cochi78cochi78 Member Posts: 72 ■■■□□□□□□□
Hi there,

this is a pretty basic exam but I though I might as well share my experience for those interested. The CSX series by ISACA is pretty unknown, I learned about it when I read about their CSX Practitioner exam by coincidence.

The most basic one in the series is CSX Fundamentals, which tests on the general understanding of roles within security, relationships between the technical topics and business strategy / continuity as well as definitions and terms.

For getting an exam, you can purchase either the exam itself, the study guide or some bundles on the ISACA site. I decided to go with the Study Guide as PDF + exam voucher for $205. The book itself is a pretty neat, structured intro into the security field with about 200 pages. It really starts with the roles in a business and goes on over TCP/IP basics, firewalls, IDS, DLP, WiFi and so on. Most definitions I agree with and could not spot anything too weird in the book.

The exam itself is remotely proctored via PSI, which seems to become the standard provider nowadays. You log into the ISACA site, click on Exam and get redirected to the PSI site where you can schedule for a specific day + time. That process is pretty painless. You take the same route when the day arrives (with a few minutes to spare) and then you go through the usual hoops of panning the webcam, showing your ID, checking if any strange programs are running on your PC (I got a proctoring PC as a clean installation to avoid surprises).

Within the exam, there are 75 questions that you have to answer within 120 minutes. The official pass mark is set at comfortable 65%. I had no scenario-type questions but only short ones asking for roles, technical definitions etc. In most cases, the 50:50 approach helps you along, as two answers are clearly wrong. It helps to read the question with a bit of concentration though, to not exclude the wrong ones ;)

A few of those questions, I'd say 7-8, were strangely worded or even felt off (read: wrong) so I had to think about what they likely wanted to hear. Some questions (3-4) even went into asking how many items are within a specific process described in the guide or which class some attack was in a described US framework. I regard questions like that as rather bad style, but that might be just my opinion. It feels a bit like those questions on other exams where order of arguments is asked, etc.

With my preexisting knowledge I went through the exam in under 20 minutes, passing with 78%. Not perfect, but thank god I always had the "a pass is a pass" attitude ;)

For someone without any existing security certifications, I'd say the exam is a good fit. The study guide should really be used then and is well-structured. Some questions in the exam are even word-by-word transcriptions from the guide. With the knowledge contained in the guide, beginners should well prepared for any higher certifications. I guess, the CompTIA exams might be more well-known that this ISACA program - so it probably depends a bit on the region you're in. Security+ was definitively much harder and probably will have better reputation in comparison.

Now, I gotta decide if I want to try the CSX-Practitioner next week before the Beta is over. That one's a purely lab-based exam though... Any reports on that one yet? :)

Hope this post is interesting to some.


Sign In or Register to comment.