+ Reply to Thread
Page 3 of 4 First 123 4 Last
Results 51 to 75 of 79
  1. PMP-Wannabe! erpadmin's Avatar
    Join Date
    May 2010
    Posts
    4,133

    Certifications
    A+, Network+, Security+, Project+, MCTS 70-680, MCITP:EA or MCSA:WS2K8, Bachelor of Science, IT - Networks Design and Management
    #51
    Quote Originally Posted by cabrillo24 View Post
    I think if they can guard their test questions as well as ISC2 or ISACA, to the point where it is "undumpable" then it well gain a lot of respectability. Unfortunately for most of the popular (if not all) CompTIA certifications, brain dumps are everywhere, thus making the market oversaturate with "certified" people.

    LMAO...seriously, I don't have respect for anyone who dumps period, but someone who has to dump any CompTIA exam (A+ through Security+) really must have a mental defect. That's putting it kindly too.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member cabrillo24's Avatar
    Join Date
    Jul 2007
    Location
    Cantonment FL
    Posts
    134

    Certifications
    CISM, CISA, CISSP, CCENT, CNSSI No. 4012, NSTISSI No. 4015, MCP (70-270), CompTIA: A+, Network+, Security+, i-Net+
    #52
    Quote Originally Posted by erpadmin View Post
    LMAO...seriously, I don't have respect for anyone who dumps period, but someone who has to dump any CompTIA exam (A+ through Security+) really must have a mental defect. That's putting it kindly too.
    Completely agree with you. Some people take short cuts, while undermining their growth. Unfortunately people don't come out and flat out say "I used dumps."

    This is why I like the CISSP, CISA and CISM exams, they are "undumpable" so you know if someone has any of those certifications, that they studied for it, or are the world's best guessers. The quality of the exam makes you feel as if you've entered a whole new echelon.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #53
    Quote Originally Posted by cabrillo24 View Post
    Completely agree with you. Some people take short cuts, while undermining their growth. Unfortunately people don't come out and flat out say "I used dumps."

    This is why I like the CISSP, CISA and CISM exams, they are "undumpable" so you know if someone has any of those certifications, that they studied for it, or are the world's best guessers. The quality of the exam makes you feel as if you've entered a whole new echelon.
    I'm calling BS. What makes these exams undumpable? What makes you believe that? Seriously, unless the questions change ever day and are different for every person and there is a required performance involved with the exam, I wouldn't call it undumpable. I know a few folks who have dumped the CISSP and I know a few people who haven't, but they know less about security than I do. Unless you mean that because of the experience requirement, than to that I say someone could just lie about how much experience they have.

    That isn't a personal attack by any means, I am just saying that anything can be cheated.
    Last edited by Bl8ckr0uter; 11-24-2010 at 03:38 PM.
    Reply With Quote Quote  

  5. Senior Member cabrillo24's Avatar
    Join Date
    Jul 2007
    Location
    Cantonment FL
    Posts
    134

    Certifications
    CISM, CISA, CISSP, CCENT, CNSSI No. 4012, NSTISSI No. 4015, MCP (70-270), CompTIA: A+, Network+, Security+, i-Net+
    #54
    Quote Originally Posted by Bl8ckr0uter View Post
    I'm calling BS. What makes these exams undumpable? What makes you believe that? Seriously, unless the questions change ever day and are different for every person and there is a required performance involved with the exam, I wouldn't call it undumpable. I know a few folks who have dumped the CISSP and I know a few people who haven't, but they know less about security than I do.
    ISC2 doesn't recycle their questions. They have a pretty expansive repository. There are simply no short cuts with them. Many of the "dumps" that are out there, are retired exam questions released by ISC2 that are rip offs of their StudyScope questions.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #55
    Quote Originally Posted by cabrillo24 View Post
    ISC2 doesn't recycle their questions. They have a pretty expansive repository. There are simply no short cuts with them. Many of the "dumps" that are out there, are retired exam questions released by ISC2 that are rip offs of their StudyScope questions.
    What do you mean by recycle? Are you saying that if I take my CISSP tomorrow I will get questions that have never been used and will never be used again? I don't believe this. The amount of questions they would have to have would be insane.

    Lets say there are on average 100 people taking the CISSP across the world and there are 100 questions on the test and there are 100 days out of the year you can take the test.

    100 people * 100 questions = 10,000 unique questions * 100 Days (since they would need to be unique for each day) = 1,000,000 questions a year? Dude no. They recycle their questions and they aren't unique because that wouldn't be practical.

    I am not knocking the CISSP, I am simply saying that it is dumpable just like any cert. That isn't going to stop me from getting the SSCP in March.

    And again nothing personal but I just don't see how you can believe that, unless you know something about the test that I don't.
    Last edited by Bl8ckr0uter; 11-24-2010 at 03:47 PM.
    Reply With Quote Quote  

  7. Senior Member cabrillo24's Avatar
    Join Date
    Jul 2007
    Location
    Cantonment FL
    Posts
    134

    Certifications
    CISM, CISA, CISSP, CCENT, CNSSI No. 4012, NSTISSI No. 4015, MCP (70-270), CompTIA: A+, Network+, Security+, i-Net+
    #56
    Quote Originally Posted by Bl8ckr0uter View Post
    What do you mean by recycle? Are you saying that if I take my CISSP tomorrow I will get questions that have never been used and will never be used again? I don't believe this. The amount of questions they would have to have would be insane.

