New Insights for the CASP+ CAS-004 Exam

By Bob Weiss

I just took the new CASP+ CAS-004 Exam on March 14.  This exam is an unscored pass/fail exam.  I passed.  There were very many questions where the feeling was “when did we ever learn about this.”   I’m an instructor for this course, and several others.  So the moral of the story, let go of your negative feelings of uncertainty and failure.  You ARE prepared, even if the subjects in the questions seem unfamiliar.  Read the scenario, read the question, pick an answer.  Go with your first answer.  Don’t overthink it, and don’t second guess yourself.  Never ever change an answer, the first impression is the good answer almost always.

This post is an accumulation over time, and I am adding new content as it happens.  Also, check me out on Reddit.  https://www.reddit.com/r/CompTIA/comments/te8i8y/i_just_passed_the_casp_cas004_exam/ 

[Bob says: As of July 13 2022 there is more information on the Linux Forensics Simulation and also the usual Question1 PBQ.  Read all the way to the end, and check the comments for deeper insights. The newest bits are at the bottom.]

There was only one Performance-Based-Question (PBQ) and it was the first one on the exam.  The one I had was a Business Continuity/Disaster Recovery scenario.  There was a network map of two offices connected by a VPN, and a number of different hosts at each location.  In the scenario, there was a disaster at Location A.  There were three “findings” about certain situations that weren’t working correctly, and I had to match each finding to one or more devices.  One of the findings also required I choose a mitigation from a drop-down list.  I did not think this was overly hard, although I did reset the board 3 times before settling on my 4th answer set.  Usually I wait to do the PBQs at the end, but this one seemed simple enough so I just completed  PBQ1 and moved on.

Then there was a “Virtual Environment” question.  These are different, I have not seen one like this.  You HAVE to answer it in the order you get it, if you skip it you can’t go back. and you get no points.  Once you have answered it, you can’t go back either.  My Virtual question gave me a simulated Linux Ubuntu desktop.  The scenario was that this system was maliciously breached, and had been repaired, but there is concern by the security tech that there is a malicious TCP process still running, and your job it to find it, identity it, disable it, and kill it.  All in the constrains of the Ubuntu terminal window.  You definitely need to know your Linux commands for this one.  This is similar to the PBQ 1-3 listed below

To get good practice in Linux, I would recommend installing Kali Linux as a virtual machine, and learning how to work at the terminal window.

There was a lot of emphasis on Business Continuity/Disaster Recovery, Cloud, Authentication, and Software Security.

If you have taken this exam recently and wish to contribute some of your experiences, I would add them to this article.


Here are some tips on the Performance Based Questions (PBQ) from the CAS-003.  They may be out of date, but in my experience these PBQ questions hang around for a while.  These come from Quizlethttps://quizlet.com/it/513316332/casp-cas-003-performance-based-questions-flash-cards/  These are offered as examples, not verbatim copies of actual exam questions.


PBQ 1 Part 1 As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit. This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server and it does not need to print. You need to disable and turn off unrelated services and processes. What command would you use to check the configuration

chkconfig –list


PBQ  1Part 2 As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit. This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server and it does not need to print. You need to disable and turn off unrelated services and processes. What services would you need to disable to accomplish this

httpd
mysqld
lpd
bluetooth
wpa supplicant


PBQ 1 Part 3 As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit. This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server and it does not need to print. You need to disable and turn off unrelated services and processes. After you have stopped the service using the service “service” stop command, what needs to be done?

You need to kill the process. first type ps -A, this list all the processing running, find the service you want to kill and do so by command kill -9 262 (example) the 262 is the id number associated with the service


PBQ 2 Part 1 An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. What is your first step

Out of the six downloads, some may be http and others https. Use only the Https


PBQ 2 Part 2 An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. When downloading the patch, move on if you get these errors

the file does not download in a reasonable amount of time or you get a certificate warning


PBQ 2 Part 3 An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. If a file downloads uneventfully, how would you check the hash of that file to the control hash given?

type md5sum install.exe and hit enter to compare that hash to the control hash given. md5sum should a directory in the directory your in (C:\Downloads directory). install.exe is the file you downloaded from the patch site and should also be in the same directory as md5sum directory


PBQ 2 Part 4 An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. If you find the file that matches the control hash given on the download center site, how would you install that patch?

make sure that correct file is in the downloads directory and you are in the downloads directory and just type install.exe


Check out this chat of mine on Reddit – https://www.reddit.com/r/CompTIA/comments/te8i8y/i_just_passed_the_casp_cas004_exam/


Added on 2022-06-28 – Searching YouTube using CAS-004 Forensic Linux Sim I did find a two hour video tutorial on Linux Forensics at https://www.youtube.com/watch?v=HTEj8UY2TA8. I am watching it now. Some of this content may be useful in understanding the process that is being tested in the Sim.


Question from a test taker about the Simulated Virtual Environment question

I have to be careful here, I can provide guidance but not explicit information.  Conversation follows.

M – We were just talking on Reddit. I remember the exercise almost verbatim but I don’t want to make you feel uncomfortable with non-disclosure etc. But if you have any insight or tools to help me learn command line quickly or what to look for I think I can pass the rest. I’m fairly certain the exercise is what held me back. Let me know and I can send it to you. Also looking forward to reading your blog tomorrow.

Bob – Ok so you have some work ahead of you but not a lot.  You need a few Linux command line tools

First step is to get a copy of Linux on a computer.  Easiest way is to set up a virtual machine.  I have a VM of Kali Linux I use for all sorts of security work.  But Ubuntu would be the distro on the test.  Ever set up a VM?

I use Virtual Box.  It is free.  Got to virtualbox.org.  Download and install.  After that install the Extension Pack

Then go to Kali.org or ubuntu.com.  I know Kali better.  But they are both Debian Linux distros.  In Kali, choose the Virtual Machine option, and then download the VirtualBox option.  Save it where you can find it, then open Virtual Box and go to File, Import Appliance, and then find your download and you are done.

Let me know if you get it working.  Or let me know if you already have done this.

M- Thank you for sending, tried to download Kali but I don’t have enough space on my computer its just a basic acer. trying to find a better option

Bob- Ah too bad.  You could make a bootable USB drive to get around that problem, look lower on the Kali downloads page.  Unfortunately you can’t flip back and forth between the windows host OS and the Kali virtual OS.  You boot into the drive and its all Kali all the time.

I’ll send you a list of commands to learn, just need some time to pull them together.

Here are some Linux Command to learn  Linux Commands

At the beginning of the question the test offers suggestions about what Linux commands may be useful in this question.  Take the hint.  Write the commands on your note card.  You will be using them.

If you need help try the man command.  For instance, man netstat shows available commands in netstat..  Press q to quit or exit.  Generally speaking Windows help or Linux man information is available in the testing environment.  Not sure?  Get help!

