Passed CSA+!

tpasmall

Didn't study a whole lot for it, read about half of the sybex study guide, did the certmetrics stuff, got an 865.

My takes on it:

Lot of log review. If you have a lot of experience looking at various logs (vuln scanners, windows processes, linux processes, event viewer, nmap, etc.), this shouldn't be a terribly hard test.

However, the test had some really poorly worded questions that took a lot of time to figure out what they were asking for. Lots of spelling errors on the labs too.

Overall, the test looks like it was slapped together, but it definitely feels like a much more technical test than the sec+ was.

averageguy72

Congrats!

mauguilar

Congratulations.

Thinking on taking this exam, but is it worth to take it?

tpasmall

I did it to renew my CompTIA certs since they were expiring in December, wouldn't have done it otherwise. But the Sybex book is a pretty good knowledge supplement/study guide regardless.

DAVIS NGUYEN

Congrats!

Esmillo

I am currently studying for this exam and my weak areas seems to be log analyzing and log review. What would you recommend I could do to sharpen this area?

barman

Esmillo wrote: »

I am currently studying for this exam and my weak areas seems to be log analyzing and log review. What would you recommend I could do to sharpen this area?

My tip for the exam (I also passed it, one month ago) regarding the logs is quite simple - if you understand what the logs mean, WHY they show up and WHAT they represent, the template of the log is quite meaningless, so in this case check the syllabus which types of logs you need to understand in advance. That's one the places where you show your experience (IMHO).
If you can "analyze" the log by heart because you did 100 practice labs but you don't understand what it means, you will most likely fail the exam.

Esmillo

barman wrote: »

My tip for the exam (I also passed it, one month ago) regarding the logs is quite simple - if you understand what the logs mean, WHY they show up and WHAT they represent, the template of the log is quite meaningless, so in this case check the syllabus which types of logs you need to understand in advance. That's one the places where you show your experience (IMHO).
If you can "analyze" the log by heart because you did 100 practice labs but you don't understand what it means, you will most likely fail the exam.

So is there some freeware I can use to generate these logs or get like the gts learning labs? I'm trying to find the best way to get hands on the view these logs

barman

Have you seen CSA+'s syllabus? You should look for the logs of the relevant products that appear there.
Use google (both for the relevant products and to learn how and why specific logs are generated).

p@r0tuXus

Esmillo wrote: »

So is there some freeware I can use to generate these logs or get like the gts learning labs? I'm trying to find the best way to get hands on the view these logs

Best links I have aggregated so far. I'm also open to any contributions to my "link list."

https://www.google.com/search?q=analysis+pcaps&ie=utf-8&oe=utf-8

https://www.bro.org/documentation/exercises/index.html

https://www.defcon.org/html/links/dc-ctf.html

https://www.bro.org/current/exercises/incident-response/index.html

http://www.honeynet.org/challenges

http://ossec-docs.readthedocs.io/en/latest/log_samples/

http://forensicscontest.com/

https://github.com/Security-Onion-Solutions/security-onion/wiki/Pcaps

http://www.netresec.com/?page=PcapFiles

http://log-sharing.dreamhosters.com/

https://wiki.wireshark.org/SampleCaptures