Appendix A

Mapping Course Content to

CompTIA Certification
1

Achieving CompTIA CASP+ certification requires candidates to pass Exam

CAS-004. This table describes where the exam objectives for Exam CAS-004 are
covered in this course.

1.0 Security Architecture

1.1 Given a scenario, analyze the security
requirements and objectives to ensure an
appropriate, secure network architecture for
a new or existing network. Covered in
Services Lesson 4, Topic A
Load balancer
Intrusion detection system (IDS)/network
intrusion detection system (NIDS)/wireless
intrusion detection system (WIDS)
Intrusion prevention system (IPS)/network
intrusion prevention system (NIPS)/wireless
intrusion prevention system (WIPS)
Web application firewall (WAF)
Network access control (NAC)
Virtual private network (VPN)
Domain Name System Security
Extensions (DNSSEC)
Firewall/unified threat management
(UTM)/next-generation firewall (NGFW)
Network address translation (NAT) gateway
Internet gateway
Forward/transparent proxy
Reverse proxy
Distributed denial-of-service (DDoS) protection
Routers
Mail security
Application programming interface (API) gateway/
Extensible Markup Language (XML) gateway
Traffic mirroring
Switched port analyzer (SPAN) ports
Port mirroring
Virtual private cloud (VPC)
Network tap

CAS-004_Appendix_ppA1-A24.indd 1 27/08/21 9:49 AM

 A-2 | Appendix A

1.1 Given a scenario, analyze the security

requirements and objectives to ensure an
appropriate, secure network architecture for
a new or existing network. Covered in
Sensors
Security information and event management (SIEM)
File integrity monitoring (FIM)
Simple Network Management Protocol (SNMP) traps
NetFlow
Data loss prevention (DLP)
Antivirus
Segmentation Lesson 4, Topic B
Microsegmentation
Local area network (LAN)/virtual local area
network (VLAN)
Jump box
Screened subnet
Data zones
Staging environments
Guest environments
VPC/virtual network (VNET)
Availability zone
NAC lists
Policies/security groups
Regions
Access control lists (ACLs)
Peer-to-peer
Air gap
Deperimeterization/zero trust Lesson 4, Topic B
Cloud
Remote work
Mobile
Outsourcing and contracting
Wireless/radio frequency (RF) networks
Merging of networks from various organizations Lesson 4, Topic B
Peering
Cloud to on-premises
Data sensitivity levels
Mergers and acquisitions
Cross-domain
Federation
Directory services
Software-defined networking (SDN) Lesson 4, Topic B
Open SDN
Hybrid SDN
SDN overlay

1.2 Given a scenario, analyze the organizational

requirements to determine the proper
infrastructure security design. Covered in
Scalability Lesson 4, Topic C
Vertically
Horizontally

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 2 27/08/21 9:49 AM

 Appendix A | A-3

1.2 Given a scenario, analyze the organizational

requirements to determine the proper
infrastructure security design. Covered in
Resiliency Lesson 4, Topic C
High availability
Diversity/heterogeneity
Course of action orchestration
Distributed allocation
Redundancy
Replication
Clustering
Automation Lesson 4, Topic C
Autoscaling
Security Orchestration, Automation,
and Response (SOAR)
Bootstrapping
Performance Lesson 4, Topic C
Containerization Lesson 4, Topic C
Virtualization Lesson 4, Topic C
Content delivery network Lesson 4, Topic C
Caching Lesson 4, Topic C

1.3 Given a scenario, integrate software

applications securely into an enterprise
architecture. Covered in
Baseline and templates Lesson 5, Topic A
Secure design patterns/types of web technologies
Storage design patterns
Container APIs
Secure coding standards
Application vetting processes
API management
Middleware
Software assurance Lesson 5, Topic A
Sandboxing/development environment
Validating third-party libraries
Defined DevOps pipeline
Code signing
Interactive application security testing (IAST)
vs. dynamic application security testing (DAST)
vs. static application security testing (SAST)
Considerations of integrating enterprise Lesson 5, Topic A
applications
Customer relationship management (CRM)
Enterprise resource planning (ERP)
Configuration management system (CMS)
Integration enablers
Directory services
Domain name system (DNS)
Service-oriented architecture (SOA)
Enterprise service bus (ESB)