    Lets say there are on average 100 people taking the CISSP across the world and there are 100 questions on the test and there are 100 days out of the year you can take the test.

    100 people * 100 questions = 10,000 unique questions * 100 Days (since they would need to be unique for each day) = 1,000,000 questions a year? Dude no. They recycle their questions and they aren't unique because that wouldn't be practical.
    Just know that brain dumps won't help you pass this exam. I don't exactly know how their entire process works, but it's pretty much un-dumpable. Anyone who's obtained this certification would agree. I don't know what field you're in specifically, but if you do decide to go after this certification, you'll see what I'm talking about.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #57
    Quote Originally Posted by cabrillo24 View Post
    Just know that brain dumps won't help you pass this exam. I don't exactly know how their entire process works, but it's pretty much un-dumpable. Anyone who's obtained this certification would agree. I don't know what field you're in specifically, but if you do decide to go after this certification, you'll see what I'm talking about.
    I'll see if my opinion changes after March when I sit the baby cissp (sscp).
    Reply With Quote Quote  

  9. Driven to pass CISSP exam Ethanp's Avatar
    Join Date
    Mar 2008
    Location
    Hampton Roads, VA
    Posts
    33

    Certifications
    Certified Virtualization Expert, A+, Network+, & Security+
    #58
    I just read about the CompTIA Advanced Security Practitioner (CASP) certification on CompTIA's daily newsletter today. Believe it or not, I first heard about a “CompTIA Advance Security certification” back in summer 2007. Back then I heard a rumor that CompTIA wanted to make an advanced security certification in attempt to compete against ISC˛’s CISSP for the DoD directive 8570. I am currently studying for the CISSP certification. Now, I am wondering if I should hold off on studying more for the CISSP, and wait till CompTIA Advanced Security Practitioner (CASP) certification comes out in October 2011. I know CompTIA. I am having a difficult time studying for the CISSP, because I do not know ISC˛. I wonder how long it will take for someone to write a study guide with practice questions for the CompTIA Advanced Security Practitioner (CASP) certification. Once that is written, I will be the first in line to get the study guide with practice questions and take the exam.
    Reply With Quote Quote  

  10. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #59
    Quote Originally Posted by cabrillo24 View Post
    Just know that brain dumps won't help you pass this exam. I don't exactly know how their entire process works, but it's pretty much un-dumpable. Anyone who's obtained this certification would agree. I don't know what field you're in specifically, but if you do decide to go after this certification, you'll see what I'm talking about.
    Not true. There are people who have dumped, and gotten the CISSP in the past.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  11. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #60
    Quote Originally Posted by Ethanp View Post
    I just read about the CompTIA Advanced Security Practitioner (CASP) certification on CompTIA's daily newsletter today. Believe it or not, I first heard about a “CompTIA Advance Security certification” back in summer 2007. Back then I heard a rumor that CompTIA wanted to make an advanced security certification in attempt to compete against ISC˛’s CISSP for the DoD directive 8570. I am currently studying for the CISSP certification. Now, I am wondering if I should hold off on studying more for the CISSP, and wait till CompTIA Advanced Security Practitioner (CASP) certification comes out in October 2011. I know CompTIA. I am having a difficult time studying for the CISSP, because I do not know ISC˛. I wonder how long it will take for someone to write a study guide with practice questions for the CompTIA Advanced Security Practitioner (CASP) certification. Once that is written, I will be the first in line to get the study guide with practice questions and take the exam.
    Wow, I'm curious to see how this cert stacks up to the CISSP.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  12. Junior Member Registered Member
    Join Date
    Feb 2011
    Posts
    2
    #61
    Quote Originally Posted by LinuxRacr View Post
    Wow, I'm curious to see how this cert stacks up to the CISSP.
    It's probably not easy to compare CISSP with CASP. CISSP is more of a 'management' exam, while CASP will definitely be more technical and hands-on. See this blog about it: New Year, New Certs
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #62

