When organizations transitioned to a remote workforce due to the impacts of the COVID-19 pandemic, cybersecurity teams faced new security challenges. Cyberattacks increased and phishing and malware attacks are up year-over-year. This is why advanced risk management knowledge and skills are needed by IT pros.
Proper risk management and a focus on improving an enterprise’s cybersecurity readiness can reduce and prevent cybersecurity breaches and attacks from happening in the first place. Maybe these cyberattack statistics may not be so alarming if companies were prepared to go fully remote at the start of the pandemic because their IT security stature, risk management and security practices could support that transition.
The new CompTIA Advanced Security Practitioner (CASP+) reflects the shifts in today’s technology landscape. Keep reading to get answers to the most common questions we get about the most advanced CompTIA cybersecurity certification.
Why Is There a New Version of CASP+?
Every three years, CASP+ gets updated to meet the needs of the industry and ensure that IT pros have the skills necessary for today’s cybersecurity jobs. Like its predecessor CASP+ (CAS-003), CASP+ (CAS-004) is still the only hands-on, performance-based certification for advanced practitioners — not managers — at the highest level of cybersecurity.
Updates to CASP+ qualify advanced skills required of security architects and senior security engineers to effectively design, implement and manage cybersecurity solutions on complex enterprise networks.
People who have CASP+ are able to do the following:
- Architect, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise
- Use monitoring, detection, incident response and automation to proactively support ongoing security operations in an enterprise environment
- Apply security practices to cloud, on-premises, endpoint and mobile infrastructure, while considering cryptographic technologies and techniques
- Consider the impact of governance, risk and compliance requirements throughout the enterprise
CASP+ is the only certification on the market that qualifies technical leaders to assess cyber readiness within an enterprise, and design and implement the proper solutions to ensure the organization is ready for the next attack.
Learn more about the difference between CompTIA CASP+ 003 vs. 004.
What’s on the Latest Version of CASP+?
The latest version of CASP+ (CAS-004) includes performance-based and multiple-choice exam questions, as well as virtual environments across four domains:
- Security Architecture (29%)
- Security Operations (30%)
- Security Engineering and Cryptography (26%)
- Governance, Risk and Compliance (15%)
These domains align to the primary responsibilities of a security architect or a senior security engineer. Someone in these roles will have the technical skills in traditional, cloud and hybrid environments, as well as an understanding of governance, risk and compliance to assess an enterprise’s cybersecurity readiness and lead technical teams to implement enterprise-wide cybersecurity solutions.
You should also be familiar with the following broad categories of penetration testing and forensics tools:
Penetration Testing Tools:
- SCAP scanner
- Network traffic analyzer
- Vulnerability scanner
- Protocol analyzer
- Port scanner
- HTTP interceptor
- Exploit framework
- Password cracker
Forensic Analysis Tools:
- ExifTool
- Nmap
- Aircrack-ng
- Volatility
- The Sleuth Kit
- Dynamically vs. statically linked
See all the topics covered by CompTIA CASP+ (CAS-004) by downloading the exam objectives for free.
Why Should I Get the New CASP+?
The new CASP+ certification endorses your advanced cybersecurity skills with a credential that’s respected industry-wide across the globe:
- CASP+ is the only hands-on, performance-based certification for advanced practitioners — not managers — at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+-certified professionals figure out how to implement solutions within those policies and frameworks.
- Unlike other certifications, CASP+ covers both security architecture and engineering.
- CASP+ fulfills the U.S. Department of Defense (DoD 8570) compliance and National Initiative for Cybersecurity Education (NICE) work roles.
When you've earned CASP+, you can be confident that your skills are up to par.
Ready to Buy CASP+?
Once you’ve decided that CompTIA CASP+ is right for you, head on over to the CompTIA Store to purchase your voucher and training solutions – or bundle them for a discount!
What Jobs Can I Get with CASP+?
CASP+ verifies the skills necessary for jobs like security engineer, security architect or chief information security officer (CISO). One of the benefits of taking the new CASP+ is that it is aligned to the latest trends and techniques.
