ISACA CSX Practitioner Exam Experience

Remedymp

rgrinnell2015 wrote: »

Does the CSX-Practitioner require you to have the CSX-Foundation cert? Does the CSX-Specialist require you to have the Practitioner cert?
I'm trying to coordinate my cert ascent to CSX-Expert (when it becomes available) and don't wish to waste time/money on the beginner exams if not required. There is much crossover, but my goal is to obtain the most advanced cert from each of the major organizations (GIAC, ISACA, Offensive Security, ISC2, and EC-Council). Between them, whomever is hiring will surely find a cert they can respect (One presumes I will also have the skillz to back up the cert)

You must pass CSX-P before proceeding to the next CSX cert.

yoba222

Just stumbled upon the existence of this cert. Very interesting. So it looks like:
1. You don't need to take the fundamentals (CSXF) to take the practitioner (CSXP) exam.
2. ISACA requires you get CPEs (I bet there's a fee ) AND retake the exam after around 3 years to recertify.
3. You can take the next harder exam, the specialist (CSXS) to recertify.
4. The CSXS exam barely even exists yet, if even at all.
https://www.linkedin.com/pulse/isaca-csx-specialist-pilot-offering-t-frank-downs
5. The expert exam (CSXE) seems to not exist yet. I'm having a hard time finding either the CSXS or the CSXE on their website.

One of the things I like about eLearnSecurity is that it provides a fantastic learning journey, however, the industry recognition is basically nonexistent.

This looks like it provides a similar learning journey. As far as industry recognition, it's not there yet, but it's ISACA. Don't need to say anything more there.


EDIT: Aha. ISACA has the CSXS and CSXE URLs unlisted but up:
https://cybersecurity.isaca.org/csx-certifications/csx-specialist-certification
https://cybersecurity.isaca.org/csx-certifications/csx-expert-certification

Remedymp

yoba222 wrote: »

Just stumbled upon the existence of this cert. Very interesting. So it looks like:
1. You don't need to take the fundamentals (CSXF) to take the practitioner (CSXP) exam.
2. ISACA requires you get CPEs (I bet there's a fee ) AND retake the exam after around 3 years to recertify.
3. You can take the next harder exam, the specialist (CSXS) to recertify.
4. The CSXS exam barely even exists yet, if even at all.
https://www.linkedin.com/pulse/isaca-csx-specialist-pilot-offering-t-frank-downs
5. The expert exam (CSXE) seems to not exist yet. I'm having a hard time finding either the CSXS or the CSXE on their website.

One of the things I like about eLearnSecurity is that it provides a fantastic learning journey, however, the industry recognition is basically nonexistent.

This looks like it provides a similar learning journey. As far as industry recognition, it's not there yet, but it's ISACA. Don't need to say anything more there.


EDIT: Aha. ISACA has the CSXS and CSXE URLs unlisted but up:
https://cybersecurity.isaca.org/csx-certifications/csx-specialist-certification
https://cybersecurity.isaca.org/csx-certifications/csx-expert-certification

The recognition won't be there until they start giving it away for free. I think comptia does a pretty good job of pushing it's certs in early status to a select 50 to 100 guest test takers. Once those guest update their LI, it will start the recognition process.

cissp2015

In the labs, there are also attack scenarios generated by the students (for example with metasploit, creating malicious file with msfvenom), do we need this knowledge for the exam as well or during the exam, the attacks will be performed by the system and our goal is only to identify, protect, detect, respond and recover? in other words, during the exam, do we need to switch between virtual machines to generate malicious traffic?

Thank you.

cissp2015

I would appreciate if someone may provide answers to my questions below.

1- How many questions/scenarios do we get in the exam?
2- The questions related to Nmap/pfSense/Snorby/Splunk, do we need to know more than what the labs are teaching us? For example, do we need to know each CLI parameter, menu options and settings of these tools inside out or limited to what is shown in the labs?
3- In the labs, there are also attack scenarios generated by the students (for example with metasploit, creating malicious file with msfvenom), do we need this knowledge for the exam as well or during the exam, the attacks will be performed by the system and our goal is only to identify, protect, detect, respond and recover? in other words, during the exam, do we need to switch between virtual machines to generate malicious traffic?