    Default CASP Objectives

    CompTIA Advanced Security Practitioner Certification Exam Objectives 1 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    CompTIA Advanced Security Practitioner Certification Exam Objectives (CAS-001)
    INTRODUCTION
    The CompTIA Advanced Security Practitioner (CASP) Certification is a vendor-neutral credential. The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, “hands-on” focus at the enterprise level.
    The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. The candidate will apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.
    The CompTIA Advanced Security Practitioner (CASP) Certification is aimed at an IT security professional who has:
     A minimum of 10 years experience in IT administration including at least 5 years of hands-on technical security experience.
    This examination blueprint includes domain weighting, test objectives, and example content. Example topics and concepts are included to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination.
    The table below lists the domain areas measured by this examination and the approximate extent to which they are represented in the examination:
    Domain
    % of Examination
    1.0 Enterprise Security
    40%
    2.0 Risk Mgmt, Policy/Procedure and Legal
    24%
    3.0 Research & Analysis
    14%
    4.0 Integration of Computing, Communications,
    and Business Disciplines
    22%
    Total
    100%
    **Note: The lists of examples provided in bulleted format below each objective are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each
    CompTIA Advanced Security Practitioner Certification Exam Objectives 2 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    objective may also be included on the exam although not listed or covered in this objectives document.
    1.0 Enterprise Security
    1.1 Distinguish which cryptographic tools and techniques are appropriate for a given
    situation
     Cryptographic applications and proper implementation
     Advanced PKI concepts
    o Wild card
    o OCSP vs. CRL
    o Issuance to entities
    o Users
    o Systems
    o Applications
     Implications of cryptographic methods and design
    o Strength vs. performance vs. feasibility to implement vs. interoperability
     Transport encryption
     Digital signature
     Hashing
     Code signing
     Non-repudiation
     Entropy
     Pseudo random number generation
     Perfect forward secrecy
     Confusion
     Diffusion
    1.2 Distinguish and select among different types of virtualized, distributed and shared
    computing
     Advantages and disadvantages of virtualizing servers and minimizing physical space requirements
     VLAN
     Securing virtual environments, appliances and equipment
     Vulnerabilities associated with a single physical server hosting multiple companies’ virtual machines
     Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines
     Secure use of on-demand / elastic cloud computing
    o Provisioning
    o De-provisioning
    o Data remnants
     Vulnerabilities associated with co-mingling of hosts with different security requirements
    o VMEscape
    CompTIA Advanced Security Practitioner Certification Exam Objectives 3 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    o Privilege elevation
     Virtual Desktop Infrastructure (VDI)
     Terminal services
    1.3 Explain the security implications of enterprise storage
     Virtual storage
     NAS
     SAN
     vSAN
     iSCSI
     FCOE
     LUN masking
     HBA allocation
     Redundancy (location)
     Secure storage management
    o Multipath
    o Snapshots
    o Deduplication
    1.4 Integrate hosts, networks, infrastructures, applications and storage into secure
    comprehensive solutions
     Advanced network design
    o Remote access
    o Placement of security devices
    o Critical infrastructure / Supervisory Control and Data Acquisition (SCADA)
    o VoIP
    o IPv6
     Complex network security solutions for data flow
     Secure data flows to meet changing business needs
     Secure DNS
    o Securing zone transfer
    o TSIG
     Secure directory services
    o LDAP
    o AD
    o Federated IP
    o Single sign on
     Network design consideration
    o Building layouts
    o Facilities management
     Multitier networking data design considerations
     Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
     Secure infrastructure design (e.g. decide where to place certain devices)
    CompTIA Advanced Security Practitioner Certification Exam Objectives 4 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
     Storage integration (security considerations)
     Advanced configuration of routers, switches and other network devices
    o Transport security
    o Trunking security
    o Route protection
     ESB
     SOA
     Service enabled
     WS-security
    1.5 Distinguish among security controls for hosts
     Host-based firewalls
     Trusted OS (e.g. how and when to use it)
     End point security software
    o Anti-malware
    o Anti-virus
    o Anti-spyware
    o Spam filters
     Host hardening
    o Standard operating environment
    o Security/group policy implementation
    o Command shell restrictions
    o Warning banners
    o Restricted interfaces
     Asset management (inventory control)
     Data exfiltration
     HIPS / HIDS
     NIPS/NIDS
    1.6 Explain the importance of application security
     Web application security design considerations
    o Secure: by design, by default, by deployment
     Specific application issues
    o XSS
    o Click-jacking
    o Session management
    o Input validation
    o SQL injection
     Application sandboxing
     Application security frameworks
    o Standard libraries
    o Industry accepted approaches
     Secure coding standards
     Exploits resulting from improper error and exception handling
     Privilege escalation
    CompTIA Advanced Security Practitioner Certification Exam Objectives 5 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
     Improper storage of sensitive data
     Fuzzing/false injection
     Secure cookie storage and transmission
     Client-side processing vs. server-side processing
    o AJAX
    o State management
    o JavaScript
     Buffer overflow
     Memory leaks
     Integer overflows
     Race conditions
    o Time of check
    o Time of use
     Resource exhaustion
    1.7 Given a scenario, distinguish and select the method or tool that is appropriate to
    conduct an assessment
     Tool type
    o Port scanners
    o Vulnerability scanners
    o Protocol analyzer
    o Switchport analyzer
    o Network enumerator
    o Password cracker
    o Fuzzer
    o HTTP interceptor
    o Attacking tools/frameworks
     Methods
    o Vulnerability assessment
    o Penetration testing
    o Blackbox
    o Whitebox
    o Graybox
    o Fingerprinting
    o Code review
    o Social engineering
    2.0 Risk Management, Policy / Procedure and Legal
    2.1 Analyze the security risk implications associated with business decisions
     Risk management of new products, new technologies and user behaviors
     New or changing business models/strategies
    o Partnerships
    o Outsourcing
    o Mergers
    CompTIA Advanced Security Practitioner Certification Exam Objectives 6 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
     Internal and external influences
    o Audit findings
    o Compliance
    o Client requirements
    o Top level management
     Impact of de-perimiterization (e.g. constantly changing network boundary)
    o Considerations of enterprise standard operating environment (SOE) vs. allowing personally managed devices onto corporate networks
    2.2 Execute and implement risk mitigation strategies and controls
     Classify information types into levels of CIA based on organization/industry
     Determine aggregate score of CIA
     Determine minimum required security controls based on aggregate score
     Conduct system specific risk analysis
     Make risk determination
    o Magnitude of impact
    o Likelihood of threat
     Decide which security controls should be applied based on minimum requirements
    o Avoid
    o Transfer
    o Mitigate
    o Accept
     Implement controls
     Continuous monitoring
    2.3 Explain the importance of preparing for and supporting the incident response and
    recovery process
     E-Discovery
    o Electronic inventory and asset control
    o Data retention policies
    o Data recovery and storage
    o Data ownership
    o Data handling
     Data breach
    o Recovery
    o Minimization
    o Mitigation and response
     System design to facilitate incident response taking into account types of violations
    o Internal and external
    o Private policy violations
    o Criminal actions
    o Establish and review system event and security logs
     Incident and emergency response
    CompTIA Advanced Security Practitioner Certification Exam Objectives 7 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    2.4 Implement security and privacy policies and procedures based on organizational
    requirements
     Policy development and updates in light of new business, technology and environment changes
     Process/procedure development and updated in light of policy, environment and business changes
     Support legal compliance and advocacy by partnering with HR, legal, management and other entities
     Use common business documents to support security
    o Interconnection Security Agreement (ISA)
    o Memorandum of Understanding (MOU)
    o Service Level Agreement (SLA)
    o Operating Level Agreement (OLA)
    o Non-Disclosure Agreement (NDA)
    o Business Partnership Agreement (BPA)
     Use general privacy principles for PII / Sensitive PII
     Support the development of policies that contain
    o Separation of duties
    o Job rotation
    o Mandatory vacation
    o Least privilege
    o Incident response
    o Forensic tasks
    o On-going security
    o Training and awareness for users
    o Auditing requirements and frequency
    3.0 Research and Analysis
    3.1 Analyze industry trends and outline potential impact to the enterprise
     Perform on-going research
    o Best practices
    o New technologies
    o New security systems and services
    o Technology evolution (e.g. RFCs, ISO)
     Situational awareness
    o Latest client-side attacks
    o Threats
    o Counter zero day
    o Emergent issues
     Research security implications of new business tools
    o Social media/networking
    o Integration within the business (e.g. advising on the placement of company material for the general public)
    CompTIA Advanced Security Practitioner Certification Exam Objectives 8 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
     Global IA industry/community
    o Conventions
    o Attackers
    o Emerging threat sources
     Research security requirements for contracts
    o Request for Proposal (RFP)
    o Request for Quote (RFQ)
    o Request for Information (RFI)
    o Agreements
    3.2 Carry out relevant analysis for the purpose of securing the enterprise
     Benchmark
     Prototype and test multiple solutions
     Cost benefit analysis (ROI, TCO)
     Analyze and interpret trend data to anticipate cyber defense aids
     Review effectiveness of existing security
     Reverse engineer / deconstruct existing solutions
     Analyze security solutions to ensure they meet business needs
    o Specify the performance
    o Latency
    o Scalability
    o Capability
    o Usability
    o Maintainability
     Conduct a lessons-learned / after-action review
     Use judgment to solve difficult problems that do not have a best solution
     Conduct network traffic analysis
    4.0 Integration of Computing, Communications and Business Disciplines
    4.1 Integrate enterprise disciplines to achieve secure solutions
     Interpreting security requirements and goals to communicate with other disciplines
    o Programmers
    o Network engineers
    o Sales staff
     Use judgment to provide guidance and recommendations to staff and senior management on security processes and controls
     Establish effective collaboration within teams to implement secure solutions
     Disciplines
    o Programmer
    o Database administrator
    o Network administrator
    o Management
    CompTIA Advanced Security Practitioner Certification Exam Objectives 9 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    o Stake holders
    o Financial
    o HR
    o Emergency response team
    o Facilities manager
    o Physical security manager
    4.2 Explain the security impact of inter-organizational change
     Security concerns of interconnecting multiple industries
    o Rules, policies and regulations
     Design considerations during mergers, acquisitions and de-mergers
     Assuring third party products - only introduce acceptable risk
    o Custom developed
    o COTS
     Network secure segmentation and delegation
     Integration of products and services
    4.3 Select and distinguish the appropriate security controls with regard to
    communications and collaboration
     Unified communication security
    o Web conferencing
    o Video conferencing
    o Instant messaging
    o Desktop sharing
    o Remote assistance
    o Presence
    o Email
    o Telephony
     VoIP security
     VoIP implementation
     Remote access
     Enterprise configuration management of mobile devices
     Secure external communications
     Secure implementation of collaboration platforms
     Prioritizing traffic (QoS)
     Mobile devices
    o Smart phones, IP cameras, laptops, IP based devices
    4.4 Explain advanced authentication tools, techniques and concepts
     Federated identity management (SAML)
     XACML
     SOAP
     Single sign on
     Certificate based authentication
     Attestation
    CompTIA Advanced Security Practitioner Certification Exam Objectives 10 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    4.5 Carry out security activities across the technology life cycle
     End to end solution ownership
     Understanding results of solutions in advance
    o Operational activities
    o Maintenance
    o Decommissioning
    o General change management
     Systems Development Life Cycle
    o Security System Development Life Cycle (SSDLC) / Security Development Life Cycle (SDL)
    o Security Requirements Traceability Matrix (SRTM)
     Adapt solutions to address emerging threats and security trends
     Validate system designs
    CompTIA Advanced Security Practitioner Certification Exam Objectives 11 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    CASP ACRONYMS
    3DES – Triple Digital Encryption Standard
    AAA – Authentication, Authorization, and Accounting
    ACL – Access Control List
    AD—Active Directory
    AES - Advanced Encryption Standard
    AES256 – Advanced Encryption Standards 256bit
    AH - Authentication Header
    ALE - Annualized Loss Expectancy
    AP - Access Point
    ARO - Annualized Rate of Occurrence
    ARP - Address Resolution Protocol
    AUP - Acceptable Use Policy
    BCP – Business Continuity Planning
    BIOS – Basic Input / Output System
    BOTS – Network Robots
    BPA--Business Partnership Agreement
    CA – Certificate Authority
    CAC - Common Access Card
    CAN - Controller Area Network
    CCMP – Counter-Mode/CBC-Mac Protocol
    CCTV - Closed-circuit television
    CERT – Computer Emergency Response Team
    CHAP – Challenge Handshake Authentication Protocol
    CIA--Cryptographic Information Application
    CIRT – Computer Incident Response Team
    CRC – Cyclical Redundancy Check
    CRL – Certification Revocation List
    DAC – Discretionary Access Control
    DDOS – Distributed Denial of Service
    DEP – Data Execution Prevention
    DES – Digital Encryption Standard
    DHCP – Dynamic Host Configuration Protocol
    DLL - Dynamic Link Library
    DLP - Data Loss Prevention
    DMZ – Demilitarized Zone
    DNS – Domain Name Service (Server)
    DOS – Denial of Service
    DRP – Disaster Recovery Plan
    DSA – Digital Signature Algorithm
    EAP - Extensible Authentication Protocol
    CompTIA Advanced Security Practitioner Certification Exam Objectives 12 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    ECC - Elliptic Curve Cryptography
    EFS – Encrypted File System
    EMI – Electromagnetic Interference
    ESB—Enterprise Service Bus
    ESP – Encapsulated Security Payload
    FCOE – Fiber Channel Over Ethernet
    FTP – File Transfer Protocol
    GPU - Graphic Processing Unit
    GRE - Generic Routing Encapsulation
    HBA – Host Based Authentication
    HDD – Hard Disk Drive
    HIDS – Host Based Intrusion Detection System
    HIPS – Host Based Intrusion Prevention System
    HMAC – Hashed Message Authentication Code
    HSM – Hardware Security Module
    HTTP – Hypertext Transfer Protocol
    HTTPS – Hypertext Transfer Protocol over SSL
    HVAC – Heating, Ventilation Air Conditioning
    IaaS - Infrastructure as a Service
    ICMP - Internet Control Message Protocol
    ID – Identification
    IKE – Internet Key Exchange
    IM - Instant messaging
    IMAP4 - Internet Message Access Protocol v4
    IP - Internet Protocol
    IPSEC – Internet Protocol Security
    IRC - Internet Relay Chat
    ISA--Interconnection Security Agreement
    ISP – Internet Service Provider
    IV - Initialization Vector
    KDC - Key Distribution Center
    L2TP – Layer 2 Tunneling Protocol
    LANMAN – Local Area Network Manager
    LDAP – Lightweight Directory Access Protocol
    LEAP – Lightweight Extensible Authentication Protocol
    LUN – Link Uninhibit
    MAC – Mandatory Access Control / Media Access Control
    MAC - Message Authentication Code
    MAN - Metropolitan Area Network
    MBR – Master Boot Record
    MD5 – Message Digest 5
    MOU--Memorandum of Understanding
    CompTIA Advanced Security Practitioner Certification Exam Objectives 13 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    MSCHAP – Microsoft Challenge Handshake Authentication Protocol
    MTU - Maximum Transmission Unit
    NAC – Network Access Control
    NAS- Network Attached Storage
    NAT – Network Address Translation
    NDA--Non-Disclosure Agreement
    NIDS – Network Based Intrusion Detection System
    NIPS – Network Based Intrusion Prevention System
    NIST – National Institute of Standards & Technology
    NOS – Network Operating System
    NTFS - New Technology File System
    NTLM – New Technology LANMAN
    NTP - Network Time Protocol
    OCSP—Online Certificate Status Protocol
    OLA--Operating Level Agreement
    OS – Operating System
    OVAL – Open Vulnerability Assessment Language
    PAP – Password Authentication Protocol
    PAT - Port Address Translation
    PBX – Private Branch Exchange
    PEAP – Protected Extensible Authentication Protocol
    PED - Personal Electronic Device
    PGP – Pretty Good Privacy
    PII – Personally Identifiable Information
    PII-Personal Identifiable Information
    PKI – Public Key Infrastructure
    POTS – Plain Old Telephone Service
    PPP - Point-to-point Protocol
    PPTP – Point to Point Tunneling Protocol
    PSK – Pre-Shared Key
    PTZ – Pan-Tilt-Zoom
    QoS- Quality of Service
    RA – Recovery Agent
    RAD - Rapid application development
    RADIUS – Remote Authentication Dial-in User Server
    RAID – Redundant Array of Inexpensive Disks
    RAS – Remote Access Server
    RBAC – Role Based Access Control
    RBAC – Rule Based Access Control
    RFI- Request for Information
    RFP- Request for Proposal
    RFQ- Request for Quote
    CompTIA Advanced Security Practitioner Certification Exam Objectives 14 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    RSA – Rivest, Shamir, & Adleman
    RTO – Recovery Time Objective
    RTP – Real-Time Transport Protocol
    S/MIME – Secure / Multipurpose internet Mail Extensions
    SaaS - Software as a Service
    SAML--Security Assertions Markup Language
    SAN – Storage Area Network
    SCADA—Supervisory Control and Data Acquisition
    SCAP - Security Content Automation Protocol
    SCSI - Small Computer System Interface
    SDL- Security Development Life Cycle
    SDLC - Software Development Life Cycle
    SDLM - Software Development Life Cycle Methodology
    SHA – Secure Hashing Algorithm
    SHTTP – Secure Hypertext Transfer Protocol
    SIM – Subscriber Identity Module
    SLA – Service Level Agreement
    SLA--Service Level Agreement
    SLE - Single Loss Expectancy
    SMS - Short Message Service
    SMTP – Simple Mail Transfer Protocol
    SNMP - Simple Network Management Protocol
    SOAP--Simple Object Access Protocol
    SOA--State of Authority
    SONET – Synchronous Optical Network Technologies
    SPIM - Spam over Internet Messaging
    SSDLC-- Security System Development Life Cycle
    SSH – Secure Shell
    SSL – Secure Sockets Layer
    SSO – Single Sign On
    STP – Shielded Twisted Pair
    TACACS – Terminal Access Controller Access Control System
    TCP/IP – Transmission Control Protocol / Internet Protocol
    TKIP - Temporal Key Integrity Protocol
    TLS – Transport Layer Security
    TPM – Trusted Platform Module
    TSIG- Transaction Signature Interoperability Group
    UAT - User Acceptance Testing
    UPS - Uninterruptable Power Supply
    URL - Universal Resource Locator
    USB – Universal Serial Bus
    UTP – Unshielded Twisted Pair
    CompTIA Advanced Security Practitioner Certification Exam Objectives 15 of 15
    Copyright 2010 by the Computing Technology Industry Association. All rights reserved.
    The CASP Certification Exam Objectives are subject to change without notice.
    VDI—Virtual Desktop Infrastructure
    VLAN – Virtual Local Area Network
    VoIP - Voice over IP
    VPN – Virtual Private Network
    vSAN – Virtual Storage Area Network
    VTC – Video Teleconferencing
    WAF- Web-Application Firewall
    WAP – Wireless Access Point
    WEP – Wired Equivalent Privacy
    WIDS – Wireless Intrusion Detection System
    WIPS – Wireless Intrusion Prevention System
    WPA – Wireless Protected Access
    XSRF - Cross-Site Request Forgery
    XSRF- Cross-Site Request Forgery
    XSS - Cross-Site Scripting
    This looks pretty dope. I really think this will probably be as hard or harder than the CISSP
    Last edited by Bl8ckr0uter; 04-01-2011 at 09:43 PM.
    Reply With Quote Quote  

  14. PMP-Wannabe! erpadmin's Avatar
    Join Date
    May 2010
    Posts
    4,133

    Certifications
    A+, Network+, Security+, Project+, MCTS 70-680, MCITP:EA or MCSA:WS2K8, Bachelor of Science, IT - Networks Design and Management
    #63
    Quote Originally Posted by Bl8ckr0uter View Post
    This looks pretty dope. I really think this will probably be as hard or harder than the CISSP


    I, umm...don't quite share that opinion.

    I would still take it, but I don't expect to study for it that hard as I would the CISSP. I think this exam MIGHT be closer to the SSCP and even that's a stretch, IMO.
    Reply With Quote Quote  

  15. Senior Member cabrillo24's Avatar
    Join Date
    Jul 2007
    Location
    Cantonment FL
    Posts
    134

    Certifications
    CISM, CISA, CISSP, CCENT, CNSSI No. 4012, NSTISSI No. 4015, MCP (70-270), CompTIA: A+, Network+, Security+, i-Net+
    #64
    I think it will be difficult to gauge the difficulty of this test. I do hope that it's a challenging exam, as it will have more credibility. When I first got my Security+ I was very excited, but this disheartened to learn that pass rates were high, especially when people (even those in my organization) were passing brain dumps to one another and bragging about getting perfect scores on the exam.

    That's why I went after my CISSP, CISA and now CISM to separate myself. I really do want to see this new certification succeed, be challenging and constantly evolving. I actually like studying, learning, and re-enforcing what I know, or change my way of thinking and seeing the bigger picture when it comes to security. Off my soap box now.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #65
    Quote Originally Posted by erpadmin View Post


    I, umm...don't quite share that opinion.

    I would still take it, but I don't expect to study for it that hard as I would the CISSP. I think this exam MIGHT be closer to the SSCP and even that's a stretch, IMO.
    I don't know about you but some of those objectives look pretty intense. This makes the SSCP look sort of weak (not saying it would be easy but the objectives look much more in depth ).
    Last edited by Bl8ckr0uter; 04-02-2011 at 01:22 AM.
    Reply With Quote Quote  

  17. Untrainable steve13ad's Avatar
    Join Date
    Dec 2009
    Location
    NC
    Posts
    387

    Certifications
    Couple here, a couple there
    #66
    Quote Originally Posted by Bl8ckr0uter View Post
    I don't know about you but some of those objectives look pretty intense. This makes the SSCP look sort of weak (not saying it would be easy but the objectives look much more in depth ).
    Comptia has had great success with Sec+, so it only makes sense for them to develop a more advanced version test/cert to cash in on.

    cabrillo, give the a**hats enough time there will be dumps for this just like all of the others.

    I'm cautiously optimistic about taking the Beta!
    Reply With Quote Quote  

  18. Senior Member cabrillo24's Avatar
    Join Date
    Jul 2007
    Location
    Cantonment FL
    Posts
    134

    Certifications
    CISM, CISA, CISSP, CCENT, CNSSI No. 4012, NSTISSI No. 4015, MCP (70-270), CompTIA: A+, Network+, Security+, i-Net+
    #67
    Quote Originally Posted by steve13ad View Post
    Comptia has had great success with Sec+, so it only makes sense for them to develop a more advanced version test/cert to cash in on.

    cabrillo, give the a**hats enough time there will be dumps for this just like all of the others.

    I'm cautiously optimistic about taking the Beta!
    Security+ got a major push thanks for it's ability to be an elective for MSCA/MSCE as well as it's incorporation into DoD 8570.

    There will be dumps for all test, but doesn't mean its good quality or it will show up on the test. When I have colleagues who have taken the CISSP 3-4 times and are constantly looking for brain dumps and exchanging it with other test takers, and are continuously fail.

    I think ISC2 and ISACA have good models when it comes to their testing banks which I wish CompTIA would, but the higher the pass rate and backing of DoD 8570, it wouldn't behoove them to turn people off from taking their exams. Just my opinion.
    Reply With Quote Quote  

  19. Untrainable steve13ad's Avatar
    Join Date
    Dec 2009
    Location
    NC
    Posts
    387

    Certifications
    Couple here, a couple there
    #68
    Quote Originally Posted by cabrillo24 View Post
    Security+ got a major push thanks for it's ability to be an elective for MSCA/MSCE as well as it's incorporation into DoD 8570.

    There will be dumps for all test, but doesn't mean its good quality or it will show up on the test. When I have colleagues who have taken the CISSP 3-4 times and are constantly looking for brain dumps and exchanging it with other test takers, and are continuously fail.

    I think ISC2 and ISACA have good models when it comes to their testing banks which I wish CompTIA would, but the higher the pass rate and backing of DoD 8570, it wouldn't behoove them to turn people off from taking their exams. Just my opinion.
    I absolutely agree with you Cabrillo. With their shift to CE, Comptia has created a great revenue source while complying with 8570.
    Reply With Quote Quote  

  20. PMP-Wannabe! erpadmin's Avatar
    Join Date
    May 2010
    Posts
    4,133

    Certifications
    A+, Network+, Security+, Project+, MCTS 70-680, MCITP:EA or MCSA:WS2K8, Bachelor of Science, IT - Networks Design and Management
    #69
    Quote Originally Posted by Bl8ckr0uter View Post
    I don't know about you but some of those objectives look pretty intense. This makes the SSCP look sort of weak (not saying it would be easy but the objectives look much more in depth ).

    If it weren't a CompTIA exam, I would be more inclined to agree with you. Mind you, I have failed a CompTIA exam once (by one or three questions, mind you), but that was when there were very little study materials and I was extremely weak in Novell. (I was supporting a Novell environment, but we were phasing those out to switch to W2K/Active Directory).

    Plus, if the CASP follows the same MO as the other exams, something like "Click-Jacking", for example would require you just know what it is and answer it. Even the opposite can be true, if you know what the other answers refer to, you can use process of elimination to guess correctly.

    No question, it's too early to place a wager on this horse. I just can't see this exam as being harder than any ISC(2) exam though....we will have to wait and see.


    Does anyone know when the Beta for this will be available? I'm really shocked CompTIA hasn't sent me any information about this...especially since I hold 4 CompTIA certs......

    If I got a Beta, I would google whatever I didn't know from the objectives and call it a day. (Pass or fail. )
    Last edited by erpadmin; 04-02-2011 at 07:02 PM.
    Reply With Quote Quote  

  21. PMP-Wannabe! erpadmin's Avatar
    Join Date
    May 2010
    Posts
    4,133

    Certifications
    A+, Network+, Security+, Project+, MCTS 70-680, MCITP:EA or MCSA:WS2K8, Bachelor of Science, IT - Networks Design and Management
    #70
    Quote Originally Posted by cabrillo24 View Post
    I think ISC2 and ISACA have good models when it comes to their testing banks which I wish CompTIA would, but the higher the pass rate and backing of DoD 8570, it wouldn't behoove them to turn people off from taking their exams. Just my opinion.
    Keep in mind that the higher pass rate for Security+ could be attributed to Darril Gibson as well. I have never dealt with any certification that could have been passed with one book (actually...Project+ falls into that as well, but that's neither here nor there).


