Home > IT Certifications > CompTIA Certification > CompTIA SecurityX (CAS-005) Pearson Skilling Suite
🔍 Click to enlarge photo

CompTIA SecurityX (CAS-005) Pearson Skilling Suite

Web price: Rs16,584.91
Member price: Rs16,584.91
Qty
License this product
Description
Overview:

This course provides comprehensive, hands-on training to prepare you for the CompTIA SecurityX (CAS-005) exam, an advanced certification for senior-level cybersecurity professionals. We will delve into the technical skills and knowledge required to architect, engineer, and implement secure solutions across complex, multi-vendor environments. The curriculum aligns with the latest CAS-005 exam objectives, focusing on governance, risk, and compliance; security architecture; security engineering; and security operations. Through a combination of rich text, expert-led instruction, interactive labs, and practice exams, you will gain the practical expertise needed to lead enterprise-wide cybersecurity initiatives and prove your mastery of advanced security concepts.

Duration:

Approximately 40 hours. Actual duration will vary by student.

Course Components:
  • Full eBook Text Lessons 
  • Video learning 
  • Hands-on Labs 
  • Certification Practice Exams
Audience:

This course is designed for experienced IT and security professionals seeking to validate their advanced skills and advance into senior-level roles. It is ideal for:

  • Security Architects and Engineers responsible for designing and building secure enterprise solutions.
  • SOC Managers and Security Analysts who need to deepen their technical knowledge for threat management and incident response.
  • Cybersecurity Consultants and Technical Leads who require a vendor-neutral, mastery-level certification to demonstrate their expertise.
Recomended Prerequisites

To succeed in this course and on the CAS-005 exam, it is highly recommended that you have:

  • At least 10 years of general IT experience, with a minimum of 5 years of hands-on technical security experience.
  • A solid understanding of networking, systems administration, and common security technologies.
  • Knowledge equivalent to other CompTIA certifications, such as Network+, Security+, CySA+, and PenTest+.
  • Experience with governance, risk, and compliance frameworks.
Objectives:

Upon successfull completion of this course, student will be able to:

  • Implement Governance, Risk, and Compliance (GRC) Strategies: Analyze security requirements, perform risk management activities, and ensure compliance with industry standards and regulations (e.g., NIST, GDPR, PCI DSS).
  • Architect Secure Enterprise Solutions: Design and integrate security across hybrid, cloud, and on-premises environments, including the implementation of Zero Trust security models.
  • Apply Advanced Security Engineering Concepts: Implement and manage advanced cryptographic solutions, perform vulnerability management, and apply automation for security tasks.
  • Lead Security Operations and Incident Response: Conduct threat hunting, perform digital forensics analysis, and develop effective incident response and recovery plans.
  • Evaluate Emerging Technologies: Assess the security implications of new technologies, such as artificial intelligence and machine learning, and implement appropriate security controls.

Part 1: Governance, Risk, and Compliance (6 hours and 24 minutes)

  • Skill 1.1: Organizational security requirements and governance components (1 hour and 12 minutes)
    • Security program documentation
    • Security Program Management
    • Governance frameworks
    • Change/configuration management
    • Governance risk and compliance (GRC) tools
    • Data governance In staging environments
  • Skill 1.2: Risk Management Activities (1 hour and 48 minutes)
    • Impact Analysis
    • Risk assessment and management
    • Third-party risk management
    • Availability risk considerations
    • Confidentiality risk considerations
    • Integrity risk considerations
    • Privacy risk considerations
    • Crisis management
    • Breach response
  • Skill 1.3: Compliance Impacts on Information Security Strategies (1 hour and 12 minutes)
    • Awareness of Industry-specific compliance
    • Industry standards
    • Security and reporting frameworks
    • Audits vs. assessments vs. certifications
    • Privacy regulations
    • Awareness of cross-jurisdictional compliance requirements
  • Skill 1.4: Threat-modeling (1 hour and 12 minutes)
    • Actor characteristics
    • Attack patterns
    • Frameworks
    • Attack surface determination
    • Methods
    • Modeling applicability of threats to the organization/environment
  • Skill 1.5: Information Security Challenges with AI (1 hour)
    • Legal and privacy Implications
    • Threats to the model
    • AI-enabled attacks
    • Risks of AI usage
    • AI-enabled assistants/digital workers

Part 2: Security Architecture (10 hours and 12 minutes)

  • Skill 2.1: Designing Resilient Systems (24 minutes)
    • Component placement and configuration
    • Availability and integrity design considerations
  • Skill 2.2: Embedding Security into the DevOps Lifecycle (1 hour and 12 minutes)
    • Security requirements definition
    • Software assurance
    • Continuous integration/continuous deployment (CI/CD)
    • Supply chain risk management
    • Hardware assurance
    • End-of-life (EOL) considerations
  • Skill 2.3: Implementing Controls when Designing Secure Architecture (1 hour and 24 minutes)
    • Attack surface management and reduction
    • Detection and threat-hunting enablers
    • Information and data security design
    • DLP
    • Hybrid infrastructures
    • Third-party integrations
    • Control effectiveness
  • Skill 2.4: Security & Design in Access, Authentication, and Authorization Systems (2 hours and 24 minutes)
    • Provisioning/deprovisioning
    • Federation
    • Single sign-on (SSO)
    • Conditional access
    • Identity provider
    • Service provider
    • Attestations
    • Policy decision and enforcement points
    • Access control models
    • Logging and auditing
    • Public key infrastructure (PKI) architecture
    • Access control systems
  • Skill 2.5: Securely Implementing Enterprise Cloud Capabilities (3 hours and 12 minutes)
    • Cloud access security broker (CASB)
    • Shadow IT detection
    • CI/CD pipeline
    • Terraform
    • Ansible
    • Package monitoring
    • Container security
    • Container orchestration
    • Serverless
    • API security
    • Cloud vs. customer-managed
    • Cloud data security considerations
    • Cloud control strategies
    • Customer-to-cloud connectivity
    • Cloud service integration
    • Cloud service adoption
  • Skill 2.6: Zero Trust Concepts in System Architecture (1 hour 36 minutes)
    • Continuous authorization
    • Context-based reauthentication
    • Network architecture
    • API integration and validation
    • Asset identification, management, and attestation
    • Security boundaries
    • Deperimeterization
    • Defining subject-object relationships

