CompTIA Advanced Security Practitioner (CASP): Our Experience and How It Will Help YouMarch 27, 2012 at 9:48 am | Posted in CompTIA, Performance-Based Testing | Leave a comment
Tags: casp, CompTIA, Performance-Based Testing
As many of you know, there is quite a bit of buzz over CompTIA’s Advanced Security Practitioner (CASP) exam. Last year, CompTIA launched the CASP exam as the next level in its security-related certification products. For years, IT professionals have looked to CompTIA to provide vendor-neutral certifications, the most popular of which are the A+, Network+, and Security+ certifications. But the CASP exam takes CompTIA’s offerings to the next level.
Last month, I finally had a chance to take the CASP exam. I knew going into the exam that I would see what CompTIA has called performance-based testing (PBT) items. Well, I wasn’t disappointed, as my first question on the exam was a PBT item. Overall, I thought these item types had the appropriate level of complexity and covered a wide-range of topics. So what did they look like? For the most part, they were drag-and-drop items that involved matching things up or placing items in the right location. There were others that required particular actions to be taken at a command prompt or at the server level. The only specifics I can share about these items, without violating the Non-Disclosure Agreement (NDA), is that PBT items take the WHAT from your usual multiple choice items and place the focus on the HOW or the WHERE.
For example, consider SubObjective 1.5 from the CASP Exam Guide: Distinguish among security controls for hosts. A bullet point in this SubObjective is Host hardening, which includes the Standard operating environment, Security/group policy implementation, Command shell restrictions, Warning banners, and Restricted interfaces. A possible PBT question that would fit into this SubObjective is a graphically presented task where you enable and configure the appropriate group policies for password length, password age, and password lockout.
In addition to the PBT items, the exam still includes the old stand-by multiple-choice questions. These, however, were a bit more expansive than the typical questions included in the A+, Network+, or Security+ exams. I often found myself reading and re-reading the options while trying to eliminate incorrect answers. I can remember thinking that this exam seemed much harder than the CISSP exam, not because of its length, but because of its depth. It takes those tidbits of security knowledge that all security professionals must know and expects you to APPLY them. For example, you not only need to know the different types of hacker attacks, you should know HOW to recognize the attacks which are occurring, WHAT tools to deploy to protect against those attacks, HOW to deploy them, and WHERE they should be deployed.
You can expect between 70-80 questions total, including the PBT questions. When I was done with the exam I was a little nervous, because truthfully, I felt it could have gone either way. I made an audible sigh of relief when I learned I had passed; to say that I was happy would be putting it mildly! I can’t give you my score, because CompTIA doesn’t give you one – this exam is just graded as PASS or FAIL. (But you know, maybe I didn’t really want to see that score anyway!)
So what can you do to prepare for the CASP? After you go over the exam objectives on the CompTIA Web site, I would start with CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines recently published by Sybex (an imprint of Wiley). Look for my comprehensive review of this guide in April. Next, take some time to research the day-to-day tasks of the security professional. I can assure you: if you don’t have any experience in security-related tasks, you should not take this exam until you have had some time to expose yourself to these tasks.
With that said, I can tell you that I am working diligently to create Transcender’s practice test for the CASP exam. And we will be including some interactive items that simulate what you will see in the live exam. My experience in taking this exam and working on our practice test so soon afterward can only help you, so keep an eye out for our announcement regarding our CASP practice test, which should come in May….and in the meantime, start prepping today!