View RSS Feed

JDMurray's Blog at www.TechExams.Net

Review: CASP CompTIA Advanced Security Practitioner Certification Study Guide [Book]

Rating: 2 votes, 3.00 average.
by , 01-31-2013 at 02:53 AM (131245 Views)
blogs/jdmurray/attachments/3322-review-casp-comptia-advanced-security-practitioner-certification-study-guide-book-0071776206.jpg Authors : Wm. Arthur Conklin, Gregory White, Dwayne Williams
Format : Mixed media, soft cover, 704 pages
Release Date : September 2012
ISBN : 0071776206
ISBN 13 : 9780071776202
Language : English
Publisher : McGraw-Hill

I recently took a long look at the new McGraw-Hill book, CASP CompTIA Advanced Security Practitioner Certification Study Guide (Exam CAS-001). This book is a study guide for the new CompTIA Advanced Security Practitioner (CASP) certification. CASP is the first certification in CompTIA’s new Mastery Series, designed to test for a level of Information Technology understanding above the entry-level (redubbed Professional Series) certifications that CompTIA is known for. With many members here at TechExams.Net interested in Information Security certifications, I decided that a thorough review of this study guide could be of great help to our members in deciding the direction of their certification path and career. Moreover, what better way to review the effectiveness of this study guide than to use it to study for and take the CASP exam myself.

A Complete Study Guide

The objectives of the CAS-001 exam (2011) are quite extensive and cover the areas of system and network security, analysis and troubleshooting, risk management, policies and procedures, and business and legal practices related to information security. The CASP Study Guide boasts 100% coverage of all CASP objectives, and it achieves that degree of coverage, albeit with varying depth and detail.

The book’s contents is organized exactly from the domains and subdomains covered by the CASP certification’s objectives. Readers familiar with the information covered by the CISSP, SSCP, and GSEC certifications will recognize many of this study guides topics, including cryptography, security controls, data networking, and privacy policies. There is also coverage of InfoSec topics found on specialized certification exams for forensics, penetration testing, and enterprise-class storage technologies. The reader will also find necessary information for objectives they may have never encounter on any certification exam, such as configuration management, application-layer protocol security, legal policies, and the technology lifecycle.

The guide’s content also contains references to InfoSec standards, such as SANS, OWASP, NIST Special Publications, and IETF RFCs. It is doubtless that the authors of the CASP certification also used these same references for the exam. I would also have liked this study guide’s authors to have includes a listing of all of the research sources they used for this book, but that is a rare thing to find in any modern book on Information Technology.

The information in this study guide is sometimes presented in the form of a best practice or advice for understanding or using information security within an enterprise-scale organization. These descriptions give the reader an idea of how the concepts and technologies of InfoSec can be applied. This is not to say that you will agree with everything advised in this book, but it shows the readers how the authors regard the proper design, implementation, and operation of information security within an enterprise.

One thing that surprised me was the book’s mentions of US laws and regulations concerning Information Technology, including HIPAA, GLB, and PCI. CASP is advertised as an international certification, so I assumed US-centric policies would not appear on the exam, or perhaps region-specific exam questions are inserted depending on where the computer-based CASP exam is administered. Even if this regulatory and governance information isn’t on the CASP exam, it is something every (US) InfoSec professional should know.

Within each chapter are numerous exam watch and Inside The Exam sidebars that provide useful tidbits of information useful to know for the CASP exam. At the end of each chapter is a chapter summary, a bullet list of the factual points of the chapter, a chapter quiz in the format of exam questions, and a lab exercise to help the reader think about real world scenarios.

The chapter quizzes are part of the “475+ practice exam question” mentioned on the book’s cover. These sections are an excellent way to study the factual points of each chapter. They are also a pre-assessment to discover which CASP objectives you already know well and which you need to study.

Also included as an aide to help you determine when you are ready to take the CASP exam is an Exam-readiness checklist that maps each CASP objective to the place it is described in the study guide. On this list you can note what your understanding is of the material in each objective and discover where you need further study.

What’s on the CD?

This book’s CD contains several extras that are moderately useful. Certification candidates love practice exams as a way to learn facts in bite-sized chunks, access where they are in their learning, and generally break the tedium of reading technical material. About 160 of the 475+ practice exam question mentioned on the cover of the study guide are found in the installable MasterExam quizzes and test engine on the CD. The quizzes may be taken in two modes: open book (no time limit, hints available) or closed book (limited time, no hints or references). Both modes allow changing answers and provide to the reader a study guide of incorrectly answered questions needed for additional study.

I found the MasterExam quizzes sufficiently challenging and valuable as both a pre- and post-assessment of my understanding of the CASP material. It is important to note that these quizzes are not accurate representations of the format and quality of the items on the actual CASP exam. These quizzes and are only for testing the candidate's understanding of the material presented in the MGH CASP Study Guide.