One command you might need for this question is netstat  This will show a running list of TCP connections.  I opened my website at http://wyzguyscybersecurity.com.  It shows up on the first line in the image below.

You can see all the other TCP connections.  You will have to scroll back to the top of this report, as it goes on for several pages.

Another command you may need is ps.  This will show you the process IDs for all running processes.  Try to find the rogue process in question.  Here is the man page.

Here’s the man page for the service command

Let’s try the command service –status-all.  You should see a list of running services.  If we were trying to stop a rouge service named rogue type service rogue stop

The kill command will kill the rogue service.  Do so by command kill -9 262 (example) where 262 is the id number associated with the service.  Of course you will use the process ID you identified earlier.

This question will take a lot of time in the middle of the exam, but it is a must do with no backs. So practice makes perfect here.  Find your way by practicing on the Kali Linux VM you created earlier.


2022-07-12

One of the test takers I am talking with has failed the CAS-004 a total of four times now.  He is thinking that it Sim is causing him to fail, but I think he has the Sim process pretty well figured out, and I suggested that he might be only a few points from passing, and that his missing point may lie elsewhere in the test.  No guarantees on this solution, this is just what he is doing.  The email string between us follows below:

TESTER: FYI, I have had the same sim question every time, all 4.

The Linux question has two parts,  first you have a rogue tcp process and second you need to find a keep a malicious service (called malicious.service) from restarting.

The steps I took were as follows:

  • netstat -nalp to find the tcp process, there was only one established process like port 50200 to 1337,
  • lsof -i :50200, found the pid which was something like 2430
  • kill -9 2430
  • used systemctl to find the malicious.service
  • systemctl stop malicious.service
  • systemctl disable malicious.service
  • I did find the malicious.service in /etc/systemd/system and deleted it with elevated privileges
  • I rebooted twice and the tcp process or the malicious service never came back.

I figured that I answered the questions correctly and the service never came back.

In talking with a guy that I work with that knows linux much better than I do, he said that maybe the question is not written great and you need to do more.

He suggested before I kill the tcp process that I find out the location of the exe. Possibly in usr/bin or somewhere else and then kill the process and remove the exe before I stop and disable the malicious.service?  He said that deleting the malicious.service that I found in the etc/systemd/system probably isn’t what was necessary to pass the test?

My response:

That process looks pretty solid to me.  I like your colleague’s suggestion, so I would try that next time.

From the feedback I have been getting, it seems there is a malicious file to find and remove.  Presumably named whatever the process was named.  I think there is a list command (ls) that search iteratively through the nested file structure that uses the ../../../ filename structure.   Type the ls .. command to list the contents of the parent directory one level above. Use ls ../.. for contents two levels above:  See the article on the ls command at https://www.freecodecamp.org/news/the-linux-ls-command-how-to-list-files-in-a-directory-with-options

I believe that the sim is not all or nothing type scoring, that you get partial credit for getting most of the process right.  I could be wrong, but I believe that is the case with the standard PBQs, too.

There is a possibility you are missing points in the multiple choice questions.   Since this is Pass/Fail, you may be very close to a pass, and just need one or two more answers.  Pay close attention to questions that have more than one correct answer, make sure you choose the answer that is “BEST” in relation to the scenario and the question.  For example, there is a scenario, a question, and three of the four answers are correct from a certain perspective.  Make sure the answer you choose is the most specific for the question.  If there is a n answer that is generally correct, and an answer that is specifically correct, choose wisely.  Often the most specific solution is the best one.

Are you taking this test as a home proctored exam?  I have heard horror stories galore about overzealous proctors invalidating  your test results.  If this applies to you, go to a testing center next time


2022-07-13

CAS-004 PBQ Solution

A contributor provided this solution for the PBQ that is usually Question 1 on the exam.  This is NOT the dreaded Linux Simulation, just the standard PBQ.  Never the less, from a scoring stand point this is important.  If you are failing, you may be missing THIS question, and doing fine on the Sim.  You can skip and return to finish it later but now you may not need to.  These images are from a practice exam source, not my own.  Again, I am just curating information that can be found on the web or on commercial test prep resources.

Click on the images to make them bigger.

The Question

 

The Answer

The contributor dug a little deeper on the web and found another answer for the drag and drop.  The directory server is #1, the SCADA master controller is #2 and the VPN concentrator is #3.

Bob says – I removed the Answer image since the information on the illustration was incorrect.  The  answers given were #1 VPN Concentrator (wrong), #2 Pumps (wrong), #3 Directory Server (wrong).  If you are using this practice test, please do not rely on the answers shown.  The practice test is from Exam-Labs

Another contributor adds: For the PBQ, with the wrong selections from before, there was another step. After dragging the 3 selections, you also had to click on Directory Server, and choose from a drop down list of 8-9 choices of WHAT you were doing with that directory server.


 

96

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Comments

  1. First Last  April 12, 2022

    Very helpful post! I’m planning to take the CASP+ exam here soon (mostly because I do not have the experience requirements for the CISSP). My company pays for my training, and voucher so I was looking to buy the high end CompTIA training bundle for this with all the labs which I think will help a lot. Any suggestions on study materials besides the CISSP Boson materials you mentioned on reddit?

    reply
  2. bobwyzguy  April 12, 2022

    Hello First Last!

    First, good luck with your studies and pending exam.

    I would recommend taking the CISSP after passing the CASP while it is still fresh in your mind. You can be an Associate of the (ISC)2 and upgrade to full certification status when you get the 5 years squared away.

    There are many resources you could use. This article is really focusing on the CISSP, but much of the material is good study material for the CASP, CySA, Security+. even the Pentest+ or CEH Check this out https://wyzguyscybersecurity.com/comments-on-the-cissp-computer-adaptive-exam/

    You can contact me at bob@wyzguys.com. I am available for tutoring this exam if you are interested.

    reply
  3. Manny Lima  April 20, 2022

    Wish I saw this before taking the exam. I had no idea this question was coming and had to skip it and I failed the exam. I had all the multiple-choice questions memorized but yet I still somehow failed. Are these lab questions worth a lot of points/

    reply
  4. Manny Lima  April 20, 2022

    This was in regard to the Linux TCP virtual environment

    reply
  5. bobwyzguy  April 20, 2022

    Yes the Performance Based Questions and especially (I think) the Simulated Question carries a lot of weight on the exam. I think failing or not responding to the Sim Q pretty much guarantees a fail.

    On thing that most test takers don’t know is that HELP is available. If your PBQ or SimQ has a command window or terminal window, you can invoke help (such as ipconfig /?) and the help files will open, but JUST THE COMMANDS YOU NEED FOR THE TEST QUESTION. So if you are at the C prompt, just typing help or the ? will show you the commands that are necessary for the question. Not all the help, just what is covered on the question. This is a huge clue.