    I would like to think it's not all dumpers, as you said in your earlier post.
    Reply With Quote Quote  

  22. Senior Member cabrillo24's Avatar
    Join Date
    Jul 2007
    Location
    Cantonment FL
    Posts
    134

    Certifications
    CISM, CISA, CISSP, CCENT, CNSSI No. 4012, NSTISSI No. 4015, MCP (70-270), CompTIA: A+, Network+, Security+, i-Net+
    #71
    Quote Originally Posted by erpadmin View Post
    Keep in mind that the higher pass rate for Security+ could be attributed to Darril Gibson as well. I have never dealt with any certification that could have been passed with one book (actually...Project+ falls into that as well, but that's neither here nor there).


    I would like to think it's not all dumpers, as you said in your earlier post.
    I'm not saying it's the sole factor in why there is a high success rate, or undermining anyone on here who have CompTIA certs (I hold several), but the dumps are too readily available and I've witnessed first hand in security and DoD organizations in which these are being made readily available and encouraged to use.

    I'm not saying all companies do this, but it's done. It's cheaper to pass dumps around then to send people to training (which usually comes from overhead).

    If CompTIA were to refresh their exams on a yearly basis or even semi annual basis, one could make the argument that there would be a substantial drop in newly certified personnel. I think there would be a slight drop in interest, as Security+ doesn't provide that great of a return on investment, so people would flock towards ISACA or ISC2. I think CompTIA realizes this, as why they don't address the "dumps" issue.

    There are many experienced professionals that I work with who are extremely intelligent, but they don't want to put in the time to study for certifications. Whenever I received one, they'd ask me what I used. When I told them "books, online CBTS, official guides" they'd smirk and say "man, I'm just going on ********s and buy the exam."

    I know there are MANY of people on here who studied, took the time to learn and EARN their CompTIA certs, and I applaud them, and it's completely unfair that someone can just get a dump and study it for a week and then go take the exam and pass. The pool of certified professionals becomes large and saturated, and the certification doesn't hold as much merit. This was one of the major reasons why I moved on to other certifications. Keep in mind, that CompTIA certs are simply entry level certifications, but nonetheless I feel "dumps" have ended up saturating what little prestige this certification should entail.

    I'm HOPING that this new CompTIA certification really changes how CompTIA does business.
    Reply With Quote Quote  

  23. um yea i know some stuffs demonfurbie's Avatar
    Join Date
    Jul 2010
    Location
    alabama
    Posts
    1,798

    Certifications
    mct: 70-680, a+, network+, security+ (comptia tri-force) project+, ciw foundations, ciw javascript something
    #72
    yay for beta invites
    Reply With Quote Quote  

  24. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #73
    I just got this from CompTIA

    Get certified as a CompTIA Advanced Security Practitioner (CASP) — for free!
    We have extended the testing deadline for the beta exam. The deadline for taking this exam — at no charge — is now Saturday May 21st.
    The target participant is a technical security practitioner with 10 years of experience in IT, and at least 5 years of hands-on information security design and implementation experience at the enterprise level.
    This new exam beta is offered only at select Pearson VUE testing centers. If you are close to a participating center, please review the target audience for the new certification, and consider whether you qualify. In order for CompTIA to get useful beta statistics, it is important that those who take the exam are at the experience level that we're targeting.
    The exam is free, but will only be available for the first 400 candidates. This is a first come, first served opportunity. After 400 people have taken the exam, no more beta exams will be delivered. (Those who have registered but have not yet taken the exam will be notified by VUE if the exam has been closed.)
    ***Results from the exam (pass/fail) will not be available until the live exam launches, sometime in the fourth quarter of 2011. Your results will be sent to you directly at that time, no exceptions.***
    If you fit the profile of the target candidate for the CompTIA Advanced Security Practitioner, and you are able to travel to one of the confirmed VUE testing centers, we do hope you will take the exam. The CompTIA exam code for the CASP beta, for registration purposes, is CA1-001.
    Visit www.pearsonvue.com/comptia/ to enter your zip code, locate your chosen center (remember, choose one from this list), and schedule the test. If you don't have a VUE account, follow the steps to set one up before you register. When you are asked to pay for the exam, enter the discount code caspbetacb to register at no charge. Please do not distribute this code to others, unless they are interested colleagues whose work role and experience fit CompTIA's criteria for the target candidate.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  25. Senior Member never2late's Avatar
    Join Date
    Jul 2010
    Location
    VA
    Posts
    122

    Certifications
    A+, Sec+, Project+, MCTS: 70-680, CCNA, CCNA-Security
    #74
    Quote Originally Posted by demonfurbie View Post
    yay for beta invites
    Just got my email. Immediately signed up for next Friday. I'll go over the list and if I pass great. If not, nothing lost and a free look at the test.
    Reply With Quote Quote  

  26. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,531

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCNA:Security, CCENT, Sec+, Net+, ITIL v3 Foundations
    #75
    Is there a reason why it is only at limited test centers? To discourage dumping, maybe?
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 4 First 123 4 Last

Social Networking & Bookmarks