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 3 27/08/21 9:49 AM

 A-4 | Appendix A

1.3 Given a scenario, integrate software

applications securely into an enterprise
architecture. Covered in
Integrating security into development life cycle Lesson 5, Topic B
Formal methods
Requirements
Fielding
Insertions and upgrades
Disposal and reuse
Testing
Regression
Unit testing
Integration testing
Development approaches
SecDevOps
Agile
Waterfall
Spiral
Versioning
Continuous integration/continous
delivery (CI/CD) pipelines
Best practices
Open Web Application Security Project (OWASP)
Proper Hypertext Transfer Protocol (HTTP) headers

1.4 Given a scenario, implement data security

techniques for securing enterprise architecture. Covered in
Data loss prevention Lesson 5, Topic D
Blocking use of external media
Print blocking
Remote Desktop Protocol (RDP) blocking
Clipboard privacy controls
Restricted virtual desktop infrastructure (VDI)
implementation
Data classification blocking
Data loss detection Lesson 5, Topic D
Watermarking
Digital rights management (DRM)
Network traffic decryption/deep packet inspection
Network traffic analysis
Data classification, labeling, and tagging Lesson 5, Topic D
Metadata/attributes
Obfuscation Lesson 5, Topic D
Tokenization
Scrubbing
Masking
Anonymization Lesson 5, Topic D
Encrypted vs. unencrypted Lesson 5, Topic D

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 4 27/08/21 9:49 AM

 Appendix A | A-5

1.4 Given a scenario, implement data security

techniques for securing enterprise architecture. Covered in
Data life cycle Lesson 5, Topic D
Create
Use
Share
Store
Archive
Destroy
Data inventory and mapping Lesson 5, Topic D
Data integrity management Lesson 5, Topic D
Data storage, backup, and recovery Lesson 5, Topic D
Redundant array of inexpensive disks (RAID)

1.5 Given a scenario, analyze the security

requirements and objectives to provide the
appropriate authentication and authorization
controls. Covered in
Credential management Lesson 5, Topic C
Password repository application
End-user password storage
On premises vs. cloud repository
Hardware key manager
Privileged access management
Password policies Lesson 5, Topic C
Complexity
Length
Character classes
History
Maximum/minimum age
Auditing
Reversable encryption
Federation Lesson 5, Topic C
Transitive trust
OpenID
Security Assertion Markup Language (SAML)
Shibboleth
Access control Lesson 5, Topic C
Mandatory access control (MAC)
Discretionary access control (DAC)
Role-based access control
Rule-based access control
Attribute-based access control
Protocols Lesson 5, Topic C
Remote Authentication Dial-in User Server (RADIUS)
Terminal Access Controller Access Control System (TACACS)
Diameter
Lightweight Directory Access Protocol (LDAP)
Kerberos
OAuth
802.1X
Extensible Authentication Protocol (EAP)

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 5 27/08/21 9:49 AM

 A-6 | Appendix A

1.5 Given a scenario, analyze the security

requirements and objectives to provide the
appropriate authentication and authorization
controls. Covered in
Multifactor authentication (MFA) Lesson 5, Topic C
Two-factor authentication (2FA)
2-Step Verification
In-band
Out-of-band
One-time password (OTP) Lesson 5, Topic C
HMAC-based one-time password (HOTP)
Time-based one-time password (TOTP)
Hardware root of trust Lesson 5, Topic C
Single sign-on (SSO) Lesson 5, Topic C
JavaScript Object Notation (JSON) web token (JWT) Lesson 5, Topic C
Attestation and identity proofing Lesson 5, Topic C

1.6 Given a set of requirements, implement secure

cloud and virtualization solutions. Covered in
Virtualization strategies Lesson 6, Topic A
Type 1 vs. Type 2 hypervisors
Containers
Emulation
Application virtualization
VDI
Provisioning and deprovisioning Lesson 6, Topic A
Middleware Lesson 6, Topic A
Metadata and tags Lesson 6, Topic A
Deployment models and considerations Lesson 6, Topic A
Business directives
Cost
Scalability
Resources
Location
Data protection
Cloud deployment models
Private
Public
Hybrid
Community
Hosting models Lesson 6, Topic A
Multitenant
Single-tenant
Service models Lesson 6, Topic A
Software as a service (SaaS)
Platform as a service (PaaS)
Infrastructure as a service (IaaS)
Cloud provider limitations Lesson 6, Topic A
Internet Protocol (IP) address scheme
VPC peering

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 6 27/08/21 9:49 AM

 Appendix A | A-7

1.6 Given a set of requirements, implement secure

cloud and virtualization solutions. Covered in
Extending appropriate on-premises controls Lesson 6, Topic A
Storage models Lesson 6, Topic A
Object storage/file-based storage
Database storage
Block storage
Key-value pairs

1.7 Explain how cryptography and public key

infrastructure (PKI) support security
objectives and requirements Covered in
Privacy and confidentiality requirements Lesson 10, Topic A
Integrity requirements Lesson 10, Topic A
Non-repudiation Lesson 10, Topic A
Compliance and policy requirements Lesson 10, Topic A
Common cryptography use cases Lesson 10, Topic A
Data at rest
Data in transit
Data in process/data in use
Protection of web services
Embedded systems
Key escrow/management
Mobile security
Smart card
Common PKI use cases Lesson 10, Topic A
Web services
Email
Code signing
Federation
Trust models
VPN
Enterprise and security automation/orchestration

1.8 Explain the impact of emerging technologies

on enterprise security and privacy. Covered in
Artificial intelligence Lesson 6, Topic B
Machine learning Lesson 6, Topic B
Quantum computing Lesson 6, Topic B
Blockchain Lesson 6, Topic B
Homomorphic encryption Lesson 6, Topic B
Private information retrieval
Secure function evaluation
Private function evaluation
Secure multi-party computation Lesson 6, Topic B
Distributed consensus Lesson 6, Topic B
Big Data Lesson 6, Topic B
Virtual/augmented reality Lesson 6, Topic B

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 7 27/08/21 9:49 AM

 A-8 | Appendix A

1.8 Explain the impact of emerging technologies

on enterprise security and privacy. Covered in
3D printing Lesson 6, Topic B
Passwordless authentication Lesson 6, Topic B
Nano technology Lesson 6, Topic B
Deep learning Lesson 6, Topic B
Natural language processing
Deep fakes
Biometric impersonation Lesson 6, Topic B

2.0 Security Operations

2.1 Given a scenario, perform threat management
activities. Covered in
Intelligence types Lesson 11, Topic A
Tactical
Commodity malware
Strategic
Targeted attacks
Operational
Threat hunting
Threat emulation
Actor types Lesson 11, Topic A
Advanced persistent threat (APT)/nation-state
Insider threat
Competitor
Hacktivist
Script kiddie
Organized crime
Threat actor properties Lesson 11, Topic A
Resource
Time
Money
Supply chain access
Create vulnerabilities
Capabilities/sophistication
Identifying techniques
Intelligence collection methods Lesson 11, Topic A
Intelligence feeds
Deep web
Proprietary
Open-source intelligence (OSINT)
Human intelligence (HUMINT)
Frameworks Lesson 11, Topic A
MITRE Adversarial Tactics, Techniques, & Common
knowledge (ATT&CK)
ATT&CK for industrial control system (ICS)
Diamond Model of Intrusion Analysis
Cyber Kill Chain

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 8 27/08/21 9:49 AM

 Appendix A | A-9

2.2 Given a scenario, analyze indicators

of compromise and formulate an
appropriate response. Covered in
Indicators of compromise Lesson 12, Topic B
Packet capture (PCAP)
Logs
Network logs
Vulnerability logs
Operating system logs
Access logs
NetFlow logs
Notifications
FIM alerts
SIEM alerts
DLP alerts
IDS/IPS alerts
Antivirus alerts
Notification severity/priorities
Unusual process activity
Response Lesson 12, Topic B
Firewall rules
IPS/IDS rules
ACL rules
Signature rules
Behavior rules
DLP rules
Scripts/regular expressions

2.3 Given a scenario, perform vulnerability

management activities. Covered in
Vulnerability scans Lesson 11, Topic A
Credentialed vs. non-credentialed
Agent-based/server-based
Critically ranking
Active vs. passive
Security Content Automation Protocol (SCAP) Lesson 11, Topic A
Extensible Configuration Checklist Description Format
(XCCDF)
Open Vulnerability and Assessment Language (OVAL)
Common Platform Enumeration (CPE)
Common Vulnerabilities and Exposures (CVE)
Common Vulnerability Scoring System (CVSS)
Common Configuration Enumeration (CCE)
Asset Reporting Format (ARF)

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 9 27/08/21 9:49 AM

 A-10 | Appendix A

2.3 Given a scenario, perform vulnerability

management activities. Covered in
Self-assessment vs. third-party vendor assessment Lesson 11, Topic A
Patch management Lesson 11, Topic A
Information sources Lesson 11, Topic A
Advisories
Bulletins
Vendor websites
Information Sharing and Analysis Centers (ISACs)
News reports

2.4 Given a scenario, use the appropriate

vulnerability assessment and penetration
testing methods and tools. Covered in
Methods Lesson 11, Topic B
Static analysis
Dynamic analysis
Side-channel analysis
Reverse engineering
Software
Hardware
Wireless vulnerability scan
Software composition analysis
Fuzz testing
Pivoting
Post-exploitation
Persistence
Tools Lesson 11, Topic B
SCAP scanner
Network traffic analyzer
Vulnerability scanner
Protocol analyzer
Port scanner
HTTP interceptor
Exploit framework
Password cracker
Dependency management Lesson 11, Topic B
Requirements Lesson 11, Topic B
Scope of work
Rules of engagement
Invasive vs. non-invasive
Asset inventory
Permissions and access
Corporate policy considerations
Facility considerations
Physical security considerations
Rescan for corrections/changes

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 10 27/08/21 9:49 AM

 Appendix A | A-11

2.5 Given a scenario, analyze vulnerabilities and

recommend risk mitigations. Covered in
Vulnerabilities Lesson 12, Topic A
Race conditions
Overflows
Buffer
Integer
Broken authentication
Insecure direct object reference
Poor exception handling
Security misconfiguration
Improper headers
Information disclosure
Certificate errors
Weak cryptography implementations
Weak ciphers
Weak cipher suite implementations
Software composition analysis
Use of vulnerable frameworks and software modules
Use of unsafe functions
Third-party libraries
Dependencies
Code injections/malicious changes
End of support/end of life
Regression
Inherently vulnerable system/application Lesson 12, Topic A
Client-side processing vs. server-side processing
JSON/representational state transfer (REST)
Browser extensions
Flash
ActiveX
Hypertext Markup Language 5 (HTML5)
Asynchronous JavaSCript and XML (AJAX)
Simple Object Access Protocol (SOAP)
Machine code vs. bytecode or interpreted vs. emulated
Attacks Lesson 12, Topic A
Directory traversal
Cross-site scripting (Xss)
Cross-site request forgery (CSRF)
Injection
XML
LDAP
Structured Query Language (SQL)
Command
Process
Sandbox escape
Virtual machine (VM) hopping
VM escape
Border gateway Protocol (BGP)/route hijacking
Interception attacks
Denial-of-service (DoS)/DDoS
Authentication bypass
Social engineering
VLAN hopping