Jobs That Use the Cybersecurity Skills Covered by CASP+
(Asterisk denotes primary job roles for CASP+)
SOC Manager | Security Analyst | ||
IT Cybersecurity Specialist/INFOSEC Specialist | Cyber Risk Analyst | Applications Security Engineer |
With its enhanced objectives, the new CASP+ will confirm a candidate’s ability to thrive in these critical cybersecurity jobs.
Read more about jobs you can get with CASP+.
How Can I Prepare for the CASP+ Exam?
While there are a range of exam prep tools, instructional videos, training boot camps and the like out there, CompTIA now offers a full suite of training solutions for CASP+, including study guides, eLearning and online courses.
Here’s a quick overview of everything CompTIA offers to help you prepare for your certification exam:
- CertMaster Learn eLearning platform
- CertMaster Labs (graded labs)
- CertMaster Integrated Learn + Labs – practice hands-on skills as you learn them in one streamlined experience
- CertMaster Practice exam prep
- The Official CompTIA CASP+ Study Guide, available in printed or eBook form
Regardless of how you prepare, the best place to start is with the CASP+ exam objectives. You can also download a free CompTIA CASP+ practice test to familiarize yourself with the types of questions you’ll see on the exam.
Learn more about CompTIA online training.
How Long Will It Take Me to Get CASP+?
The amount of time you’ll need to dedicate to your CASP+ training differs for everyone. It depends on your existing knowledge and your hands-on advanced security experience.
We recommend that you have CompTIA Cybersecurity Analyst (CySA+) or CompTIA PenTest+ and a minimum of ten years of general hands-on IT experience, with at least five years of broad hands-on security experience. We also suggest that you dedicate between 30 and 40 hours of studying before sitting for the exam.
How Much Does the CASP+ Exam Cost?
The retail price for CASP+ (CAS-004) is $509 (as of February 1, 2024). CompTIA offers numerous ways to reduce this cost. Check out our article on how to save on exam vouchers as well as information about financing options.
I’ve Been Studying for CASP+ (CAS-003). Should I Switch Gears and Study For (CAS-004) Instead?
If you’ve been studying for the CASP+ (CAS-003) exam, we recommend reviewing the exam objectives for CAS-004 to see how much of what you’ve already studied is on the new exam. If it makes sense for your time and level of knowledge, you may want to switch gears and prepare for the new exam (CAS-004). If you’ve already purchased a CASP+ voucher, you can apply it to any version of the exam.
But if you choose to take the CASP+ (CAS-003) exam, make sure to do so before it expires in April 2022.
What Is the Expiration Date for CASP+ (CAS-003)?
The English version of the CASP+ (CAS-003) exam will retire in April 2022. At that point it will be completely replaced by (CAS-004).
How Long Is CASP+ Good For, and How Can It Be Renewed?
As with many CompTIA certifications, CASP+ is good for three years. CompTIA offers a number of ways for you to renew your certifications.
Additionally, earning CASP+ would renew lower-level CompTIA certifications, including CompTIA Cybersecurity Analyst (CySA+), CompTIA PenTest+, CompTIA Security+, CompTIA Network+ and CompTIA A+.
Can I Skip CompTIA CySA+ or CompTIA PenTest+ and Take CASP+?
You can, but it’s not recommended. Advanced cybersecurity pros need to know how to use the appropriate vulnerability assessment and penetration testing methods and tools, as well as how to proactively capture, monitor and respond to network traffic findings. Take a look at the CompTIA Cybersecurity Career Pathway to see how each certification builds on the previous one. Skipping either one of these intermediate-level certifications could leave a gap in your cybersecurity skills.
In fact, we recommend having a minimum of ten years of general hands-on IT experience, with at least five years of broad hands-on security experience.
Is CASP+ Approved by the DoD for 8570 Requirements?
Yes! CASP+ is U.S. DoD 8570 approved and complies with government regulations under the Federal Information Security Management Act (FISMA). CASP+ also maps to 9 NICE framework work roles at over 70%. This mapping positions CASP+ for the DoD 8140 initiative.
Many government, military and military contractor-related job roles require IT pros to hold certifications that comply with DoD 8570, DoD 8570.01-m and DoD 8140, which identify the skills needed for a cyber-ready workforce and align those skills with certain IT certifications. This matters to IT pros in the private sector, too.
Ready to get started? Download the CASP+ (CAS-004) exam objectives for free.