CompTIA Advanced Security Practitioner (CASP+)

CASP+ is the only hands-on, performance-based certification for advanced practitioners — not managers — at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+ certified professionals figure out how to implement solutions within those policies and frameworks.

Unlike other certifications, CASP+ covers both security architecture and engineering. It is the only certification on the market that qualifies technical leaders to assess cyber readiness within an enterprise, and design and implement the proper solutions to ensure the organization is ready for the next attack.

CASP+ is the most up-to-date advanced-level cybersecurity certification on the market. It covers technical skills in on-premises, cloud-native, and hybrid environments, governance, risk, and compliance skills, assessing an enterprise’s cybersecurity readiness, and leading technical teams to implement enterprise-wide cybersecurity solutions.


In this course, you will be able to:

  • Architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise
  • Use monitoring, detection, incident response, and automation to proactively support ongoing security operations in an enterprise environment
  • Apply security practices to cloud, on-premises, endpoint, and mobile infrastructure, while considering cryptographic technologies and techniques
  • Consider the impact of governance, risk, and compliance requirements throughout the enterprise
  • CompTIA CASP+ is aimed at IT Professionals with a minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience.
  • IT Professional that has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.
  • Students should have a minimum of 10 years experience including at least 5 years of hands-on technical security experience.
1.1 Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.
1.2 Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.
1.3 Given a scenario, integrate software applications securely into an enterprise architecture.
1.4 Given a scenario, implement data security techniques for securing enterprise architecture.
1.5 Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.
1.6 Given a set of requirements, implement secure cloud and virtualization solutions.
1.7 Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.
1.8 Explain the impact of emerging technologies on enterprise security and privacy.
2.1 Given a scenario, perform threat management activities.
2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.
2.3 Given a scenario, perform vulnerability management activities.
2.4 Given a scenario, use the appropriate vulnerability assessment and
penetration testing methods and tools. 2.5 Given a scenario, analyze vulnerabilities and recommend risk mitigations.
2.6 Given a scenario, use processes to reduce risk.
2.7 Given an incident, implement the appropriate response.
2.8 Explain the importance of forensic concepts.
2.9 Given a scenario, use forensic analysis tools.
3.1 Given a scenario, apply secure configurations to enterprise mobility.
3.2 Given a scenario, configure and implement endpoint security controls.
3.3 Explain security considerations impacting specific sectors and operational technologies.
3.4 Explain how cloud technology adoption impacts organizational security.
3.5 Given a business requirement, implement the appropriate PKI solution.
3.6 Given a business requirement, implement the appropriate cryptographic protocols and algorithms.
3.7 Given a scenario, troubleshoot issues with cryptographic implementations.
4.1 Given a set of requirements, apply the appropriate risk strategies.
4.2 Explain the importance of managing and mitigating vendor risk
4.3 Explain compliance frameworks and legal considerations, and their organizational impact.
4.4 Explain the importance of business continuity and disaster recovery concepts.
Length of exam 165 minutes
Number of questions 90 questions
Question format Multiple-choice and performance-based
Passing grade This test has no scaled score; it’s a pass/fail only.
Exam availability English, Japanese and Thai
Testing center Pearson VUE Testing Center