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 11 27/08/21 9:49 AM

 A-12 | Appendix A

2.6 Given a scenario, use processes to reduce risk. Covered in

Proactive and detection Lesson 11, Topic C
Hunts
Developing countermeasures
Deceptive technologies
Honeynet
Honeypot
Decoy files
Simulators
Dynamic network configurations
Security data analytics Lesson 11, Topic C
Processing pipelines
Data
Stream
Indexing and search
Log collection and curation
Database activity monitoring
Preventive Lesson 11, Topic C
Antivirus
Immutable systems
Hardening
Sandbox detonation
Application control Lesson 11, Topic C
License technologies
Allow list vs. block list
Time of check vs. time of use
Atomic execution
Security automation Lesson 11, Topic C
Cron/scheduled tasks
Bash
PowerShell
Python
Physical security Lesson 12, Topic B
Review of lighting
Review of visitor logs
Camera reviews
Open spaces vs. confined spaces

2.7 Given an incident, implement the

appropriate response. Covered in
Event classifications Lesson 12, Topic B
False positive
False negative
True positive
True negative
Triage event Lesson 12, Topic B
Preescalation tasks Lesson 12, Topic B

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 12 27/08/21 9:49 AM

 Appendix A | A-13

2.7 Given an incident, implement the

appropriate response. Covered in
Incident response process Lesson 12, Topic B
Preparation
Detection
Analysis
Containment
Recovery
Lessons learned
Specific response playbooks/processes Lesson 12, Topic B
Scenarios
Ransomware
Data exfiltration
Social engineering
Non-automated response methods
Automated response methods
Runbooks
SOAR
Communication plan Lesson 12, Topic B
Stakeholder management Lesson 12, Topic B

2.8 Explain the importance of forensic concepts. Covered in

Legal vs. internal corporate purposes Lesson 12, Topic C
Forensic process Lesson 12, Topic C
Identification
Evidence collection
Chain of custody
Order of volatility
Memory snapshots
Images
Cloning
Evidence preservation
Secure storage
Backups
Analysis
Forensics tools
Verification
Presentation
Preescalation tasks Lesson 12, Topic C
Integrity preservation Lesson 12, Topic C
Hashing
Cryptanalysis Lesson 12, Topic C
Steganalysis Lesson 12, Topic C

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 13 27/08/21 9:49 AM

 A-14 | Appendix A

2.9 Given a scenario, use forensic analysis tools. Covered in

File carving tools Lesson 12, Topic C
Foremost
Strings
Binary analysis tools Lesson 12, Topic C
Hex dump
Binwalk
Ghidra
GNU Project debugger (GDB)
OllyDbg
readelf
objdump
strace
Idd
file
Analysis tools Lesson 12, Topic C
ExifTool
Nmap
Aircrack-ng
Volatility
The Sleuth Kit
Dynamically vs. statically linked
Imaging tools Lesson 12, Topic C
Forensic Toolkit (FTK) Imager
dd
Hashing utilities Lesson 12, Topic C
sha256sum
ssdeep
Live collection vs. post-mortem tools Lesson 12, Topic C
netstat
ps
vmstat
Idd
Isof
netcat
tcpdump
conntrack
Wireshark

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 14 27/08/21 9:49 AM

 Appendix A | A-15

3.0 Security Engineering and Cryptography

3.1 Given a scenario, apply secure configurations
to enterprise mobility. Covered in
Managed configurations Lesson 7, Topic A
Application control
Password
MFA requirements
Token-based access
Patch repository
Firmware Over-the-Air
Remote wipe
WiFi
WiFi Protected Access (WPA2/3)
Device certificates
Profiles
Bluetooth
Near-field communication (NFC)
Peripherals
Geofencing
VPN settings
Geotagging
Certificate management
Full device encryption
Tethering
Airplane mode
Location services
DNS over HTTPS (DoH)
Custom DNS
Deployment scenarios Lesson 7, Topic A
Bring your own device (BYOD)
Corporate-owned
Corporate owned, personally enabled (COPE)
Choose your own device (CYOD)
Security considerations Lesson 7, Topic A
Unauthorized remote activation/deactivation
of devices or features
Encrypted and unencrypted communication
concerns
Physical reconnaissance
Personal data theft
Health privacy
Implications of wearable devices
Digital forensics of collected data
Unauthorized application stores
Jailbreaking/rooting
Side loading
Containerization
Original equipment manufacturer (OEM) and
carrier differences
Supply chain issues
eFuse

