CSA+ No walk in the park.

I have been reading the recent post pertaining to the new CSA+ exam, well I studied consistently for 1.5 weeks using McMillan's book and CEH material. Banking off my previous success with SSCP so I kept going from one exam to the next. I had already been familiar with many of the tools NMAP,NESSUS,SIEM and Wirehark. So I know what the logs look like. However that wasn't enough and I did not perform well on the exam. The exam was not overly difficult and i kinda liked the simulations they used. But the overall issues i had were.

1) I have been an analyst for many years prior, the analyst do not have instant access to firewall or router logs, that is more on the engineering side. (Those question, IMO, are out of scope and should be more suited for CASP)

2) Not all of the questions were straight forward and left room for debate for more than one answer.

3) Make sure you find a suitable Testing facility of decent quality (space,AC.....)

Find more posts tagged with

Comments

ITSec14

I hate how vague some questions and answers can be. There isn't much material out there to study for the CSA+ either.

shochan

Definitely leave feedback about the testing facilities, this is unacceptable. Having a crapshoot testing spot is one of my peeves and actually quit going to a local testing place because of the outdated pc's and their lockers for my personal valuables was an old broken lock file cabinet. I left some awful feedback and hopefully they have since replaced or updated their stuff, but that is probably doubtful.

Danielm7

mrvl13 wrote: »

1) I have been an analyst for many years prior, the analyst do not have instant access to firewall or router logs, that is more on the engineering side. (Those question, IMO, are out of scope and should be more suited for CASP)

Aren't the logs sent to a SIEM and you can pull them there?

Good feedback but this should probably be moved to general security certs forum vs the ISC2 forum.

bigdogz

MODS: Please place this in the CompTia Forum.

shochan

MODS: Please create a CSA+ forum

mrvl13

"Aren't the logs sent to a SIEM and you can pull them there? "

That is true on many occasions, however the screen shots they used are directly from the router and firewall logs and not SIEM. Besides when the SIEM logs are centrally aggregated and correlated they are some times sent via Syslog, which will change the format of what the logs will look like once it hits the connector (ArcSight) or Forwarder (Splunk). Also the reason I posted this here is because there were a few others that had taken the SSCP test and were considering CSA+ as the next Cert.