Thank you.

cissp2015

In the exam, do we need to sniff the traffic with tcpdump or wireshark or we will be given the packets captured during the compromise to analyse?

Blucodex

Sitting in the CSX Fundamentals 2 day class right now. The Practitioner cert looks to be pretty good for IR.

Endorian

Hey guys, just thought I'd drop a note and bring some life back into this thread. CSX is growing and we are going to start running some additional pilots for our new content. If you are interested DM me with your information and get a chance to take part in defining new ISACA cybersecurity content. 😁

636-555-3226

I'm interested, but how about you DM me? I tried to send you a DM but got rejected (see below). I always like giving back to the infosec community!



The following errors occurred with your submission

• Endorian has chosen not to receive private messages or may not be allowed to receive private messages. Therefore you may not send your message to him/her.
  
  If you are trying to send this message to multiple recipients, remove Endorian from the recipient list and send the message again.

Jramani

I bought 3 CSX labs. I have problem with the lab 2.14. How to decrypt the file in Kali Linux. Lab says ' using numerical value in the traffic , open attacker note in kali Linux.

random_handle

Jramani wrote: »

I bought 3 CSX labs. I have problem with the lab 2.14. How to decrypt the file in Kali Linux. Lab says ' using numerical value in the traffic , open attacker note in kali Linux.

Hello Jramani,

I have also purchased the 3 CSX labs and exam. When you launch a lab, there are 3 tabs off to the right of the pop-out window; Content, Machines, and Support.

Under the Support tab, there is a heading for Resources and below it is a Lab Manual link. If you open the Lab Manual for 2.14, it will give you some direction on how to find what you are seeking.

Lastly, do not use the captures that are already present in your home directory.

RUTTY

I also struggle with Lab 2.14, do you know how yet?

RUTTY

I already knew answer of Lab 2.14, actually I found many times but I did not realize that the number is a part of that message without dash.

rob_orb

Hi guys,

I'm stuck on the second task of lab 2.14 - "detect the incident occurring on the network".
I did everything according to lab 2.02 (Lab Manual) up to tcpdump, waited 10-15 minutes, opened .cap file, but I don't understand what should I look for.

Tayyeb

Thanks thegoodbye for sharing your experience, i' following up this post threads as i'm so interested in CSXP.
Could you please share some extra details like how much it costs you to get the CSXP considering the costs of exam,laps,materials & any thing else ?

Thank you.

rob_orb

Tayyeb wrote: »

Thanks thegoodbye for sharing your experience, i' following up this post threads as i'm so interested in CSXP.
Could you please share some extra details like how much it costs you to get the CSXP considering the costs of exam,laps,materials & any thing else ?
Thank you.

I've purchased the whole set this summer: 3 labs ($500 each, but $1400 alltogether) and exam ($500). The labs included the labs and the Compendium.pdf (200 pages), which summarize all material and even more.
The only additional thing you need is your time )))

rob_orb

rob_orb wrote: »

Hi guys,
I'm stuck on the second task of lab 2.14 - "detect the incident occurring on the network".
I did everything according to lab 2.02 (Lab Manual) up to tcpdump, waited 10-15 minutes, opened .cap file, but I don't understand what should I look for.

I'll answer to myself )))
I did the same thing during the exam, but it was more obvious to find the information related to the incident.

scasc

Is there much difference between CSX and GCIH? Looking to put some of my team through either, just need to see which one has more value and if they both teach similar concepts. Thanks in advance

yoba222

Revisiting this thread. I ended up not going for the CSX and instead am studying the CompTIA CSA+, which looks remarkably similar to this. I don't remember the GCIH having all that much log reviewing, which seems to be a heavy theme for the CSX.

I challenged the GCIH without going through the training. I've heard good things about the training, but man is it expensive.