CompTIA Advanced

Security Practitioner
(CASP+) Certification
Exam Objectives
EXAM NUMBER: CAS-004
 About the Exam
Candidates are encouraged to use this document to help prepare for the CompTIA Advanced
Security Practitioner (CASP+) (CAS-004) certification exam. The CompTIA CASP+ certification
exam will verify the successful candidate has the knowledge and skills required to:
• Architect, engineer, integrate, and implement secure solutions across
complex environments to support a resilient enterprise
• Use monitoring, detection, incident response, and automation to proactively
support ongoing security operations in an enterprise environment
• Apply security practices to cloud, on-premises, endpoint, and mobile infrastructure,
while considering cryptographic technologies and techniques
• Consider the impact of governance, risk, and compliance requirements throughout the enterprise
This is equivalent to at least ten years of general hands-on IT experience, with at least five of those years
being broad hands-on security experience. These content examples are meant to clarify the test objectives
and should not be construed as a comprehensive listing of all the content of this examination.
EXAM ACCREDITATION
The CompTIA CASP+ (CAS-004) exam is accredited by ANSI to show compliance with the ISO 17024
standard and, as such, undergoes regular reviews and updates to the exam objectives.
EXAM DEVELOPMENT
CompTIA exams result from subject matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an advanced IT professional.
CompTIA AUTHORIZED MATERIALS USE POLICY
CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse, or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka “brain dumps”), he/she should contact CompTIA at [email protected] to confirm.

PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes, or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current, and the security
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be vali.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 TEST DETAILS
Required exam CAS-004
Number of questions Maximum of 90
Types of questions Multiple-choice and performance-based
Length of test 165 minutes
Recommended experience • Minimum of ten years of general hands-on IT experience,
with at least five of those years being broad
hands-on IT security experience
• Network+, Security+, CySA+, Cloud+, and PenTest+
or equivalent certifications/knowledge
Passing score Pass/Fail only — no scaled score

EXAM OBJECTIVES (DOMAINS)

The table below lists the domains measured by this examination
and the extent to which they are represented.

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Security Architecture 29%

2.0 Security Operations 30%
3.0 Security Engineering and Cryptography 26%
4.0 Governance, Risk, and Compliance 15%
Total 100%

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 1.0 Security Architecture
1.1 Given a scenario, analyze the security requirements and
objectives to ensure an appropriate, secure network
architecture for a new or existing network.
• Services - Traffic mirroring - Access control lists (ACLs)
- Load balancer - Switched port - Peer-to-peer
- Intrusion detection system (IDS)/ analyzer (SPAN) ports - Air gap
network intrusion detection - Port mirroring • Deperimeterization/zero trust
system (NIDS)/wireless intrusion - Virtual private cloud (VPC) - Cloud
detection system (WIDS) - Network tap - Remote work
- Intrusion prevention system (IPS)/ - Sensors - Mobile
network intrusion prevention - Security information and - Outsourcing and contracting
system (NIPS)/wireless intrusion event management (SIEM) - Wireless/radio frequency (RF)
prevention system (WIPS) - File integrity monitoring (FIM) networks
- Web application firewall (WAF) - Simple Network Management • Merging of networks from
- Network access control (NAC) Protocol (SNMP) traps various organizations
- Virtual private network (VPN) - NetFlow - Peering
- Domain Name System Security - Data loss prevention (DLP) - Cloud to on premises
Extensions (DNSSEC) - Antivirus - Data sensitivity levels
- Firewall/unified threat management • Segmentation - Mergers and acquisitions
(UTM)/next-generation firewall (NGFW) - Microsegmentation - Cross-domain
- Network address translation - Local area network (LAN)/ - Federation
(NAT) gateway virtual local area network (VLAN) - Directory services
- Internet gateway - Jump box • Software-defined networking (SDN)
- Forward/transparent proxy - Screened subnet - Open SDN
- Reverse proxy - Data zones - Hybrid SDN
- Distributed denial-of-service - Staging environments - SDN overlay
(DDoS) protection - Guest environments
- Routers - VPC/virtual network (VNET)
- Mail security - Availability zone
- Application programming - NAC lists
interface (API) gateway/Extensible - Policies/security groups
Markup Language (XML) gateway - Regions

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 1.0 Security Architecture

1.2 Given a scenario, analyze the organizational requirements

to determine the proper infrastructure security design.
• Scalability • Automation
- Vertically - Autoscaling
- Horizontally - Security Orchestration, Automation,
• Resiliency and Response (SOAR)
- High availability - Bootstrapping
- Diversity/heterogeneity • Performance
- Course of action orchestration • Containerization
- Distributed allocation • Virtualization
- Redundancy • Content delivery network
- Replication • Caching
- Clustering

1.3 Given a scenario, integrate software applications

securely into an enterprise architecture.
• Baseline and templates • Considerations of integrating - Disposal and reuse
- Secure design patterns/ enterprise applications - Testing
types of web technologies - Customer relationship - Regression
- Storage design patterns management (CRM) - Unit testing
- Container APIs - Enterprise resource planning (ERP) - Integration testing
- Secure coding standards - Configuration management - Development approaches
- Application vetting processes database (CMDB) - SecDevOps
- API management - Content management system (CMS) - Agile
- Middleware - Integration enablers - Waterfall
• Software assurance - Directory services - Spiral
- Sandboxing/development - Domain name system (DNS) - Versioning
environment - Service-oriented architecture (SOA) - Continuous integration/
- Validating third-party libraries - Enterprise service bus (ESB) continuous delivery
- Defined DevOps pipeline • Integrating security into (CI/CD) pipelines
- Code signing development life cycle - Best practices
- Interactive application security - Formal methods - Open Web Application
testing (IAST) vs. dynamic application - Requirements Security Project (OWASP)
security testing (DAST) vs. static - Fielding - Proper Hypertext Transfer
application security testing (SAST) - Insertions and upgrades Protocol (HTTP) headers

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 1.0 Security Architecture

1.4 Given a scenario, implement data security techniques

for securing enterprise architecture.
• Data loss prevention • Data classification, labeling, and tagging • Data inventory and mapping
- Blocking use of external media - Metadata/attributes • Data integrity management
- Print blocking • Obfuscation • Data storage, backup, and recovery
- Remote Desktop - Tokenization - Redundant array of
Protocol (RDP) blocking - Scrubbing inexpensive disks (RAID)
- Clipboard privacy controls - Masking
- Restricted virtual desktop • Anonymization
infrastructure (VDI) implementation • Encrypted vs. unencrypted
- Data classification blocking • Data life cycle
• Data loss detection - Create
- Watermarking - Use
- Digital rights management (DRM) - Share
- Network traffic decryption/ - Store
deep packet inspection - Archive
- Network traffic analysis - Destroy

1.5 Given a scenario, analyze the security requirements and objectives to

provide the appropriate authentication and authorization controls.
• Credential management • Access control • Multifactor authentication (MFA)
- Password repository application - Mandatory access control (MAC) - Two-factor authentication (2FA)
- End-user password storage - Discretionary access control (DAC) - 2-Step Verification
- On premises vs. cloud repository - Role-based access control - In-band
- Hardware key manager - Rule-based access control - Out-of-band
- Privileged access management - Attribute-based access control • One-time password (OTP)
• Password policies • Protocols - HMAC-based one-time
- Complexity - Remote Authentication password (HOTP)
- Length Dial-in User Server (RADIUS) - Time-based one-time password (TOTP)
- Character classes - Terminal Access Controller • Hardware root of trust
- History Access Control System (TACACS) • Single sign-on (SSO)
- Maximum/minimum age - Diameter • JavaScript Object Notation
- Auditing - Lightweight Directory (JSON) web token (JWT)
- Reversable encryption Access Protocol (LDAP) • Attestation and identity proofing
• Federation - Kerberos
- Transitive trust - OAuth
- OpenID - 802.1X
- Security Assertion Markup - Extensible Authentication
Language (SAML) Protocol (EAP)
- Shibboleth

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 1.0 Security Architecture

1.6 Given a set of requirements, implement secure

cloud and virtualization solutions.
• Virtualization strategies - Location • Cloud provider limitations
- Type 1 vs. Type 2 hypervisors - Data protection - Internet Protocol (IP) address scheme
- Containers - Cloud deployment models - VPC peering
- Emulation - Private • Extending appropriate
- Application virtualization - Public on-premises controls
- VDI - Hybrid • Storage models
• Provisioning and deprovisioning - Community - Object storage/file-based storage
• Middleware • Hosting models - Database storage
• Metadata and tags - Multitenant - Block storage
• Deployment models and considerations - Single-tenant - Blob storage
- Business directives • Service models - Key-value pairs
- Cost - Software as a service (SaaS)
- Scalability - Platform as a service (PaaS)
- Resources - Infrastructure as a service (IaaS)

1.7 Explain how cryptography and public key infrastructure (PKI)

support security objectives and requirements.
• Privacy and confidentiality requirements - Protection of web services - Email
• Integrity requirements - Embedded systems - Code signing
• Non-repudiation - Key escrow/management - Federation
• Compliance and policy requirements - Mobile security - Trust models
• Common cryptography use cases - Secure authentication - VPN
- Data at rest - Smart card - Enterprise and security
- Data in transit • Common PKI use cases automation/orchestration
- Data in process/data in use - Web services