Part 3: Security Engineering (15 hours and 24 minutes)

  • Skill 3.1: Identity & Access Management (IAM) Troubleshooting (1 hour and 24 minutes)
    • Subject access control
    • Biometrics
    • Secrets management
    • Cloud IAM access and trust policies
    • Logging and monitoring
    • Privilege identity management
    • Authentication and authorization
  • Skill 3.2: Securing Endpoints & Servers (2 hours and 36 minutes)
    • Application control
    • Endpoint detection response (EDR)
    • Event logging and monitoring
    • Endpoint privilege management
    • Attack surface monitoring and reduction
    • Host-based intrusion protection system/host-based detection system (HIPS/HIDS)
    • Anti-malware
    • SELinux
    • Host-based firewall
    • Browser isolation
    • Configuration management
    • Mobile device management (MDM) technologies
    • Threat-actor tactics, techniques, and procedures (TTPs)
  • Skill 3.3: Network Security Troubleshooting (2 hours and 24 minutes)
    • Network misconfigurations
    • IPS/IDS issues
    • Observability
    • Domain Name System (DNS) Security
    • Email security
    • Transport Layer Security (TLS) errors
    • Cipher mismatch
    • PKI issues
    • Issues with cryptographic implementations
    • DoS/distributed denial of service (DDoS)
    • Resource exhaustion
    • Network access control list (ACL) issues
  • Skill 3.4: Hardware Security & Trusted Computing (2 hours)
    • Roots of trust
    • Security coprocessors
    • Virtual hardware
    • Host-based encryption
    • Self-encrypting drive (SED)
    • Secure Boot
    • Measured boot
    • Self-healing hardware
    • Tamper detection and countermeasures
    • Threat-actor TTPs
  • Skill 3.5: Protecting Specialized & Legacy Systems (1 hour and 36 minutes)
    • Operational technology (OT)
    • Internet of Things (IoT)
    • System-on-chip (SoC)
    • Embedded systems
    • Wireless technologies/radio frequency (RF)
    • Security and privacy considerations
    • Industry-specific challenges
    • Characteristics of specialized/legacy systems
  • Skill 3.6: Security Automation & Orchestration (2 hours and 48 minutes)
    • Scripting
    • Cron/scheduled tasks
    • Event-based triggers
    • Infrastructure as code (IaC)
    • Configuration files
    • Cloud APIs/software development kits (SDKs)
    • Generative AI
    • Containerization
    • Automated patching
    • Auto-containment
    • Security orchestration, automation, and response (SOAR)
    • Vulnerability scanning and reporting
    • Security Content Automation Protocol (SCAP)
    • Workflow automation
  • Skill 3.7: Advanced Cryptographic Concepts (2 hours and 12 minutes)
    • Post-quantum cryptography (PQC)
    • Key stretching
    • Key splitting
    • Homomorphic encryption
    • Forward secrecy
    • Hardware acceleration
    • Envelope encryption
    • Performance vs. security
    • Secure multiparty computation
    • Authenticated encryption with associated data (AEAD)
    • Mutual authentication
  • Skill 3.8: Cryptographic Use Cases & Techniques (24 minutes)
    • Use cases
    • Techniques

Lesson 4: Security Operations (5 hours and 48 minutes)

  • Skill 4.1: Monitoring & Incident Response Data Analysis (1 hour and 12 minutes)
    • Security information event management (SIEM)
    • Aggregate data analysis
    • Behavior baselines and analytics
    • Incorporating diverse data sources
    • Alerting
    • Reporting and metrics
  • Skill 4.2: Vulnerability & Attack Analysis (24 minutes)
    • Vulnerabilities and attacks
    • Mitigations
  • Skill 4.3: Threat Hunting & Intelligence (1 hour and 24 minutes)
    • Internal intelligence sources
    • External intelligence sources
    • Counterintelligence and operational security
    • Threat intelligence platforms (TIPs)
    • Indicator of compromise (IoC) sharing
    • Rule-based languages
    • Indicators of attack
  • Skill 4.4: Incident Response & Digital Forensics (2 hours and 48 minutes)
    • Malware analysis
    • Reverse engineering
    • Volatile/non-volatile storage analysis
    • Network analysis
    • Host analysis
    • Metadata analysis
    • Hardware analysis
    • Data recovery and extraction
    • Threat response
    • Preparedness exercises
    • Timeline reconstruction
    • Root cause analysis
    • Cloud workload protection platform (CWPP)
    • Insider threat