    If you are in Linux, the man (Manual) pages are available. Again, just the ones you need for the exam. question.

    reply
  6. Manny Lima  April 20, 2022

    This was my results: Which sections do you think were the virtual exam? My guess Section 1-3?

    You incorrectly answered one or more questions in the following objective areas:
    1.1 Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.
    1.2 Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.
    1.3 Given a scenario, integrate software applications securely into an enterprise architecture.
    1.4 Given a scenario, implement data security techniques for securing enterprise architecture.
    1.5 Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.
    1.6 Given a set of requirements, implement secure cloud and virtualization solutions.
    1.7 Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.
    2.1 Given a scenario, perform threat management activities.
    2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.
    2.4 Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.
    2.5 Given a scenario, analyze vulnerabilities and recommend risk mitigations.
    2.6 Given a scenario, use processes to reduce risk.
    2.9 Given a scenario, use forensic analysis tools.
    3.1 Given a scenario, apply secure configurations to enterprise mobility.
    3.2 Given a scenario, configure and implement endpoint security controls.
    3.3 Explain security considerations impacting specific sectors and operational technologies.
    3.4 Explain how cloud technology adoption impacts organizational security.
    3.5 Given a business requirement, implement the appropriate PKI solution.
    3.6 Given a business requirement, implement the appropriate cryptographic protocols and algorithms.
    3.7 Given a scenario, troubleshoot issues with cryptographic implementations.
    4.1 Given a set of requirements, apply the appropriate risk strategies.
    4.2 Explain the importance of managing and mitigating vendor risk.
    4.3 Explain compliance frameworks and legal considerations, and their organizational impact.
    4.4 Explain the importance of business continuity and disaster recovery concepts

    reply
  7. bobwyzguy  April 21, 2022

    Yes you could be on the right track. I checked Reddit for more comments about CAS-004 but were not finding much.

    reply
  8. ROG141  April 22, 2022

    Today i taked the CAS-004 for the error i skip the “Simulated Virtual Environment” i cant return to SIM, for that i failed the exam, the test have 81 question, Sad but true 🙁

    reply
    • bobwyzguy  May 23, 2022

      CompTIA does explain that there is no going back on the Sim. Do your best, don’t skip it.

      reply
  9. Sam  May 27, 2022

    I just failed casp+ and that simulation was a bummer. I spent 10+ minutes on it and hit next thinking I could go back but forgot that I couldn’t.

    I tried to find the malicious connection but idk what to look for? Was it supposed to be obvious like hackerDomain and is the process supposed to be obvious too?

    I had the disaster recovery but I totally did not understand what it’s wanting me to do. I am so bummed out!

    The multiple questions were sooo hard. All the studying I did seemed very useless.

    reply
  10. bobwyzguy  May 28, 2022

    The malicious process could be consuming large amounts of system resources especially processor and RAM (memory) PS should reveal that.

    Yes a process name that seems wrong, or a process that has a similar name to a correct process would be suspicious.

    You have to stop the process in PS and then kill it

    Most people do not know Linux well, so more time on a Linux system would help

    reply
  11. First  June 20, 2022

    Finally took the CASP+, couldn’t find the rogue process with ps but was able to disable the service. Nothing was glaringly obvious to me. Going to study Jason Dion’s materials and try again I suppose as maybe I can get partial credit for the SIM and attempt to get perfect on the multiple choice.

    reply
  12. John  June 24, 2022

    I took the CASP+ 004 and I struggled most with the virtual environment. I cloud not find any malicious processes and I used all commands such as ps, ss, netstat, and top, and I could not use commands like systemctl, service, and kill. Some of the questions were a bit iffy but I believe I was dragged by the virtual environment. I think the question is very misleading.

    reply
  13. no cow  June 27, 2022

    I am taking CASP this week and I am familiar with Ubuntu. I am curious if they strictly test on Linux? I know some commands are different such as the chkconfig on ubuntu is update-rc.d. Thanks for the info!

    reply
  14. bobwyzguy  June 27, 2022

    The Sim is all Linux. The Other PBQs could be on several things.

    reply
  15. Tom  June 28, 2022

    Yesterday was fail 3 for me. I know that I answered at least 76 of the multiple choice questions correct and thought I maybe passed the virtual linux question but I guess I didn’t. This has been the same for the other 2 tests…..strong on the multiple choice not on the virtual linux. I don’t know how they can put so much emphasis on one question when none of the training covered it?

    reply
  16. bobwyzguy  June 28, 2022

    First, I admire your persistence. It seems like the Simulation on Linux is tripping up many test takers. I am convince that you need a Linux installation like a Virtual Machine to learn the use of some of the commands that are necessary for this question.. If you believe the question is too difficult or unfair, you should probably open a case with CompTIA about it, but I wouldn’t expect much. If enough testers complain, maybe the Sim will be replaced with something a little easier to pass.

    reply
  17. Tom  June 28, 2022

    I installed Virtualbox and have an Ubuntu VM running. I have been practicing using netstat to show a process that doesn’t look correct, finding the pid and killing it. I am lacking at finding a malicious service and knowing what to do to prevent it from running again. I have been trying to figure out what looks right or wrong in crontab and several other things but I can’t seem to put everything together. Can you name a resource free or not that would help me? Thanks Bob.

    reply
  18. bobwyzguy  June 28, 2022

    As to how to find the malicious file, I would expect the file name to be the process name. It may take some looking to find where it is lodged in the system files, but there is an iterative search parameter of the ls command that uses ./././. that will parse the entire file tree. Another ls command will show the file path

    I went looking for other practice resources and especially YouTube videos in the CAS-004 Linux Sim. It seems that some sources are calling this a Forensics SIM, which it is. Another term to add to your search.

    I found something interesting at https://www.certification-questions.com/comptia-exam/cas-004-dumps.html that some of their content was taken down over DMCA conflicts. Sounds like CompTIA wasn’t happy that someone was revealing the solution to the sim (perhaps).

    My exploration of YouTube today revealed nothing specific to the Sim, just a lot of trainers and training companies selling their certification wares.

