CompTIA Advanced Security Practitioner (CASP) Course

CompTIA's first mastery-level certification for enterprise technical security leads.

CASP certification is an international, vendor-neutral certification that designates IT professionals with advanced-level security skills and knowledge. Achieving CASP certification proves an individual’s competency in enterprise security, risk management, research and analysis, and integrating computing, communications, and business disciplines. Becoming CASP certified confirms that an individual has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. CASP certifies that the candidate can apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.

8570.1 approved

CASP certification is included in the approved list of certifications that meet the DoD Directive 8570.1 requirements. It is approved as a baseline certification for the IAT Level III, IAM Level II, and IASAE Level I and II


CASP certification is ideal for IT security professionals who have at least 10 years of experience in IT administration, including at least five years of hands-on technical security experience. While there is no required prerequisite, CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

about the exam

Students will have 150 minutes to complete the 80-question, multiple-choice CASP certification exam (CAS-001). The scenario- and performance-based exam covers:

  • Enterprise security
  • Risk management, policy/procedure, and legal issues
  • Research and analysis
  • Integration of computing, communications, and business discipline

Course Outline

1. Enterprise Security Architecture

  • Basics of Enterprise Security
  • Enterprise Structure
  • Enterprise Security Requirements

2. Enterprise Security Technology

  • Common Network Security Components and Technologies
  • Communications and Collaboration Security
  • Cryptographic Tools and Techniques
  • Advanced Authentication

3. Enterprise Resource Technology

  • Enterprise Storage Security Issues
  • Distributed, Shared, and Virtualized Computing
  • Cloud Computing and Security 3


4. Security Design and Solutions

  • Network Security Design
  • Conduct a Security Assessment
  • Host Security

5. Application Security Design

  • Application Security Basics
  • Web Application Security

6. Managing Risk, Security Policies, and Security Procedures

  • Analyze Security Risk
  • Implement Risk Mitigation Strategies and Controls
  • Implement Enterprise-Level Security Policies and Procedures
  • Prepare for Incident Response and Recovery 

7. Enterprise Security Integration

  • Technology Lifecycle
  • Interorganizational Change
  • Integrate Enterprise Disciplines to Achieve Secure Solutions

8. Security Research and Analysis

  • Perform an Industry Trends and Impact Analysis
  • Perform an Enterprise Security Analysis 4

Multiple Labs


  1. Install and Verify the Lab Environment
  2. Explore and Test the Lab Network
  3. Protocol Analyzers
  4. Capture and Analyze VoIP Traffic
  5. Use Network Diagramming Tools
  6. Intrusion Detection and Prevention
  7. Use MD5 and SHA for Hashing and File Integrity
  8. Identify and Assess Threats to Cloud and Remote Computing
  9. Implement Encryption to Secure Enterprise and Personal Storage
  10. Attack Insecure Networks and Target Vulnerable Applications
  11. Perform Network Vulnerability Scans
  12. Hands-On Penetration Testing (Port Scanning and Fingerprinting)
  13. Hands-On Social Engineering
  14. Identify Root Kits Used to Maintain Access and Cover Tracks
  15. Identify Vulnerable Web Servers
  16. Install and Use a Virtual Browser
  17. Secure Coding and Threat Modeling
  18. Test Application Security with Metasploit
  19. Security Baselines and Configurations
  20. Manage Risk by Configuring Strong Authentication
  21. Basic Forensics
  22. Use Helix for Forensic Analysis
  23. SDLC Code Review
  24. Route and Switch Security
  25. Advanced Network Traffic Analysis
  26. Cost Benefit Analysis