Learn the 5 Pillars of CompTIA Advanced Security Practitioner+ (CASP+) and Master the New CASP Exam Dean Pompilio NetCom Learning
© 1998-2021 NetCom Learning © 1998-2021 NetCom Learning
www.netcomlearning.com | info@netcomlearning.com | 1-888-563-8266 www.netcomlearning.com | info@netcomlearning.com | 1-888-563-8266
AGENDA CASP Overview
Security Architecture Security Operations Security Engineering and Cryptography
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
CASP+ EXAM DETAILS • New exam title CAS-004 • Maximum of 90 questions • Multiple-choice and performance-based • Length of exam is 165 minutes (1.83 min/question) • Minimum of ten years of general hands-on IT experience, with at least five of those years being broad hands-on IT
security experience • Recommended certifications • Network+, Security+, CySA+, Cloud+, and PenTest+ • Or equivalent certifications and knowledge
• Pass/Fail only — no scaled score
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
CASP+ EXAM OBJECTIVES DOMAINN
PERCENTAGE OF EXAMINATION
• 1.0 Security Architecture
• 29%
• 2.0 Security Operations
• 30%
• 3.0 Security Engineering and Cryptography
• 26%
• 4.0 Governance, Risk, and Compliance
• 15% a
• TOTAL
• 100
© 1998-2021 NetCom Learning
a a
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
CASP+ OVERVIEW • CompTIA Advanced Security Practitioner (CASP+) is an advanced-level cybersecurity certification • CASP+ is ideal for security architects and senior security engineers charged with leading and improving an
enterprise’s cybersecurity readiness • CASP+ is an advanced hands-on, performance-based certification for cybersecurity practitioners — not managers • CASP+ covers both security architecture and engineering
which prepares the
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
SECURITY ARCHITECTURE
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ARCHITECTURE Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network • IT services • Network Segmentation • Deperimiterization and Zero Trust • Merging Networks from
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ARCHITECTURE Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design • Scalability • Resiliency • Automation • Performance • Containerization
• Virtualization • Content Delivery Network • Caching
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ARCHITECTURE Given a scenario, integrate software applications securely into an enterprise architecture • Baselines and templates • Software assurance • Considerations
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ARCHITECTURE Given a scenario, implement data security techniques for securing enterprise architecture • Data loss prevention • Data loss detection • Data classification, labeling, and tagging • Obfuscation • Anonymization • Encrypted vs. unencrypted • Data life cycle
• Data inventory and mapping • Data integrity management • Data storage, backup, and recovery
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ARCHITECTURE Given a set of requirements, implement secure cloud and virtualization solutions • Virtualization strategies • Provisioning and deprovisioning • Middleware • Metadata and tags • Deployment models and considerations • Hosting models • Service models
• Cloud provider limitations • Extending appropriate on-premises controls • Storage models
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ARCHITECTURE Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements • Privacy and confidentiality requirements • Integrity requirements • Non-repudiation • Compliance and policy requirements • Common PKI use cases
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ARCHITECTURE Biometric impersonation
Explain the impact of emerging technologies on enterprise security and privacy
• Distributed consensus
• Artificial intelligence
• Big data
• Machine learning
• Virtual and augmented reality
• Quantum computing
• 3-D printing
• Blockchain
• Passwordless authentication
• Homomorphic encryption
• Nano technology
• Secure multiparty computation
• Deep learning • Biometric impersonation
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
SECURITY OPERATIONS
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY OPERATIONS Given a scenario, perform threat management activities • Intelligence types • Actor types • Threat actor properties • Frameworks
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY OPERATIONS Given a scenario, perform vulnerability management activities • Vulnerability scans • Security Content Automation Protocol (SCAP) • Self-assessment vs. third-party vendor assessment • Information sources
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY OPERATIONS Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools • Methods • Tools • Dependency management • Requirements
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY OPERATIONS Given a scenario, analyze vulnerabilities and recommend risk mitigations • Vulnerabilities • Inherently vulnerable systems and applications • Attacks
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY OPERATIONS Given a scenario, use processes to reduce risk • Proactive and detection • Security data analytics • Preventive • Application control
• Security automation • Physical security
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY OPERATIONS Given an incident, implement the appropriate response • Event classifications • Triage event • Preescalation tasks • Incident response process • Specific response playbooks and processes • Communication plan • Stakeholder management
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY OPERATIONS • Explain the importance of forensic concepts • Legal vs. internal corporate purposes • Forensic process • Integrity preservation • Cryptanalysis • Steganlysis
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY OPERATIONS Given a scenario, use forensic analysis tools • File carving tools • Binary analysis tools • Analysis tools • Imaging tools • Hashing utilities • Live collection vs. post-mortem tools
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
SECURITY ENGINEERING AND CRYPTOGRAPHY
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY Given a scenario, apply secure configurations to enterprise mobility • Managed configurations • Deployment scenarios • Security considerations
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY Given a scenario, configure and implement endpoint security controls • Hardening techniques • Processes • Mandatory access control • Trustworthy computing • Compensating controls
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY Explain security considerations impacting specific sectors and operational technologies • Embedded systems • ICS/Supervisory Control and Data Acquisition (SCADA) • Protocols • Sectors
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY Explain how cloud technology adoption impacts organizational security • Automation and orchestration • Encryption configuration • Logs • Monitoring configurations • Key ownership and location • Key life-cycle management • Backup and recovery methods
© 1998-2021 NetCom Learning
Infrastructure vs. serverless computing • Application virtualization
• Software-defined networking • Misconfigurations • Collaboration tools • Storage configurations • Cloud Access Security Broker (CASB)
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY Given a business requirement, implement the appropriate PKI solution • PKI hierarchy • Certificate types • Certificate usages/profiles/templates • Extensions • Trusted providers • Trust model • Cross-certification
• Configure profiles
© 1998-2021 NetCom Learning
• Life-cycle management • Public and private keys • Digital signature • Certificate pinning • Certificate stapling • Certificate Signing Requests (CSR) • Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL)
• HTTP Strict Transport Security (HSTS)
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY Given a business requirement, implement the appropriate cryptographic protocols and algorithms • Hashing • Symmetric algorithms • Asymmetric algorithms • Protocols • Elliptic Curve Cryptography (ECC) • Forward secrecy • Authenticated encryption with associated data
• Key stretching
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY Given a scenario, troubleshoot issues with cryptographic implementations
• Implementation and configuration issues • Keys
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
GOVERNANCE,RISK AND COMPLIANCE
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR GOVERNANCE, RISK, AND COMPLIANCE Given a business requirement, implement the appropriate cryptographic protocols and algorithms • Given a set of requirements, apply the appropriate risk strategies • Risk assessment • Risk handling techniques • Risk types • Risk management life-cycle • Risk tracking
• Risk appetite vs. risk tolerance • Policies and security practices
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR GOVERNANCE, RISK, AND COMPLIANCE Explain the importance of managing and mitigating vendor risk Shared responsibility model (roles/responsibilities)
• Geographical considerations
• Vendor lock-in and vendor lockout
• Supply chain visibility
• Vendor viability
• Incident reporting requirements
• Meeting client requirements
• Source code escrows
• Support availability
• Ongoing vendor assessment tools • Third-party dependencies • Technical considerations
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR GOVERNANCE, RISK, AND COMPLIANCE Explain compliance frameworks and legal considerations, and their organizational impact • Security concerns of integrating diverse industries • Data considerations • Geographic considerations • Third-party attestation of compliance • Regulations, accreditations, and standards • Legal considerations • Contract and agreement types
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
TOPICS FOR GOVERNANCE, RISK, AND COMPLIANCE Explain the importance of business continuity and disaster recovery concepts • Business Impact Analysis (BIA) • Privacy Impact Assessment (PIA) • Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP) • Incident response plan • Testing plans
© 1998-2021 NetCom Learning
www.netcomlearning.com
| info@netcomlearning.com | 1-888-563-8266
RECORDED WEBINAR VIDEO
To watch the recorded webinar video for live demos, please access the link: https://bit.ly/3ozUMOC
© 1998-2021 NetCom Learning
www.netcomlearning.com
|| info@netcomlearning.com || 1-888-563-8266
ABOUT NETCOM LEARNING
100K+
14K+
3500
Professionals trained
Corporate clients
IT, Business & Soft Skills courses
96%
8.6/9
20+
Of customers recommend us to others
Instructor evaluations
Leadingvendors recognitions
Microsoft’s
80%
Top 20
Worldwide training partner of the year
Trained of the Fortune 100
ITTraining Company
© 1998-2019 1998-2021NetCom NetCom Learning Learning
NetCom Learning is an award-winning global leader in managed learning services, training and talent development.