    Searching YouTube using CAS-004 Forensic Linux Sim I did find a two hour video tutorial on Linux Forensics at https://www.youtube.com/watch?v=HTEj8UY2TA8. I am watching it now. Some of this content may be useful in understanding the process that is being tested in the Sim. This is a lecture from what I assume to be a college class. He uses a lot of third party tools that aren’t part of the exam, so I am not sure how helpful this will be

    We need to hear from people who passed and are willing to share some insights. I am not looking for the answer, which would be a violation of the CompTIA NDA, just some help with the questions other test takers are asking

    reply
  19. First Last  July 8, 2022

    The problem with the SIM is that the process is nothing glaringly obvious unless you are very familiar with what is normally running on Linux. I created a Kali Linux VM and a Ubuntu VM and I’ve stared at these processes trying to familiarize myself with them for awhile now. Hoping to take the test again this weekend or next and will report back if I pass. The first time I took it I could find the persistent service but could not associate a PID with it unfortunately. Honestly there is too much time on this test. I was done with an hour left and that was after reviewing everything once through. I highly suggest anyone taking this test to spend 30 minutes or more on the SIM.

    reply
  20. VeryFrustrated  July 14, 2022

    I failed my first attempt at the end of June. I tested again yesterday.
    I received many of the same questions from the first attempt, and some new ones as well.
    My first question was the drag and drop site a and b question.
    My 23rd question was the linux sim, and I believe it was going to be exactly the same as before BUT, after making some notes on my whiteboard, I clicked NEXT. That SKIPPED the question.
    I immediately reached out to the test center staff, and they had no clue. they told me to click back.
    This killed all enthusiasm for the remainder of the test as I knew I just threw $490 away.
    I asked to protest the test, and the worker said he would do that… “Oh, But not right now dude, I will do that later”
    I have 0 confidence this will happen as he does not even understand what my issue was.
    I also called the number from the bottom of the test, but this guy in India was convinced the name of the test I took was COMPTIA. Then he said I reached the wrong number.

    I don’t know that it is worth trying to gt a retake because of the unintentional sim skip issue because the printing out said I missed 1 or more questions, in 24 domains. I don’t think I really missed 24 or more questions, but they don’t give you a score so I have no idea.

    I really think is is insane that they have you accustomed to clicking NEXT to proceed, and prompt you for if you really want to proceed, really are done reviewing flagged questions, really want to end the test… But no prompt for “You really want to skip this sim question??” Very unfair.

    reply
  21. bobwyzguy  July 14, 2022

    Man, I am so sorry to hear that. Let me know if you can get them to give you a retake.

    CompTIA seems to have made CASP+ a proving ground for new test technology like the Simulated Environment. I have collected over 20 comments on this article, as well as another collection of complaints on my original Reddit posting.

    I got new intel on both the Linux Sim and the first PBQ question (usually question 1) at the bottom of this article.

    reply
  22. VeryFrustrated  July 14, 2022

    For the PBQ, with the wrong selections from before, there was another step. After dragging the 3 selections, you also had to click on Directory Server, and choose from a drop down list of 8-9 choices of WHAT you were doing with that directory server.

    reply
  23. First Last  July 15, 2022

    I believe the drop down had to do with BGP from when I took the test? Hoping to take it again this weekend and hopefully not fail!

    reply
  24. Welp  July 15, 2022

    Because of NDA I’m going to be vague so don’t bring the pitchforks. I just recently passed the CAS-004 and what I will say is don’t over complicate the linux sim if you get it. It mentions that there is a malicious process or service on the system. Start with that information. What would command would you use to show running processes or services? It should snowball from there. Comptia is not trying to be tricky or hide anything so don’t go into it thinking it’s going to be overly complex.

    If you were confident that you performed the correct actions in the sim then it may be the theory that you just need to focus on.

    reply
  25. KLAS  July 28, 2022

    Thank you for your help here Bobwyzguy. I studied up for the Linux problem and believe I did well on it. I killed two pids and the stopped and then disabled the service. I think that was right. I noticed the second pid and don’t know if I needed to kill it or not but I did. I see a lot of people talking about the MC questions in this thread, please urge everyone here to fully vet ALL practice problems they are using to study. Review every choice on every example problem, it stinks but many of the answers to practice problems on the internet are wrong…..especially if you are finding them from random sources. Thank you for this page as it got me to download Kali and install it on VBox. I, then, installed lighttpd and practiced killing it, starting it, stopping it, disabling it, re-enabling it, and just got to know a lot of commands in Linux that I don’t normally use. It also helped me vet some practice problems that had wrong answers. Thank you again.

    reply
  26. bobwyzguy  July 28, 2022

    Thanks for your contribution KLAS.

    reply
  27. Brian  July 28, 2022

    Thanks for the information! I passed my CASP exam back in 2016, did the CEUs in 2019, but unfortunately forgot to do it again this year. I have been studying to take it next week, as this cert is needed for my job.

    reply
  28. Brian  August 3, 2022

    I passed the CASP + Exam (CAS-004) yesterday. The info here was VERY helpful. I had a total of 81 questions.

    I had the “Click and Drag” VPN question with the 2 sites. I filled it out exactly how it was stated here. I did, however, have to do another step. On the VPN concentrator (which had answer #3 assigned), I had to pick from a drop down listing; which answer would resolve the flapping issue.

    I had the dreaded Linux simulation question as well. Unfortunately, I wasn’t able to find the process ID (PID) attached to the malicious service. Using netstat or netstat -nalp shows the established connection of the malicious service, but the PID info on all connections are blank. I did and delete the malicious file itself, which ended the connection within netstat.

    Hope this helps.

    reply
  29. bobwyzguy  August 3, 2022

    Thanks Brian for sharing your experience and contributing to the Comments.

    reply
  30. VeryFrustrated  August 4, 2022

    I took the CAS-004 for the 3rd time today.
    I PASSED!!!

    First time: Missed 20 questions (From what I can tell from the results sheet), Bombed the Linux sim and 2 PBQ questions.
    Second Time: Missed 22, accidently skipped the Linux sim, and bombed the 2 PBQ questions.
    3rd time: Says I missed 16. I believe I NAILED the Linux sim and the drag n drop. I did not get the 3rd one where you secure the servers.
    So there you have it, passing IS possible. 🙂

    reply
  31. bobwyzguy  August 5, 2022

    Congratulations Very Frustrated. The solution is informed preparation, and lots of Linux practice (for the Sim)

    reply
  32. First Last  August 7, 2022

    Finally passed this monster of a test and only missed one or more questions from 12 domains. Thank you so much for your help with this blog entry. I’ll definitely have to get some tutoring from you for the CISSP when I get around to that! So thankful to be done with CompTIA and their question trickery.

    reply
  33. bobwyzguy  August 8, 2022

    Congrats! Its been a long process, but you did it. Drop me a line when you start your CISSP. Don’t wait too long as the CASP+ is great prep for the CISSP. Two exams very much the same content. Personally, I think the CISSP may be easier to pass than the CASP+ No PBQs or SIMS

    The CISSP is a MANAGER’S exam, and the hardest thing for a technician to learn is how to THINK LIKE A MANAGER and pick the answer a manager would pick

    reply
  34. Ahmad  August 9, 2022

    I am about to take CAS-004 exam and really happy that I have found this page. Thank you for your contribution.

