Monday, 19 November 2012

CompTIA CASP

The CompTIA Advanced Security professional person (CASP) certification is meant for professionals with a minimum of 10 years of expertise in security administration. 5 of these years should be active technical expertise. The CASP doesn't need that any previous exams are passed, however may be a higher-level examination than the CompTIA Security+.

Applicants area unit given one hundred fifty minutes to finish the 80-question, pass/fail examination. The take a look at is split between four domains. Forty p.c of the queries can relate to the enterprise security domain. Risk management, policy and procedure, and legal queries conjure twenty four p.c of the examination, integration of computing, communications and business disciplines twenty two p.c, and analysis and analysis fourteen p.c.

The examination measures AN applicant’s ability to engineer advanced enterprise security solutions. it's vendor-neutral, nevertheless might need information of vendor-specific tools. Its problem level is analogous thereto of the Certified data Systems Security skilled (CISSP) examination. this can be the primary CompTIA examination that features performance-based queries. Some queries can place candidates in an exceedingly software package setting, and need them to grasp the proper tool or task performance to use in an exceedingly given situation. The CASP recommends 10 years of relevant work expertise, whereas the CISSP needs simply 5 years.

The enterprise security domain needs that a candidate apprehend the assorted styles of virtualization and after they area unit used, application vulnerabilities like buffer and whole number overflows and fuzzing, and also the security issues of enterprise storage. a decent understanding of the TCP/IP suite and every one of its parts, together with applications like DNS, is important.

A candidate should be ready to distinguish the acceptable cryptanalytic tools and techniques to be used in an exceedingly given state of affairs. Advanced cryptanalytic techniques are going to be coated, together with penetration testing and tools like sniffers, port scanners, word cracked and offensive tools and frameworks. The candidate should be acquainted with tools like Wireshark, Metasploit and John the murderer, and once to use every.

The risk management, policy and procedure, ANd legal domain needs that an person perceive the ways in which business selections will have an effect on security risks. Candidates should even be ready to implement risk mitigation methods and security procedures in keeping with structure policy. a spread of risk management approaches and policies area unit coated. Incident response preparation is enclosed, and also the candidate should perceive chain of custody and be acquainted with forensics tools.

The analysis and analysis domain covers security trends, ANd ways that to investigate an enterprise for security. Network traffic analysis is roofed here, additionally because the importance of equalisation security with usability.

The final domain covers the mixing of computing, communications and business disciplines. Candidates should perceive a way to use numerous advanced authentication techniques and be ready to implement security across company divisions. The domain addresses the impact of changes like mergers, technology life cycles and rising threats.

This domain covers the protection issues committed communications. Converged communications technologies like VoIP, NAC and client devices area unit enclosed here. Candidates got to perceive the protection implications of the ways that within which communications technologies have unified.

CASP is that the initial mastery-level certification issued by CompTIA, WHO ought to date been famed for entry to mid-level certifications. it had been developed in response to a government and business demand for a additional demanding certification than the Security+. The target candidate may be a skilled WHO styles and implements security in an exceedingly giant organization with multiple locations. CompTIA doesn't regard CASP as an immediate contestant to the CISSP, because the CISSP is targeted towards senior managers and policy manufacturers, whereas the CASP is directed at enterprise Technical Security Leads, professionals WHO area unit addicted to active expertise with the technology.

No comments:

Post a Comment