Want to be an advanced cybersecurity practitioner? Then CompTIA’s CASP+ certification may be the perfect fit for you. The popular certification is getting an overhaul heading into 2022 to ensure it validates the most relevant and in-demand skills — from security architecture and operations to engineering and governance.
6. State of cybersecurity: A global view
The global cybersecurity market size is projected to grow from $217.9B currently to
$345.4B in five years, a 9.7% increase. Across global organizations, projected
growth is due to increasing awareness and investments in cybersecurity
infrastructure across multiple verticals.
Growth: The need for endpoint and VPN security measures, as well as increased
demand for cyber hygiene practices
Opportunities: Increasing adoption of IoT-based security software to increase
demand for cybersecurity solutions
Challenge: Properly designing and implementing cybersecurity solutions
Number of cybersecurity incidents worldwide: 32,000
Global industry sector most targeted by cyber espionage: manufacturing
Areas with the biggest shortage of cybersecurity skills: senior-level
cybersecurity positions
8. CompTIA CASP+ certification
Architect, engineer, integrate and implement secure solutions across complex
environments to support a resilient enterprise
Use monitoring, detection, incident response and automation to proactively support
ongoing security operations in an enterprise environment
Apply security practices to cloud, on-premises, endpoint and mobile infrastructure, while
considering cryptographic technologies and techniques
Consider the impact of governance, risk and compliance requirements throughout the
enterprise
The CompTIA CASP+ certification exam will verify the successful candidate has the
knowledge and skills required to:
9. CASP+ candidate profile
Primary job roles
➢ Security architect
➢ Senior security engineer
Secondary job roles
➢ Cyber risk analyst
➢ SOC manager
➢ Security analyst
➢ IT cybersecurity specialist / InfoSec specialist
Recommended experience
➢ 10 years of IT administration
➢ Five years hands-on, technical
security experience
10. CompTIA career pathway
CompTIA certifications align with the skill sets needed to support and manage IT
infrastructure. Enter where appropriate for you. Consider your experience and existing
certifications or course of study.
12. How industry changes affected the exam objectives
Expanded cloud security architecture, engineering and operations tasks in hybrid
environments.
More GRC techniques to prove an organization’s overall cybersecurity resiliency against the
next attack; this skill is very important for regulations (such as PCI-DSS, NIST, HIPPA), which
recommend or require a cybersecurity resiliency score. More foundational GRC concepts
were removed and are taught earlier in the cybersecurity career pathway (Security+).
More focus on senior security engineering tasks and security architecture.
Redistribution of the previous research development and collaboration domain into
multiple domains, wherever R&D and collaboration were applied.
CASP+ qualifies advanced skills required of security architects and senior security engineers
to effectively design, implement and manage cybersecurity solutions on complex enterprise
networks.
80% of topics are similar, and 20% have been updated to include:
13. Exam objectives: What’s new?
Exam purpose and audience are similar
Fewer domains: 4 versus 5
More objectives: 28 versus 19 due to break
down of larger CAS-003 objectives into multiple
objectives to improve instructional design
Reduced page count: one fewer page of
material due to removal of outdated tech,
reorganization and topic updates
14. Exam domains: What's new?
CAS-004 CAS-003
Exam domains % Exam domains %
1.0 Security architecture 29% 2.0 Enterprise security architecture 25%
2.0 Security operations 30% 3.0 Enterprise security operations 20%
3.0 Security engineering and cryptography 26% 4.0 Technical integration of enterprise security 23%
4.0 Governance, risk and compliance 15% 1.0 Risk management 19%
Redistributed R&D across domains as needed 5.0 Research, development and collaboration 13%
15. 1.0 Security architecture
CAS-004 New objectives
1.1 Given a scenario, analyze the security requirements and objectives to ensure an appropriate,
secure network architecture for a new or existing network.
1.2 Given a scenario, analyze the organizational requirements to determine the proper
infrastructure security design.
1.3 Given a scenario, integrate software applications securely into an enterprise architecture.
1.4 Given a scenario, implement data security techniques for securing enterprise architecture.
1.5 Given a scenario, analyze the security requirements and objectives to provide the
appropriate authentication and authorization controls.
1.6 Given a set of requirements, implement secure cloud and virtualization solutions.
1.7 Explain how cryptography and public key infrastructure (PKI) support security objectives and
requirements.
1.8 Explain the impact of emerging technologies on enterprise security and privacy.
16. 2.0 Security operations
CAS-004 New objectives
2.1 Given a scenario, perform threat management activities.
2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.
2.3 Given a scenario, perform vulnerability management activities.
2.4 Given a scenario, use the appropriate vulnerability assessment and penetration testing
methods and tools.
2.5 Given a scenario, analyze vulnerabilities and recommend risk mitigations.
2.6 Given a scenario, use processes to reduce risk.
2.7 Given an incident, implement the appropriate response.
2.8 Explain the importance of forensic concepts.
2.9 Given a scenario, use forensic analysis tools.
17. 3.0 Security engineering and cryptography
CAS-004 New objectives
3.1 Given a scenario, apply secure configurations to enterprise mobility.
3.2 Given a scenario, configure and implement endpoint security controls.
3.3 Explain security considerations impacting specific sectors and operational technologies.
3.4 Explain how cloud technology adoption impacts organizational security.
3.5 Given a business requirement, implement the appropriate PKI solution.
3.6 Given a business requirement, implement the appropriate cryptographic protocols and
algorithms.
3.7 Given a scenario, troubleshoot issues with cryptographic implementations.
18. 4.0 Governance, risk and compliance
CAS-004 New objectives
4.1 Given a set of requirements, apply the appropriate risk strategies.
4.2 Explain the importance of managing and mitigating vendor risk.
4.3 Explain compliance frameworks and legal considerations, and their organizational impact.
4.4 Explain the importance of business continuity and disaster recovery concepts.
19. CASP CAS-004 exam information
Item Description
Exam code CAS-004
Release date October 6, 2021
Availability Worldwide
Testing provider Pearson VUE Testing Centers and OnVUE
Question Types Performance based (simulated with virtual coming soon) and multiple choice
No. of Questions Maximum of 90 questions
Length of Test 165 minutes
Passing Score 750 (on a scale of 100-900)
Languages English, others to follow
Recommended
Experience
A minimum of ten years of general hands-on IT experience, with at least five years of
broad hands-on security experience
Accreditation ISO/ANSI 17024 approved; U.S. DoD 8140/8570.01-M approved
21. Get certified with Infosec Skills
Train for your CompTIA certification with Infosec Skills:
Infosec Skills subscription:
➢ 130+ role-based learning paths (e.g., ITF+, A+, Network+,
Security+, CySA+ PenTest+, CASP+)
➢ 100s of hands-on labs in cloud-hosted cyber ranges
➢ Custom certification practice exams and skill assessments
Infosec Skills live boot camp:
➢ Live, instructor-led training (in-person or live online)
➢ Certification exam voucher
➢ 90 day extended access to recordings of daily lessons, plus
all materials in Infosec Skills
➢ Exam Pass Guarantee
infosecinstitute.com/skills
22. Get certified with Infosec Skills
And the winner for a
one-year subscription to
Infosec Skills is …
infosecinstitute.com/skills
(Valued at $299)
24. About us
Infosec believes knowledge is power when fighting
cybercrime. We help IT and security professionals advance
their careers with skills development and certifications
while empowering all employees with security awareness
and privacy training to stay cyber-safe at work and home.
www.infosecinstitute.com