1.8 Explain the impact of emerging technologies

on enterprise security and privacy.
• Artificial intelligence • Big Data
• Machine learning • Virtual/augmented reality
• Quantum computing • 3-D printing
• Blockchain • Passwordless authentication
• Homomorphic encryption • Nano technology
- Private information retrieval • Deep learning
- Secure function evaluation - Natural language processing
- Private function evaluation - Deep fakes
• Secure multiparty computation • Biometric impersonation
• Distributed consensus

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 2.0 Security Operations
2.1 Given a scenario, perform threat management activities.
• Intelligence types - Hacktivist - Deep web
- Tactical - Script kiddie - Proprietary
- Commodity malware - Organized crime - Open-source intelligence (OSINT)
- Strategic • Threat actor properties - Human intelligence (HUMINT)
- Targeted attacks - Resource • Frameworks
- Operational - Time - MITRE Adversarial Tactics, Techniques,
- Threat hunting - Money & Common knowledge (ATT&CK)
- Threat emulation - Supply chain access - ATT&CK for industrial
• Actor types - Create vulnerabilities control system (ICS)
- Advanced persistent - Capabilities/sophistication - Diamond Model of Intrusion Analysis
threat (APT)/nation-state - Identifying techniques - Cyber Kill Chain
- Insider threat • Intelligence collection methods
- Competitor - Intelligence feeds

2.2 Given a scenario, analyze indicators of compromise

and formulate an appropriate response.
• Indicators of compromise - Notifications • Response
- Packet capture (PCAP) - FIM alerts - Firewall rules
- Logs - SIEM alerts - IPS/IDS rules
- Network logs - DLP alerts - ACL rules
- Vulnerability logs - IDS/IPS alerts - Signature rules
- Operating system logs - Antivirus alerts - Behavior rules
- Access logs - Notification severity/priorities - DLP rules
- NetFlow logs - Unusual process activity - Scripts/regular expressions

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 2.0 Security Operations

2.3 Given a scenario, perform vulnerability management activities.

• Vulnerability scans - Open Vulnerability and • Self-assessment vs. third-
- Credentialed vs. non-credentialed Assessment Language (OVAL) party vendor assessment
- Agent-based/server-based - Common Platform Enumeration (CPE) • Patch management
- Criticality ranking - Common Vulnerabilities • Information sources
- Active vs. passive and Exposures (CVE) - Advisories
• Security Content Automation - Common Vulnerability - Bulletins
Protocol (SCAP) Scoring System (CVSS) - Vendor websites
- Extensible Configuration Checklist - Common Configuration - Information Sharing and
Description Format (XCCDF) Enumeration (CCE) Analysis Centers (ISACs)
- Asset Reporting Format (ARF) - News reports

2.4 Given a scenario, use the appropriate vulnerability

assessment and penetration testing methods and tools.
• Methods - Post-exploitation • Dependency management
- Static analysis - Persistence • Requirements
- Dynamic analysis • Tools - Scope of work
- Side-channel analysis - SCAP scanner - Rules of engagement
- Reverse engineering - Network traffic analyzer - Invasive vs. non-invasive
- Software - Vulnerability scanner - Asset inventory
- Hardware - Protocol analyzer - Permissions and access
- Wireless vulnerability scan - Port scanner - Corporate policy considerations
- Software composition analysis - HTTP interceptor - Facility considerations
- Fuzz testing - Exploit framework - Physical security considerations
- Pivoting - Password cracker - Rescan for corrections/changes

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 2.0 Security Operations

2.5 Given a scenario, analyze vulnerabilities

and recommend risk mitigations.
• Vulnerabilities - Code injections/malicious changes • Attacks
- Race conditions - End of support/end of life - Directory traversal
- Overflows - Regression issues - Cross-site scripting (XSS)
- Buffer • Inherently vulnerable - Cross-site request forgery (CSRF)
- Integer system/application - Injection
- Broken authentication - Client-side processing vs. - XML
- Unsecure references server-side processing - LDAP
- Poor exception handling - JSON/representational - Structured Query Language (SQL)
- Security misconfiguration state transfer (REST) - Command
- Improper headers - Browser extensions - Process
- Information disclosure - Flash - Sandbox escape
- Certificate errors - ActiveX - Virtual machine (VM) hopping
- Weak cryptography implementations - Hypertext Markup - VM escape
- Weak ciphers Language 5 (HTML5) - Border Gateway Protocol (BGP)/
- Weak cipher suite implementations - Asynchronous JavaScript route hijacking
- Software composition analysis and XML (AJAX) - Interception attacks
- Use of vulnerable frameworks - Simple Object Access - Denial-of-service (DoS)/DDoS
and software modules Protocol (SOAP) - Authentication bypass
- Use of unsafe functions - Machine code vs. bytecode or - Social engineering
- Third-party libraries interpreted vs. emulated - VLAN hopping
- Dependencies

