Passed Today

j2theboogyj2theboogy Member Posts: 6 ■□□□□□□□□□
I passed today...77 questions...9 or 10 simulations.

I've been lurking on this forum for a while and I have to say the opinions on the difficulty of this certificate are absolutely true. I genuinely feel that I would not have passed if I had not been working in the security field for the last six years. There is no easy question on the CASP. Everything is practical. You don't need to know what SAML is, you need to know how and when it's implemented. You don't need to define a WAF, you need to know when it's applicable to use and where to put it in a network. The questions are wordy, and you're usually asked for the BEST or MOST <something> answer.

My recommendation to those who are planning on studying is to read through the study guide (I used Pearson Vue) and then google "<term> real-life example". Watch as many videos that show implementation as you can. If you don't do this work in your career that's the only way you'll get the exposure needed to pass the test.

I'm starting a new contract with an employer that was forcing me to get 8570 IAM Level 2 so I tested for this in a little over a month. I initially thought I would have six months but they kept pressuring me to move up my time table. I think I'm finally going to take a few weeks off and then study for the RHCSA. I've always felt deficient in Linux and it's the first cert in a long time that I've wanted to get on my own and am interested. I'd be willing to answer any questions you guys have. Thanks.

Comments

  • apisky4apisky4 Member Posts: 23 ■□□□□□□□□□
    I'm having trouble identifying Buffer Overflow attacks
    XSS
    CSRF
    Smurf
    Where did you go to locate real world examples of these?
  • j2theboogyj2theboogy Member Posts: 6 ■□□□□□□□□□
    My avenue of choice was Youtube. Search for "XSS examples" or "CSRF examples". It's really that simple and watch a few different videos. Hope that helps. Good luck!
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    apisky4 wrote: »
    I'm having trouble identifying Buffer Overflow attacks
    XSS
    CSRF
    Smurf
    Where did you go to locate real world examples of these?

    SkillSoft has a pretty good examples of this on the CASP training - under Applications Vulnerabilities & Security Controls - IF you have access to this.
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
  • trojintrojin Member Posts: 275 ■■■■□□□□□□
    apisky4 wrote: »
    I'm having trouble identifying Buffer Overflow attacks
    XSS
    CSRF
    Smurf
    Where did you go to locate real world examples of these?

    [h=2]Damn Vulnerable Web Application (DVWA)[/h]
    DVWA - Damn Vulnerable Web Application
    I'm just doing my job, nothing personal, sorry

    xx+ certs...and I'm not counting anymore


  • somerbrownsomerbrown Registered Users Posts: 2 ■□□□□□□□□□
    Congrats! I test tomorrow and have watching videos and take practice exams and going over my weak areas. I'm having trouble with the SLE and ALE formulas. Any advice you can offer will be great!
  • somerbrownsomerbrown Registered Users Posts: 2 ■□□□□□□□□□
    Bummed....I want to take it in another week but feeling discouraged!icon_sad.gif
  • bjpeterbjpeter Member Posts: 198 ■■■□□□□□□□
    somerbrown wrote: »
    Bummed....I want to take it in another week but feeling discouraged!icon_sad.gif

    Don't be discouraged! Study hard, and you'll make it next time.
    2021 Goals (2): SSCP, eCPPT
    Achieved (27): Certified Associate in Python Programming, Microsoft Certified: Azure Fundamentals, PenTest+, Project+, CySA+, Flutter Certified Application Developer, OCP Java EE 7 Application Developer, CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP+, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
  • CWalker76CWalker76 Registered Users Posts: 2 ■□□□□□□□□□
    How did you get through the simulations, I had 10 also, and the SQL, and network placement of devices got me (75K).
  • apisky4apisky4 Member Posts: 23 ■□□□□□□□□□
    How many areas of review did you have listed? I failed and am trying to determine how close I am to passing.
  • clarkincnetclarkincnet Member Posts: 256 ■■■□□□□□□□
    Congrats BTW! Good job passing!
    Give a hacker an exploit, and they will have access for a day, BUT teach them to phish, and they will have access for the rest of their lives!

    Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
  • angrypirate247angrypirate247 Registered Users Posts: 2 ■□□□□□□□□□
    are you counting the drag and drops as simulations?
  • elmance123elmance123 Registered Users Posts: 1 ■□□□□□□□□□
    I took CASP last year and failed icon_sad.gif, but I took courses on CEH and found that the lessons in there would have helped ton before I took the CASP. Cybrary has a good collection of videos on the attack types on systems and on how to defend against them.

    Also, the multiple choice questions are pretty long, like almost short story long. It's a draining test.
  • IgetitgirlIgetitgirl Member Posts: 11 ■□□□□□□□□□
    If you don't have hands on experience, I recommend you study network design diagrams and attacks types simultaneously. What I mean is you must understand what security control device covers in the form of vulnerabilities on the network. You need to know if the device is deployed inline or on the boundaries of the network. Does the device work on the network, on the the host, or on both. For example, you can deploy a firewall on the network or on a host based firewall (HBSS). If I give you a network diagram with a DMZ that has a web server and an email server and you only have one firewall on your network and that is placed in front of a switch for traffic coming in from the internet and you do not have any other security controls in the DMZ or anywhere else on the network and I give you a choice of a WAF, AV Server, a Patch Server, NIDS/NIPs, FW, or and IDS, which one of these devices would you choose to add and where you place it as a security measure to cover common attacks such as XXS and SQL injection? You only get one choice of device because of budget.
  • IgetitgirlIgetitgirl Member Posts: 11 ■□□□□□□□□□
    Technique for long questions is go to the last 2 sentences. That is usually where the question is at on 9 out of 10 questions. That technique works for most exams
  • IgetitgirlIgetitgirl Member Posts: 11 ■□□□□□□□□□
    Anything that is not multiple choice is simulation.
Sign In or Register to comment.