CompTIA Advanced

Security Practitioner
(CASP+) Certification
Exam Objectives
EXAM NUMBER: CAS-004
 About the Exam
Candidates are encouraged to use this document to help prepare for the CompTIA Advanced
Security Practitioner (CASP+) (CAS-004) certification exam. The CompTIA CASP+ certification
exam will verify the successful candidate has the knowledge and skills required to:
• Architect, engineer, integrate, and implement secure solutions across
complex environments to support a resilient enterprise
• Use monitoring, detection, incident response, and automation to proactively
support ongoing security operations in an enterprise environment
• Apply security practices to cloud, on-premises, endpoint, and mobile infrastructure,
while considering cryptographic technologies and techniques
• Consider the impact of governance, risk, and compliance requirements throughout the enterprise
This is equivalent to at least ten years of general hands-on IT experience, with at least five of those years
being broad hands-on security experience. These content examples are meant to clarify the test objectives
and should not be construed as a comprehensive listing of all the content of this examination.
EXAM ACCREDITATION
The CompTIA CASP+ (CAS-004) exam is accredited by ANSI to show compliance with the ISO 17024
standard and, as such, undergoes regular reviews and updates to the exam objectives.
EXAM DEVELOPMENT
CompTIA exams result from subject matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an entry-level IT professional.
CompTIA AUTHORIZED MATERIALS USE POLICY
CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse, or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka “brain dumps”), he/she should contact CompTIA at [email protected] to confirm.

PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes, or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current, and the security
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be valid.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 TEST DETAILS
Required exam CAS-004
Number of questions Maximum of 90
Types of questions Multiple-choice and performance-based
Length of test 165 minutes
Recommended experience • Minimum of ten years of general hands-on IT experience,
with at least five of those years being broad
hands-on IT security experience
• Network+, Security+, CySA+, Cloud+, and PenTest+
or equivalent certifications/knowledge
Passing score Pass/Fail only — no scaled score

EXAM OBJECTIVES (DOMAINS)

The table below lists the domains measured by this examination
and the extent to which they are represented.

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Security Architecture 29%

2.0 Security Operations 30%
3.0 Security Engineering and Cryptography 26%
4.0 Governance, Risk, and Compliance 15%
Total 100%

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 1.0 Security Architecture
1.1 Given a scenario, analyze the security requirements and
objectives to ensure an appropriate, secure network
architecture for a new or existing network.
• Services - Traffic mirroring - Access control lists (ACLs)
- Load balancer - Switched port - Peer-to-peer
- Intrusion detection system (IDS)/ analyzer (SPAN) ports - Air gap
network intrusion detection - Port mirroring • Deperimeterization/zero trust
system (NIDS)/wireless intrusion - Virtual private cloud (VPC) - Cloud
detection system (WIDS) - Network tap - Remote work
- Intrusion prevention system (IPS)/ - Sensors - Mobile
network intrusion prevention - Security information and - Outsourcing and contracting
system (NIPS)/wireless intrusion event management (SIEM) - Wireless/radio frequency (RF)
prevention system (WIPS) - File integrity monitoring (FIM) networks
- Web application firewall (WAF) - Simple Network Management • Merging of networks from
- Network access control (NAC) Protocol (SNMP) traps various organizations
- Virtual private network (VPN) - NetFlow - Peering
- Domain Name System Security - Data loss prevention (DLP) - Cloud to on premises
Extensions (DNSSEC) - Antivirus - Data sensitivity levels
- Firewall/unified threat management • Segmentation - Mergers and acquisitions
(UTM)/next-generation firewall (NGFW) - Microsegmentation - Cross-domain
- Network address translation - Local area network (LAN)/ - Federation
(NAT) gateway virtual local area network (VLAN) - Directory services
- Internet gateway - Jump box • Software-defined networking (SDN)
- Forward/transparent proxy - Screened subnet - Open SDN
- Reverse proxy - Data zones - Hybrid SDN
- Distributed denial-of-service - Staging environments - SDN overlay
(DDoS) protection - Guest environments
- Routers - VPC/virtual network (VNET)
- Mail security - Availability zone
- Application programming - NAC lists
interface (API) gateway/Extensible - Policies/security groups
Markup Language (XML) gateway - Regions

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 1.0 Security Architecture

1.2 Given a scenario, analyze the organizational requirements

to determine the proper infrastructure security design.
• Scalability • Automation
- Vertically - Autoscaling
- Horizontally - Security Orchestration, Automation,
• Resiliency and Response (SOAR)
- High availability - Bootstrapping
- Diversity/heterogeneity • Performance
- Course of action orchestration • Containerization
- Distributed allocation • Virtualization
- Redundancy • Content delivery network
- Replication • Caching
- Clustering