2.6 Given a scenario, use processes to reduce risk.

• Proactive and detection • Preventive • Physical security
- Hunts - Antivirus - Review of lighting
- Developing countermeasures - Immutable systems - Review of visitor logs
- Deceptive technologies - Hardening - Camera reviews
- Honeynet - Sandbox detonation - Open spaces vs. confined spaces
- Honeypot • Application control
- Decoy files - License technologies
- Simulators - Allow list vs. block list
- Dynamic network configurations - Time of check vs. time of use
• Security data analytics - Atomic execution
- Processing pipelines • Security automation
- Data - Cron/scheduled tasks
- Stream - Bash
- Indexing and search - PowerShell
- Log collection and curation - Python
- Database activity monitoring

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 2.0 Security Operations

2.7 Given an incident, implement the appropriate response.

• Event classifications - Analysis - Automated response methods
- False positive - Containment - Runbooks
- False negative - Recovery - SOAR
- True positive - Lessons learned • Communication plan
- True negative • Specific response playbooks/processes • Stakeholder management
• Triage event - Scenarios
• Preescalation tasks - Ransomware
• Incident response process - Data exfiltration
- Preparation - Social engineering
- Detection - Non-automated response methods

2.8 Explain the importance of forensic concepts.

• Legal vs. internal corporate purposes - Evidence preservation • Cryptanalysis
• Forensic process - Secure storage • Steganalysis
- Identification - Backups
- Evidence collection - Analysis
- Chain of custody - Forensics tools
- Order of volatility - Verification
- Memory snapshots - Presentation
- Images • Integrity preservation
- Cloning - Hashing

2.9 Given a scenario, use forensic analysis tools.

• File carving tools • Analysis tools • Live collection vs. post-mortem tools
- Foremost - ExifTool - netstat
- Strings - Nmap - ps
• Binary analysis tools - Aircrack-ng - vmstat
- Hex dump - Volatility - ldd
- Binwalk - The Sleuth Kit - lsof
- Ghidra - Dynamically vs. statically linked - netcat
- GNU Project debugger (GDB) • Imaging tools - tcpdump
- OllyDbg - Forensic Toolkit (FTK) Imager - conntrack
- readelf - dd - Wireshark
- objdump • Hashing utilities
- strace - sha256sum
- ldd - ssdeep
- file

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 3.0 Security Engineering
and Cryptography
3.1 Given a scenario, apply secure configurations to enterprise mobility.
• Managed configurations - Geotagging - Encrypted and unencrypted
- Application control - Certificate management communication concerns
- Password - Full device encryption - Physical reconnaissance
- MFA requirements - Tethering - Personal data theft
- Token-based access - Airplane mode - Health privacy
- Patch repository - Location services - Implications of wearable devices
- Firmware Over-the-Air - DNS over HTTPS (DoH) - Digital forensics of collected data
- Remote wipe - Custom DNS - Unauthorized application stores
- WiFi • Deployment scenarios - Jailbreaking/rooting
- WiFi Protected Access (WPA2/3) - Bring your own device (BYOD) - Side loading
- Device certificates - Corporate-owned - Containerization
- Profiles - Corporate owned, - Original equipment manufacturer
- Bluetooth personally enabled (COPE) (OEM) and carrier differences
- Near-field communication (NFC) - Choose your own device (CYOD) - Supply chain issues
- Peripherals • Security considerations - eFuse
- Geofencing - Unauthorized remote activation/
- VPN settings deactivation of devices or features

3.2 Given a scenario, configure and implement endpoint security controls.

• Hardening techniques • Processes - Attestation services
- Removing unneeded services - Patching - Hardware security module (HSM)
- Disabling unused accounts - Firmware - Measured boot
- Images/templates - Application - Self-encrypting drives (SEDs)
- Remove end-of-life devices - Logging • Compensating controls
- Remove end-of-support devices - Monitoring - Antivirus
- Local drive encryption • Mandatory access control - Application controls
- Enable no execute (NX)/ - Security-Enhanced Linux (SELinux)/ - Host-based intrusion detection
execute never (XN) bit Security-Enhanced system (HIDS)/Host-based
- Disabling central processing Android (SEAndroid) intrusion prevention system (HIPS)
unit (CPU) virtualization support - Kernel vs. middleware - Host-based firewall
- Secure encrypted enclaves/ • Trustworthy computing - Endpoint detection and response (EDR)
memory encryption - Trusted Platform Module (TPM) - Redundant hardware
- Shell restrictions - Secure Boot - Self-healing hardware
- Address space layout - Unified Extensible Firmware - User and entity behavior
randomization (ASLR) Interface (UEFI)/basic input/ analytics (UEBA)
output system (BIOS) protection

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 3.0 Security Engineering and Cryptography

3.3 Explain security considerations impacting specific

sectors and operational technologies.
• Embedded - Safety instrumented system • Sectors
- Internet of Things (IoT) - Heating, ventilation, and - Energy
- System on a chip (SoC) air conditioning (HVAC) - Manufacturing
- Application-specific • Protocols - Healthcare
integrated circuit (ASIC) - Controller Area Network (CAN) bus - Public utilities
- Field-programmable gate array (FPGA) - Modbus - Public services
• ICS/supervisory control and - Distributed Network Protocol 3 (DNP3) - Facility services
data acquisition (SCADA) - Zigbee
- Programmable logic controller (PLC) - Common Industrial Protocol (CIP)
- Historian - Data distribution service
- Ladder logic

3.4 Explain how cloud technology adoption

impacts organizational security.
• Automation and orchestration • Key life-cycle management • Collaboration tools
• Encryption configuration • Backup and recovery methods • Storage configurations
• Logs - Cloud as business continuity - Bit splitting
- Availability and disaster recovery (BCDR) - Data dispersion
- Collection - Primary provider BCDR • Cloud access security broker (CASB)
- Monitoring - Alternative provider BCDR
- Configuration • Infrastructure vs. serverless computing
- Alerting • Application virtualization
• Monitoring configurations • Software-defined networking
• Key ownership and location • Misconfigurations

3.5 Given a business requirement, implement

the appropriate PKI solution.
• PKI hierarchy - Server authentication • Public and private keys
- Certificate authority (CA) - Digital signatures • Digital signature
- Subordinate/intermediate CA - Code signing • Certificate pinning
- Registration authority (RA) • Extensions • Certificate stapling
• Certificate types - Common name (CN) • Certificate signing requests (CSRs)
- Wildcard certificate - Subject alternate name (SAN) • Online Certificate Status Protocol (OCSP)
- Extended validation • Trusted providers vs. certificate revocation list (CRL)
- Multidomain • Trust model • HTTP Strict Transport Security (HSTS)
- General purpose • Cross-certification
• Certificate usages/profiles/templates • Configure profiles
- Client authentication • Life-cycle management

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 3.0 Security Engineering and Cryptography

3.6 Given a business requirement, implement the appropriate

cryptographic protocols and algorithms.
• Hashing - Triple digital encryption - Secure/Multipurpose Internet
- Secure Hashing Algorithm (SHA) standard (3DES) Mail Extensions (S/MIME)
- Hash-based message - ChaCha - Internet Protocol Security (IPSec)
authentication code (HMAC) - Salsa20 - Secure Shell (SSH)
- Message digest (MD) • Asymmetric algorithms - EAP
- RACE integrity primitives - Key agreement • Elliptic curve cryptography
evaluation message digest (RIPEMD) - Diffie-Hellman - P256
- Poly1305 - Elliptic-curve Diffie-Hellman - P384
• Symmetric algorithms (ECDH) • Forward secrecy
- Modes of operation - Signing • Authenticated encryption
- Galois/Counter Mode (GCM) - Digital signature algorithm (DSA) with associated data
- Electronic codebook (ECB) - Rivest, Shamir, and Adleman (RSA) • Key stretching
- Cipher block chaining (CBC) - Elliptic-curve digital - Password-based key derivation
- Counter (CTR) signature algorithm (ECDSA) function 2 (PBKDF2)
- Output feedback (OFB) • Protocols - Bcrypt
- Stream and block - Secure Sockets Layer (SSL)/
- Advanced Encryption Transport Layer Security (TLS)
Standard (AES)

3.7 Given a scenario, troubleshoot issues with

cryptographic implementations.
• Implementation and configuration issues • Keys
- Validity dates - Mismatched
- Wrong certificate type - Improper key handling
- Revoked certificates - Embedded keys
- Incorrect name - Rekeying
- Chain issues - Exposed private keys
- Invalid root or intermediate CAs - Crypto shredding
- Self-signed - Cryptographic obfuscation
- Weak signing algorithm - Key rotation
- Weak cipher suite - Compromised keys
- Incorrect permissions
- Cipher mismatches
- Downgrade

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 4.0 Governance, Risk, and Compliance
4.1 Given a set of requirements, apply the appropriate risk strategies.
• Risk assessment • Risk types • Risk tracking
- Likelihood - Inherent - Risk register
- Impact - Residual - Key performance indicators
- Qualitative vs. quantitative - Exceptions - Scalability
- Exposure factor • Risk management life cycle - Reliability
- Asset value - Identify - Availability
- Total cost of ownership (TCO) - Assess - Key risk indicators
- Return on investment (ROI) - Control • Risk appetite vs. risk tolerance
- Mean time to recovery (MTTR) - People - Tradeoff analysis
- Mean time between failure (MTBF) - Process - Usability vs. security requirements
- Annualized loss expectancy (ALE) - Technology • Policies and security practices
- Annualized rate of occurrence (ARO) - Protect - Separation of duties
- Single loss expectancy (SLE) - Detect - Job rotation
- Gap analysis - Respond - Mandatory vacation
• Risk handling techniques - Restore - Least privilege
- Transfer - Review - Employment and
- Accept - Frameworks termination procedures
- Avoid - Training and awareness for users
- Mitigate - Auditing requirements and frequency

4.2 Explain the importance of managing and mitigating vendor risk.

• Shared responsibility model • Vendor lock-in and vendor lockout • Third-party dependencies
(roles/responsibilities) • Vendor viability - Code
- Cloud service provider (CSP) - Financial risk - Hardware
- Geographic location - Merger or acquisition risk - Modules
 - Infrastructure • Meeting client requirements • Technical considerations
- Compute - Legal - Technical testing
- Storage - Change management - Network segmentation
- Networking - Staff turnover - Transmission control
- Services - Device and technical configurations - Shared credentials
- Client • Support availability
- Encryption • Geographical considerations
 - Operating systems • Supply chain visibility
- Applications • Incident reporting requirements
- Data • Source code escrows
• Ongoing vendor assessment tools

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
 4.0 Governance, Risk, and Compliance

4.3 Explain compliance frameworks and legal

considerations, and their organizational impact.
• Security concerns of integrating • Third-party attestation of compliance • Legal considerations
diverse industries • Regulations, accreditations, - Due diligence
• Data considerations and standards - Due care
- Data sovereignty - Payment Card Industry Data - Export controls
- Data ownership Security Standard (PCI DSS) - Legal holds
- Data classifications - General Data Protection - E-discovery
- Data retention Regulation (GDPR) • Contract and agreement types
- Data types - International Organization - Service-level agreement (SLA)
- Health for Standardization (ISO) - Master service agreement (MSA)
- Financial - Capability Maturity Model - Non-disclosure agreement (NDA)
- Intellectual property Integration (CMMI) - Memorandum of
- Personally identifiable - National Institute of Standards understanding (MOU)
information (PII) and Technology (NIST) - Interconnection security
- Data removal, destruction, - Children’s Online Privacy agreement (ISA)
and sanitization Protection Act (COPPA) - Operational-level agreement
• Geographic considerations - Common Criteria - Privacy-level agreement
- Location of data - Cloud Security Alliance (CSA) Security
- Location of data subject Trust Assurance and Risk (STAR)
- Location of cloud provider

4.4 Explain the importance of business continuity

and disaster recovery concepts.

• Business impact analysis • Disaster recovery plan (DRP)/ • Incident response plan
- Recovery point objective business continuity plan (BCP) - Roles/responsibilities
- Recovery time objective - Cold site - After-action reports
- Recovery service level - Warm site • Testing plans
- Mission essential functions - Hot site - Checklist
• Privacy impact assessment - Mobile site - Walk-through
- Tabletop exercises
- Full interruption test
- Parallel test/simulation test

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
CASP+ (CAS-004) Acronym List

The following is a list of acronyms that appear on the CompTIA

CASP+ certification exam. Candidates are encouraged to review the
complete list and attain a working knowledge of all listed acronyms
as part of a comprehensive exam preparation program.

ACRONYM SPELLED OUT ACRONYM SPELLED OUT

2FA Two-Factor Authentication CPE Common Platform Enumeration
3DES Triple Digital Encryption Standard CPU Central Processing Unit
ABAC Attribute-based Access Control CRL Certificate Revocation List
ACL Access Control List CRM Customer Relationship Management
AEAD Authenticated Encryption with Associated Data CSA Cloud Security Alliance
AES Advanced Encryption Standard CSP Cloud Service Provider
AJAX Asynchronous JavaScript and XML CSPM Cloud Security Posture Management
ALE Annualized Loss Expectancy CSR Certificate Signing Request
API Application Programming Interface CSRF Cross-Site Request Forgery
APT Advanced Persistent Threat CVE Common Vulnerabilities and Exposures
ARF Asset Reporting Format CVSS Common Vulnerability Scoring System
ARO Annualized Rate of Occurrence CYOD Choose Your Own Device
ASIC Application-Specific Integrated Circuit DAC Discretionary Access Control
ASLR Address Space Layout Randomization DAST Dynamic Application Security Testing
ATT&CK Adversarial Tactics, Techniques DDoS Distributed Denial of Service
& Common Knowledge DEP Data Execution Prevention
AV Antivirus DH Diffie-Hellman
BCDR Business Continuity and Disaster Recovery DLP Data Loss Prevention
BCP Business Continuity Plan DNP3 Distributed Network Protocol 3
BGP Border Gateway Protocol DNS Domain Name System
BIA Business Impact Analysis DNSSEC Domain Name System Security Extensions
BIOS Basic Input/Output System DoH DNS over HTTPS
BYOD Bring Your Own Device DoS Denial of Service
CA Certificate Authority DRM Digital Rights Management
CAN Controller Area Network DR Disaster Recovery
CASB Cloud Access Security Broker DRP Disaster Recovery Plan
CBC Cipher Block Chaining DSA Digital Signature Algorithm
CCE Common Configuration Enumeration EAP Extensible Authentication Protocol
CDN Content Delivery Network ECB Electronic Codebook
CI/CD Continuous Integration/Continuous Delivery ECC Elliptic-Curve Cryptography
CIP Common Industrial Protocol ECDH Elliptic-Curve Diffie-Hellman
CMDB Configuration Database Management ECDHE Elliptic-Curve Diffie-Hellman Ephemeral
CMMI Capability Maturity Model Integration ECDSA Elliptic-Curve Digital Signature Algorithm
CN Common Name EDE Encrypt-Decrypt-Encrypt
CNAME Canonical Name EDR Endpoint Detection and Response
COPE Corporate Owned, Personally Enabled EIGRP Enhanced Interior Gateway Routing Protocol
COPPA Children’s Online Privacy Protection Act ERP Enterprise Resource Planning

