Woohoo! 🥳 I just registered for this (taking on the last day available 1/9/2020.. lol) so we'll see how this goes. This is one I wanted to have under my belt eventually, and you can't beat that price!
I'm assuming I should probably study the current test plus the new domains as much as possible? I know this probably isn't meant for new takers, but I do better under pressure anyways. 🤷♂️
Just got back from it. It's one that requires some thinking (ports, source/destination, data types, etc.) as well as thinking about the various situations. Some questions have a word in there that can change an answer. I loved the simulations and am very sure I nailed every one of those. Many of them aren't just a "What's this?" and you have a-d. It's much more applied knowledge, which I like.
All in all, it was a great test. I feel that it really encompasses what it's aimed for and for a Cybersecurity Analyst role. I think I did well on it.
I just took the CySA+ beta too. I took a little under two hours. (You are given 190 minutes to complete 95 exam items.) This exam is just about what I did as a SOC analyst in a very large corporation and what the security analysts I manage do now.
The sims were first and they were fun and familiar to people who troubleshoot networks using tools and logs. There were also a lot of exam items about how business and security operations decisions are made. It's really good to see these types of items. I'm still pondering how someone would study for (or teach) for these types of process scenarios.
A lot of exam item stems were very long and somewhat tedious to read just to find the bits of information needed to select the correct answer option. I wasn't happy with the vague wording of some items and felt some didn't have enough detail for me to confidently select the correct answer. Anyway, I had fun with the first 50 or so and the last 20 or so were just a blur.
Know the native Windows and Linux tools used for network recon, troubleshooting, and working with log files.
Know how to read the output from these tools including a few very popular 3rd-party tools listed in the objectives.
Know all the standards, frameworks, and procedures (for Incident Response, Digital Forensics, Vulnerability Management, etc.) listed in the objectives too.
As someone else already said, "Just learn all the stuff in the exam objectives and you'll do fine."
Agreed. Some of the wording was confusing and a little difficult to know what they were asking for. I loved the Sims. Very relevant to the role of a Security Analyst.
Took it today, the sims were a lot of fun. Some questions regarding incident response I felt like there wasn't a "right" answer. It took me a little over 2 hours, but I took my time and was just taking it for fun.
I just took the CySA+ beta too. I took a little under two hours. (You are given 190 minutes to complete 95 exam items.) This exam is just about what I did as a SOC analyst in a very large corporation and what the security analysts I manage do now.
Many folks here often provide very useful information and support, but you are just about always a shining beacon JDMurray
I'm still pondering how someone would study for (or teach) for these types of process scenarios.
The reason is probably what I also said about PenTest+: it relies upon you actually having done this particular job for a while. It's not just down to studying, it's down to experience. Soooo I'm doubtful that I'll actually pass the test, because I've never done security incident response Lots of security stuff, but not this.
EDIT: Looking at the objectives, it reminds me a lot of the CFR-310 beta I took a year ago. I managed to snag that one, so maybe there's hope for me On the other hand, I did just get an email a few weeks ago saying that CFR-310 had kind of lost its accreditation.
I've never known anyone who has a CertNexus certification or an employer or contract that required one. Their CFR-310 page shows the cert being certified ISO/IEC 27014. CFR is also on the DoDD 8570 list. The CFR cert has only been out one year too.
I've never known anyone who has a CertNexus certification or an employer or contract that required one. Their CFR-310 page shows the cert being certified ISO/IEC 27014. CFR is also on the DoDD 8570 list. The CFR cert has only been out one year too.
I took the beta-exam for sh*ts and giggles, because I really enjoyed the PenTest+ beta-exam. So... It wasn't a great experience, the exam was "myeh". But I enjoy betas, for fun and the challenge.
Anyway, I received an email from CertNexus a few weeks ago, which included the following:
As part of an effort to make taking our certifications easier for our customers, CertNexus delivered the beta exam and several live exams via an online proctored platform, called Examity. Unfortunately, this delivery method did not meet ANSI’s requirements under the standard, and any examination that was taken through Examity will not be acknowledged by ANSI as an accredited certification.