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 15 27/08/21 9:49 AM

 A-16 | Appendix A

3.2 Given a scenario, configure and implement

endpoint security controls. Covered in
Hardening techniques Lesson 7, Topic B
Removing unneeded services
Disabling unused accounts
Images/templates
Remove end-of-life devices
Remove end-of-support devices
Local drive encryption
Enable no execute (NX)/execute never (XN) bit
Disabling central processing unit (CPU)
virtualization support
Secure encrypted enclaves/memory encryption
Shell restrictions
Address space layout randomization (ASLR)
Processes Lesson 7, Topic B
Patching
Firmware
Application
Logging
Monitoring
Mandatory access control Lesson 7, Topic B
Security-Enhanced Linux
(SELinux)/Security-Enhanced
Android (SEAndroid)
Kernel vs. middleware
Trustworthy computing Lesson 7, Topic B
Trusted Platform Module (TPM)
Secure Boot
Unified Extensible Firmware Interface (UEFI)/basic
input/output system (BIOS) protection
Attestation services
Hardware security module (HSM)
Measured boot
Self-encrypting drives (SEDs)
Compensating controls Lesson 7, Topic B
Antivirus
Application controls
Host-based intrusion detection system
(HIDS)/Host-based intrusion prevention
system (HIPS)
Host-based firewall
Endpoint detection and response (EDR)
Redundant hardware
Self-healing hardware
User and entity behavior analytics (UEBA)

3.3 Explain security considerations impacting

specific sectors and operational technologies. Covered in
Embedded Lesson 8, Topic B
Internet of Things (IoT)
System on a chip (SoC)
Application-specific integrated circuit (ASIC)
Field-programmable gate array (FPGA)

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 16 27/08/21 9:49 AM

 Appendix A | A-17

3.3 Explain security considerations impacting

specific sectors and operational technologies. Covered in
ICS/supervisory control and data acquisition (SCADA) Lesson 8, Topic B
Programmable logic controller (PLC)
Historian
Ladder logic
Safety instrumented system
Heating, ventilation, and air conditioning (HVAC)
Protocols Lesson 8, Topic B
Controller Area Network (CAN) bus
Modbus
Distributed Network Protocol 3 (DNP3)
Zigbee
Common Industrial Protocol (CIP)
Data distribution service
Sectors Lesson 8, Topic B
Energy
Manufacturing
Healthcare
Public utilities
Public services
Facility services

3.4 Explain how cloud technology adoption

impacts organizational security. Covered in
Automation and orchestration Lesson 8, Topic A
Encryption configuration Lesson 8, Topic A
Logs Lesson 8, Topic A
Availability
Collection
Monitoring
Configuration
Alerting
Monitoring configurations Lesson 8, Topic A
Key ownership and location Lesson 8, Topic A
Key life cycle management Lesson 8, Topic A
Backup and recovery methods Lesson 8, Topic A
Cloud as business continuity and disaster
recovery (BCDR)
Primary provider BCDR
Alternative provider BCDR
Infrastructure vs. serverless computing Lesson 8, Topic A
Application virtualization Lesson 4, Topic C
Software-defined networking Lesson 4, Topic B
Misconfigurations Lesson 8, Topic A
Collaboration tools Lesson 8, Topic A
Storage configurations Lesson 8, Topic A
Bit splitting
Data dispersion
Cloud access security broker (CASB) Lesson 8, Topic A

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 17 27/08/21 9:49 AM

 A-18 | Appendix A

3.5 Given a business requirement, implement the

appropriate PKI solution. Covered in
PKI hierarchy Lesson 10, Topic B
Certificate authority (CA)
Subordinate/intermediate CA
Registration authority (RA)
Certificate types Lesson 10, Topic B
Wildcard certificate
Extended validation
Multidomain
General purpose
Certificate usages/profiles/templates Lesson 10, Topic B
Client authentication
Server authentication
Digital signatures
Code signing
Extensions Lesson 10, Topic B
Common name (CN)
Subject Alternate Name (SAN)
Trusted providers Lesson 10, Topic B
Trust model Lesson 10, Topic B
Cross certification Lesson 10, Topic B
Configure profiles Lesson 10, Topic B
Life cycle management Lesson 10, Topic B
Public and private keys Lesson 10, Topic B
Digital signature Lesson 10, Topic B
Certificate pinning Lesson 10, Topic B
Certificate stapling Lesson 10, Topic B
Certificate signing requests (CSRs) Lesson 10, Topic B
Online Certificate Status Protocol (OCSP) vs. Lesson 10, Topic B
certificate revocation list (CRL)
HTTP Strict Transport Security (HSTS) Lesson 10, Topic B

