How I passed: CompTIA Advanced Security Practitioner (CASP+)
This week I sat and passed the CompTIA Advanced Security Practitioner (CASP+) CAS–004 exam.
CASP+ is an advanced-level cybersecurity certification covering technical skills in security architecture and senior security engineering in traditional, cloud, and hybrid environments, governance, risk, and compliance skills, assessing an enterprise’s cybersecurity readiness, and leading technical teams to implement enterprise-wide cybersecurity solutions.
The exam format I choose to undertake was online with PerasonVue, as I find the convivence of been able to set the exam at a time that fits me and my personal background and work around my schedule, plus knowing that the exam length was a maximum of 165 Minutes (2 ¾ Hours) , I did not want the extra load of having to travel to and from a test centre.
So, 165 Minutes to undertake a maximum of 90 (Ninety) Questions – Giving a very tight timescale of under 2 minutes a question.. there is little time to mess about. A real need to both read and understand the question as well as the options presented as answers and the context in which its framed.
So practice clearly was going to be key.
The details and the breakdown of the course, the exam objectives and all the material are available on the CompTIA domain its self, I strongly recommend that this is the course you don’t just pay for the exam voucher – There is a range of options, pick one that in the end suits you, I do recommend you consider at least the eBook unless you can source equivalent elsewhere, bonus is you get a resit !
I am not going to mince words here, this exam is hard. Now you may laugh and shake off that comment, however allow me to frame why I said that. I hold 2 Master Degrees in the fields of digital forensics and information security, I have a tonne of various vendor led training certs, (including sec+ pentest+ etc) and I have over 20 years in the field of doing the stuff at the coal face, what’s even more of a consideration is that I teach this stuff.
Yes you read right, week on week, month after month I teach a wide range of information security courses for a well known Training provider. So when I say an exam is hard, I am not messing around.
So how do you pass this thing ?
My route was to read, and read, and read. The first step was to get my hands on as much course material that overlapped the topics in the exam objectives and just read. The major benefit of this was that I did not need to be hooked up to electricity or the interwebs. I had at least one book on my person to dive into in any unallocated time. Time which I knew would be at a premium, as a dad of two young children , my timekeeping had to be beyond par.
So whats the book list I hear you shout , well before I get to that lets just look at what stuff I already had,
Books
- ISC2 – SSCP Common body of knowledge from Sybex
- CompTIA Security + Student book
- CompTIA PenTest + Student book
- CASP+ Exam Guide second ed – CAS-003 (the previous exam) – Mc Graw Hill Education.
- CISM Certified Information Security Manager , again from Mc Graw Hill Education.
So rather than rush out and get any new books or content relating to the new CAS-004 I sat down and looked at the exam objectives and mapped them to content I already had in hand.
Now its worth noting that the CASP + exam is a technical exam and as such the CISM material is more business aimed however it was not a wasted venture as it provided a different presentation of the same topics at hand, which I found useful to have a comprehensive understanding rather than a siloed one, after all this is an ‘advanced’ exam not a memory retention exercise, you need to know this stuff.
The next thing I did was I booked an exam date. The 20th of April 2022.
It was November 2021.. I had given my self a five month deadline and I was not going to reschedule .
Sitting down with the family and engaging them into the coming months was vital. Daddy was going to be busy so lets plan what the family life would be. Major events, school holidays, appointments etc .
I was going to be present for them, I couldn’t use the comment ‘ Daddy is busy ‘, that simply was not going to work. My wonderful partner went and surprised me with a whiteboard Monthly planner and a desk top paper weekly scheduler. These were awesome in keeping me on track. I owe her big time !
So I started to work out how much time I really had and started to block out and carve out my study plan.
As with all plans, sticking to them is the hard part !
So with the reading element in hand with both the CompTIA ebook and materials and all the referenced stuff from them and the books I had to hand, I started to look at the down times I had when I could not be at a desktop/laptop or be able to read a book – Travelling . What’s the audio options I had ?
Audio / Video
I find video content hard to follow, speaking and reading at the same time – meh .
So what I did was jumped on to Udemy and having done a bit of research I signed up to the following so I could listen to the content while traveling .
I had so often recommended Jason Dion to my learners post my own training offerings to those who I could see were struggling , I mean why not ? a different way of explanation is always going to help
His course offering was also going to plug the gap between the CAS-003 book and the new CAS-004 exam so it was a win-win in my view. Plus I had the content forever and I could listen to it when out and about.
The only thing left now was to cover a few more practice questions so I got my hands on the
CompTIA Practice tests CAS-004 from Sybex – If only I had got this first ! It comes with a 10% discount for the exam voucher !
So now set for audio/video and reading material, I divided up my weeks and months into the core areas of study , mindful that doing it in blocks would mean stuff I done at the start .. perhaps I might not remember so I made sure the objectives were split over the coming weeks .
That just left the ‘doing’ part.
The CompTia CASP+ exam has a new element on top of the usual performance based questions this exam has a virtual lab element, of course bound by exam NDA and ethics I cannot tell you what I was presented, but here I had an advantage. The platform used in the exam is from a company I used to know as learn on demand , who have been rebranded as Skillable . This was a platform in which I used a lot, and in fact had even authored a few courses to be used on the platform. So I was at home here.
In basic terms you are presented with a virtual environment and you have at least two items to remediate on an endpoint. This means interacting with the O/S and doing stuff ! there is no guidance on how or what to complete, Just fix it.
This Question cannot be skipped or marked for review, so when it comes up in the exam at whatever point, you are just going to have to do it. Don’t forget your time allocation over all, as it would be very easy to waste a lot of time here .
What will help you is knowledge and experience here. There is no multiple choice options to select !
The Certmaster Labs cover a lot of the tooling and commands for this question so if you have chosen that option you should do fine.
In the coming months , I put in an average of 30 hours a week study, that was broken up in to a hour in the morning , and a further hour of audio while moving around between home/work/gym/dog walks. Each night was followed by a further 2 hours combo of reading and the weekend was generally the same pattern but with a knowledge quiz check from the vast array of questions I had to hand.
As the exam date got closer I started to have a bit of imposter syndrome and made the error of going online to research, that was a mistake ! Social media platforms filled with people who did not fair well was not helpful at all. So don’t do that to your self, stick with your plan and keep going.
72 hours before the exam I stopped studying. I had done all I could, it was time to take a breath and mentally relax before the day its self. I had taken previous online exams so it was a familiar process to check my desktop was ready for the exam its self ( I even have a user profile just for exams ! )
I was online 40 minutes before hand after taking the dog out for a morning walk, and was ready for the proctor for all the ID and system checks which went without a hitch.
Then the exam started…
Ten questions in I felt like I wanted to rage quit.
This was a hard exam, the content was spot on, no issue there in coverage the prep questions did not really indicate how much you need to read and understand not just the question , but what the answers are really indicating. It was an exam of application of knowledge and not one of memory.
I finished the exam just within the time limit allowing one review of all the questions including those I had flagged, and then was presented by comptia’s 15 minute survey… Thanks.
What happened next made me almost cry.. the results page loaded and stated that it would take several hours to get the score and I would find out on the CompTIA website/notified by email. I suspect this is due to the virtual lab element and the need to have that checked.(A pure guess on my part so I may well be wrong)
The following day – Result ! I passed.
I hope you find this useful and if you too are about to embark on your CompTIA CASP+ Exam , I wish you the very best and good luck !