www.netcomlearning.com www.netcomlearning.com
Founded
: 1998
Headquarters
: New YorkCity
Delivery Capability
: Worldwide
CEO
: RussellSarder
|| info@netcomlearning.com || 1-888-563-8266
RECOMMENDED COURSES AND MARKETING ASSETS NetCom Learning offers a comprehensive portfolio for Security » CompTIA Security+ Certification Prep (Exam SY0-601) - Class Scheduled on Nov 1 » CompTIA Network+ Certification Prep (Exam N10-007) - Class Scheduled on Nov 1 »CompTIA A+ Certification Prep (Exam 220-1002) - Class Scheduled on Nov 15 »CompTIA Advanced Security Practitioner (CASP+) Certification Prep (Exam CAS-004) - Class Scheduled on Dec 13
You can also access the below Marketing Assets » Free 1hr Training - Learn the A to Z of IT Fundamentals with CompTIA A+ Certification » Free On-Demand Training - 3 Key Cyber Threat Tools to Defend Your Data » Blog - CompTIA Security+ Certification For Enterprise Network Security: Advantages
© 1998-2019 NetCom Learning 1998-2021 NetCom Learning © 1998-2021 NetCom Learning
www.netcomlearning.com www.netcomlearning.com | |info@netcomlearning.com | |1-888-563-8266 www.netcomlearning.com| info@netcomlearning.com| 1-888-563-8266
UPCOMING WEBINARS ▪ Getting started with Microsoft Azure Data Fundamentals in 30 Minutes ▪ Microsoft Azure Administrator Master Class is a complimentary 3.5 Hour Instructor-led Virtual session ▪ Managing Cisco Secure Workload to Protect your Cloud-Native Applications ▪ Architecting on AWS: Master Best Practices in 30 Minutes ▪ AWS Discovery Day - An official introduction to the core concepts of cloud and AWS ▪ Learn the 5 Pillars of CompTIA Advanced Security Practitioner+ (CASP+) and Master the New CASP Exam ▪ Getting started with Microsoft Azure Data Fundamentals in 30 Minutes ▪ Validate your Skills with Cisco DevNet Certification for DevOps ▪ An Introduction to ITIL®4 Managing Professional Transition ▪ AWS Discovery Day - An official introduction to the core concepts of cloud and AWS & More
© 1998-2019 1998-2021NetCom NetCom Learning Learning
www.netcomlearning.com www.netcomlearning.com
|| info@netcomlearning.com || 1-888-563-8266
PROMOTIONS
Access Your Passport To A Year Full Of Learning! Now fulfill all your training needs without disturbing your business funds. Choose from the bundle of our Learning Saving Pass (LSP) pre-pay plans and get up to 100% value back on your investment. Unlock Now
© 1998-2019 1998-2021NetCom NetCom Learning Learning
www.netcomlearning.com www.netcomlearning.com
|| info@netcomlearning.com || 1-888-563-8266
PROMOTIONS
Free Cybersecurity Training NetCom Learning brings an immersive two-hour, instructor-led Free Training on Cybersecurity that is designed to help businesses understand the importance of Cybersecurity in today’s digital world and gain expert insights into how security breaches can affect a business.. Learn More
© 1998-2019 1998-2021NetCom NetCom Learning Learning
www.netcomlearning.com www.netcomlearning.com
|| info@netcomlearning.com || 1-888-563-8266
PROMOTIONS
Worry-Free Training with Price Match Guarantee Our Price Match Guarantee ensures that we'll match the offers of any other authorized training provider if you succeed at finding anyone offering the same publicly scheduled class within 30 days of our schedule at a lower regular price. Learn More
© 1998-2019 1998-2021NetCom NetCom Learning Learning
www.netcomlearning.com www.netcomlearning.com
|| info@netcomlearning.com || 1-888-563-8266
FOLLOW US ON
© 1998-2019 1998-2021NetCom NetCom Learning Learning
YouTube
www.netcomlearning.com www.netcomlearning.com
|| info@netcomlearning.com || 1-888-563-8266
BUILDING AN INNOVATIVE LEARNING ORG.
A BOOK FROM RUSSELL SARDER,
CEO AT NETCOM LEARNING
A framework to build a smarter workforce, adapt to change and drive growth.
DOWNLOAD e-book
© 1998-2019 1998-2021NetCom NetCom Learning Learning
www.netcomlearning.com www.netcomlearning.com
|| info@netcomlearning.com || 1-888-563-8266
Thank you
1998-2019 NetCom Learning © 1998-2021
www.netcomlearning.com www.netcomlearning.com
| || info@netcomlearning.com || 1-888-563-8266