Also on the CD is a demonstration of the LearnKey video-based training via the McGraw-Hill OnlineExpert Web site. To access a wide variety of McGraw-Hill certification training videos with labs and practice exams, you will be required to create an OnlineExpert account. I was able to log in and try the pre-assessment exam and labs, which were minimal. Unfortunately, none of the Flash-based training video clips would download for me, but the videos are provided as files on the CD anyway. The Web site is basically a demo of the LearnKey OnlineExpert training, with the full product being available at additional cost.

In addition, the CD contains a free download of the electronic copy of the book in Secure PDF format. Your name, email address, the access code provided on the inside of the CD’s jacket, and a copy of Adobe Digital Editions is required to download and view and the PDF. (Be sure to read the download instructions fully, and select to authorize your computer without using a Vendor ID.) You may not copy or print the PDF text, but it is searchable, and you may highlight text and add annotations to the PDF as well.

Finally, the CD contains a bevy of offers and discounts on McGraw-Hill products to whet your certification-leaning brain.

It this study guide really all that good?

I reviewed the first edition, first printing of the MGH CASP Study Guide. I did notice a number of problems with both the facts and the editing that make this printing more than a bit rough around the edges. While someone new to InfoSec might not notice the occasional factual error or omission, a seasoned system or network administrator, or information security professional, will surely recognize these glitches.

There is some disagreement in terminology between different sections of the book, which can happen with multiple authors. There are also places where concepts are introduced, but not actually explained until much later in the book. One thing that really bothered me is occasionally a best practice is recommended, but the proper context for it is not given, making the practice sound like a standard rule. What may be good practice in one situation is not necessarily the best choice for another.

In the CASP objectives, there is a listing of acronyms that CompTIA recommends the exam candidate know. The book’s own glossary appears to cover all of these terms and more, but the book’s text does not. Knowing acronyms is really important for passing the CASP exam itself, so you should make the extra effort to learn them all.

The CASP objectives also provides a list of proposed hardware and software that the exam candidate is recommended to have personal, hands-on experience in using, such as Network Access Storage, Web Application Firewalls, CA (PKI) servers, virtualization products, and the Helix and BackTrack Linux distributions. The book describes this list, but does not cover many of these technologies, or described how to use them to study for the CASP exam. To be fair, such an effort would require another book in itself.

Finally, there is no specific practice material for the performance simulations or the drag-and-drop questions you will find on the CASP exam. The reader is given information related to these questions, but no suggestions on how to practice taking them. I don’t count this as a problem per se, but more of a suggestion for the publisher and authors as to what I would like to see added in a future edition. I expect many of these problems to be mentioned in the book’s errata and cleaned up both in later printings and the next edition of the CASP Study Guide.

It this study guide all that I need to pass the CASP exam?

I have already posted my review of the CASP exam and what I did to study for it. However, there are a few points that are worth restating here. If you have the time, read the study guide carefully, do the chapter tests and lab exercises, and honestly gauge your understanding of each CASP objective using the book’s exam-readiness checklist. I prefer to use a scale of 1-4 rather than the three-level scale given in the book. If the study guide contains insufficient material to bring your 1- and 2-ranked objectives up to a 4, seek additional study resources.

If you have only a little time before your CASP exam, skim the book and read each chapter summary and the two-minute drills, and try the chapter self-tests. After you’ve made it to the end of the book, do the first MasterExam on the CD as a self-assessment. This will also give you a quicker idea of which what CASP objectives you know well and which to study more.

Remember, the suggested prerequisite for taking the CASP exam is 5-10 year of professional IT work related to security, and I would add, “in an enterprise-scale environment.” If you have this level of experience, this study guide and some Web browsing may be all you need to pass the CASP exam. (It was certainly all that I needed to become CASP-certified.) However, if you fall short of this experience, you will likely need to pull in both additional study resources and some lab time learning how to troubleshoot and secure network resources.

In Summary…

Overall, I’m fairly impressed with the job the authors did in researching the CASP objectives and presenting information that a CASP certification candidate can use. CASP certainly falls into the a-mile-wide-and-and-a-few-inches-deep category of certifications, and that’s a tall order for any book to cover.

I really had to dig deep to find a few bad things to say about this study guide. I have the feeling that the most common complaint will be the book does not go into enough details in explaining some of the CASP objectives. Of course, people will also complain that the CASP exam itself does not do enough to challenge the exam candidate on the depth of the CASP objectives. (This opinion did cross my own mind once or twice.)

Instead of an ultimate compendium of all knowledge CASP, think of this study guide as a very detailed pre-assessment for you to use in determining your weaknesses of the knowledge of the CASP objectives. This study guide could be twice the page count and still hardly do justice to the breadth of knowledge of the CompTIA CASP certification.
Categories
Reviews

Comments

Trackbacks

Total Trackbacks 0
Trackback URL: