Options

CSA+ No walk in the park.

mrvl13mrvl13 Member Posts: 46 ■■■□□□□□□□
in CISSP
I have been reading the recent post pertaining to the new CSA+ exam, well I studied consistently for 1.5 weeks using McMillan's book and CEH material. Banking off my previous success with SSCP so I kept going from one exam to the next. I had already been familiar with many of the tools NMAP,NESSUS,SIEM and Wirehark. So I know what the logs look like. However that wasn't enough and I did not perform well on the exam. The exam was not overly difficult and i kinda liked the simulations they used. But the overall issues i had were.

1) I have been an analyst for many years prior, the analyst do not have instant access to firewall or router logs, that is more on the engineering side. (Those question, IMO, are out of scope and should be more suited for CASP)

2) Not all of the questions were straight forward and left room for debate for more than one answer.

3) Make sure you find a suitable Testing facility of decent quality (space,AC.....)
· Share on FacebookShare on Twitter

Comments

  • Options
    ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    I hate how vague some questions and answers can be. There isn't much material out there to study for the CSA+ either.
    · Share on FacebookShare on Twitter
  • Options
    shochanshochan Member Posts: 1,004 ■■■■■■■■□□
    Definitely leave feedback about the testing facilities, this is unacceptable. Having a crapshoot testing spot is one of my peeves and actually quit going to a local testing place because of the outdated pc's and their lockers for my personal valuables was an old broken lock file cabinet. I left some awful feedback and hopefully they have since replaced or updated their stuff, but that is probably doubtful.
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
    · Share on FacebookShare on Twitter
  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    mrvl13 wrote: »
    1) I have been an analyst for many years prior, the analyst do not have instant access to firewall or router logs, that is more on the engineering side. (Those question, IMO, are out of scope and should be more suited for CASP)
    Aren't the logs sent to a SIEM and you can pull them there?

    Good feedback but this should probably be moved to general security certs forum vs the ISC2 forum.
    · Share on FacebookShare on Twitter
  • Options
    bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    MODS: Please place this in the CompTia Forum.
    · Share on FacebookShare on Twitter
  • Options
    shochanshochan Member Posts: 1,004 ■■■■■■■■□□
    MODS: Please create a CSA+ forum
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
    · Share on FacebookShare on Twitter
  • Options
    mrvl13mrvl13 Member Posts: 46 ■■■□□□□□□□
    "Aren't the logs sent to a SIEM and you can pull them there? "

    That is true on many occasions, however the screen shots they used are directly from the router and firewall logs and not SIEM. Besides when the SIEM logs are centrally aggregated and correlated they are some times sent via Syslog, which will change the format of what the logs will look like once it hits the connector (ArcSight) or Forwarder (Splunk). Also the reason I posted this here is because there were a few others that had taken the SSCP test and were considering CSA+ as the next Cert.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.