CompTIA Advanced Security Practitioner (CASP+) Boot Camp


Duration: 5 days

About the Course

The CompTIA Advanced Security Practitioner certification is an international, vendor-neutral exam that proves competency in enterprise security, risk management, analysis, and business disciplines. CASP+ is the only hands-on, performance-based certification for practitioners — not managers — at the advanced skill level of cybersecurity. You will gain the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.

Audience Profile

This course is intended for security professionals, military and government personnel, and individuals seeking advanced security certification.

Learning Objectives

  • Analyze security risks and frameworks that come along with specific industry threats
  • Integrate network and security components and implement security controls for host, mobile and small form factor devices
  • Implement incident response and recovery procedures and conduct security assessments using appropriate tools
  • Integrate hosts, storage, networks and applications into a secure enterprise architecture using on-premise, cloud, and virtualization technologies
  • Apply research methods to determine industry trends and their impact to the enterprise

Certification Exam

This course will prepare students for the CompTIA CASP (CAS-004) Exam.


Minimum of 10 years of experience in IT administration including at least 5 years of hands-on technical security experience.

What’s included?

  • Authorized Courseware
  • Intensive Hands on Skills Development with an Experienced Subject Matter Expert
  • Hands-on practice on real Servers and extended lab support 1.800.482.3172
  • Examination Vouchers & Onsite Certification Testing- (excluding Adobe and PMP Boot Camps)
  • Academy Code of Honor: Test Pass Guarantee
  • Optional: Package for Hotel Accommodations, Lunch and Transportation

With several convenient training delivery methods offered, The Academy makes getting the training you need easy. Whether you prefer to learn in a classroom or an online live learning virtual environment, training videos hosted online, and private group classes hosted at your site. We offer expert instruction to individuals, government agencies, non-profits, and corporations. Our live classes, on-sites, and online training videos all feature certified instructors who teach a detailed curriculum and share their expertise and insights with trainees. No matter how you prefer to receive the training, you can count on The Academy for an engaging and effective learning experience.


  • Instructor Led (the best training format we offer)
  • Live Online Classroom – Online Instructor Led
  • Self-Paced Video

Speak to an Admissions Representative for complete details

StartFinishPublic PricePublic EnrollPrivate PricePrivate Enroll


1.0 Enterprise Security

1.1 Distinguish which cryptographic tools and techniques are appropriate for a given situation.

  • Cryptographic applications and proper implementation
  • Advanced PKI concepts
  • Implications of cryptographic methods and design
  • Strength vs. performance vs. feasibility to implement vs. interoperability
  • Transport encryption
  • Digital signature
  • Hashing
  • Code signing
  • Non-repudiation
  • Entropy
  • Pseudorandom number generation
  • Perfect forward secrecy
  • Confusion
  • Diffusion

1.2 Distinguish and select among different types of virtualized, distributed and shared computing

  • Advantages and disadvantages of virtualizing servers and minimizing physical space requirements
  • VLAN
  • Securing virtual environments, appliances, and equipment
  • Vulnerabilities associated with a single physical server hosting multiple companies’ virtual machines
  • Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines
  • Secure use of on-demand / elastic cloud computing
  • Vulnerabilities associated with co-mingling of hosts with different security requirements
  • Virtual Desktop Infrastructure (VDI)
  • Terminal services

1.3 Explain the security implications of enterprise storage

  • Virtual storage
  • NAS
  • SAN
  • vSAN
  • iSCSI
  • FCoE
  • LUN masking
  • HBA allocation
  • Redundancy (location)
  • Secure storage management

1.4 Integrate hosts, networks, infrastructures, applications, and storage into secure comprehensive solutions

  • Advanced network design
  • Complex network security solutions for data flow
  • Secure data flow to meet changing business needs
  • Secure DNS
  • Secure directory services
  • Network design consideration
  • Multitier networking data design considerations
  • Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
  • Secure infrastructure design (e.g. decide where to place certain devices)
  • Storage integration (security considerations)
  • Advanced configuration of routers, switches, and other network devices
  • ESB
  • SOA
  • SIEM
  • Database Activity Monitor (DAM)
  • Service enabled
  • WS-security

1.5 Distinguish among security controls for hosts

  • Host-based firewalls
  • Trusted OS (e.g. how and when to use it)
  • Endpoint security software
  • Host hardening
  • Asset management (inventory control)
  • Data exfiltration

1.6 Explain the importance of application security

  • Web application security design considerations
  • Specific application issues
  • Application sandboxing
  • Application security frameworks
  • Secure coding standards
  • Exploits resulting from the improper error and exception handling
  • Privilege escalation
  • Improper storage of sensitive data
  • Fuzzing/fault injection
  • Secure cookie storage and transmission
  • Client-side processing vs. server-side processing
  • Buffer overflow
  • Memory leaks
  • Integer overflows
  • Race conditions
  • Resource exhaustion

1.7 Given a scenario, distinguish and select the method or tool that is appropriate to conduct an assessment

  • Tool type
  • Methods

2.0 Risk Management, Policy / Procedure, and Legal

2.1 Analyze the security risk implications associated with business decisions

  • Risk management of new products, new technologies, and user behaviors
  • New or changing business models/strategies
  • Internal and external influences
  • Impact of de-parameterization (e.g. constantly changing network boundary)

2.2 Execute and implement risk mitigation strategies and controls

  • Classify information types into levels of CIA based on organization/industry
  • Determine the aggregate score of CIA
  • Determine minimum required security controls based on aggregate score
  • Conduct system-specific risk analysis
  • Make risk determination
  • Decide which security controls should be applied based on minimum requirements
  • Implement controls
  • ESA frameworks
  • Continuous monitoring

2.3 Explain the importance of preparing for and supporting the incident response and recovery process

  • E-Discovery
  • Data breach
  • System design to facilitate incident response taking into account types of violations
  • Incident and emergency response

2.4 Implement security and privacy policies and procedures based on organizational requirements.

  • Policy development and updates in light of new business, technology, and environment changes
  • Process/procedure development and updates in light of policy, environment and business changes
  • Support legal compliance and advocacy by partnering with HR, legal, management and other entities
  • Use common business documents to support security
  • Use general privacy principles for PII / Sensitive PII
  • Support the development of policies that contain

3.0 Research and Analysis

3.1 Analyze industry trends and outline the potential impact on the enterprise

  • Perform on-going research
  • Situational awareness
  • Research security implications of new business tools
  • Global IA industry/community
  • Research security requirements for contracts
  • 3.2 Carry out relevant analysis to secure the enterprise
  • Benchmark
  • Prototype and test multiple solutions
  • Cost-benefit analysis (ROI, TCO)
  • Analyze and interpret trend data to anticipate cyber defense aids
  • Review the effectiveness of existing security
  • Reverse engineer / deconstruct existing solutions
  • Analyze security solutions to ensure they meet business needs
  • Conduct a lessons-learned / after-action review
  • Use judgment to solve difficult problems that do not have the best solution
  • Conduct network traffic analysis

4.0 Integration of Computing, Communications and Business Disciplines

4.1 Integrate enterprise disciplines to achieve secure solutions

  • Interpreting security requirements and goals to communicate with other disciplines
  • Provide guidance and recommendations to staff and senior management on security processes and controls
  • Establish effective collaboration within teams to implement secure solutions
  • Disciplines

4.2 Explain the security impact of inter-organizational change

  • Security concerns of interconnecting multiple industries
  • Design considerations during mergers, acquisitions, and de-mergers
  • Assuring third party products – only introduce acceptable risk
  • Network secure segmentation and delegation
  • Integration of products and services

4.3 Select and distinguish the appropriate security controls with regard to communications and collaboration

  • Unified communication security
  • VoIP security
  • VoIP implementation
  • Remote access
  • Enterprise configuration management of mobile devices
  • Secure external communications
  • Secure implementation of collaboration platforms
  • Prioritizing traffic (QoS)
  • Mobile devices

4.4 Explain advanced authentication tools, techniques, and concepts

  • Federated identity management (SAML)
  • SOAP
  • Single sign-on
  • SPML
  • Certificate-based authentication
  • Attestation

4.5 Carry out security activities across the technology life cycle

  • End to end solution ownership
  • Understanding the results of solutions in advance
  • Systems Development Life Cycle
  • Adapt solutions to address emerging threats and security trends
  • Validate system designs