What does this mean for me?
Your CyberSec First Responder (CFR) certification is no longer valid as an accredited certification—though it is valid as a non-accredited certification.
Was told that current CFR-310 holders could take the newly accredited CFR-310 (and a retake) for no additional cost. Passed that Beta, but ended up skipping the Pentest+ as I had no pentesting experience. Taking CySA+ Beta Saturday.
TLDR: It's a solid exam, with challenging questions that manages to test for real experience and insights. I enjoyed most of the PBQs and didn't find any of the questions frustrating (except for one whose wording I found overly complicated).
Took the beta Saturday and agree 100% with the TLDR assessment. My experience was much more enjoyable than my CS01-001 attempt. Not sure if I passed, but will study for this when the material is available.
The "simulations" have you go over different sets of data and entering your interpretation into multiple fields. There's no guessing, you have to come to specific conclusions and type out your answers.
Maybe you were joking and I'm taking you too literally
The "simulations" have you go over different sets of data and entering your interpretation into multiple fields. There's no guessing, you have to come to specific conclusions and type out your answers.
Maybe you were joking and I'm taking you too literally
1/9/2020 was the last day to take the CySA+ beta exam. I know two people who did on the last day and they both said they had four sims as well. Of course, this fun fact has no bearing on the content of the actual CySA+ 002 exam.
What did you think about it @bigdogz? I thought there'd be more simulation.I got only 4.
I only had one. It was a little more involved but it was rather easy. I felt myself looking a little deeper for the answer when it was a simple solution. I solved this by looking at the question, the answers, and the scenario. I found it easier to answer the questions correctly with more focus.
I had to fill out a survey that was approximately 15 minutes which I thought was rather lengthy. At times I thought that was tougher than the exam LOL!!!
yeah, I took cysa+ beta on 9th...I had 4-5 pbq's on mine, they were a whole lot better than pbq's on CS0-001 exam...I actually felt like I passed the beta, but who knows, we shall see sometime in April.
Comments
I just registered for this (taking on the last day available 1/9/2020.. lol) so we'll see how this goes.
This is one I wanted to have under my belt eventually, and you can't beat that price!
I'm assuming I should probably study the current test plus the new domains as much as possible?
I know this probably isn't meant for new takers, but I do better under pressure anyways. 🤷♂️
2021 Goals: Sec+ SY0-601, AAS (Cybersecurity Specialization)
2022 Goals: CISSP
All in all, it was a great test. I feel that it really encompasses what it's aimed for and for a Cybersecurity Analyst role. I think I did well on it.
The sims were first and they were fun and familiar to people who troubleshoot networks using tools and logs. There were also a lot of exam items about how business and security operations decisions are made. It's really good to see these types of items. I'm still pondering how someone would study for (or teach) for these types of process scenarios.
A lot of exam item stems were very long and somewhat tedious to read just to find the bits of information needed to select the correct answer option. I wasn't happy with the vague wording of some items and felt some didn't have enough detail for me to confidently select the correct answer. Anyway, I had fun with the first 50 or so and the last 20 or so were just a blur.
Here are some non-NDA-breaking tips:
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Thanks for the information!
Thank you for being consistently awesome.
Whoa, thank you!
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
EDIT: Looking at the objectives, it reminds me a lot of the CFR-310 beta I took a year ago. I managed to snag that one, so maybe there's hope for me
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Anyway, I received an email from CertNexus a few weeks ago, which included the following:
What does this mean for me?
TLDR: It's a solid exam, with challenging questions that manages to test for real experience and insights. I enjoyed most of the PBQs and didn't find any of the questions frustrating (except for one whose wording I found overly complicated).
Thanks for pointing that out. If I have spare time, I could consider re-taking the exam. But it's certainly not anywhere on my priorities list.
The "simulations" have you go over different sets of data and entering your interpretation into multiple fields. There's no guessing, you have to come to specific conclusions and type out your answers.
Maybe you were joking and I'm taking you too literally
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray