EXAM CAS-003
Copyright © 2020 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-68372-8
ISBN: 978-1-119-68374-2 (ebk.)
ISBN: 978-1-119-68373-5 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2020938995
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
6b 65 6e 6e 65 74 68 2c 20 69 20 6c 6f 76 65 20 79 6f 75 21
To Kenneth, thank you for all the love and question suggestions and for cooking dinner when I had a deadline.
To Shelby and Gavin, thank you for your patience and encouragement and for eating the dinners Daddy cooked.
To Kenyon Brown for making the ask, to Jan Lynn for keeping me on task, and to my dearest friend, Ryan Hendricks, for making sure I was right. I couldn't have done this without such talent and dedication.
And, to those of you taking the CASP+ exam, whether you volunteered or were voluntold—this book is for you. Best of luck, you got this!
Nadean Hutto Tanner is the senior manager of Technical Education Strategy for Puppet software. Prior to Puppet, she was the lead instructor at Rapid7 teaching Nexpose, incident detection and response, and Metasploit. For more than 20 years, she has worked in academia as the IT director at a private school and a technology instructor at the university level. Tanner holds many industry certifications including the following:
Tanner has trained and consulted for Fortune 50 companies in cybersecurity and security awareness, and has received hands-on experience working for the Department of Defense.
She is the author of the Cybersecurity Blue Team Toolkit, published by Wiley in 2019.
Ryan Hendricks (CISSP, CEH, CASP+, Security+) has more than 15 years of cybersecurity and intelligence experience. His first venture was working on intelligence operations for the U.S. Navy; he continued in the government and private sectors as an educator, facilitator, consultant, and advisor for a multitude of information technology and cybersecurity principals.
Hendricks holds many certifications covering hardware, networking, operating systems, and cybersecurity. He worked as a trainer for the U.S. Department of Defense, educating hundreds of students on everything from military communication systems to the CompTIA CASP+ and (ISC)2 CISSP certifications.
Hendricks currently supports all technical product training operations at VMware Carbon Black, including creating content, developing labs, updating materials, piloting and expanding the certification programs, mentoring and managing the training team, and educating anyone who is willing to learn. When not working, he tries to balance spending his time learning new security tools and attack techniques to feed his need for knowledge and playing video games with his kids.
CompTIA CASP+ (CompTIA Advanced Security Practitioner) Practice Tests is a companion volume to CompTIA CASP+ (CompTIA Advanced Security Practitioner) Study Guide (Wiley, 2019, Parker/Gregg). If you're looking to test your knowledge before you take the CASP+ exam, this book will help you by providing a combination of 1,000 questions that cover the five CASP+ domains and by including easy-to-understand explanations of both right and wrong answers.
If you're just starting to prepare for the CASP+ exam, we highly recommend that you use CompTIA Advanced Security Practitioner+ (CASP+) Study Guide to help you learn about each of the domains covered by the CASP+ exam. Once you're ready to test your knowledge, use this book to help find places where you might need to study more or to practice for the exam itself.
Because this is a companion to CASP+ Study Guide, this book is designed to be similar to taking the CASP+ exam. It contains multi-part scenarios as well as standard multiple-choice questions similar to those you may encounter on the certification exam.
CompTIA is a nonprofit trade organization that offers certification in a variety of IT areas, ranging from the skills that a PC support technician needs, which are covered on the A+ exam, to advanced skills like the CompTIA Advanced Security Practitioner (CASP+) certification. CompTIA divides its exams into four categories based on the skill level required for the exam and the topics it covers, as shown here:
| Infrastructure | Core | Cybersecurity | Additional Professional |
| Cloud+ Linux+ Server+ |
ITF+ A+ Network+ Security+ |
CySA+ PenTest+ CASP+ |
CTT+ Cloud Essentials+ Project+ |
As you can see, the CompTIA Advanced Security Practitioner+ certification fits into the Cybersecurity category, which is the same place you'll find the popular A+, Network+, and Security+ credentials. The CompTIA Advanced Security Practitioner+ exam is a more advanced exam, intended for professionals with 10 years of hands-on experience who possess the knowledge covered by all of the prior exams.
CompTIA certifications are ISO and ANSI accredited, and they are used throughout multiple industries as a measure of technical skill and knowledge. In addition, CompTIA certifications, including the Security+ and the CASP+, have been approved by the U.S. government as information assurance baseline certifications and are included in the State Department's Skills Incentive Program.
The CompTIA Advanced Security Practitioner+ exam, which CompTIA refers to as the CASP+, is designed to be a vendor-neutral certification for cybersecurity, threat, and vulnerability analysts. The CASP+ certification is designed for security analysts and engineers as well as security operations center (SOC) staff, vulnerability analysts, and threat intelligence analysts. It focuses on security analytics and practical use of security tools in real-world scenarios.
The CASP+ exam is conducted in a format that CompTIA calls performance-based assessment. This means the exam uses hands-on simulations using actual security tools and scenarios to perform tasks that match those found in the daily work of a security practitioner. Exam questions may include many types of questions such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-based problems.
CompTIA recommends that test takers have 10 years of information security–related experience before taking this exam. The exam costs $439 in the United States, with roughly equivalent prices in other locations around the globe. You can find more details about the CASP+ exam and how to take it at certification.comptia.org/certifications/comptia-advanced-security-practitioner.
We recommend you use this book in conjunction with CompTIA Advanced Security Practitioner+ (CASP+) Study Guide. Read through chapters in the study guide and then try your hand at the practice questions associated with each domain in this book.
You should also keep in mind that the CASP+ certification is designed to test practical experience, so you should also make sure you get some hands-on time with the security tools covered on the exam. CompTIA recommends the use of NetWars-style simulations, penetration testing and defensive cybersecurity simulations, and incident response training to prepare for the CASP+.
Additional resources for hands-on exercises include the following:
exploit-exercises.com/www.hacking-lab.com/index.html.www.owasp.org/index.php/OWASP_Hacking_Lab.www.pentesterlab.com/exercises/.Because the exam uses scenario-based learning, expect the questions to involve analysis and thought, rather than relying on simple memorization. The questions in this book are intended to help you be confident that you know the topic well enough to think through hands-on exercises.
Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase your exam voucher.
www.comptiastore.com/Articles.asp?ID=265&category=vouchers
CompTIA partners with Pearson VUE's testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson Vue website, where you will need to navigate to “Find a test center.”
www.pearsonvue.com/comptia/
Now that you know where you'd like to take the exam, simply set up a Pearson VUE testing account and schedule an exam.
certification.comptia.org/testing/schedule-exam
On the day of the test, bring two forms of identification, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.
Once you have taken the exam, you will be notified of your score immediately, so you'll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam.
CompTIA certifications must be renewed on a periodic basis. To renew your certification, you can either pass the most current version of the exam, earn a qualifying higher-level CompTIA or industry certification, or complete sufficient continuing education activities to earn enough continuing education units (CEUs) to renew it. CompTIA provides information on renewals via its website.
certification.comptia.org/continuing-education/how-to-renew
When you sign up to renew your certification, you will be asked to agree to the CE program's Code of Ethics, to pay a renewal fee, and to submit the materials required for your chosen renewal method.
You can find a full list of the industry certifications you can use to acquire CEUs toward renewing the CASP+ here:
certification.comptia.org/continuing-education/renewothers/renewing-casp
This book is composed of five domain-based chapters and two randomized test chapters to emulate the real test experience.
As you work through questions in this book, you will encounter tools and technology that you may not be familiar with. If you find that you are facing a consistent gap or that a domain is particularly challenging, we recommend spending some time with books and materials that tackle that domain in depth. This can help you fill in gaps and help you be more prepared for the exam.
The following table shows how much weight is given to an objective on the exam.
| Domain | Percentage of Exam |
| 1.0 Risk Management | 19% |
| 2.0 Enterprise Security Architecture | 25% |
| 3.0 Enterprise Security Operations | 20% |
| 4.0 Technical Integration of Enterprise Security | 23% |
| 5.0 Research, Development, and Collaboration | 13% |
| Total | 100% |
The following table shows where you can find an objective covered in this book.
| Objective | Chapter |
| 1.0 Risk Management | |
| 1.1 Summarize business and industry influences and associated security risks. | Chapter 1 |
| Risk Management of new products, technology, and users. Business models including partnerships, outsourcing, cloud, and strategies around mergers, divestiture, and acquisitions. Data ownership and reclassification. Rules, policies, regulations. Competitors, auditors, regulations. | |
| 1.2 Compare and contrast security, privacy policies, and procedures based on organizational requirements. | Chapter 1 |
| Policy and process life cycles. Legal compliance and advocacy by partnering with human resources, legal, and management. Common business documents supporting security including risk assessments, business impact analysis, interoperability agreement, interconnection security agreements, memorandum of understanding, service level and operating level agreements, as well as non-disclosure, business partnership, and master service agreements. Research security requirements such as requests for proposals, for quotes, and for information. Privacy requirements and development of policies containing standard security practices. | |
| 1.3 Given a scenario, execute risk mitigation strategies and controls. | Chapter 1 |
| CIA and security controls. Scenario planning and risk analysis. Risk determination using metrics, such as annual loss and single loss expectancy. Recommending a strategy based on risk avoidance, transference, mitigation, and acceptance. Risk management processes, including exemptions, deterrence, inherent, and residual. Business continuity planning. | |
| 1.4 Analyze risk metric scenarios to secure the enterprise. | Chapter 1 |
| Review effectiveness of security controls with gap analysis, lessons learned, and after-action reports. Reverse engineer existing solutions and analyze metrics. Prototype solutions, benchmarks, and baselines, and interpretation of data to anticipate cyber defense needs. Analyze possible solutions based on performance, latency, scalability, capability, usability, maintainability, availability, and recoverability. | |
