How much log analysis is there on the CSA+?

I'm 3/4 done with the Wiley CSA+ book and I noticed that only the last chapter is about log analysis. For those of who you have taken the CSA+, how much log analysis is there? Should I spend a decent amount of time in wireshark, snort, and other tools before trying to take this test?

Find more posts tagged with

Comments

JDMurray

I have not looked at the CSA+, but "log analysis" is about interpreting the events written to log files and sent to log collection system via the syslog protocol. Logs are created by firewalls, proxy servers, Web servers, DNS servers, IDS/IPS, operating systems, etc. A SIEM is a typical tool used to analyze logs, not Wireshark and Snort, which both do packet analysis.

trojin

TwoJ wrote: »

I'm 3/4 done with the Wiley CSA+ book and I noticed that only the last chapter is about log analysis. For those of who you have taken the CSA+, how much log analysis is there? Should I spend a decent amount of time in wireshark, snort, and other tools before trying to take this test?

I did beta exam last year. At least 1/3 questions was related to logs

TwoJ

JDMurray wrote: »

I have not looked at the CSA+, but "log analysis" is about interpreting the events written to log files and sent to log collection system via the syslog protocol. Logs are created by firewalls, proxy servers, Web servers, DNS servers, IDS/IPS, operating systems, etc. A SIEM is a typical tool used to analyze logs, not Wireshark and Snort, which both do packet analysis.

I feel like a noob now, but thanks for clearing that up.

TwoJ

trojin wrote: »

I did beta exam last year. At least 1/3 questions was related to logs

that's very interesting, you're experience defintely conflicts with what I've read from another poster on another forum. He claimed there he only got 3-5 questions on logs/packet analysis and even made the claim that if you've taken the Sec+ you should be able to pass the CSA+ with minimal study

??:

ThePawofRizzo

I took the CSA+ beta last Summer. While there is no doubt that having studied for Security+ will probably enhance one's chances of studying "less" for CSA+ - and when I say "less" I mean "less than someone who has never studied for, nor taken, Security+ - I would not be so bold to say that CSA+ requires "minimal" study if you have Security+. CSA+ does cover some redundant information, as Network+ covers some info you already covered if you took A+ prior, or Security+ covers information that was also covered in A+ and Network+. There is generally overlap in CompTIA exams to some degree.

Still, CSA+ stands on it's own. Someone could study for it, and not take Sec+, but CSA+ will build on a lot of the information. To me, if you are studying for CSA+ and pass it, and don't have Sec+, I'd say for Sec+ you could then minimally study, having done the work for CSA+.