1.3 Given a scenario, integrate software applications

securely into an enterprise architecture.
• Baseline and templates • Considerations of integrating - Disposal and reuse
- Secure design patterns/ enterprise applications - Testing
types of web technologies - Customer relationship - Regression
- Storage design patterns management (CRM) - Unit testing
- Container APIs - Enterprise resource planning (ERP) - Integration testing
- Secure coding standards - Configuration management - Development approaches
- Application vetting processes database (CMDB) - SecDevOps
- API management - Content management system (CMS) - Agile
- Middleware - Integration enablers - Waterfall
• Software assurance - Directory services - Spiral
- Sandboxing/development - Domain name system (DNS) - Versioning
environment - Service-oriented architecture (SOA) - Continuous integration/
- Validating third-party libraries - Enterprise service bus (ESB) continuous delivery
- Defined DevOps pipeline • Integrating security into (CI/CD) pipelines
- Code signing development life cycle - Best practices
- Interactive application security - Formal methods - Open Web Application
testing (IAST) vs. dynamic application - Requirements Security Project (OWASP)
security testing (DAST) vs. static - Fielding - Proper Hypertext Transfer
application security testing (SAST) - Insertions and upgrades Protocol (HTTP) headers

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 1.0 Security Architecture

1.4 Given a scenario, implement data security techniques

for securing enterprise architecture.
• Data loss prevention • Data classification, labeling, and tagging • Data inventory and mapping
- Blocking use of external media - Metadata/attributes • Data integrity management
- Print blocking • Obfuscation • Data storage, backup, and recovery
- Remote Desktop - Tokenization - Redundant array of
Protocol (RDP) blocking - Scrubbing inexpensive disks (RAID)
- Clipboard privacy controls - Masking
- Restricted virtual desktop • Anonymization
infrastructure (VDI) implementation • Encrypted vs. unencrypted
- Data classification blocking • Data life cycle
• Data loss detection - Create
- Watermarking - Use
- Digital rights management (DRM) - Share
- Network traffic decryption/ - Store
deep packet inspection - Archive
- Network traffic analysis - Destroy

1.5 Given a scenario, analyze the security requirements and objectives to

provide the appropriate authentication and authorization controls.
• Credential management • Access control • Multifactor authentication (MFA)
- Password repository application - Mandatory access control (MAC) - Two-factor authentication (2FA)
- End-user password storage - Discretionary access control (DAC) - 2-Step Verification
- On premises vs. cloud repository - Role-based access control - In-band
- Hardware key manager - Rule-based access control - Out-of-band
- Privileged access management - Attribute-based access control • One-time password (OTP)
• Password policies • Protocols - HMAC-based one-time
- Complexity - Remote Authentication password (HOTP)
- Length Dial-in User Server (RADIUS) - Time-based one-time password (TOTP)
- Character classes - Terminal Access Controller • Hardware root of trust
- History Access Control System (TACACS) • Single sign-on (SSO)
- Maximum/minimum age - Diameter • JavaScript Object Notation
- Auditing - Lightweight Directory (JSON) web token (JWT)
- Reversable encryption Access Protocol (LDAP) • Attestation and identity proofing
• Federation - Kerberos
- Transitive trust - OAuth
- OpenID - 802.1X
- Security Assertion Markup - Extensible Authentication
Language (SAML) Protocol (EAP)
- Shibboleth

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 1.0 Security Architecture

1.6 Given a set of requirements, implement secure

cloud and virtualization solutions.
• Virtualization strategies - Location • Cloud provider limitations
- Type 1 vs. Type 2 hypervisors - Data protection - Internet Protocol (IP) address scheme
- Containers - Cloud deployment models - VPC peering
- Emulation - Private • Extending appropriate
- Application virtualization - Public on-premises controls
- VDI - Hybrid • Storage models
• Provisioning and deprovisioning - Community - Object storage/file-based storage
• Middleware • Hosting models - Database storage
• Metadata and tags - Multitenant - Block storage
• Deployment models and considerations - Single-tenant - Blob storage
- Business directives • Service models - Key-value pairs
- Cost - Software as a service (SaaS)
- Scalability - Platform as a service (PaaS)
- Resources - Infrastructure as a service (IaaS)

