CompTIA SecurityX (CAS-005) Pearson Skilling Suite

Web price: Rs16,584.91
Member price: Rs16,584.91
Qty
License this product
Description
Overview:

This course provides comprehensive, hands-on training to prepare you for the CompTIA SecurityX (CAS-005) exam, an advanced certification for senior-level cybersecurity professionals. We will delve into the technical skills and knowledge required to architect, engineer, and implement secure solutions across complex, multi-vendor environments. The curriculum aligns with the latest CAS-005 exam objectives, focusing on governance, risk, and compliance; security architecture; security engineering; and security operations. Through a combination of rich text, expert-led instruction, interactive labs, and practice exams, you will gain the practical expertise needed to lead enterprise-wide cybersecurity initiatives and prove your mastery of advanced security concepts.

Duration:

Approximately 40 hours. Actual duration will vary by student.

Course Components:
  • Full eBook Text Lessons 
  • Video learning 
  • Hands-on Labs 
  • Certification Practice Exams
Audience:

This course is designed for experienced IT and security professionals seeking to validate their advanced skills and advance into senior-level roles. It is ideal for:

  • Security Architects and Engineers responsible for designing and building secure enterprise solutions.
  • SOC Managers and Security Analysts who need to deepen their technical knowledge for threat management and incident response.
  • Cybersecurity Consultants and Technical Leads who require a vendor-neutral, mastery-level certification to demonstrate their expertise.
Recomended Prerequisites

To succeed in this course and on the CAS-005 exam, it is highly recommended that you have:

  • At least 10 years of general IT experience, with a minimum of 5 years of hands-on technical security experience.
  • A solid understanding of networking, systems administration, and common security technologies.
  • Knowledge equivalent to other CompTIA certifications, such as Network+, Security+, CySA+, and PenTest+.
  • Experience with governance, risk, and compliance frameworks.
Objectives:

Upon successfull completion of this course, student will be able to:

  • Implement Governance, Risk, and Compliance (GRC) Strategies: Analyze security requirements, perform risk management activities, and ensure compliance with industry standards and regulations (e.g., NIST, GDPR, PCI DSS).
  • Architect Secure Enterprise Solutions: Design and integrate security across hybrid, cloud, and on-premises environments, including the implementation of Zero Trust security models.
  • Apply Advanced Security Engineering Concepts: Implement and manage advanced cryptographic solutions, perform vulnerability management, and apply automation for security tasks.
  • Lead Security Operations and Incident Response: Conduct threat hunting, perform digital forensics analysis, and develop effective incident response and recovery plans.
  • Evaluate Emerging Technologies: Assess the security implications of new technologies, such as artificial intelligence and machine learning, and implement appropriate security controls.

Part 1: Governance, Risk, and Compliance (6 hours and 24 minutes)

  • Skill 1.1: Organizational security requirements and governance components (1 hour and 12 minutes)
    • Security program documentation
    • Security Program Management
    • Governance frameworks
    • Change/configuration management
    • Governance risk and compliance (GRC) tools
    • Data governance In staging environments
  • Skill 1.2: Risk Management Activities (1 hour and 48 minutes)
    • Impact Analysis
    • Risk assessment and management
    • Third-party risk management
    • Availability risk considerations
    • Confidentiality risk considerations
    • Integrity risk considerations
    • Privacy risk considerations
    • Crisis management
    • Breach response
  • Skill 1.3: Compliance Impacts on Information Security Strategies (1 hour and 12 minutes)
    • Awareness of Industry-specific compliance
    • Industry standards
    • Security and reporting frameworks
    • Audits vs. assessments vs. certifications
    • Privacy regulations
    • Awareness of cross-jurisdictional compliance requirements
  • Skill 1.4: Threat-modeling (1 hour and 12 minutes)
    • Actor characteristics
    • Attack patterns
    • Frameworks
    • Attack surface determination
    • Methods
    • Modeling applicability of threats to the organization/environment
  • Skill 1.5: Information Security Challenges with AI (1 hour)
    • Legal and privacy Implications
    • Threats to the model
    • AI-enabled attacks
    • Risks of AI usage
    • AI-enabled assistants/digital workers

Part 2: Security Architecture (10 hours and 12 minutes)

  • Skill 2.1: Designing Resilient Systems (24 minutes)
    • Component placement and configuration
    • Availability and integrity design considerations
  • Skill 2.2: Embedding Security into the DevOps Lifecycle (1 hour and 12 minutes)
    • Security requirements definition
    • Software assurance
    • Continuous integration/continuous deployment (CI/CD)
    • Supply chain risk management
    • Hardware assurance
    • End-of-life (EOL) considerations
  • Skill 2.3: Implementing Controls when Designing Secure Architecture (1 hour and 24 minutes)
    • Attack surface management and reduction
    • Detection and threat-hunting enablers
    • Information and data security design
    • DLP
    • Hybrid infrastructures
    • Third-party integrations
    • Control effectiveness
  • Skill 2.4: Security & Design in Access, Authentication, and Authorization Systems (2 hours and 24 minutes)
    • Provisioning/deprovisioning
    • Federation
    • Single sign-on (SSO)
    • Conditional access
    • Identity provider
    • Service provider
    • Attestations
    • Policy decision and enforcement points
    • Access control models
    • Logging and auditing
    • Public key infrastructure (PKI) architecture
    • Access control systems
  • Skill 2.5: Securely Implementing Enterprise Cloud Capabilities (3 hours and 12 minutes)
    • Cloud access security broker (CASB)
    • Shadow IT detection
    • CI/CD pipeline
    • Terraform
    • Ansible
    • Package monitoring
    • Container security
    • Container orchestration
    • Serverless
    • API security
    • Cloud vs. customer-managed
    • Cloud data security considerations
    • Cloud control strategies
    • Customer-to-cloud connectivity
    • Cloud service integration
    • Cloud service adoption
  • Skill 2.6: Zero Trust Concepts in System Architecture (1 hour 36 minutes)
    • Continuous authorization
    • Context-based reauthentication
    • Network architecture
    • API integration and validation
    • Asset identification, management, and attestation
    • Security boundaries
    • Deperimeterization
    • Defining subject-object relationships