3.6 Given a business requirement, implement

the appropriate cryptographic protocols
and algorithms. Covered in
Hashing Lesson 9, Topic A
Secure Hashing Algorithm (SHA)
Hash-based message authentication code (HMAC)
Message digest (MD)
RACE integrity primitives evaluation message
digest (RIPEMD)
Poly1305

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 18 27/08/21 9:49 AM

 Appendix A | A-19

3.6 Given a business requirement, implement

the appropriate cryptographic protocols
and algorithms. Covered in
Symmetric algorithms Lesson 9, Topic A
Modes of operation
Galois/Counter Mode (GCM)
Electronic codebook (ECB)
Cipher block chaining (CBC)
Counter (CTR)
Output feedback (OFB)
Stream and block
Advanced Encryption Standards (AES)
Triple digital encryption standard (3DES)
ChaCha
Salsa20
Asymmetric algorithms Lesson 9, Topic B
Key agreement
Diffie-Hellman
Elliptic-curve Diffie-Hellman (ECDH)
Signing
Digital signature algorithm (DSA)
Rivest, Shamir, and Adleman (RSA)
Elliptic-curve digital signature algorithm (ECDSA)
Protocols Lesson 9, Topic B
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
Internet Protocol Security (IPSec)
Secure Shell (SSH)
EAP
Elliptic curve cryptography Lesson 9, Topic B
P256
P384
Forward secrecy Lesson 9, Topic B
Authenticated encryption with associated data Lesson 9, Topic B
Key stretching Lesson 9, Topic B
Password-based key derivation function 2 (PBKDF2)
Bcrypt

3.7 Given a scenario, troubleshoot issues with

cryptographic implementations. Covered in
Implementation and configuration issues Lesson 10, Topic B
Validity dates
Wrong certificate type
Revoked certificates
Incorrect name
Chain issues
Invalid root or intermediate CAs
Self-signed
Weak signing algorithm
Weak cipher suite
Incorrect permissions
Cipher mismatches
Downgrade

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 19 27/08/21 9:49 AM

 A-20 | Appendix A

3.7 Given a scenario, troubleshoot issues with

cryptographic implementations. Covered in
Keys Lesson 10, Topic B
Mismatched
Improper key handling
Embedded keys
Rekeying
Exposed private keys
Crypto shredding
Cryptographic obfuscation
Key rotation
Compromised keys

4.0 Governance, Risk, and Compliance

4.1 Given a set of requirements, apply the
appropriate risk strategies. Covered in
Risk assessment Lesson 1, Topic A
Likelihood
Impact
Qualitative vs. quantitative
Exposure factor
Asset value
Total cost of ownership (TCO)
Return on investment (ROI)
Mean time to recovery (MTTR)
Mean time between failure (MTBF)
Annualized loss expectancy (ALE)
Annualized rate of occurrence (ARO)
Single loss expectancy (SLE)
Gap analysis
Risk handling techniques Lesson 1, Topic A
Transfer
Accept
Avoid
Mitigate
Risk types Lesson 1, Topic A
Inherent
Residual
Exceptions
Risk management life cycle Lesson 1, Topic B
Identify
Assess
Control
People
Process
Technology
Protect
Detect
Respond
Restore
Review
Frameworks

