Skip to main content

CompTIA Advanced Security Practitioner (CASP+)

CompTIA Advanced Security Practitioner (CASP+)



  • CompTIA Advanced Security Practitioner (CASP+) 


  • Online, On Demand


  • CompTIA Advanced Security Practitioner (CASP+)

  • Virtual - Can be taken from Any Location, Any Time according to Your Schedule
  • Contact for $
  • Exam Voucher
  • This course is best suited for intermediate security practitioners

  • There are no prerequisites for this course


  • Access to on-line Learning Portal
  • Videos, training content, examples, quizzes, labs, and all items needed to learn the material and successfully pass this course!


  • Email Learn@AristaLearn for a Quote & Detailed Upload instructions

Course Overview 

This course will prepare students for the CompTIA Advanced Security Practitioner CAS-003 exam. In this 
course, students will learn about understanding risk management, network and security components and 
architecture, implementing advanced authentication and cryptographic techniques, implementing security 
for systems, applications, and storage, implementing security for cloud and virtualization technologies, 
and utilizing security assessments and incident response.

Chapter 01 - Understanding Risk Management  

• Topic A: Understanding Business and Industry Influences
• Ongoing Risk Management, New Products and User Behaviors
• Business Models and Strategies, Cloud Technologies
• Acquisitions and Mergers, Due Diligence Team, Data Ownership
• Data Reclassification, Integrating Diverse Industries
• Common Regulations, Geographic Differences, Data Sovereignty
• Internal and External Influences, De-perimeterization
• Understand Changes in Network Boundaries
• Topic B: Policies and Procedures
• Understanding Policies and Procedures
• Policy Life Cycle, Process Life Cycle, Reviewing Policies and Processes
• Common Business Documents, Security for Contracts
• Contract Requirements, General Privacy Principles, Standard Security Practices
• Demo - Examining Security Policies, Topic C: Risk Mitigation and Control
• Introduction to Risk Mitigation, Categorizing Data
• Incorporating Stakeholder Input, Aggregate CIA Scores
• Selecting and Implementing Controls
• Security Control Frameworks, Options for Frameworks
• Extreme Scenario Planning, System-Specific Risk Analysis
• Qualitative Risk Analysis, Quantitative Risk Analysis
• Risk Impact, Likelihood of Threat, Return on Investment
• Understanding Payback, Total Cost of Ownership
• TCO Guidelines, Translate to Business Terms
• Risk Management Strategies, Risk Management Processes
• Information and Asset Value and Costs
• Vulnerabilities and Threat Identification
• Topic D: Business Continuity Planning
• Continuity Planning, Additional Factors, BCP Components
• BCP Steps, Additional Plans
• Conducting Business Impact Analysis

Chapter 02 - Network and Security Components and Architecture 

• Topic A: Physical and Virtual Network Security Devices
• Unified Threat Management, Analyzing UTM
• Intrusion Detection and Prevention, In-Line Network Encryptor
• Network Access Control, SIEM, Firewalls, Firewall Architecture
• Wireless Controller, Routers and Switches, Proxy Servers
• Topic B: Application and Protocol Level Security
• Web Application Firewalls, Hardware Security Modules
• Topic C: Advanced Network Design
• Virtual Private Networks, Vulnerability Scanners, VPN Protocols
• IP Security (IPSec), IPSec Modes, Demo - Examining IPSec Policies
• Secure Sockets Layer (SSL), Transport Layer Security (TLS)
• Additional Security Protocols, Authentication Protocols
• Topic D: Network Solutions for Data Flow
• Data Loss Prevention, Data Flow Enforcement, Network Flow
• Topic E: Secure Baselines of Networking and Security Components
• Securing Device Configurations, Access Control Lists (ACLs)
• ACL Rule Sets, Change Monitoring, Configuration Lockdown
• Availability Controls, Disk Availability, Key Availability Terms
• Topic F: Advanced Configuration of Network Devices
• Additional Configurations, Transport Security, Trunking Security
• Port Security, Ports and Sockets, Security Zones
• Network Segmentation, Network Access Control
• NAC Concepts, Network Enabled Devices, Automation Systems
• Physical Security