1.7 Explain how cryptography and public key infrastructure (PKI)

support security objectives and requirements.
• Privacy and confidentiality requirements - Protection of web services - Email
• Integrity requirements - Embedded systems - Code signing
• Non-repudiation - Key escrow/management - Federation
• Compliance and policy requirements - Mobile security - Trust models
• Common cryptography use cases - Secure authentication - VPN
- Data at rest - Smart card - Enterprise and security
- Data in transit • Common PKI use cases automation/orchestration
- Data in process/data in use - Web services

1.8 Explain the impact of emerging technologies

on enterprise security and privacy.
• Artificial intelligence • Big Data
• Machine learning • Virtual/augmented reality
• Quantum computing • 3-D printing
• Blockchain • Passwordless authentication
• Homomorphic encryption • Nano technology
- Private information retrieval • Deep learning
- Secure function evaluation - Natural language processing
- Private function evaluation - Deep fakes
• Secure multiparty computation • Biometric impersonation
• Distributed consensus

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 2.0 Security Operations
2.1 Given a scenario, perform threat management activities.
• Intelligence types - Hacktivist - Deep web
- Tactical - Script kiddie - Proprietary
- Commodity malware - Organized crime - Open-source intelligence (OSINT)
- Strategic • Threat actor properties - Human intelligence (HUMINT)
- Targeted attacks - Resource • Frameworks
- Operational - Time - MITRE Adversarial Tactics, Techniques,
- Threat hunting - Money & Common knowledge (ATT&CK)
- Threat emulation - Supply chain access - ATT&CK for industrial
• Actor types - Create vulnerabilities control system (ICS)
- Advanced persistent - Capabilities/sophistication - Diamond Model of Intrusion Analysis
threat (APT)/nation-state - Identifying techniques - Cyber Kill Chain
- Insider threat • Intelligence collection methods
- Competitor - Intelligence feeds

2.2 Given a scenario, analyze indicators of compromise

and formulate an appropriate response.
• Indicators of compromise - Notifications • Response
- Packet capture (PCAP) - FIM alerts - Firewall rules
- Logs - SIEM alerts - IPS/IDS rules
- Network logs - DLP alerts - ACL rules
- Vulnerability logs - IDS/IPS alerts - Signature rules
- Operating system logs - Antivirus alerts - Behavior rules
- Access logs - Notification severity/priorities - DLP rules
- NetFlow logs - Unusual process activity - Scripts/regular expressions

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 2.0 Security Operations

2.3 Given a scenario, perform vulnerability management activities.

• Vulnerability scans - Open Vulnerability and • Self-assessment vs. third-
- Credentialed vs. non-credentialed Assessment Language (OVAL) party vendor assessment
- Agent-based/server-based - Common Platform Enumeration (CPE) • Patch management
- Criticality ranking - Common Vulnerabilities • Information sources
- Active vs. passive and Exposures (CVE) - Advisories
• Security Content Automation - Common Vulnerability - Bulletins
Protocol (SCAP) Scoring System (CVSS) - Vendor websites
- Extensible Configuration Checklist - Common Configuration - Information Sharing and
Description Format (XCCDF) Enumeration (CCE) Analysis Centers (ISACs)
- Asset Reporting Format (ARF) - News reports

2.4 Given a scenario, use the appropriate vulnerability

assessment and penetration testing methods and tools.
• Methods - Post-exploitation • Dependency management
- Static analysis - Persistence • Requirements
- Dynamic analysis • Tools - Scope of work
- Side-channel analysis - SCAP scanner - Rules of engagement
- Reverse engineering - Network traffic analyzer - Invasive vs. non-invasive
- Software - Vulnerability scanner - Asset inventory
- Hardware - Protocol analyzer - Permissions and access
- Wireless vulnerability scan - Port scanner - Corporate policy considerations
- Software composition analysis - HTTP interceptor - Facility considerations
- Fuzz testing - Exploit framework - Physical security considerations
- Pivoting - Password cracker - Rescan for corrections/changes

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 2.0 Security Operations

2.5 Given a scenario, analyze vulnerabilities

and recommend risk mitigations.
• Vulnerabilities - Code injections/malicious changes • Attacks
- Race conditions - End of support/end of life - Directory traversal
- Overflows - Regression issues - Cross-site scripting (XSS)
- Buffer • Inherently vulnerable - Cross-site request forgery (CSRF)
- Integer system/application - Injection
- Broken authentication - Client-side processing vs. - XML
- Unsecure references server-side processing - LDAP
- Poor exception handling - JSON/representational - Structured Query Language (SQL)
- Security misconfiguration state transfer (REST) - Command
- Improper headers - Browser extensions - Process
- Information disclosure - Flash - Sandbox escape
- Certificate errors - ActiveX - Virtual machine (VM) hopping
- Weak cryptography implementations - Hypertext Markup - VM escape
- Weak ciphers Language 5 (HTML5) - Border Gateway Protocol (BGP)/
- Weak cipher suite implementations - Asynchronous JavaScript route hijacking
- Software composition analysis and XML (AJAX) - Interception attacks
- Use of vulnerable frameworks - Simple Object Access - Denial-of-service (DoS)/DDoS
and software modules Protocol (SOAP) - Authentication bypass
- Use of unsafe functions - Machine code vs. bytecode or - Social engineering
- Third-party libraries interpreted vs. emulated - VLAN hopping
- Dependencies

