How much log analysis is there on the CSA+?

TwoJTwoJ Member Posts: 10 ■□□□□□□□□□
in CySA+
I'm 3/4 done with the Wiley CSA+ book and I noticed that only the last chapter is about log analysis. For those of who you have taken the CSA+, how much log analysis is there? Should I spend a decent amount of time in wireshark, snort, and other tools before trying to take this test?
· Share on FacebookShare on Twitter

Comments

  • JDMurrayJDMurray Admin Posts: 13,094 Admin
    I have not looked at the CSA+, but "log analysis" is about interpreting the events written to log files and sent to log collection system via the syslog protocol. Logs are created by firewalls, proxy servers, Web servers, DNS servers, IDS/IPS, operating systems, etc. A SIEM is a typical tool used to analyze logs, not Wireshark and Snort, which both do packet analysis.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • trojintrojin Member Posts: 275 ■■■■□□□□□□
    TwoJ wrote: »
    I'm 3/4 done with the Wiley CSA+ book and I noticed that only the last chapter is about log analysis. For those of who you have taken the CSA+, how much log analysis is there? Should I spend a decent amount of time in wireshark, snort, and other tools before trying to take this test?

    I did beta exam last year. At least 1/3 questions was related to logs
    I'm just doing my job, nothing personal, sorry

    xx+ certs...and I'm not counting anymore


    · Share on FacebookShare on Twitter
  • TwoJTwoJ Member Posts: 10 ■□□□□□□□□□
    JDMurray wrote: »
    I have not looked at the CSA+, but "log analysis" is about interpreting the events written to log files and sent to log collection system via the syslog protocol. Logs are created by firewalls, proxy servers, Web servers, DNS servers, IDS/IPS, operating systems, etc. A SIEM is a typical tool used to analyze logs, not Wireshark and Snort, which both do packet analysis.

    I feel like a noob now, but thanks for clearing that up.
    · Share on FacebookShare on Twitter
  • TwoJTwoJ Member Posts: 10 ■□□□□□□□□□
    trojin wrote: »
    I did beta exam last year. At least 1/3 questions was related to logs

    that's very interesting, you're experience defintely conflicts with what I've read from another poster on another forum. He claimed there he only got 3-5 questions on logs/packet analysis and even made the claim that if you've taken the Sec+ you should be able to pass the CSA+ with minimal study icon_confused.gif??:
    · Share on FacebookShare on Twitter
  • ThePawofRizzoThePawofRizzo Member Posts: 389 ■■■■□□□□□□
    I took the CSA+ beta last Summer. While there is no doubt that having studied for Security+ will probably enhance one's chances of studying "less" for CSA+ - and when I say "less" I mean "less than someone who has never studied for, nor taken, Security+ - I would not be so bold to say that CSA+ requires "minimal" study if you have Security+. CSA+ does cover some redundant information, as Network+ covers some info you already covered if you took A+ prior, or Security+ covers information that was also covered in A+ and Network+. There is generally overlap in CompTIA exams to some degree.

    Still, CSA+ stands on it's own. Someone could study for it, and not take Sec+, but CSA+ will build on a lot of the information. To me, if you are studying for CSA+ and pass it, and don't have Sec+, I'd say for Sec+ you could then minimally study, having done the work for CSA+.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.