Thoughts on the CompTIA Advanced Security Practitioner (CAS-002) Exam

It’s been a long time since my last blog update, but as a young father, it’s been a struggle to find cert study time in between all of my new parental duties. I imagine there are a lot of IT professionals, not to mention other career paths, that have to come to grips with the fact that with a new child, or perhaps children, in your life there is a definite change in your priorities that takes place. With that said, this has been the first cert study/exam cycle I’ve been able to complete, and I hope to get things back on track, albeit at a little more relaxed pace!

CASP Logo

CompTIA’s Advanced Security Practitioner cert currently lies at the top of their CompTIA Certification Hierarchy, thought it’s worth noting that not all of their offerings are linked into that same ladder. As my CompTIA certs are now into their last year before expiration, I decided that I would choose a new cert from their catalog to work towards and renew everything below it. My choices were Storage+. Cloud+, and CASP. Storage+ has definitely been of interest to me in the past, but I decided that with my background of security certs that I should just go for the gusto and take a shot at their highest ranked cert.

As with any cert exam, the NDA prevents one from getting too in-depth about the exact content of the questions, so I will keep things fairly general. The exam documentation mentioned that simulations were a part of the exam, and it turned out they were all at the beginning. I definitely have mixed feelings on these sims, but I do think it’s important for exams, especially those that are for “higher level” certifications, to challenge people beyond simple multiple choice questions. To that extent, the simulations in this exam are somewhat successful. There are some clever tasks that challenge you to complete a set of objectives in the most secure many possible. Conversely, I found some of the other tasks to be a little vague, with no clear way to tell you if you’ve completed your goal or not, or even if you’re on the right track. An example of what I was looking for was what would be found in many Cisco certifications tests where they provide a simple tool, such as a ping test simulation, to verify that you have completed the necessary steps. The biggest issue I have with the CAS-002 sims is that the background documentation for all of the questions could be more in-depth. Maybe CompTIA believes that having to infer what some subnets in a network are used for is part of the challenge, but it came across as incomplete documentation. You shouldn’t have to attempt to guess at information that you need to complete the task, the challenge of the sim should be to put your knowledge to use to complete the task with either all of the needed information, or at least a clear understanding of what missing information you must gather as part of the process of completing the task.

Following the simulations, the remainder of the exam was made up of the typical multiple choice questions that you would expect to find on a CompTIA exam. These felt more challenging than the Security+ questions, but sometimes the challenge came from large amounts of acronym memorization or, worst of all, vague wording. I will give credit where it is due in that there didn’t seem to be any eye-rolling easy “gimme” questions in the pool I was presented with. I have no idea what the weight of the multiple choice questions is versus that of the sims, but I suspect it was my performance in the multiple choice section that allowed me to squeak out a pass.

In an interesting change from most certification exams, you do not get to see a final score, only a simple Pass or Fail statement. The exam will tell you what exam objectives were related to questions that you got wrong. In some ways, it is better than the vague percentage of correct answers you selected for a particular category (a la Cisco), but ultimately still somewhat obfuscates what you need to focus on if you need to rewrite the exam, mostly because exam objectives don’t always get mapped one-to-one with sections of a study guide. However, if you were to tell me that I did really lousy in the Encryption category, I would easily know where to start my refresher studies.

Lastly, and this is something I try to avoid focusing on, but I feel needs to be addressed in this case, is the cost of the exam. CompTIA also does not currently offer the Deluxe packages that can be purchased for A+, Net+, and Sec+ that provides a re-take voucher and access to CertMaster training material (which I have briefly reviewed previously). There is currently no CertMaster material for CASP, so that makes sense, although a retake voucher sure would be nice! The current cost of the exam voucher is $402 US, which came out to nearly $500 Canadian with our current exchange rate. I was fortunate enough that my workplace covered the cost for me, but many others will not be able to take advantage of such a situation. It really is a high asking price for an exam that frankly is not as desired in the job marketplace as CCNP Security or the grandmaster of them all, CISSP.

It was good to get into the swing of cert studies again after too long a hiatus, and I hope to keep the momentum going. My overall impression of the CASP study experience is middling, however, I’m always happy to learn new things and I will certainly explore any opportunities to apply my new found knowledge and use CASP to further my career!