2.6 Given a scenario, use processes to reduce risk.

• Proactive and detection • Preventive • Physical security
- Hunts - Antivirus - Review of lighting
- Developing countermeasures - Immutable systems - Review of visitor logs
- Deceptive technologies - Hardening - Camera reviews
- Honeynet - Sandbox detonation - Open spaces vs. confined spaces
- Honeypot • Application control
- Decoy files - License technologies
- Simulators - Allow list vs. block list
- Dynamic network configurations - Time of check vs. time of use
• Security data analytics - Atomic execution
- Processing pipelines • Security automation
- Data - Cron/scheduled tasks
- Stream - Bash
- Indexing and search - PowerShell
- Log collection and curation - Python
- Database activity monitoring

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 2.0 Security Operations

2.7 Given an incident, implement the appropriate response.

• Event classifications - Analysis - Automated response methods
- False positive - Containment - Runbooks
- False negative - Recovery - SOAR
- True positive - Lessons learned • Communication plan
- True negative • Specific response playbooks/processes • Stakeholder management
• Triage event - Scenarios
• Preescalation tasks - Ransomware
• Incident response process - Data exfiltration
- Preparation - Social engineering
- Detection - Non-automated response methods

2.8 Explain the importance of forensic concepts.

• Legal vs. internal corporate purposes - Evidence preservation • Cryptanalysis
• Forensic process - Secure storage • Steganalysis
- Identification - Backups
- Evidence collection - Analysis
- Chain of custody - Forensics tools
- Order of volatility - Verification
- Memory snapshots - Presentation
- Images • Integrity preservation
- Cloning - Hashing

2.9 Given a scenario, use forensic analysis tools.

• File carving tools • Analysis tools • Live collection vs. post-mortem tools
- Foremost - ExifTool - netstat
- Strings - Nmap - ps
• Binary analysis tools - Aircrack-ng - vmstat
- Hex dump - Volatility - ldd
- Binwalk - The Sleuth Kit - lsof
- Ghidra - Dynamically vs. statically linked - netcat
- GNU Project debugger (GDB) • Imaging tools - tcpdump
- OllyDbg - Forensic Toolkit (FTK) Imager - conntrack
- readelf - dd - Wireshark
- objdump • Hashing utilities
- strace - sha256sum
- ldd - ssdeep
- file

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 3.0 Security Engineering
and Cryptography
3.1 Given a scenario, apply secure configurations to enterprise mobility.
• Managed configurations - Geotagging - Encrypted and unencrypted
- Application control - Certificate management communication concerns
- Password - Full device encryption - Physical reconnaissance
- MFA requirements - Tethering - Personal data theft
- Token-based access - Airplane mode - Health privacy
- Patch repository - Location services - Implications of wearable devices
- Firmware Over-the-Air - DNS over HTTPS (DoH) - Digital forensics of collected data
- Remote wipe - Custom DNS - Unauthorized application stores
- WiFi • Deployment scenarios - Jailbreaking/rooting
- WiFi Protected Access (WPA2/3) - Bring your own device (BYOD) - Side loading
- Device certificates - Corporate-owned - Containerization
- Profiles - Corporate owned, - Original equipment manufacturer
- Bluetooth personally enabled (COPE) (OEM) and carrier differences
- Near-field communication (NFC) - Choose your own device (CYOD) - Supply chain issues
- Peripherals • Security considerations - eFuse
- Geofencing - Unauthorized remote activation/
- VPN settings deactivation of devices or features