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
ESB Enterprise Service Bus NACL Network Access Control List
EV Extended Validation NAT Network Address Translation
FIM File Integrity Monitoring NDA Non-Disclosure Agreement
FPGA Field-Programmable Gate Array NFC Near Field Communication
FTK Forensic Toolkit NGFW Next-Generation Firewall
GCM Galois/Counter Mode NIC Network Interface Controller
GDPR General Data Protection Regulation NIDS Network Intrusion Detection System
GPO Group Policy Object NIPS Network Intrusion Prevention System
HIDS Host-based Intrusion Detection System NIST National Institute of Standards and Technology
HIPS Host-based Intrusion Prevention System NTP Network Time Protocol
HMAC Hash-based Message Authentication Code NX No Execute
HOTP HMAC-based One-Time Password OCIL Open Checklist Interactive Language
HSM Hardware Security Module OCSP Online Certificate Status Protocol
HSTS HTTP Strict Transport Security OEM Original Equipment Manufacturer
HTML Hypertext Markup Language OFB Output Feedback
HTTP Hypertext Transfer Protocol OPSEC Operations Security
HTTPS Hypertext Transfer Protocol Secure OS Operating System
HUMINT Human Intelligence OSI Open Systems Interconnection
HVAC Heating, Ventilation, and Air Conditioning OSINT Open-Source Intelligence
IaaS Infrastructure as a Service OSPF Open Shortest Path First
IAM Identity and Access Management OTP One-Time Password
IAST Interactive Application Security Testing OVAL Open Vulnerability and Assessment Language
ICS Industrial Control System OWASP Open Web Application Security Project
IDEA International Data Encryption Algorithm PaaS Platform as a Service
IDS Intrusion Detection System PBKDF2 Password-Based Key Derivation Function 2
IKE Internet Key Exchange PBX Private Branch Exchange
IoC Indicator of Compromise PCAP Packet Capture
IoT Internet of Things PCI DSS Payment Card Industry Data Security Standard
IP Internet Protocol PGP Pretty Good Privacy
IPS Intrusion Prevention System PHP Hypertext Preprocessor
IPSec Internet Protocol Security PII Personal Identifiable Information
ISA Interconnection Security Agreement PIN Personal Identification Number
ISAC Information Sharing Analysis Center PKI Public Key Infrastructure
ISO International Organization for Standardization PLC Programmable Logic Controller
ISP Internet Service Provider PSK Pre-Shared Key
JSON JavaScript Object Notation QoS Quality of Service
JWT JSON Web Token RA Registration Authority
KVM Keyboard, Video, and Mouse RACE Research and Development in Advanced
LAN Local Area Network Communications Technologies in Europe
LDAP Lightweight Directory Access Protocol RADIUS Remote Authentication Dial-in User Server
LSASS Local Security Authority Subsystem Service RAID Redundant Array of Inexpensive Disks
MaaS Monitoring as a Service RCE Remote Code Execution
MAC Mandatory Access Control RDP Remote Desktop Protocol
MD Message Digest REST Representational State Transfer
MFA Multifactor Authentication RF Radio Frequency
MOU Memorandum of Understanding RIPEMD RACE Integrity Primitives Evaluation
MSA Master Service Agreement Message Digest
MSSP Managed Security Service Provider ROI Return on Investment
MTBF Mean Time Between Failure RPO Recovery Point Objective
MTD Maximum Tolerable Downtime RSA Rivest, Shamir, and Adleman
MTTR Mean Time to Recovery RTO Recovery Time Objective
NAC Network Access Control RTU Remote Terminal Unit

