CASP: CompTIA Advanced Security Practitioner Study Guide Authorized Courseware: Exam CAS-001 1st Edition

The CASP is CompTIA's first advanced test -- designed to verify a person's skills in the field of information security and ability to protect a company's vital assets, data-wise at least. The recommendation that someone worked in this field for a minimum of 5 or so years isn't for fluff -- the test touches on practically every area of security. This is new -- most other tests I've taken (Microsoft, other CompTIA ones) have usually focused in on a specific area of security -- either at a client's computer, server-side, or the web. This test looks at ALL of them - so it's important that you at least have some of the concepts of security in all those areas before attempting this exam. And if that isn't difficult enough -- the exam tests you on other facets as well. Things like SLAs (Service Level Agreements), creating TCOs (Total Cost of Ownership), and being able to work and understand different IT departments -- all these are touched on. Again -- something that a more experienced professional in the field would've done before, but not necessarily someone new to the field.With that being said, this book does an exceptional job at testing and expanding one's knowledge of these areas. The part I appreciate most is near the end -- the book has about 20 labs, designed to help you especially in the field of Enterprise Security. They're well laid out, designed to be done in order, and progressively getting deeper and deeper into security issues and things one should be aware of. Unfortunately -- one can only learn and do so much through labs and test questions -- there is no parallel to actual experience. Especially with trying to teach things like SDLC (System Development Life Cycle) or ROI (Return of Investment) -- it's difficult to teach those things by a book alone. It gives it a nice shot - no doubt about that, but in the end - I put my understanding of it at more of actually having to plan projects at my job, and having to create things like TCOs, or calculate ROI.Something I wanted to note: usually the reason I purchase the book over the Kindle version is that the book comes with a CD, filled with goodies like test exams and flashcards that do really help one to study, and see where one might need to focus their efforts. This book does NOT come with a CD - seems they've caught on to the phenomenon called "the Internet", whatever that is....To download the test questions and flashcards, look at my comment section below...So if you're debating whether to get one or the other, if you want -- I see no reason not to get the Kindle version. I still prefer printed paper, but the Kindle version is cheaper. All in all, the book is a great learning material, but I wouldn't feel comfortable taking the test on it alone. I highly recommend using this in conjunction with some actual project experience, because, as Dwight Schrute says, "Experience is the best teacher...."

So... let me start off by saying that I have several certifications that are more advanced than this one (CISSP, CISA, CISM, CRISC, etc), as well as a formal education and advanced degrees in the field, and I am trying to pick up the remaining beginner and intermediate certifications. When I was looking for a book for the CASP, this was pretty much the only book I could find so naturally I decided to pick it up.Gregg does a great job with sticking to content that is directly mapped to the exam outline CompTIA has published for this exam... however... there are few problems.For a beginner/intermediate reader for Gregg does an excellent job covering the material in a comprehensive and methodical manner. For that I would give the book a full 5 stars for the depth and breadth of content. However, for more advanced readers there are numerous factual errors, ambiguous language/questionable definition of vocabulary, and an occasional misspelling here and there which really detract from an otherwise average writing style. For an advanced reader I would rate this a 3 star book.Where Gregg does well however is in great instructions, examples, and lab scenarios or things to work on outside the book that are included during the chapter reading or in appendix A in the back. For this I bump up the usefulness of this book to an overall 4 stars.Again, decent book for beginners/intermediate security practitioners, but average/not good for advanced practitioners.

Of course this is a certification guide, so it will read like one. That said, it is well-written and comprehensible. It provides good coverage of the material, from what I can tell (having not yet taken the exam). I purchased it having read some Security+ exam guides and wanting something a bit deeper. While this gives more depth, there are still areas the authors tend to skip over, because they are not heavily covered in the exam (thus four, rather than five stars). Many of these things while perhaps not directly present on the exam would have been very helpful in understanding and better recalling the things that are on the exam.Target audience: The test is supposedly targeted at long-time security professionals with five years or more of experience. I have found that I am doing pretty well with just a year or so of fairly indirect experience. It is certainly targeted more at system administrators or those managing them though. You will need a fair amount of technical knowledge as some of the topics covered include cryptography algorithms and networking. Software developers may find less to interest them, as much of the focus is on security principles and securing systems than on best practices for software you are writing.I found the Kindle version (on Kindle Fire, to be specific) to be well-done, and easily usable. I have not seen any formatting issues.

It may be due to some copyright or legal protection of the Four domains of the CASP exam but the book doesn't at all follow the structure of the exam domains.This makes it really a really disorganized way to precisely follow the domain requirements.It does cover all the objectives of the exam but not in the order of 4 domains.That sort of thing helps me progress through the material.That's my only grip.Otherwise, as is usual for Cybex books, they make good use of bold print to focus your eyes on key terms.They also provide lab exercises which I LOVE!I learn more by using the tools in a semi-structured environment that such books provide. (Not a big believer in bootcamp certification.)Overall, the book and your experience will get you through this CompTIA exam.They're exams are not exactly known to be very difficult so I'll follow up on this review after I pass the exam to see if the book prepared me enough to pass.

I bought the book immediately after I received the notification from CompTIA, that there is a brand new advanced level certification on the market. This was the only one available specifically written for the CAS-001 exam.I have passed the exam successfully from the first time, but I must say that the book and the prep engine by itself is not enough to guarantee you the passing score - you need to dig much deeper.My overall impression with the book is that it is very well written and structured (there are a few mistakes) - I love having it in my IT Security library. Unfortunately it has been rushed to the market.CompTIA are definetly aiming to bring CASP close to the CISSP.Regarding my words about the digging deeper - I used mostly Wikipedia and Google to gain more in depth knowledge on the topics and it was worth it. The questions on the exam expect from you to have an in depth knowledge of the secuirty technologies and processes and to be able to apply critical thinking and decision making based on that knowledge.As a conclusion - Very well written book (there are some minor mistakes), but it was a bit rushed to the market. The preparation questions are far away from those on the real exam.Still - it is a book worth reading.

This is a good security book but I'm worried about using it as a source for the exam. Already mentioned by someone else is the fact that the information on Hypervisors is the wrong way around, fortunately I knew this but some people might not. This mistake is also repeated in the downloadable test exam. I wonder if I'm now soaking up other misinformation prior to taking the exam in the near future. It is a comprehensive book, but with two technical authors I would expect them to double check and further proof reading by an independent technical person before publishing.

Details on exam are incorrect with regards to the amount of questions you have to answer and the amount of time you have for the exam.Also in test exam there are no simulation questions nor multiple choice which you will experience in the exam.

Sybex always brings best study guides for those like me who don't have time (or enough money) to attend on site training. Self-study is common in cybersecurity, and this book helps the reader to save time and money in aiming to pass CASP certification.One of the post says that the book is full of mispellings (bad English). As a non-English mother tongue speaker, I don't have a problem understanding what is written on it, so English speakers shoudn't either. Highly recommended.

Although I found the content to be good from a technical security perspective, in relation to this book preparing you to sit for the CompTIA Advanced Security Practitioner exam, it was definitely lacking. The book was filled with grammer and spelling errors, as well as missing answers in the end of chapter questions. Disappointing.