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 20 27/08/21 9:49 AM

 Appendix A | A-21

4.1 Given a set of requirements, apply the

appropriate risk strategies. Covered in
Risk tracking Lesson 1, Topic B
Risk register
Key performance indicators
Scalability
Reliability
Availability
Key risk indicators
Risk appetite vs. risk tolerance Lesson 1, Topic B
Tradeoff analysis
Usability vs. security requirements
Policies and security practices Lesson 1, Topic B
Separation of duties
Job rotation
Mandatory vacation
Least privilege
Employment and termination procedures
Training and awareness for users
Auditing requirements and frequency

4.2 Explain the importance of managing and

mitigating vendor risk. Covered in
Shared responsibility model (roles/responsibilities) Lesson 1, Topic C
Cloud service provider (CSP)
Geographic location
Infrastructure
Compute
Storage
Networking
Services
Client
Encryption
Operating systems
Applications
Data
Vendor lock-in and vendor lockout Lesson 1, Topic C
Vendor viability Lesson 1, Topic C
Financial risk
Merger or acquisition risk
Meeting client requirements Lesson 1, Topic C
Legal
Change management
Staff turnover
Device and technical configurations
Support availability Lesson 1, Topic C
Geographical considerations Lesson 1, Topic C
Supply chain visibility Lesson 1, Topic C
Incident reporting requirements Lesson 1, Topic C

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 21 27/08/21 9:49 AM

 A-22 | Appendix A

4.2 Explain the importance of managing and

mitigating vendor risk. Covered in
Source code escrows Lesson 1, Topic C
Ongoing vendor assessment tools Lesson 1, Topic C
Third-party dependencies Lesson 1, Topic C
Code
Hardware
Modules
Technical considerations Lesson 1, Topic C
Technical testing
Network segmentation
Transmission control
Shared credentials

4.3 Explain compliance frameworks and legal

considerations, and their organizational impact. Covered in
Security concerns of integrating diverse industries Lesson 2, Topic A
Data considerations Lesson 2, Topic A
Data sovereignty
Data ownership
Data classifications
Data retention
Data types
Health
Financial
Intellectual property
Personally identifiable information (PII)
Data removal, destruction, and sanitization
Geographic considerations Lesson 2, Topic A
Location of data
Location of data subject
Location of cloud provider
Third-party attestation of compliance Lesson 2, Topic A
Regulations, accreditations, and standards Lesson 2, Topic B
Payment Card Industry Data Security Standard (PCI DSS)
General Data Protection Regulation (GDPR)
International Organization for Standardization (ISO)
Capability Maturity Model Integration (CMMI)
National Institute of Standards and Technology (NIST)
Children’s Online Privacy Protection Act (COPPA)
Common Criteria
Cloud Security Alliance (CSA) Security Trust Assurance
and Risk (STAR)
Legal considerations Lesson 2, Topic C
Due diligence
Due care
Export controls
Legal holds
E-discovery

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 22 27/08/21 9:49 AM

 Appendix A | A-23

4.3 Explain compliance frameworks and legal

considerations, and their organizational impact. Covered in
Contract and agreement types Lesson 2, Topic C
Service-level agreement (SLA)
Master service agreement (MSA)
Non-disclosure agreement (NDA)
Memorandum of understanding (MOU)
Interconnection security agreement (ISA)
Operational-level agreement
Privacy-level agreement

4.4 Explain the importance of business continuity

and disaster recovery concepts. Covered in
Business impact analysis Lesson 3, Topic A
Recovery point objective
Recovery time objective
Recovery service level
Mission essential functions
Privacy impact assessment Lesson 3, Topic A
Disaster recovery plan (DRP)/business continuity Lesson 3, Topic B
plan (BCP)
Cold site
Warm site
Hot site
Mobile site
Incident response plan Lesson 12, Topic B
Roles/responsibilities
After-action reports
Testing plans Lesson 3, Topic C
Checklist
Walk-through
Tabletop exercises
Full interruption test
Parallel test/simulation test

Appendix A: Mapping Course Content to CompTIA Certification

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 23 27/08/21 9:49 AM

LICENSED FOR USE ONLY BY: MICHAEL LOPUT · 56581152 · JUL 22 2024

CAS-004_Appendix_ppA1-A24.indd 24 27/08/21 9:49 AM