Passed Today

j2theboogyj2theboogy Posts: 6Member ■□□□□□□□□□
I passed today...77 questions...9 or 10 simulations.

I've been lurking on this forum for a while and I have to say the opinions on the difficulty of this certificate are absolutely true. I genuinely feel that I would not have passed if I had not been working in the security field for the last six years. There is no easy question on the CASP. Everything is practical. You don't need to know what SAML is, you need to know how and when it's implemented. You don't need to define a WAF, you need to know when it's applicable to use and where to put it in a network. The questions are wordy, and you're usually asked for the BEST or MOST <something> answer.

My recommendation to those who are planning on studying is to read through the study guide (I used Pearson Vue) and then google "<term> real-life example". Watch as many videos that show implementation as you can. If you don't do this work in your career that's the only way you'll get the exposure needed to pass the test.

I'm starting a new contract with an employer that was forcing me to get 8570 IAM Level 2 so I tested for this in a little over a month. I initially thought I would have six months but they kept pressuring me to move up my time table. I think I'm finally going to take a few weeks off and then study for the RHCSA. I've always felt deficient in Linux and it's the first cert in a long time that I've wanted to get on my own and am interested. I'd be willing to answer any questions you guys have. Thanks.

Comments

  • apisky4apisky4 Posts: 23Member ■□□□□□□□□□
    I'm having trouble identifying Buffer Overflow attacks
    XSS
    CSRF
    Smurf
    Where did you go to locate real world examples of these?
  • j2theboogyj2theboogy Posts: 6Member ■□□□□□□□□□
    My avenue of choice was Youtube. Search for "XSS examples" or "CSRF examples". It's really that simple and watch a few different videos. Hope that helps. Good luck!
  • shochanshochan Techno Dancer ARPosts: 761Member ■■■■□□□□□□
    apisky4 wrote: »
    I'm having trouble identifying Buffer Overflow attacks
    XSS
    CSRF
    Smurf
    Where did you go to locate real world examples of these?

    SkillSoft has a pretty good examples of this on the CASP training - under Applications Vulnerabilities & Security Controls - IF you have access to this.
    2019 goals -> CEH (Feb), RHCSA (Dec)


    "It's not good when it's done, it's done when it's good" ~ Danny Carey
  • DAVIS NGUYENDAVIS NGUYEN Posts: 1,472Member ■■■□□□□□□□
    Congrats!
  • trojintrojin Posts: 174Member ■■■□□□□□□□
    apisky4 wrote: »
    I'm having trouble identifying Buffer Overflow attacks
    XSS
    CSRF
    Smurf
    Where did you go to locate real world examples of these?

    [h=2]Damn Vulnerable Web Application (DVWA)[/h]
    DVWA - Damn Vulnerable Web Application
    I'm just doing my job, nothing personal, sorry
  • somerbrownsomerbrown Posts: 2Registered Users ■□□□□□□□□□
    Congrats! I test tomorrow and have watching videos and take practice exams and going over my weak areas. I'm having trouble with the SLE and ALE formulas. Any advice you can offer will be great!
  • somerbrownsomerbrown Posts: 2Registered Users ■□□□□□□□□□
    Bummed....I want to take it in another week but feeling discouraged!icon_sad.gif
  • bjpeterbjpeter Posts: 149Member ■■■□□□□□□□
    somerbrown wrote: »
    Bummed....I want to take it in another week but feeling discouraged!icon_sad.gif

    Don't be discouraged! Study hard, and you'll make it next time.
    2019 Goals: CISSP, CCSP, eCPPT, CySA+, PenTest+
    Achieved: Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
  • CWalker76CWalker76 Posts: 2Registered Users ■□□□□□□□□□
    How did you get through the simulations, I had 10 also, and the SQL, and network placement of devices got me (75K).
  • apisky4apisky4 Posts: 23Member ■□□□□□□□□□
    How many areas of review did you have listed? I failed and am trying to determine how close I am to passing.
  • clarkincnetclarkincnet Posts: 253Member ■■■□□□□□□□
    Congrats BTW! Good job passing!
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
  • angrypirate247angrypirate247 Posts: 2Registered Users ■□□□□□□□□□
    are you counting the drag and drops as simulations?
  • elmance123elmance123 Posts: 1Registered Users ■□□□□□□□□□
    I took CASP last year and failed icon_sad.gif, but I took courses on CEH and found that the lessons in there would have helped ton before I took the CASP. Cybrary has a good collection of videos on the attack types on systems and on how to defend against them.

    Also, the multiple choice questions are pretty long, like almost short story long. It's a draining test.
  • IgetitgirlIgetitgirl Posts: 11Member ■□□□□□□□□□
    If you don't have hands on experience, I recommend you study network design diagrams and attacks types simultaneously. What I mean is you must understand what security control device covers in the form of vulnerabilities on the network. You need to know if the device is deployed inline or on the boundaries of the network. Does the device work on the network, on the the host, or on both. For example, you can deploy a firewall on the network or on a host based firewall (HBSS). If I give you a network diagram with a DMZ that has a web server and an email server and you only have one firewall on your network and that is placed in front of a switch for traffic coming in from the internet and you do not have any other security controls in the DMZ or anywhere else on the network and I give you a choice of a WAF, AV Server, a Patch Server, NIDS/NIPs, FW, or and IDS, which one of these devices would you choose to add and where you place it as a security measure to cover common attacks such as XXS and SQL injection? You only get one choice of device because of budget.
  • IgetitgirlIgetitgirl Posts: 11Member ■□□□□□□□□□
    Technique for long questions is go to the last 2 sentences. That is usually where the question is at on 9 out of 10 questions. That technique works for most exams
  • IgetitgirlIgetitgirl Posts: 11Member ■□□□□□□□□□
    Anything that is not multiple choice is simulation.
Sign In or Register to comment.