3.2 Given a scenario, configure and implement endpoint security controls.

• Hardening techniques • Processes - Attestation services
- Removing unneeded services - Patching - Hardware security module (HSM)
- Disabling unused accounts - Firmware - Measured boot
- Images/templates - Application - Self-encrypting drives (SEDs)
- Remove end-of-life devices - Logging • Compensating controls
- Remove end-of-support devices - Monitoring - Antivirus
- Local drive encryption • Mandatory access control - Application controls
- Enable no execute (NX)/ - Security-Enhanced Linux (SELinux)/ - Host-based intrusion detection
execute never (XN) bit Security-Enhanced system (HIDS)/Host-based
- Disabling central processing Android (SEAndroid) intrusion prevention system (HIPS)
unit (CPU) virtualization support - Kernel vs. middleware - Host-based firewall
- Secure encrypted enclaves/ • Trustworthy computing - Endpoint detection and response (EDR)
memory encryption - Trusted Platform Module (TPM) - Redundant hardware
- Shell restrictions - Secure Boot - Self-healing hardware
- Address space layout - Unified Extensible Firmware - User and entity behavior
randomization (ASLR) Interface (UEFI)/basic input/ analytics (UEBA)
output system (BIOS) protection

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 3.0 Security Engineering and Cryptography

3.3 Explain security considerations impacting specific

sectors and operational technologies.
• Embedded - Safety instrumented system • Sectors
- Internet of Things (IoT) - Heating, ventilation, and - Energy
- System on a chip (SoC) air conditioning (HVAC) - Manufacturing
- Application-specific • Protocols - Healthcare
integrated circuit (ASIC) - Controller Area Network (CAN) bus - Public utilities
- Field-programmable gate array (FPGA) - Modbus - Public services
• ICS/supervisory control and - Distributed Network Protocol 3 (DNP3) - Facility services
data acquisition (SCADA) - Zigbee
- Programmable logic controller (PLC) - Common Industrial Protocol (CIP)
- Historian - Data distribution service
- Ladder logic

3.4 Explain how cloud technology adoption

impacts organizational security.
• Automation and orchestration • Key life-cycle management • Collaboration tools
• Encryption configuration • Backup and recovery methods • Storage configurations
• Logs - Cloud as business continuity - Bit splitting
- Availability and disaster recovery (BCDR) - Data dispersion
- Collection - Primary provider BCDR • Cloud access security broker (CASB)
- Monitoring - Alternative provider BCDR
- Configuration • Infrastructure vs. serverless computing
- Alerting • Application virtualization
• Monitoring configurations • Software-defined networking
• Key ownership and location • Misconfigurations

3.5 Given a business requirement, implement

the appropriate PKI solution.
• PKI hierarchy - Server authentication • Public and private keys
- Certificate authority (CA) - Digital signatures • Digital signature
- Subordinate/intermediate CA - Code signing • Certificate pinning
- Registration authority (RA) • Extensions • Certificate stapling
• Certificate types - Common name (CN) • Certificate signing requests (CSRs)
- Wildcard certificate - Subject alternate name (SAN) • Online Certificate Status Protocol (OCSP)
- Extended validation • Trusted providers vs. certificate revocation list (CRL)
- Multidomain • Trust model • HTTP Strict Transport Security (HSTS)
- General purpose • Cross-certification
• Certificate usages/profiles/templates • Configure profiles
- Client authentication • Life-cycle management

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 3.0 Security Engineering and Cryptography

3.6 Given a business requirement, implement the appropriate

cryptographic protocols and algorithms.
• Hashing - Triple digital encryption - Secure/Multipurpose Internet
- Secure Hashing Algorithm (SHA) standard (3DES) Mail Extensions (S/MIME)
- Hash-based message - ChaCha - Internet Protocol Security (IPSec)
authentication code (HMAC) - Salsa20 - Secure Shell (SSH)
- Message digest (MD) • Asymmetric algorithms - EAP
- RACE integrity primitives - Key agreement • Elliptic curve cryptography
evaluation message digest (RIPEMD) - Diffie-Hellman - P256
- Poly1305 - Elliptic-curve Diffie-Hellman - P384
• Symmetric algorithms (ECDH) • Forward secrecy
- Modes of operation - Signing • Authenticated encryption
- Galois/Counter Mode (GCM) - Digital signature algorithm (DSA) with associated data
- Electronic codebook (ECB) - Rivest, Shamir, and Adleman (RSA) • Key stretching
- Cipher block chaining (CBC) - Elliptic-curve digital - Password-based key derivation
- Counter (CTR) signature algorithm (ECDSA) function 2 (PBKDF2)
- Output feedback (OFB) • Protocols - Bcrypt
- Stream and block - Secure Sockets Layer (SSL)/
- Advanced Encryption Transport Layer Security (TLS)
Standard (AES)

3.7 Given a scenario, troubleshoot issues with

cryptographic implementations.
• Implementation and configuration issues • Keys
- Validity dates - Mismatched
- Wrong certificate type - Improper key handling
- Revoked certificates - Embedded keys
- Incorrect name - Rekeying
- Chain issues - Exposed private keys
- Invalid root or intermediate CAs - Crypto shredding
- Self-signed - Cryptographic obfuscation
- Weak signing algorithm - Key rotation
- Weak cipher suite - Compromised keys
- Incorrect permissions
- Cipher mismatches
- Downgrade

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 4.0 Governance, Risk, and Compliance
4.1 Given a set of requirements, apply the appropriate risk strategies.
• Risk assessment • Risk types • Risk tracking
- Likelihood - Inherent - Risk register
- Impact - Residual - Key performance indicators
- Qualitative vs. quantitative - Exceptions - Scalability
- Exposure factor • Risk management life cycle - Reliability
- Asset value - Identify - Availability
- Total cost of ownership (TCO) - Assess - Key risk indicators
- Return on investment (ROI) - Control • Risk appetite vs. risk tolerance
- Mean time to recovery (MTTR) - People - Tradeoff analysis
- Mean time between failure (MTBF) - Process - Usability vs. security requirements
- Annualized loss expectancy (ALE) - Technology • Policies and security practices
- Annualized rate of occurrence (ARO) - Protect - Separation of duties
- Single loss expectancy (SLE) - Detect - Job rotation
- Gap analysis - Respond - Mandatory vacation
• Risk handling techniques - Restore - Least privilege
- Transfer - Review - Employment and
- Accept - Frameworks termination procedures
- Avoid - Training and awareness for users
- Mitigate - Auditing requirements and frequency

4.2 Explain the importance of managing and mitigating vendor risk.

• Shared responsibility model • Vendor lock-in and vendor lockout • Third-party dependencies
(roles/responsibilities) • Vendor viability - Code
- Cloud service provider (CSP) - Financial risk - Hardware
- Geographic location - Merger or acquisition risk - Modules
 - Infrastructure • Meeting client requirements • Technical considerations
- Compute - Legal - Technical testing
- Storage - Change management - Network segmentation
- Networking - Staff turnover - Transmission control
- Services - Device and technical configurations - Shared credentials
- Client • Support availability
- Encryption • Geographical considerations
 - Operating systems • Supply chain visibility
- Applications • Incident reporting requirements
- Data • Source code escrows
• Ongoing vendor assessment tools

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
 4.0 Governance, Risk, and Compliance

4.3 Explain compliance frameworks and legal

considerations, and their organizational impact.
• Security concerns of integrating • Third-party attestation of compliance • Legal considerations
diverse industries • Regulations, accreditations, - Due diligence
• Data considerations and standards - Due care
- Data sovereignty - Payment Card Industry Data - Export controls
- Data ownership Security Standard (PCI DSS) - Legal holds
- Data classifications - General Data Protection - E-discovery
- Data retention Regulation (GDPR) • Contract and agreement types
- Data types - International Organization - Service-level agreement (SLA)
- Health for Standardization (ISO) - Master service agreement (MSA)
- Financial - Capability Maturity Model - Non-disclosure agreement (NDA)
- Intellectual property Integration (CMMI) - Memorandum of
- Personally identifiable - National Institute of Standards understanding (MOU)
information (PII) and Technology (NIST) - Interconnection security
- Data removal, destruction, - Children’s Online Privacy agreement (ISA)
and sanitization Protection Act (COPPA) - Operational-level agreement
• Geographic considerations - Common Criteria - Privacy-level agreement
- Location of data - Cloud Security Alliance (CSA) Security
- Location of data subject Trust Assurance and Risk (STAR)
- Location of cloud provider

4.4 Explain the importance of business continuity

and disaster recovery concepts.

• Business impact analysis • Disaster recovery plan (DRP)/ • Incident response plan
- Recovery point objective business continuity plan (BCP) - Roles/responsibilities
- Recovery time objective - Cold site - After-action reports
- Recovery service level - Warm site • Testing plans
- Mission essential functions - Hot site - Checklist
• Privacy impact assessment - Mobile site - Walk-through
- Tabletop exercises
- Full interruption test
- Parallel test/simulation test

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
CASP+ (CAS-004) Acronym List

The following is a list of acronyms that appear on the CompTIA

CASP+ certification exam. Candidates are encouraged to review the
complete list and attain a working knowledge of all listed acronyms
as part of a comprehensive exam preparation program.

ACRONYM SPELLED OUT ACRONYM SPELLED OUT

2FA Two-Factor Authentication CSR Certificate Signing Request
3DES Triple Digital Encryption Standard CSRF Cross-Site Request Forgery
ACL Access Control List CVE Common Vulnerabilities and Exposures
AES Advanced Encryption Standard CVSS Common Vulnerability Scoring System
AJAX Asynchronous JavaScript and XML CYOD Choose Your Own Device
ALE Annualized Loss Expectancy DAC Discretionary Access Control
API Application Programming Interface DAST Dynamic Application Security Testing
APT Advanced Persistent Threat DDoS Distributed Denial of Service
ARF Asset Reporting Format DEP Data Execution Prevention
ARO Annualized Rate of Occurrence DLP Data Loss Prevention
ASIC Application-Specific Integrated Circuit DNP3 Distributed Network Protocol 3
ASLR Address Space Layout Randomization DNS Domain Name System
ATT&CK Adversarial Tactics, Techniques DNSSEC Domain Name System Security Extensions
& Common Knowledge DoH DNS over HTTPS
BCDR Business Continuity and Disaster Recovery DoS Denial of Service
BCP Business Continuity Plan DRM Digital Rights Management
BGP Border Gateway Protocol DRP Disaster Recovery Plan
BIOS Basic Input/Output System DSA Digital Signature Algorithm
BYOD Bring Your Own Device EAP Extensible Authentication Protocol
CA Certificate Authority ECB Electronic Codebook
CAN Controller Area Network ECDH Elliptic-Curve Diffie-Hellman
CASB Cloud Access Security Broker ECDSA Elliptic-Curve Digital Signature Algorithm
CBC Cipher Block Chaining EDR Endpoint Detection and Response
CCE Common Configuration Enumeration ERP Enterprise Resource Planning
CI/CD Continuous Integration/Continuous Delivery ESB Enterprise Service Bus
CIP Common Industrial Protocol FIM File Integrity Monitoring
CMDB Configuration Database Management FPGA Field-Programmable Gate Array
CMMI Capability Maturity Model Integration FTK Forensic Toolkit
CN Common Name GCM Galois/Counter Mode
COPE Corporate Owned, Personally Enabled GDPR General Data Protection Regulation
COPPA Children’s Online Privacy Protection Act HIDS Host-based Intrusion Detection System
CPE Common Platform Enumeration HIPS Host-based Intrusion Prevention System
CPU Central Processing Unit HMAC Hash-based Message Authentication Code
CRL Certificate Revocation List HOTP HMAC-based One-Time Password
CRM Customer Relationship Management HSM Hardware Security Module
CSA Cloud Security Alliance HSTS HTTP Strict Transport Security
CSP Cloud Service Provider HTML Hypertext Markup Language

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
HTTP Hypertext Transfer Protocol PKI Public Key Infrastructure
HUMINT Human Intelligence PLC Programmable Logic Controller
HVAC Heating, Ventilation, and Air Conditioning PSK Pre-Shared Key
IaaS Infrastructure as a Service QoS Quality of Service
IAST Interactive Application Security Testing RA Registration Authority
ICS Industrial Control System RACE Research and Development in Advanced
IDS Intrusion Detection System Communications Technologies in Europe
IoT Internet of Things RADIUS Remote Authentication Dial-in User Server
IP Internet Protocol RAID Redundant Array of Inexpensive Disks
IPS Intrusion Prevention System RDP Remote Desktop Protocol
IPSec Internet Protocol Security REST Representational State Transfer
ISA Interconnection Security Agreement RF Radio Frequency
ISAC Information Sharing Analysis Center RIPEMD RACE Integrity Primitives Evaluation
ISO International Organization for Standardization Message Digest
ISP Internet Service Provider ROI Return on Investment
JSON JavaScript Object Notation RPO Recovery Point Objective
JWT JSON Web Token RSA Rivest, Shamir, and Adleman
KVM Keyboard, Video, and Mouse RTO Recovery Time Objective
LAN Local Area Network RTU Remote Terminal Unit
LDAP Lightweight Directory Access Protocol S/MIME Secure/Multipurpose Internet Mail Extensions
MAC Mandatory Access Control SaaS Software as a Service
MD Message Digest SAE Simultaneous Authentication of Equals
MFA Multifactor Authentication SAML Security Assertion Markup Language
MOU Memorandum of Understanding SAN Subject Alternate Name
MSA Master Service Agreement SASE Secure Access Service Edge
MTBF Mean Time Between Failure SAST Static Application Security Testing
MTTR Mean Time to Recovery SCADA Supervisory Control and Data Acquisition
NAC Network Access Control SCAP Security Content Automation Protocol
NAT Network Address Translation SDN Software-Defined Networking
NDA Non-Disclosure Agreement SDR Software-Defined Radio
NFC Near Field Communication SD-WAN Software-Defined Wide Area Network
NGFW Next Generation Firewall SEAndroid Security Enhanced Android
NIC Network Interface Controller SED Self-Encrypting Drive
NIDS Network Intrusion Detection System SELinux Security Enhanced Linux
NIPS Network Intrusion Prevention System SFTP SSH File Transfer Protocol
NIST National Institute of Standards and Technology SHA Secure Hashing Algorithm
NX No Execute SIEM Security Information Event Management
OCSP Online Certificate Status Protocol SLA Service-Level Agreement
OEM Original Equipment Manufacturer SLE Single Loss Expectancy
OFB Output Feedback SMB Server Message Block
OS Operating System SNMP Simple Network Management Protocol
OSINT Open-Source Intelligence SOA Start of Authority
OTP One-Time Password SOAP Simple Object Access Protocol
OVAL Open Vulnerability and Assessment Language SOAR Security Orchestration, Automation, and Response
OWASP Open Web Application Security Project SoC System-on-Chip
PaaS Platform as a Service SPAN Switched Port Analyzer
PBKDF2 Password-Based Key Derivation Function 2 SQL Structured Query Language
PBX Private Branch Exchange SSH Secure Shell
PCAP Packet Capture SSL Secure Sockets Layer
PCI DSS Payment Card Industry Data Security Standard SSO Single Sign-On
PGP Pretty Good Privacy STAR Security Trust Assurance and Risk
PII Personal Identifiable Information TACACS Terminal Access Controller Access Control System

