CompTIA Advanced Security Practitioner (CASP+) Boot Camp


The CompTIA Advanced Security Practitioner certification is an international, vendor-neutral exam that proves competency in enterprise security; risk management; research and analysis; and integration of computing, communications, and business disciplines. This five-day course will give you the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. This course will prepare students for the CompTIA CASP (CAS-002) exam.

Lesson 1: The Enterprise Security Architecture

  • The Basics of Enterprise Security
  • The Enterprise Structure
  • Enterprise Security Requirements

Lesson 2: Enterprise Security Technology

  • Common Network Security Components and Technologies
  • Communications and Collaboration Security
  • Cryptographic Tools and Techniques
  • Advanced Authentication

Lesson 3: Enterprise Resource Technology

  • Enterprise Storage Security Issues
  • Distributed, Shared, and Virtualized Computing
  • Cloud Computing and Security

Lesson 4: Security Design and Solutions

  • Network Security Design
  • Conduct a Security Assessment
  • Host Security

Lesson 5: Application Security Design

  • Application Security Basics
  • Web Application Security

Lesson 6: Managing Risk, Security Policies, and Security Procedures

  • Analyze Security Risk
  • Implement Risk Mitigation Strategies and Controls
  • Implement Enterprise-Level Security Policies and Procedures
  • Prepare for Incident Response and Recovery

Lesson 7: Enterprise Security Integration

  • The Technology Life Cycle
  • Inter-Organizational Change
  • Integrate Enterprise Disciplines to Achieve Secure Solutions

Lesson 8: Security Research and Analysis

  • Perform an Industry Trends and Impact Analysis
  • Perform an Enterprise Security Analysis


The CompTIA Advanced Security Practitioner (CASP) course is aimed at an IT security professional who has a minimum of 10 years of experience in IT administration including at least 5 years of hands-on technical security experience. Security professionals, military and government personnel, and individuals seeking advanced security certification.

What’s included?

  • Authorized Courseware
  • Intensive Hands on Skills Development with an Experienced Subject Matter Expert
  • Hands-on practice on real Servers and extended lab support 1.800.482.3172
  • Examination Vouchers & Onsite Certification Testing- (excluding Adobe and PMP Boot Camps)
  • Academy Code of Honor: Test Pass Guarantee
  • Optional: Package for Hotel Accommodations, Lunch and Transportation

With several convenient training delivery methods offered, The Academy makes getting the training you need easy. Whether you prefer to learn in a classroom or an online live learning virtual environment, training videos hosted online, and private group classes hosted at your site. We offer expert instruction to individuals, government agencies, non-profits, and corporations. Our live classes, on-sites, and online training videos all feature certified instructors who teach a detailed curriculum and share their expertise and insights with trainees. No matter how you prefer to receive the training, you can count on The Academy for an engaging and effective learning experience.


  • Instructor Led (the best training format we offer)
  • Live Online Classroom – Online Instructor Led
  • Self-Paced Video

Speak to an Admissions Representative for complete details

StartFinishPublic PricePublic Enroll Private PricePrivate Enroll


1.0 Enterprise Security

1.1 Distinguish which cryptographic tools and techniques are appropriate for a given situation.

  • Cryptographic applications and proper implementation
  • Advanced PKI concepts
  • Implications of cryptographic methods and design
  • Strength vs. performance vs. feasibility to implement vs. interoperability
  • Transport encryption
  • Digital signature
  • Hashing
  • Code signing
  • Non-repudiation
  • Entropy
  • Pseudorandom number generation
  • Perfect forward secrecy
  • Confusion
  • Diffusion

1.2 Distinguish and select among different types of virtualized, distributed and shared computing

  • Advantages and disadvantages of virtualizing servers and minimizing physical space requirements
  • VLAN
  • Securing virtual environments, appliances, and equipment
  • Vulnerabilities associated with a single physical server hosting multiple companies’ virtual machines
  • Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines
  • Secure use of on-demand / elastic cloud computing
  • Vulnerabilities associated with co-mingling of hosts with different security requirements
  • Virtual Desktop Infrastructure (VDI)
  • Terminal services

1.3 Explain the security implications of enterprise storage

  • Virtual storage
  • NAS
  • SAN
  • vSAN
  • iSCSI
  • FCoE
  • LUN masking
  • HBA allocation
  • Redundancy (location)
  • Secure storage management

1.4 Integrate hosts, networks, infrastructures, applications, and storage into secure comprehensive solutions

  • Advanced network design
  • Complex network security solutions for data flow
  • Secure data flow to meet changing business needs
  • Secure DNS
  • Secure directory services
  • Network design consideration
  • Multitier networking data design considerations
  • Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
  • Secure infrastructure design (e.g. decide where to place certain devices)
  • Storage integration (security considerations)
  • Advanced configuration of routers, switches, and other network devices
  • ESB
  • SOA
  • SIEM
  • Database Activity Monitor (DAM)
  • Service enabled
  • WS-security

1.5 Distinguish among security controls for hosts

  • Host-based firewalls
  • Trusted OS (e.g. how and when to use it)
  • Endpoint security software
  • Host hardening
  • Asset management (inventory control)
  • Data exfiltration

1.6 Explain the importance of application security

  • Web application security design considerations
  • Specific application issues
  • Application sandboxing
  • Application security frameworks
  • Secure coding standards
  • Exploits resulting from the improper error and exception handling
  • Privilege escalation
  • Improper storage of sensitive data
  • Fuzzing/fault injection
  • Secure cookie storage and transmission
  • Client-side processing vs. server-side processing
  • Buffer overflow
  • Memory leaks
  • Integer overflows
  • Race conditions
  • Resource exhaustion

1.7 Given a scenario, distinguish and select the method or tool that is appropriate to conduct an assessment

  • Tool type
  • Methods

2.0 Risk Management, Policy / Procedure, and Legal

2.1 Analyze the security risk implications associated with business decisions

  • Risk management of new products, new technologies, and user behaviors
  • New or changing business models/strategies
  • Internal and external influences
  • Impact of de-parameterization (e.g. constantly changing network boundary)

2.2 Execute and implement risk mitigation strategies and controls

  • Classify information types into levels of CIA based on organization/industry
  • Determine the aggregate score of CIA
  • Determine minimum required security controls based on aggregate score
  • Conduct system-specific risk analysis
  • Make risk determination
  • Decide which security controls should be applied based on minimum requirements
  • Implement controls
  • ESA frameworks
  • Continuous monitoring

2.3 Explain the importance of preparing for and supporting the incident response and recovery process

  • E-Discovery
  • Data breach
  • System design to facilitate incident response taking into account types of violations
  • Incident and emergency response

2.4 Implement security and privacy policies and procedures based on organizational requirements.

  • Policy development and updates in light of new business, technology, and environment changes
  • Process/procedure development and updates in light of policy, environment and business changes
  • Support legal compliance and advocacy by partnering with HR, legal, management and other entities
  • Use common business documents to support security
  • Use general privacy principles for PII / Sensitive PII
  • Support the development of policies that contain

3.0 Research and Analysis

3.1 Analyze industry trends and outline the potential impact on the enterprise

  • Perform on-going research
  • Situational awareness
  • Research security implications of new business tools
  • Global IA industry/community
  • Research security requirements for contracts
  • 3.2 Carry out relevant analysis to secure the enterprise
  • Benchmark
  • Prototype and test multiple solutions
  • Cost-benefit analysis (ROI, TCO)
  • Analyze and interpret trend data to anticipate cyber defense aids
  • Review the effectiveness of existing security
  • Reverse engineer / deconstruct existing solutions
  • Analyze security solutions to ensure they meet business needs
  • Conduct a lessons-learned / after-action review
  • Use judgment to solve difficult problems that do not have the best solution
  • Conduct network traffic analysis

4.0 Integration of Computing, Communications and Business Disciplines

4.1 Integrate enterprise disciplines to achieve secure solutions

  • Interpreting security requirements and goals to communicate with other disciplines
  • Provide guidance and recommendations to staff and senior management on security processes and controls
  • Establish effective collaboration within teams to implement secure solutions
  • Disciplines

4.2 Explain the security impact of inter-organizational change

  • Security concerns of interconnecting multiple industries
  • Design considerations during mergers, acquisitions, and de-mergers
  • Assuring third party products – only introduce acceptable risk
  • Network secure segmentation and delegation
  • Integration of products and services

4.3 Select and distinguish the appropriate security controls with regard to communications and collaboration

  • Unified communication security
  • VoIP security
  • VoIP implementation
  • Remote access
  • Enterprise configuration management of mobile devices
  • Secure external communications
  • Secure implementation of collaboration platforms
  • Prioritizing traffic (QoS)
  • Mobile devices

4.4 Explain advanced authentication tools, techniques, and concepts

  • Federated identity management (SAML)
  • SOAP
  • Single sign-on
  • SPML
  • Certificate-based authentication
  • Attestation

4.5 Carry out security activities across the technology life cycle

  • End to end solution ownership
  • Understanding the results of solutions in advance
  • Systems Development Life Cycle
  • Adapt solutions to address emerging threats and security trends
  • Validate system designs