Chapter 03 - Implementing Advanced Authentication and Cryptographic Techniques 

• Topic A: Understanding Authentication and Authorization Concepts
• Authentication, The Importance of Identity
• Additional Password Options
• Demo - Enforcing Strong Passwords
• Biometric Authentication, Biometric Considerations
• Beyond Single Factor, Certificate Authentication
• Authorization, Open Authorization, XACML
• SPML, Authorization Concepts, Trust Models
• Topic B: Cryptographic Techniques
• Introduction to Cryptography, Cryptographic Techniques
• Key Stretching, Hashing, Message Digest (MD) Algorithms
• Secure Hash Algorithm (SHA), Digital Signatures
• Message Authentication, Code Signing, Additional Concepts
• Protecting Data in Transit, Protecting Data in Memory
• Protecting Data at Rest, Symmetric Algorithms
• Asymmetric Algorithms, Encryption Methods
• Topic C: Cryptographic Implementations
• Crypto Options, Additional Crypto Options
• Cryptographic Applications, Crypto Considerations
• Stream vs. Block Ciphers, Block Cipher Modes
• Public Key Infrastructure, Primary PKI Functions
• Additional PKI Concepts

Chapter 04 - Implementing Security for Systems, Applications, and Storage 

• Topic A: Security for Host Devices
• Trusted OS, Trusted OS Options, Security Software
• Additional Host-Based Software Options
• Demo - Configuring a Host-Based Firewall
• Auditing, Demo - Configuring Audit Policies
• Endpoint Detection Response, Host Hardening
• Group Policy, Demo - Configuring Group Policy Security
• Command Shell Restrictions, Out-of-Band Management
• Dedicated Interfaces, External I/O Restrictions
• Wireless Technologies, Wi-Fi Components
• 802.11 Standards, Wireless Security, Securing Other Host Devices
• Boot Security, Additional Boot Security Options
• Topic B: Mobile Device Security
• Enterprise Mobility Management, MDM Concepts
• Management Options, Context Aware Management
• Security and Privacy, Physical Security Options
• Additional Mobile Device Concepts, Authentication Options
• Mobile Devices, Wearable Security Implications
• Topic C: Software Security Controls, Application Vulnerabilities
• Application Security Design Considerations
• Application Issues, Data Remnants
• Securing Applications, Using JSON and REST, Browser Extensions

Chapter 05 - Implementing Security for Cloud and Virtualization Technologies 

• Topic A: Cloud and Virtualization Technology
• Cloud Computing and Virtualization, Cloud Options
• Security Considerations, Cloud Service Models
• Demo - Examining Cloud Service Models
• Security and Virtualization, Cloud-Augmented Security Services
• Security as a Service, Virtualization Vulnerabilities
• Topic B: Securing Remote Access and Collaboration
• Remote Access, Dial-Up Access, Virtual Private Networks
• Remote Access Purposes, Security Considerations
• Unified Collaboration Tools, Web Conferencing
• Video Conferencing, Storage and Document Collaboration
• Unified Communication, Instant Messaging, Presence, E-Mail
Chapter 06 - Utilizing Security Assessments and Incident Response 
• Topic A: Security Assessments
• Importance of Security Assessments, Malware Sandboxing
• Memory Dumping, Runtime Debugging, Reconnaissance
• Fingerprinting, Code Review, Social Engineering,
• Public Information, Penetration Test
• Demo - Accessing Public Information
• Vulnerability Assessment, Assessment Styles
• Topic B: Security Assessment Tools
• Network Tool Types
• Security Content Automation Protocol (SCAP)
• Common Vulnerability Scoring System (CVSS)
• Fuzzing, Exploit Kits, Host Tools, Additional Host Tools
• Physical Security Tools
• Topic C: Incident Response and Recovery
• E-discovery, Data Breach, Incident Response Process