Part 3: Security Engineering (15 hours and 24 minutes)

  • Skill 3.1: Identity & Access Management (IAM) Troubleshooting (1 hour and 24 minutes)
    • Subject access control
    • Biometrics
    • Secrets management
    • Cloud IAM access and trust policies
    • Logging and monitoring
    • Privilege identity management
    • Authentication and authorization
  • Skill 3.2: Securing Endpoints & Servers (2 hours and 36 minutes)
    • Application control
    • Endpoint detection response (EDR)
    • Event logging and monitoring
    • Endpoint privilege management
    • Attack surface monitoring and reduction
    • Host-based intrusion protection system/host-based detection system (HIPS/HIDS)
    • Anti-malware
    • SELinux
    • Host-based firewall
    • Browser isolation
    • Configuration management
    • Mobile device management (MDM) technologies
    • Threat-actor tactics, techniques, and procedures (TTPs)
  • Skill 3.3: Network Security Troubleshooting (2 hours and 24 minutes)
    • Network misconfigurations
    • IPS/IDS issues
    • Observability
    • Domain Name System (DNS) Security
    • Email security
    • Transport Layer Security (TLS) errors
    • Cipher mismatch
    • PKI issues
    • Issues with cryptographic implementations
    • DoS/distributed denial of service (DDoS)
    • Resource exhaustion
    • Network access control list (ACL) issues
  • Skill 3.4: Hardware Security & Trusted Computing (2 hours)
    • Roots of trust
    • Security coprocessors
    • Virtual hardware
    • Host-based encryption
    • Self-encrypting drive (SED)
    • Secure Boot
    • Measured boot
    • Self-healing hardware
    • Tamper detection and countermeasures
    • Threat-actor TTPs
  • Skill 3.5: Protecting Specialized & Legacy Systems (1 hour and 36 minutes)
    • Operational technology (OT)
    • Internet of Things (IoT)
    • System-on-chip (SoC)
    • Embedded systems
    • Wireless technologies/radio frequency (RF)
    • Security and privacy considerations
    • Industry-specific challenges
    • Characteristics of specialized/legacy systems
  • Skill 3.6: Security Automation & Orchestration (2 hours and 48 minutes)
    • Scripting
    • Cron/scheduled tasks
    • Event-based triggers
    • Infrastructure as code (IaC)
    • Configuration files
    • Cloud APIs/software development kits (SDKs)
    • Generative AI
    • Containerization
    • Automated patching
    • Auto-containment
    • Security orchestration, automation, and response (SOAR)
    • Vulnerability scanning and reporting
    • Security Content Automation Protocol (SCAP)
    • Workflow automation
  • Skill 3.7: Advanced Cryptographic Concepts (2 hours and 12 minutes)
    • Post-quantum cryptography (PQC)
    • Key stretching
    • Key splitting
    • Homomorphic encryption
    • Forward secrecy
    • Hardware acceleration
    • Envelope encryption
    • Performance vs. security
    • Secure multiparty computation
    • Authenticated encryption with associated data (AEAD)
    • Mutual authentication
  • Skill 3.8: Cryptographic Use Cases & Techniques (24 minutes)
    • Use cases
    • Techniques

Lesson 4: Security Operations (5 hours and 48 minutes)

  • Skill 4.1: Monitoring & Incident Response Data Analysis (1 hour and 12 minutes)
    • Security information event management (SIEM)
    • Aggregate data analysis
    • Behavior baselines and analytics
    • Incorporating diverse data sources
    • Alerting
    • Reporting and metrics
  • Skill 4.2: Vulnerability & Attack Analysis (24 minutes)
    • Vulnerabilities and attacks
    • Mitigations
  • Skill 4.3: Threat Hunting & Intelligence (1 hour and 24 minutes)
    • Internal intelligence sources
    • External intelligence sources
    • Counterintelligence and operational security
    • Threat intelligence platforms (TIPs)
    • Indicator of compromise (IoC) sharing
    • Rule-based languages
    • Indicators of attack
  • Skill 4.4: Incident Response & Digital Forensics (2 hours and 48 minutes)
    • Malware analysis
    • Reverse engineering
    • Volatile/non-volatile storage analysis
    • Network analysis
    • Host analysis
    • Metadata analysis
    • Hardware analysis
    • Data recovery and extraction
    • Threat response
    • Preparedness exercises
    • Timeline reconstruction
    • Root cause analysis
    • Cloud workload protection platform (CWPP)
    • Insider threat
  • Interconnectivity icon
    MORE OPTIONS?

    Pearson Skilling Suite

    Ready to take learning to the next level? Check out what Pearson's Skilling Suite has to offer your business and how it can enrich your team's learning. Discover more here from FAQs to demos to answer your Skilling Suite questions.

    Learn more
  • Building icon
    HOW CAN WE HELP?

    Contact us

    Whether you're a training center, enterprise, or academic institution, our team is here to help. Explore tailored solutions, get product support, or learn how Pearson can help you deliver successful training and certification programs.

    Let's connect