Passed Today

j2theboogy

I passed today...77 questions...9 or 10 simulations.

I've been lurking on this forum for a while and I have to say the opinions on the difficulty of this certificate are absolutely true. I genuinely feel that I would not have passed if I had not been working in the security field for the last six years. There is no easy question on the CASP. Everything is practical. You don't need to know what SAML is, you need to know how and when it's implemented. You don't need to define a WAF, you need to know when it's applicable to use and where to put it in a network. The questions are wordy, and you're usually asked for the BEST or MOST <something> answer.

My recommendation to those who are planning on studying is to read through the study guide (I used Pearson Vue) and then google "<term> real-life example". Watch as many videos that show implementation as you can. If you don't do this work in your career that's the only way you'll get the exposure needed to pass the test.

I'm starting a new contract with an employer that was forcing me to get 8570 IAM Level 2 so I tested for this in a little over a month. I initially thought I would have six months but they kept pressuring me to move up my time table. I think I'm finally going to take a few weeks off and then study for the RHCSA. I've always felt deficient in Linux and it's the first cert in a long time that I've wanted to get on my own and am interested. I'd be willing to answer any questions you guys have. Thanks.

apisky4

I'm having trouble identifying Buffer Overflow attacks
XSS
CSRF
Smurf
Where did you go to locate real world examples of these?

j2theboogy

My avenue of choice was Youtube. Search for "XSS examples" or "CSRF examples". It's really that simple and watch a few different videos. Hope that helps. Good luck!

shochan

apisky4 wrote: »

I'm having trouble identifying Buffer Overflow attacks
XSS
CSRF
Smurf
Where did you go to locate real world examples of these?

SkillSoft has a pretty good examples of this on the CASP training - under Applications Vulnerabilities & Security Controls - IF you have access to this.

DAVIS NGUYEN

Congrats!

trojin

apisky4 wrote: »

I'm having trouble identifying Buffer Overflow attacks
XSS
CSRF
Smurf
Where did you go to locate real world examples of these?

[h=2]Damn Vulnerable Web Application (DVWA)[/h]
DVWA - Damn Vulnerable Web Application

somerbrown

Congrats! I test tomorrow and have watching videos and take practice exams and going over my weak areas. I'm having trouble with the SLE and ALE formulas. Any advice you can offer will be great!

somerbrown

Bummed....I want to take it in another week but feeling discouraged!

bjpeter

somerbrown wrote: »

Bummed....I want to take it in another week but feeling discouraged!

Don't be discouraged! Study hard, and you'll make it next time.

CWalker76

How did you get through the simulations, I had 10 also, and the SQL, and network placement of devices got me (75K).

apisky4

How many areas of review did you have listed? I failed and am trying to determine how close I am to passing.

clarkincnet

Congrats BTW! Good job passing!

angrypirate247

are you counting the drag and drops as simulations?

elmance123

I took CASP last year and failed , but I took courses on CEH and found that the lessons in there would have helped ton before I took the CASP. Cybrary has a good collection of videos on the attack types on systems and on how to defend against them.

Also, the multiple choice questions are pretty long, like almost short story long. It's a draining test.

Igetitgirl

If you don't have hands on experience, I recommend you study network design diagrams and attacks types simultaneously. What I mean is you must understand what security control device covers in the form of vulnerabilities on the network. You need to know if the device is deployed inline or on the boundaries of the network. Does the device work on the network, on the the host, or on both. For example, you can deploy a firewall on the network or on a host based firewall (HBSS). If I give you a network diagram with a DMZ that has a web server and an email server and you only have one firewall on your network and that is placed in front of a switch for traffic coming in from the internet and you do not have any other security controls in the DMZ or anywhere else on the network and I give you a choice of a WAF, AV Server, a Patch Server, NIDS/NIPs, FW, or and IDS, which one of these devices would you choose to add and where you place it as a security measure to cover common attacks such as XXS and SQL injection? You only get one choice of device because of budget.

Igetitgirl

Technique for long questions is go to the last 2 sentences. That is usually where the question is at on 9 out of 10 questions. That technique works for most exams

Igetitgirl

Anything that is not multiple choice is simulation.