 Integration of Computing, Communications, and Business Disciplines 22 Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 15 15 Domain 1 • Enterprise Security (40% of exam) – – – – – – – Virtualized, distributed and shared computing Cryptographic tools and techniques Enterprise storage Network infrastructure, and secure applications and storage Host-based security Application security Security Assessment tools Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 16 16 Domain 2 • Risk Management, Policy / Procedure and Legal (24% of exam) – Analyze the security risk implications associated with business decisions – Execute and implement risk mitigation strategies and controls – Explain the importance of preparing for and supporting the incident response and recovery process – Implement security and privacy policies and procedures based on organizational requirements. Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 17 17 Domain 3 • Research & Analysis (14% of exam) – Analyze industry trends and outline potential impact to the enterprise – Carry out relevant analysis for the purpose of securing the enterprise Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 18 18 Domain 4 • Integration of Computing, Communications and Business Disciplines (22% of exam) – Primary focus is on successful integration of security process into an enterprise business – Security permeates the entire enterprise – Key roles and their security responsibilities – Ensuring business communications are secured – Organizational Authentication frameworks – Ensure security is considered during the entire lifecycle of data and systems Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 19 19 Notable Topics Not on the Exam • The CASP objectives are specific – And fairly exclusionary • If a major topic isn’t mentioned in the objectives, there are no in-depth exam questions • For example: wireless is not covered beyond general best practices – For example, encrypt data in motion Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 20 20 Scheduling an Exam • Exams are held at 3rd-party computer-based testing centers – Pearson Vue currently offers the CASP exam • To schedule an exam, go to CompTIA’s exam page – http://certification.comptia.org/getCertified/certifications/casp. aspx – Click on “Find a testing center” • Current US exam cost is $329 – Costs for other countries listed at: http://certification.comptia.org/Training/testingcenters/exampri ces.aspx – Exam is currently offered in English only Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 21 21 CASP Updates Other CompTIA Certs • If you hold another CompTIA certification such as Security+, passing the CASP renews it • Keeping CASP CEU’s up to date keeps all other CompTIA certifications current – If you have multiple CompTIA certifications you only need to pay the annual fees and earn CEU’s for the highest level certification you are renewing. By earning a ‘ce’ designation on the highest level cert you would automatically be granted ‘ce’ designations for the lower level certifications as well.1 Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 22 22 CASP Renewal • The CASP certification is valid for 3 years • Two renewal options: – 75 Continuing Education Units (CEU) per cycle – Retaking the exam • Each CEU requires roughly 1 hour of information security training – Writing or presenting information security information generates more CEUs – CEU program requires $49 annual administration fee Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 23 23 SANS Security 528 • SANS Security 528 is a brand-new 5-day course covering the CASP exam • We are planning to schedule a beta run in a few months, most likely in the DC area • If you are interested (including outside the DC area), please let me know – If there’s enough interest in a given area, I will try and make it happen there – Email me at eric@backshore.net Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 24 24 Thank you! • Email eric@backshore.net with any questions • I posted a copy of these slides to http://ericconrad.com Passing Eric Conrad Titlethe of CASP Course- ©2012 - © 2009 SANS 25 25