| 2.0 Enterprise Security Architecture | |
| 2.1 Analyze a scenario and integrate network and security components, concepts, and architectures to meet security requirements. | Chapter 2 |
| Physical and virtual network security devices as well as application and protocol-aware technologies. Advanced network design and complex network security for data in transit. Secure configuration, baselining, and monitoring of assets. Security zones, network access control, and critical infrastructure. | |
| 2.2 Analyze a scenario to integrate security controls for host devices to meet security requirements. | Chapter 2 |
| Trusted operating systems, endpoint security software, host hardening, and hardware vulnerabilities. Terminal services and application delivery services. | |
| 2.3 Analyze a scenario to integrate security controls for mobile and small-form-factor devices to meet security requirements. | Chapter 2 |
| Enterprise mobility management, including containers, remote assistance and wiping, VPN, and mobile payment systems. Security implications and privacy concerns of data storage. Wearable technology and security implications. | |
| 2.4 Given software vulnerability scenarios, select the appropriate security controls. | Chapter 2 |
| Application security design considerations and application issues, including XSS, CSRF, SQLi, session management, input validation, buffer overflow, memory leaks, race conditions, and privilege escalation. Application sandboxing, secure encrypted enclaves, database monitoring, web application firewalls, and client-side versus server-side processing. Operating system and firmware vulnerabilities. | |
| 3.0 Enterprise Security Operations | |
| 3.1 Given a scenario, conduct a security assessment using the appropriate methods. | Chapter 3 |
| Malware, debugging, reconnaissance, fingerprinting, code review, social engineering, OSINT, and pivoting. Type of penetration testing, including black, white, and gray box. Vulnerability assessments, audits, and team exercises. | |
| 3.2 Analyze a scenario or output, and select the appropriate tool for a security assessment. | Chapter 3 |
| Network tools, such as port scanners, vulnerability scanners, protocol analyzers, fuzzers, and logging-analysis tools. Host tool types, such as password crackers, command line tools, SCAP, FIM, antivirus, and reverse-engineering tools. Physical security tools, such as lock picks, RFID tools, and IR camera. | |
| 3.3 Given a scenario, implement incident response and recovery procedures. | Chapter 3 |
| E-discovery, data retention, recovery, ownership, and handling. Data breach response, detection, mitigation, recovery, response, and disclosure. Incident detection and response, incident response tools to help determine the severity of the incident or breach, and posting incident response. | |
| 4.0 Technical Integration of Enterprise Security | |
| 4.1 Given a scenario, integrate hosts, storage, networks, and applications into a secure enterprise architecture. | Chapter 4 |
| Data flow security. Open, competing, adherence, and de facto standards. Interoperability issues, including software types, legacy systems, application requirements, protocols, and standard data formats. Resilience issues, provisioning, and deprovisioning resources, including users, servers, virtual systems, and applications. Network segmentation, security and privacy considerations, and enterprise applications. | |
| 4.2 Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture. | Chapter 4 |
| Technical deployment models (outsourcing/insourcing/managed services/partnerships), cloud and virtualization considerations, security advantages, and disadvantages of virtualization. Cloud-augmented security services, and vulnerabilities associated with hosts with different security requirements. | |
| 4.3 Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives. | Chapter 4 |
| Authentication, authorization, attestation, identity proofing, identity propagation, federation, and trust models. | |
| 4.4 Given a scenario, implement cryptographic techniques. | Chapter 4 |
| Cryptographic techniques, such as hashing, digital signatures, code signing, data-in-transit encryption, data-in-memory processing, data-at-rest encryption, and steganography. Implementing encryption in an enterprise, such as DRM, SSH, SSL, S/MIME, and PKI. | |
| 4.5 Given a scenario, select the appropriate control to secure communications and collaboration solutions. | Chapter 4 |
| Remote access, resources and services, and remote assistance. Unified collaboration tools for video/audio/web conferencing, instant messaging, email, VoIP, and collaboration sites. | |
| 5.0 Research, Development, and Collaboration | |
| 5.1 Given a scenario, apply research methods to determine industry trends and their impact on the enterprise. | Chapter 5 |
| Ongoing research in best practices, new technologies, security systems, and services. Threat intelligence of latest attacks, current vulnerabilities, and threats; zero-day mitigation controls; and threat modeling. Research security implications of emerging business tools and the global IA industry/community. | |
| 5.2 Given a scenario, implement security activities across the technology life cycle. | Chapter 5 |
| Systems/software development lifecycles. Application frameworks, development approaches, secure coding standards, and documentation. Validation and acceptance testing. Adapting solutions to address emerging threats, security trends, and disruptive technology. Asset management and inventory control. | |
| 5.3 Explain the importance of interaction across diverse business units to achieve security goals. | Chapter 5 |
| Interpreting security requirements and goals to communicate with stakeholders, such as sales, programmers, DBA, network administrators, human resources, and legal counsel. Provide guidance and recommendations to staff and management on processes and security controls. Governance, risk, and compliance committees. |