Passed Today
j2theboogy
Member Posts: 6 ■□□□□□□□□□
in CASP+
I passed today...77 questions...9 or 10 simulations.
I've been lurking on this forum for a while and I have to say the opinions on the difficulty of this certificate are absolutely true. I genuinely feel that I would not have passed if I had not been working in the security field for the last six years. There is no easy question on the CASP. Everything is practical. You don't need to know what SAML is, you need to know how and when it's implemented. You don't need to define a WAF, you need to know when it's applicable to use and where to put it in a network. The questions are wordy, and you're usually asked for the BEST or MOST <something> answer.
My recommendation to those who are planning on studying is to read through the study guide (I used Pearson Vue) and then google "<term> real-life example". Watch as many videos that show implementation as you can. If you don't do this work in your career that's the only way you'll get the exposure needed to pass the test.
I'm starting a new contract with an employer that was forcing me to get 8570 IAM Level 2 so I tested for this in a little over a month. I initially thought I would have six months but they kept pressuring me to move up my time table. I think I'm finally going to take a few weeks off and then study for the RHCSA. I've always felt deficient in Linux and it's the first cert in a long time that I've wanted to get on my own and am interested. I'd be willing to answer any questions you guys have. Thanks.
I've been lurking on this forum for a while and I have to say the opinions on the difficulty of this certificate are absolutely true. I genuinely feel that I would not have passed if I had not been working in the security field for the last six years. There is no easy question on the CASP. Everything is practical. You don't need to know what SAML is, you need to know how and when it's implemented. You don't need to define a WAF, you need to know when it's applicable to use and where to put it in a network. The questions are wordy, and you're usually asked for the BEST or MOST <something> answer.
My recommendation to those who are planning on studying is to read through the study guide (I used Pearson Vue) and then google "<term> real-life example". Watch as many videos that show implementation as you can. If you don't do this work in your career that's the only way you'll get the exposure needed to pass the test.
I'm starting a new contract with an employer that was forcing me to get 8570 IAM Level 2 so I tested for this in a little over a month. I initially thought I would have six months but they kept pressuring me to move up my time table. I think I'm finally going to take a few weeks off and then study for the RHCSA. I've always felt deficient in Linux and it's the first cert in a long time that I've wanted to get on my own and am interested. I'd be willing to answer any questions you guys have. Thanks.
Comments
-
apisky4 Member Posts: 23 ■□□□□□□□□□I'm having trouble identifying Buffer Overflow attacks
XSS
CSRF
Smurf
Where did you go to locate real world examples of these? -
j2theboogy Member Posts: 6 ■□□□□□□□□□My avenue of choice was Youtube. Search for "XSS examples" or "CSRF examples". It's really that simple and watch a few different videos. Hope that helps. Good luck!
-
shochan Member Posts: 1,014 ■■■■■■■■□□I'm having trouble identifying Buffer Overflow attacks
XSS
CSRF
Smurf
Where did you go to locate real world examples of these?
SkillSoft has a pretty good examples of this on the CASP training - under Applications Vulnerabilities & Security Controls - IF you have access to this.CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP -
trojin Member Posts: 275 ■■■■□□□□□□I'm having trouble identifying Buffer Overflow attacks
XSS
CSRF
Smurf
Where did you go to locate real world examples of these?
[h=2]Damn Vulnerable Web Application (DVWA)[/h]
DVWA - Damn Vulnerable Web ApplicationI'm just doing my job, nothing personal, sorry
xx+ certs...and I'm not counting anymore -
somerbrown Registered Users Posts: 2 ■□□□□□□□□□Congrats! I test tomorrow and have watching videos and take practice exams and going over my weak areas. I'm having trouble with the SLE and ALE formulas. Any advice you can offer will be great!
-
somerbrown Registered Users Posts: 2 ■□□□□□□□□□Bummed....I want to take it in another week but feeling discouraged!
-
bjpeter Member Posts: 198 ■■■□□□□□□□somerbrown wrote: »Bummed....I want to take it in another week but feeling discouraged!
Don't be discouraged! Study hard, and you'll make it next time.2021 Goals (2): SSCP, eCPPT
Achieved (27): Certified Associate in Python Programming, Microsoft Certified: Azure Fundamentals, PenTest+, Project+, CySA+, Flutter Certified Application Developer, OCP Java EE 7 Application Developer, CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP+, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science -
CWalker76 Registered Users Posts: 2 ■□□□□□□□□□How did you get through the simulations, I had 10 also, and the SQL, and network placement of devices got me (75K).
-
apisky4 Member Posts: 23 ■□□□□□□□□□How many areas of review did you have listed? I failed and am trying to determine how close I am to passing.
-
clarkincnet Member Posts: 256 ■■■□□□□□□□Congrats BTW! Good job passing!Give a hacker an exploit, and they will have access for a day, BUT teach them to phish, and they will have access for the rest of their lives!
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F -
angrypirate247 Registered Users Posts: 2 ■□□□□□□□□□are you counting the drag and drops as simulations?
-
elmance123 Registered Users Posts: 1 ■□□□□□□□□□I took CASP last year and failed , but I took courses on CEH and found that the lessons in there would have helped ton before I took the CASP. Cybrary has a good collection of videos on the attack types on systems and on how to defend against them.
Also, the multiple choice questions are pretty long, like almost short story long. It's a draining test. -
Igetitgirl Member Posts: 11 ■□□□□□□□□□If you don't have hands on experience, I recommend you study network design diagrams and attacks types simultaneously. What I mean is you must understand what security control device covers in the form of vulnerabilities on the network. You need to know if the device is deployed inline or on the boundaries of the network. Does the device work on the network, on the the host, or on both. For example, you can deploy a firewall on the network or on a host based firewall (HBSS). If I give you a network diagram with a DMZ that has a web server and an email server and you only have one firewall on your network and that is placed in front of a switch for traffic coming in from the internet and you do not have any other security controls in the DMZ or anywhere else on the network and I give you a choice of a WAF, AV Server, a Patch Server, NIDS/NIPs, FW, or and IDS, which one of these devices would you choose to add and where you place it as a security measure to cover common attacks such as XXS and SQL injection? You only get one choice of device because of budget.
-
Igetitgirl Member Posts: 11 ■□□□□□□□□□Technique for long questions is go to the last 2 sentences. That is usually where the question is at on 9 out of 10 questions. That technique works for most exams