The CompTIA CASP+ exam contains up to 90 questions with a 165-minute time limit and pass/fail scoring. CASP+ is CompTIA's most advanced cybersecurity certification, designed for practitioners with 10+ years of IT experience including at least 5 years in hands-on security. It is the only CompTIA certification that does not report a numeric passing score.
Unlike Security+ and CySA+ which test knowledge and analysis, CASP+ tests your ability to architect and engineer security solutions for complex enterprise environments. CASP+ is approved for DoD 8570/8140 IAT Level III — the highest technical level available through CompTIA.
| Domain | % of Exam | ~Questions | Key Topics |
|---|---|---|---|
| Security Architecture | 29% | ~26 | Enterprise security design, cloud, zero trust, microservices |
| Security Operations | 30% | ~27 | Threat management, vulnerability management, IR, forensics |
| Security Engineering and Cryptography | 26% | ~23 | Crypto implementations, PKI at scale, hardware security |
| Governance, Risk, and Compliance | 15% | ~14 | Risk strategies, compliance frameworks, BIA |
CASP+ PBQs take 10-15 minutes each. Expect 5-7 PBQs.
| Factor | CASP+ | CISSP |
|---|---|---|
| Focus | Technical architecture | Security management + breadth |
| Questions | Up to 90 (PBQs) | 125-175 (CAT adaptive) |
| Scoring | Pass/Fail | 700/1000 |
| Cost | $494 | $749 |
| DoD Level | IAT III | IAT III |
| Best For | Hands-on architects | Security managers/leaders |
| Level | Cert | Questions | Focus |
|---|---|---|---|
| Entry | Security+ | 90 / 90 min | Security fundamentals |
| Intermediate | CySA+ | 85 / 165 min | Blue team analysis |
| Intermediate | PenTest+ | 85 / 165 min | Red team testing |
| Advanced | CASP+ | 90 / 165 min | Security architecture |
Experienced professionals need 10-14 weeks at 2-3 hours daily:
Up to 90 in 165 minutes with advanced enterprise PBQs.
Pass/fail only — no numeric score.
More technically hands-on. CISSP is broader but more management-focused.
Yes, 5-7 complex PBQs taking 10-15 minutes each.
10+ years IT with 5+ in security recommended.
10-14 weeks at 2-3 hours daily.
Yes, IAT Level III — highest via CompTIA.
CySA+ = intermediate analysis. CASP+ = advanced architecture.
Challenge yourself with advanced security architecture practice questions.
Start Free Practice Test →