CASP+ Sneak Peek May 4, 2021

Stephen Schneiter

Administrator
Staff member
  • Nov 26, 2018
    707
    6
    2,685
    95,121
    Knoxville, TN
    The next release for CompTIA CASP+ will be available in August of 2021. Join the CompTIA Instructor Network and special guests @Lee McWhorter and Patrick Lane as they take a Sneak Peek into changes with the new exam vs. the current version. We will discuss how to cover the content with students and suggest various labs to let students gain hands-on experience as they prepare for certification.

    What: two-hour webinar investigating updated certification
    When: Thursday May 4st 10:00 a.m. CST
    Where: ON24
    Who: Lee McWhorter, Covered6
    Registration: http://bit.ly/CASPPlus004-SP


    06689 CIN Webinar Banners-06.pngCASPplus Logo R(1).png
     
    Hey Tess, Did you attend the sneak peek? There is a survey link to possibly be invited to take the CASP+ beta.
    Thanks! That got sorted out with thanks to our friendly neighborhood Spiderman @Stephen Schneiter .

    I was in the sneak peek, but the survey link also stipulates US-residents only. That's one of the reasons I didn't get in to begin with :) But Stephen was awesome (still is) and helped me out.
     
    Thanks! That got sorted out with thanks to our friendly neighborhood Spiderman @Stephen Schneiter .

    I was in the sneak peek, but the survey link also stipulates US-residents only. That's one of the reasons I didn't get in to begin with :) But Stephen was awesome (still is) and helped me out.
    That is fantastic news. Glad to hear.
     
    Here's a few things I took away from the CAS-004 beta.

    • On MacOS the instruction on PBQs (performance based questions) to ctrl-click for multiple selections does not work. On MacOS that is a right-click. The usual replacement cmd-click also did not work. The proctor did not have a solution for me, so questions that require multiple selections on MacOS are an automatic (partial) fail. @Stephen Schneiter this is something we REALLY have to take up with CompTIA and PV.
    • There was a post-exploit question about persistence where "the attacker got root on windows". That by and of itself is an error, but it muddied the whole question: should I look for Unix-based answers, or Windows? Because which part of the question was wrong? Windows, or root?
    • There was a question about SSH access log analysis, which did not show the actual logging. There was a question, there was a bit of explanation, but the actual logs were not shown.
    • Many questions were frustrating to parse: the language or formulation used, made it hard to piece together the situation / question. Some questions I had to reread five times.
    • Many questions about vulnerabilities focus on "input validation" as the "correct, best solution". In many cases it is not. For SQLi, it's parametrized queries. For XXE, it's disabling unsafe features and settings like external entity parsing.
    • A good thing: no questions stood out as being out-dated. There's no antiquated stuff and plenty of cloud.