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
ACRONYM SPELLED OUT
TAP Test Access Points
TCO Total Cost of Ownership
TLS Transport Layer Security
TOTP Time-Based One-Time Password
TPM Trusted Platform Module
UEBA User and Entity Behavior Analytics
UEFI Unified Extensible Firmware Interface
UTM Unified Threat Management
VDI Virtual Desktop Infrastructure
VLAN Virtual Local Area Network
VM Virtual Machine
VNET Virtual Network
VNET Virtual Network
VoIP Voice over Internet Protocol
VPC Virtual Private Cloud
VPN Virtual Private Network
WAF Web Application Firewall
WEP Wired Equivalent Privacy
WIDS Wireless Intrusion Detection System
WIPS Wireless Intrusion Prevention System
WPA WiFi Protected Access
WS Web Services
XCCDF Extensible Configuration Checklist
Description Format
XML Extensible Markup Language
XN Execute Never
XSS Cross-Site Scripting

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam:

Exam Objectives 6.0
CASP+ Proposed Hardware and Software List
CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the CASP+ exam. This list may also be helpful for
training companies that wish to create a lab component for their training offering.
The bulleted lists below each topic are sample lists and are not exhaustive.

EQUIPMENT TOOLS OTHER

• Laptops • Spectrum analyzer • Sample logs
• Basic server hardware (email server/ • Antennas • Sample network traffic (packet capture)
Active Directory server, trusted OS) • RF hacking hardware/SDR • Sample organizational structure
• Tokens • RSA token • Sample network documentation
• Mobile devices (Android and iOS) • KVM switch • Broadband Internet connection
• Switches (managed switch)—IPv6 capable • 4G/5G and/or hotspot
• Gateway/router—IPv6 capable SOFTWARE • Computer and mobile peripheral devices
(wired/wireless) • Virtualized appliances (firewall, IPS, SIEM • Cloud services
• Firewall solution, RSA authentication, asterisk PBX) • Visio/Excel
• VoIP • Windows • Open Office
• Proxy server • Linux distros
• Load balancer • VMware Player/VirtualBox
• NIPS • Vulnerability assessment tools
• HSM • SSH and Telnet utilities
• Access points • Threat modeling tool
• Crypto cards • IPS/IDS, HIPS
• Smart cards • WIPS
• Smart card reader • Forensic tools
• Biometric devices • Certificate authority
• Arduino/Raspberry Pi • Kali and all Kali tool sets
• SCADA system: RTUs and PLCs • Remediation software
• GNS and associated firmware
SPARE HARDWARE • Log analysis tools
• Keyboards • APIs
• Cables • ELK Stack
• NICs • Graylog
• Power supplies • Python 3+
• Removable media • Security Onion tools
• High-power graphics card • Metasploitable 2

© 2020 CompTIA, Inc., used under license by CompTIA, Inc. All rights reserved. All certification programs and education related to such programs are operated
exclusively by CompTIA, Inc. CompTIA is a registered trademark of CompTIA, Inc. in the U.S. and internationally. Other brands and company names mentioned
herein may be trademarks or service marks of CompTIA, Inc. or of their respective owners. Reproduction or dissemination prohibited without the written consent
of CompTIA, Inc. Printed in the U.S. 08165-Sep2020