    Regarding the Linux Sim, what I understood upon going through the Linux commands is that the following should be done:

    1- Find the malicious process (using PS command)
    2- Determine the PID (using PS and/or netstat)
    3- Stop the service (using service command)
    4- Kill the service (using kill -9 )
    5- Delete the malicious file which is starting the process (using rm command)

    Is this the correct logic or am I missing something? Kindly advise.

    Thank you!

    reply
  35. bobwyzguy  August 9, 2022

    That looks good, based on the input I have received from other test takers.

    reply
  36. Glizzy  August 17, 2022

    I just took my CASP exam yesterday and passed on the first try. This blog has been super helpful in assisting with understanding the concepts and what the test is asking for. I got the Linux Sim and it’s alot more simple than what some people are making it, don’t overthink it. Study the terms and you should be good. As I was going through the test, it felt like I didn’t know every single answer but just take the time to read it thoroughly and pick your best choice and you should be good, don’t let the test frustrate or consume you!

    Thank you again Bob for this page and how you assist people in trying to help them pass this test! Very helpful and much appreciated.

    reply
  37. bobwyzguy  August 17, 2022

    Congrats Glizzy. Together we all have contributed to this tutorial. So thanks to all who provided tips and guidance.

    reply
  38. CASP Hopeful  August 22, 2022

    I’m going to be taking CASP in the next couple days after failing it last week due to the Linux SIM not loading. It was a blessing bc I was not prepared for the Linux sim but after finding this blog I believe I will be ready for it now. I do have a question about the PBQ though. I had the drag and drop as described in the blog post but I am unsure if I should be dragging #3 on both vpn concentrators, just the one on site A or just the one on site B. Originally I put it on just site A and the extra step I chose the BGP option but now I am second guessing myself on which VPN concentrator they are looking for or both. Any insight into this would be very much appreciated!

    reply
  39. bobwyzguy  August 22, 2022

    CASP Hopeful – Answering your question would be a detailed enough answer to potentially violate the NDA. Make sure you have looked at the last section of the original article that deals with the PBQ. This was originally submitted with two images, and the second one, THE ANSWER, was wrong. If you are working from that two image set, forgt what you are shown on the second image and read the article comments.

    You can enlarge any of the images in the article but clicking on them to open them up full size.

    Let me know if this is enough for you.

    reply
  40. CASP Hopeful  August 22, 2022

    bobwyzguy.. thank you for the feedback! I will take it and see how I do. Retesting in the morning and hoping my SIM populates correctly and this time it is enough to get that PASS. I will update tomorrow with the news.

    reply
  41. bobwyzguy  August 22, 2022

    Good luck CASP Hopeful

    reply
  42. CASP Hopeful  August 23, 2022

    I promised an update so here it is:

    I passed! The first time I skipped the Linux SIM by accident, failed, and my score report said I missed one or more questions in 21 different areas. This time I did the simulation but I was only able to find the malicious service and stop it, I wasn’t able to find the process to kill or any kind of .exe so I know I didn’t get full credit bc there is definitely more than 1 task to perform.

    The PBQ was fairly easy but make sure you read the fine print under the choices bc one of them will be different and the photo on the main blog post does not show that. I think this matters as it had me change one of my answers. Can only assume that I got it right this time as opposed to the first time since I passed.

    This time my report said I missed one or more questions in 20 different areas, so I believe the little bit of the Linux SIM that I was able to do and the changing of my PBQ answer pushed me over the edge into passing.

    reply
  43. bobwyzguy  August 23, 2022

    CASP Hopeful – Good work!! Congratulations

    reply
  44. Perplexed  September 5, 2022

    I’ve taken the exam twice and I am not sure where I am falling short but suspect it is the Linux sim.

    inthe Linux sim I cannot find the PID using lsof, top or ps. I did sudo systemctl stop and systemctl disable the “suspicious name”. I was able to find two files in separate directories using systemctl | grep “suspicious name” and sudo rm them. I rebooted and after rechecking netstat the service did not restart. I checked the file locations and the file did not return. I rebooted again to make sure, rechecked the service and locations and nothing came back. I figured that was all I could do and moved on.

    Any suggestions or guidance would be well received.

    reply
  45. Alexandro Mullings  September 7, 2022

    Hi Bob,

    I took the CAS004 on September 5th and today. I failed again…. I stumbled on this bloq after digging around to see if anyone has gotten this same issue. I feel cheated. I took the exam and ALL of the multiple choice questions were STUPID easy. If I got 4 wrong that was PLENTY. I did the SIM and stopped the process and removed the file buried in the directory. The first time I took the exam it took about 24 hours for me to see my results, today, I click on Finish and the results are there. I got according to the printout 23 sections wrong, REALLY? ^.^
    I compared it to the printout of 25 so basically I spent 2 days studying and going over the content like a madman to ONLY get 2 questions right the second try. I find this ludicrous. I WILL never be taking another CompTIA exam again and will advise everyone that I come across to do the same. I’ve done CompTIA exams in the past and other certifications but none have I felt cheated like this one. I mean: just about every single question I was confident in my answer. There is NO way that my responses were wrong, the VM simulation or system grading that they use must have some sort of glitch OR the SIM is a pass/fail sort of deal. Addtionally, there is more than one way to tackle the SIM because I restarted and the process did not appear. However, if there is a parameter checking for a condition and that condition is not met based on what CompTIA deems as correct then this is truly an unfair exam. I wrote to them but I am not expecting much. Sad, to say; I will not be taking another CompTIA cert for the rest of my life.

    reply
  46. bobwyzguy  September 8, 2022

    Alexandro – once you calm down, give it another try. Many people are struggling with this exam. You can open an appeal with CompTIA if you think the results were unfair,

    I think the CAS-004 is harder at this point than the CISSP. It is a managerial exam (like the CISSP) and is looking for answers a manager would choose over what a technician would choose.

    The test report is not saying you got 23 questions wrong, but is just showing you the objectives you need to work some more on.

    There are LOTS of tips about the Linux SIM. There are more than two steps, more like 5, and you need too use more of the commands at the terminal. Also check the PBQs. Many are missing the PBQ answers and thinking it was the SIM.

    reply
  47. KLAS  September 9, 2022

    Alexandro, I do not know the methods of which you studied but if you used any practice questions on the internet, I will guarantee you that the answers were wrong on at least 50% of them. If you read a book or two and watched video after video, then I agree, you may have been robbed. I had 15 listed topics on my score report and passed. I used a CASP+ book from Amazon and practice questions from the internet, most of the answers on the questions were incorrect though. You have to completely vet every question you use to study with from the internet, it stinks and adds weeks to your studying but it has to be done. Just my 2 cents but who uses change anymore.

    reply
  48. bobwyzguy  September 10, 2022

    Thanks KLAS

    Even the well-known brand name commercial practice exams have errors. I got a new release of Boson for A+ 220-1102 and found a question where the shown correct answer was WRONG, but the explanation chose the correct answer, not the highlighted answer. People are not perfect, and neither are practice questions.

    reply
  49. GremlinMaster  September 13, 2022

    Hello all,
    So, I just took the CASP and passed it on my first attempt. I’ll go through my experience first then the study materials I used. It was about what you expect from CompTIA. I only got one PBQ, it was very close to the one in the blog notes above 😉 as for the simulation I was messing around with it for 45 mins. The process kept returning after killing it/rebooting and some commands didn’t work like lsof, I’m not sure if I was using them correctly. To make matters worse the sim black screened on me almost like the connection was terminated. That only left me with about 1hr 30mins to answer the remaining questions (I had 81 total). With only 15 mins left I went back and reviewed 22 questions I flagged. I only changed a couple answers. Like Bob says go with your first choice. When I got my report, I had 19 areas that needed to be worked on. So, with the sim dying on me I was still able to pass. Now for the materials, I used Mark Birch’s book, Jason Dion’s web training/practice test and pocket prep. I was baffled that there are allot of questions on the test that mimic Marks end of book practice exams. Since I wasn’t really in the cyber security field, I took about 3 months to study with the last month studying almost 8+ hours a day and the last week I did practice test after practice test. I feel like you need to diversify your material instead of having one resource. I stumbled across this blog a week ago and I can tell you It was one of the key reasons I passed. I had no Idea about a sim question and this blog outlined perfectly what is needed to succeed. I know what it’s like taking CompTIA certs more than once, keep putting in the work. You got this peeps.

    Here is a link to a reddit user that used Marks book: https://www.reddit.com/r/CompTIA/comments/wu3qyj/passed_casp_a_couple_days_ago/

    reply
  50. bobwyzguy  September 13, 2022

    Thanks Gremlin Master – great rendition of your exam experience, thanks for sharing. Congratulations on your certification too

    reply
  51. John  September 15, 2022

    I passed the casp+ on my second try this website helped a lot when re studying. The virtual environment was better the second time because of practice in my own virtual machine.

    reply
  52. James Beanbag  September 19, 2022

    The CASP+ exam is the bomb.
    I was shocked at my 1st attempt at the type of questions I met on the exam day. Most of the practise questions I had used were CAS-003. However, i do not really like using dumps so i was just going with the mindset of understanding the objectives of the exam very clearly; to my surprise, it is much more than what is in the objective. Your practical experience in the past will be put to test. So it is thorough one at that.

    Now on my experience during the 2nd attempt:
    I also got the PBQ for the DR scenario. In my own case, they asked me to choose the exact service I am choosing to improve connectivity in site B. In your case, it might be the directory service. So know what you are doing. [Answers are SCADA Pumps, Directory service & VPN concentrator in no particular order]
    For the SIM/Ubuntu lab question: i think that question alone carries 2 questions out of the 81…and I am sure the marks are different. I got to know this during review before submitting. questions 22,23 were omitted for me.
    To solve it, follow the steps below:
    1. netstat -nalp [to identify the TCP process, there was only one established process like port 50200 to 1337]
    2. lsof -i :50200 [I put sudo before mine; I noticed without sudo, it didnt work]
    3. kill -9 PID from 2 above OR systemctl stop malicious.service and then systemctl disable malicious.service. (stop before disabling)
    NB: The service would still be in the system but waiting to start again on reboot bcos it is written to execute during startup.
    4. cd to /etc/systemd/system path
    5. since you dont know what the service exactly looks like, scroll gently until you see some strange process name (in my case, it was malicious.service). They may have changed it during your attempt.
    6. I CAT the content of the file (malicious.service)…u can hash out the line that makes it execute on restart or just rm the bastard file. but i think hashing out the line would give max point cos the 2nd question as seen below says

    1. End the compromised process that is using a malicious TCP service.
    2. Remove the malicious persistence agent by disabling the service’s ability to start on boot.

    7. I did find the malicious.service in /etc/systemd/system and deleted it with elevated privileges (sudo su)
    8. I rebooted and the TCP process or the malicious service never came back. I checked and never found it.

    For the rest of the question, your experience counts and u also need it to study the dumps cos there are lot of wronggggggggggg answers.

    Goodluck!

    reply
  53. bobwyzguy  September 19, 2022

    James – thanks for your detailed contribution. It seems like the Linux Sim may have several solutions, based on the comments of earlier contributors. All I can say is KNOW YOUR LINUX. You cannot bluff your way through this question

    reply
  54. Kim  September 19, 2022

    Thank you so much for this website. It was a huge help in passing the CASP today. Definitely know your Linux commands. I used the CompTia CASP+ CAS-004 Certification Guide by Mark Birch. The mock exams in this book were a huge help.

    reply
  55. bobwyzguy  September 20, 2022

    Thanks Kim. When I posted this article I had no idea how many CASP students would find it helpful. As I complete other certification exams, I have been starting new articles like this one for those exams. You sjould be able to find them using the search tool on my web site. I am also active on Reddit/r/CompTIA and Reddit/r/CISSP and Reddit/r/CEH

    reply
  56. Sean  October 14, 2022

    Searching through the internet, I’ve found the notorious Linux sim on Examtopics website. I didn’t want to post the link due to NDA but you can go to the site and search for your self. It’s question number 146.
    I’m scheduled for testing tomorrow night. I’ll let you know how it goes.

    reply
  57. bobwyzguy  October 16, 2022

    Thanks Sean. I hope your exam went well for you. And a word of caution to everyone on this thread: sometimes these practice question contain incorrect answers. Don’t just memorize, doubt check first.

    reply
  58. whisper  October 17, 2022

    so on the exam we will have the sim , and also lab questions like downloading something and the Red Hat Enterprise Server 5.5 64- bit Question?

    reply
  59. Ahmadallica  October 17, 2022

    I am glad I passed the test at first attempt. The information here on this page is very useful. Please double check all the answers on other websites because many of them are answered incorrectly. I got the Linux Sim and I found using the command netstat -nltp is better than netstat -nalp because it easily shows the TCP connections so you can find the malicious one. Good Luck to everyone! Now next is CISSP!

    reply
  60. whisper  October 18, 2022

    @Ahmadallica do you have a email i could reach out to?

    reply
  61. Thatdude  October 23, 2022

    I took the CASP last Thursday at home. The at home testing went well, no horror stories here like I’ve heard with others. Unfortunately, I did fail my first attempt.

    Here’s where I think I went wrong. First, I took the exam Thursday evening after a full days work. I was burnt out by this time and really just didn’t want to sit for it. The next thing, I read Mark Birch’s book twice and did the practice test once. I ended with 21 sections called out in the exam results.

    Going forward, I’ve been hitting all the sections I failed in Jason Dion’s video course and purchased his practice exams. I also plan to retake Marks practice exam seeing how similar some of the questions were.

    I felt I was close on the Linux SIM last time but couldn’t find the TCP process. I did find, stop, and disable the rogue process. After reviewing I feel I have the necessary commands to find and kill the TCP process and will delete the rogue service next time.

    For the cloud based question it looks like I should go with BGP next time as I think I just guessed initially.

    I plan to retake in the next week after I’m done reviewing, I’ll report back!

    reply
  62. bobwyzguy  October 24, 2022

    Thanks for your comments Thatdude. Better luck next time

    reply
  63. Thatdude  October 29, 2022

    Well I passed today on the second attempt!

    I finished up with 17 sections marked in the review. I felt confident in my Linux solution. I didn’t delete any anything, I just followed the instructions as written. Find and end the TCP connection. Find the bad.service and disable it on boot. When using netstat -nalp make sure to look for the TCP connection as you might see TCP and UDP. Also, I ran netstat as sudo so it would give me the PID. I rebooted the server after and verified the connections didn’t come back up.

    Jason Dion’s course on Udemy and his practice exams we’re absolutely fantastic. Also, thank you to everyone on here. There is a ton of valuable information. On to the CISSP!

    reply
  64. bobwyzguy  October 30, 2022

    ThatDude – Congratulations on your new certification. It is always a good plan to follow up the CASP with the CISSP or the CISSP with the CASP. The content is nearly identical. I’ve got some tips on the CISSP exam too, just search on my blog. Lot’s of CISSP articles. https://wyzguyscybersecurity.com/?s=CISSP

    reply
  65. daniel  November 6, 2022

    The virtual simulation carries plenty of weight and this site is a great source of info, just passed the CASP+ yesterday. PLEASE install a virtual Linux machine or OS and learn the command line and be fluent. When testing most of the time every thought disappears even is the answer is known to you. “If one is in security then all is well”

    reply
  66. KingKiller  November 10, 2022

    I know about the Linux Sim and the disaster PBQ, but I saw someone else mentioned another PBQ. What is that one about? I may just be confused.

    reply
  67. Punisher  November 12, 2022

    Thank you to all of the contributions here. I passed the CASP today on my first attempt. As for the Linux sim, I personally started out with using the locate command and searched for some key words. Not the way you should go about this in the real world if you’re hunting for malware but this worked for the exam. One of the key words I used pointed me in the right direction and I was able to cat the contents of the file which gave me a hint as to what process and connection I needed to kill. Pretty much reverse engineered the question. Confirmed the connection with netstat, confirmed process with ps aux. Finally killed the process, deleted the files, killed the connection, and then did a reboot to confirm the malicious artifacts were indeed gone ( not in that order).

    reply
  68. bobwyzguy  November 13, 2022

    Many hands make the work light. Thanks for your contribution

    reply
  69. Achilles  November 14, 2022

    I don’t think it’s ever advised to just “kill -9”. This stops the process but the linked processes. If you capture all of the process IDs then you can “kill -9” all of them in a list. I usually do this with a:
    kill -9 `cat`
    (pasted list of pids)

    reply
  70. Ariel  November 23, 2022

    Hi All!

    I wanted to share a little of my experience. I tested for CASP on 11/21/22 and passed the exam the first time up. I only had 2 PBQ and the Linux Virtual Environment. I know for sure that I did not get the simulation question correct because I have zero experience with Linux and I was unable to kill the malicious process nor stop it from coming back after reboot. Just wanted to give some of you all out there some hope and let you know that you can definitely pass the test even if you do not get the Linux sim correct. You’ll just have to be very strong with the multiple choice and PBQ questions.

    reply
  71. John  November 30, 2022

    Is there any tips for second PBQ?

    reply
  72. bobwyzguy  November 30, 2022

    John- there are tips galore. Read my entire post, plus all the comments. Ask your question more specifically, like what do you mean by “second PBQ?”

    reply
  73. Bengal7  December 11, 2022

    Thought I’d add my 2 cents as reading this forum did help me some. I took my first CAS 004 in early Dec 2022. and passed. I had previously failed the CAS 003 two years ago on one try.

    I too had the drag and drop PBQ as the first item. I didn’t think it was that challenging and did remember to click Directory Services box for the additional drop down question. (there’s a red ball icon on it after making drag and drops) I am not 100% sure I got it all right).

    For the SIM question I had trouble. I had read this forum and basically memorized ‘Tester’ and ‘James Beanbag’ posts from above… I did also do a quick brush up on the relevant Linux commands. Still I blew the question because I used netstat -nalp, or -natp (which gives the PID, making the lsof -i :port# unnecessary I think) , and more flags and did not realize it was listing processes, not services… when I searched for the names of the processes or just anything like I spent a lot of time on this because I thought I’d get it eventually. I didn’t know how to list Services at the time and we are tasked to find services. There was one process listed that ended its name with the word ‘resolve’ so I figured I’d try to stop and disable that one. But upon trying Kill -9 with its PID it responded by saying it’s not a service. I did see a total of 5 or 6 processes total. Some were obviously related to the services the instructions said NOT to disable or stop. So ultimately I simply ran the kill -9 for the remaining processes (two) and moved on. As I understand it Likk -9 does bot the stopping and disabling and that is what is asked, so that is how I left it and moved on. I am pretty sure I bobed the sim but maybe got some credit for running some commands, not sure.

    The remaining questions were all multiple choice which I had had studied for overall. Bu the end I felt confident in most of my multiple choice responses except for maybe 10 of them.

    Having read in this forum that the SIM likely weighs heavy in scoring, by the end of finishing the exam I felt like I had blown it. I was shocked to see that I had passed.

    Interestingly enough I talked with a co-worker who also had very recently passed his CASP in one shot I believe… he said he had no clue regarding the SIM and he basically just skipped it…and passed! He felt the drag and drop was PBQ was easy.

    Leads me to believe that al is not lost if one doesn’t do well with the SIM. But if you know how to list services and processes, and use the kill -9 with the correct PID, it should be straight forward

    reply
  74. Bengal7  December 11, 2022

    **As I understand it kill-9 does bot the stopping and disabling and that is what is asked, so that is how I left it and moved on. I am pretty sure I bombed the sim but maybe got some credit for running some commands, not sure.

    reply
  75. angryelvis  December 29, 2022

    I passed my test this week and I want to thank you for mentioning Virtual Box. I had not heard of that site/software and it was exactly what I was looking for. Your mention of that & that Ubuntu provided machines ready for use in VBox really gave me the opportunity to practice and understand what I was doing in the environment.

    reply
  76. Sportynerdguy  January 3, 2023

    Came here after passing my second attempt. This site was a MAJOR help. Definitely recommend to follow James’ logic but really get familiar with systemctl. Failed the first exam after not fully completing the Linux Sim (only stopped the service). Tried all of the commands but couldn’t find pid even after an hour of digging which then made me rush on the training MC questions. Whole sim could really be done with just systemctl and kill -9 but be sure to run the other commands. Thanks for starting this thread and posting on reddit Bob!!

    reply
  77. Taylorbuckeye  January 6, 2023

    Yesterday was my third attempt at the CASP+ 004 exam. Failed again. My first two attempts were pretty much the same test (and I struggled with the Forensic Sim). This third one was different. I’m very confident I did well on the Forensic Sim this time (thanks to this blog and everyone’s helpful comments). The PBQs were different though and several of the MC questions. This time I had to review code snippets, figure out what they were doing and how to mitigate; not so confident about this one but the other was to harden the server which I think I did well on. Guess I’ll study code snippets some more and try again….hopefully the test won’t change again if I’m able to retake it in a couple weeks….

    reply
  78. bobwyzguy  January 6, 2023

    Interesting comment about your PBQs. I just took and passed the Pentest+ PT0-002 exam today. I had those PBQs on my exam. Thought they were hard, but somehow I got 768 points, enough to pass. I’ll be posting my usually Exam Notes article in a few days.

    reply
  79. Droid  January 9, 2023

    Just wanted to say I passed my test yesterday and similar to Taylorbuckeye had the code snippet question as my second PBQ and lots of new multiple choice questions I didn’t see in any practice exam. I think they might have rolled out a new version of the test for the new year. But the Linux sim I aced thanks to this blog post suggesting practicing on a VM and the comments from everyone.

    I did run out of time at the end, got to the final question with about 1min to spare and had to quickly go back to the 2 unanswered questions I had skipped (one was the code snippet), only was able to answer the code snippet PBQ before time ran out. But still passed!

    Thanks Bob!

    reply
  80. bobwyzguy  January 10, 2023

    Thanks for your comments and congratulations

    reply
  81. Tpumpkin  January 13, 2023

    I am getting ready to take the exam next week (remote). I have been using the Certmaster from CompTIA and Jason Dion’s course and practice exams. I’ve passed Security + and CySa+ in years past. First time I took the practice exams I was scoring about 70% for CASP. I am studying the areas I am having trouble with the most and obviously focusing on the material I got wrong. Any indication of roughly what percentage we need to be at to pass the exam? Any other tips besides the ones in this thread? This has been most helpful for knowing what to study.

    reply
  82. bobwyzguy  January 13, 2023

    I am happy your found this page helpful, and I am grateful for all the responses. You need to have practiced the Linux Sim. And prepared for the PBQs. You need to score in the 80th percentile to pass, at least as far as we can deduce. Most CompTIA exams require a score of 700 out of 900 which is 78%.

    Good luck! I am sure you will do well.

    reply
  83. Tpumpkin  January 21, 2023

    Just wanted to give an update here. I took the exam this morning. I still have not received an email, but I logged into my CompTIA account and what do you know? I Passed! I could not believe my eyes. From the looks of it I think I scored an 84%. I ended this exam knowing it was the toughest one I have even taken. I full expected to fail this exam after I pressed submit.

    Most of the questions on the exam I have never seen before. By far the toughest one was the Linux sim. I spent about 40 minutes on this part. At one point I didn’t think I would find the problem, but I kept digging and digging and I found the problems.

    Thanks to all the helpful tips! If you are going to take this exam, DEFINITELY practice the Linux portion!

    reply
  84. bobwyzguy  January 21, 2023

    Thanks Tpumpkin – Which is harder? The CASP+ exam or the CISSP exam? They are difficult in thier own ways.

    The CASP+ is crazy hard because of the Linux Forensic Sim and the Performance Based Questions. The CISSP is crazy hard because the Computer Adaptive Testing format exploits your weaknesses by giving you more questions in those areas where you are weak.

    Which is the hardest?

    reply
  85. Tpumpkin  January 22, 2023

    I have actually not taken the CISSP yet. I was thinking about taking that exam at the end of the year. But I can say with certainty that the CASP is no joke. You really have to read the questions and think critically about the answer. I’ve been working in security for the past 4 years and as a sysadmin for the past 7 years prior. I worked in a primarily Linux shop and I think that helped a lot for me on the Linux sim.

    I definitely learned quite a bit throughout the studying process for this exam. Just remember while taking the exam to carefully and methodically read each question. The wording is something you need to get used to, so I highly recommend the CertMaster.

    reply
  86. bobwyzguy  January 22, 2023

    I have many articles on my website about preparing for the CISSP, so when you get there, give them all a look. You can find them using the search function on my site. I teach the CISSP as well, so when you are ready reach out to me.

    reply
  87. Redbeard42  January 25, 2023

    When using sudo for the sim, are we prompted with a password to enter it? If so, what’s the PW? I failed my first exam and just blew by this due to being lame with Linux. So, having researched the heck out of this, I am about ready for the second try. Been a Windows/VMware guy most of my career and only know what I need to know because of ESXi. Plus, I always research online for scripting and all. This blasted exam is forcing me to know Linux stuff more than I ever wanted.

    reply
  88. bobwyzguy  January 25, 2023

    Its been long enough I don’t remember if a password was required for sudo, but it it was, it would have been given in the simulation scenario.

    As far as Linux goes, all of the certifications are increasing the Linux content. So welcome to Linux.

    The reason for this is that employers expect their IT and IS staff to be comfortable with Linux. If you are planning to work in this field for many more years then you should get comfortable with Linux.

    reply
  89. Redbeard42  January 26, 2023

    OK, Thanks. The scenario gives Username of labXXXadmin with the password of XXXyyYzz! so I assume that would suffice fo sudo. Correct? I’ve been IT for over 40 years and still want to work. I really love this job but could retire if I wanted to.

    reply
  90. bobwyzguy  January 26, 2023

    That should work

    reply
  91. JohnnyBlaze  January 31, 2023

    Bob,

    Im about to take my CASP+ 04 on friday. I think im prepared… I trying to fumble through some labs form certmaster but im kind of confused at places. Will it be straight forward in the exam?

    reply
  92. bobwyzguy  January 31, 2023

    If you have read through the article and the comments, you should know what to expect. CISSP is all multiple choice, but that said the computer adaptive format will exploit your weaknesses. Memorizing practice exam questions and answers would help. Learn how to think like a manager, read the scenario, read the question, then choose the answer a manager would choose (NOT the technical, fix-me answer) Manager choices would involve planning, documentation, and reporting, policies, compliance. Everything leads to Business Continuity and Disaster Recovery. Don’t overthink it, go with your first impression.

    Good luck!

    reply

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.