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
S/MIME Secure/Multipurpose Internet Mail Extensions TACACS Terminal Access Controller Access Control System
SaaS Software as a Service TAP Test Access Points
SAE Simultaneous Authentication of Equals TCO Total Cost of Ownership
SAML Security Assertion Markup Language TCP Transmission Control Protocol
SAN Subject Alternate Name TLS Transport Layer Security
SASE Secure Access Service Edge TOTP Time-Based One-Time Password
SAST Static Application Security Testing TPM Trusted Platform Module
SCADA Supervisory Control and Data Acquisition TTP Techniques, Tactics, and Procedures
SCAP Security Content Automation Protocol UDP User Datagram Protocol
SDLC Software Development Lifecycle UEBA User and Entity Behavior Analytics
SDN Software-Defined Networking UEFI Unified Extensible Firmware Interface
SDR Software-Defined Radio USB Universal Serial Bus
SD-WAN Software-Defined Wide Area Network UTM Unified Threat Management
SEAndroid Security Enhanced Android VDI Virtual Desktop Infrastructure
SED Self-Encrypting Drive VLAN Virtual Local Area Network
SELinux Security Enhanced Linux VM Virtual Machine
SFTP SSH File Transfer Protocol VNET Virtual Network
SHA Secure Hashing Algorithm VNET Virtual Network
SIEM Security Information Event Management VoIP Voice over Internet Protocol
SLA Service-Level Agreement VPC Virtual Private Cloud
SLE Single Loss Expectancy VPN Virtual Private Network
SMB Server Message Block WAF Web Application Firewall
SMS Short Message Service WEP Wired Equivalent Privacy
SNMP Simple Network Management Protocol WIDS Wireless Intrusion Detection System
SOA Start of Authority WIPS Wireless Intrusion Prevention System
SOAP Simple Object Access Protocol WPA WiFi Protected Access
SOAR Security Orchestration, Automation, and Response WS Web Services
SoC System-on-Chip XCCDF Extensible Configuration Checklist
SOC Security Operations Center Description Format
SPAN Switched Port Analyzer XDR Extended Detection and Response
SQL Structured Query Language XML Extensible Markup Language
SSH Secure Shell XN Execute Never
SSL Secure Sockets Layer XSS Cross-Site Scripting
SSO Single Sign-On YAML Yet Another Markup Language
STAR Security Trust Assurance and Risk ZAP Zed Attack Proxy

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Exam: Exam Objectives 7.0
Copyright © 2020 CompTIA, Inc. All rights reserved.
CASP+ Proposed Hardware and Software List
CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the CASP+ exam. This list may also be helpful for
training companies that wish to create a lab component for their training offering.
The bulleted lists below each topic are sample lists and are not exhaustive.

EQUIPMENT TOOLS OTHER

• Laptops • Spectrum analyzer • Sample logs
• Basic server hardware (email server/ • Antennas • Sample network traffic (packet capture)
Active Directory server, trusted OS) • RF hacking hardware/SDR • Sample organizational structure
• Tokens • RSA token • Sample network documentation
• Mobile devices (Android and iOS) • KVM switch • Broadband Internet connection
• Switches (managed switch)—IPv6 capable • 4G/5G and/or hotspot
• Gateway/router—IPv6 capable SOFTWARE • Computer and mobile peripheral devices
(wired/wireless) • Virtualized appliances (firewall, IPS, SIEM • Cloud services
• Firewall solution, RSA authentication, asterisk PBX) • Visio/Excel
• VoIP • Windows • Open Office
• Proxy server • Linux distros
• Load balancer • VMware Player/VirtualBox
• NIPS • Vulnerability assessment tools
• HSM • SSH and Telnet utilities
• Access points • Threat modeling tool
• Crypto cards • IPS/IDS, HIPS
• Smart cards • WIPS
• Smart card reader • Forensic tools
• Biometric devices • Certificate authority
• Arduino/Raspberry Pi • Kali and all Kali tool sets
• SCADA system: RTUs and PLCs • Remediation software
• GNS and associated firmware
SPARE HARDWARE • Log analysis tools
• Keyboards • APIs
• Cables • ELK Stack
• NICs • Graylog
• Power supplies • Python 3+
• Removable media • Security Onion tools
• High-power graphics card • Metasploitable 2

© 2020 CompTIA, Inc., used under license by CompTIA, Inc. All rights reserved. All certification programs and education related to such programs are operated
exclusively by CompTIA, Inc. CompTIA is a registered trademark of CompTIA, Inc. in the U.S. and internationally. Other brands and company names mentioned
herein may be trademarks or service marks of CompTIA, Inc. or of their respective owners. Reproduction or dissemination prohibited without the written consent
of CompTIA, Inc. Printed in the U.S. 08165-Sep2020