Passed CSA+!
Didn't study a whole lot for it, read about half of the sybex study guide, did the certmetrics stuff, got an 865.
My takes on it:
Lot of log review. If you have a lot of experience looking at various logs (vuln scanners, windows processes, linux processes, event viewer, nmap, etc.), this shouldn't be a terribly hard test.
However, the test had some really poorly worded questions that took a lot of time to figure out what they were asking for. Lots of spelling errors on the labs too.
Overall, the test looks like it was slapped together, but it definitely feels like a much more technical test than the sec+ was.
My takes on it:
Lot of log review. If you have a lot of experience looking at various logs (vuln scanners, windows processes, linux processes, event viewer, nmap, etc.), this shouldn't be a terribly hard test.
However, the test had some really poorly worded questions that took a lot of time to figure out what they were asking for. Lots of spelling errors on the labs too.
Overall, the test looks like it was slapped together, but it definitely feels like a much more technical test than the sec+ was.
Comments
Thinking on taking this exam, but is it worth to take it?
My tip for the exam (I also passed it, one month ago) regarding the logs is quite simple - if you understand what the logs mean, WHY they show up and WHAT they represent, the template of the log is quite meaningless, so in this case check the syllabus which types of logs you need to understand in advance. That's one the places where you show your experience (IMHO).
If you can "analyze" the log by heart because you did 100 practice labs but you don't understand what it means, you will most likely fail the exam.
So is there some freeware I can use to generate these logs or get like the gts learning labs? I'm trying to find the best way to get hands on the view these logs
Use google (both for the relevant products and to learn how and why specific logs are generated).
Best links I have aggregated so far. I'm also open to any contributions to my "link list."
https://www.google.com/search?q=analysis+pcaps&ie=utf-8&oe=utf-8
https://www.bro.org/documentation/exercises/index.html
https://www.defcon.org/html/links/dc-ctf.html
https://www.bro.org/current/exercises/incident-response/index.html
http://www.honeynet.org/challenges
http://ossec-docs.readthedocs.io/en/latest/log_samples/
http://forensicscontest.com/
https://github.com/Security-Onion-Solutions/security-onion/wiki/Pcaps
http://www.netresec.com/?page=PcapFiles
http://log-sharing.dreamhosters.com/
https://wiki.wireshark.org/SampleCaptures
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE