I took my CSA+ exam this passed weekend and got a 604/900. I had lots of simulations on how to hunt down the threat and how to mitigate them. Anyone know where I can find training on how to do that? None of the practice labs had any of that material.
Need CSA+ help
The CSA+ exam is a highly practice oriented skills based exam. It assumes knowledge of Security+. There are no labs for it yet because it requires quite controlled environment for a lab but it's probably coming soon. I suggest you also check out our CCNA CyberOps shows to help out as well.
Just to verify, both 210-250 and 210-255? I do not see any labs with either of those. I love labs because he helps cement things in my brain better.
If the CCNA CyberOps had labs, it would be nice if those could also be cross attached to the CSA+ labs so people like me, who are trying to advance their career, can have everything in one spot.
Those labs may be in the future for our partner but right now a few have the content itself. The material there is where we do cover techniques and tools used for someone working in a SOC as an entry level analyst. We show what to look for and how to use the tools to spot the security elements you were mentioning.
Using virtual machines, you can build the environment, and many of the tools, not all are open source and therefore free for you to build on your own to do practice.
I also failed to mention, you could also take a look at CEH and some of our other security related courses that have many of the same tools you should be familiar with too. This will provide you with exposure and the ability to build your own lab environment as well.
Maybe it was just me, but I watched all the SecOps videos and didn't find a lot of stuff I could use in the CSA+ for the simulation questions I had. I'm working my way through CompTIA CSA+ Study Guide: Exam CS0-001 1st Edition and having the same issue. I have about 100 pages left of that book. Will the other books mentioned in by Wes-Bryan going to be of any help? I have generally found most other books to be pretty similar.
I'm not sure what it is that you're missing. The content and skills in those shows, CSA+ and Cisco SecOps are hands on material on how produce, see & read output from real tools and equipment. I'm sorry you didn't find it helpful for preparation. Please let us know you're missing to prep for the CompTIA CSA+. I'm not sure there is much in terms of direct help for the exam but we can try answer questions here.
As far as Wes's suggestions, these are materials, like ours, based on the exam objectives and interpreted by the author and what he/she believe should be helpful. I've not read them,
I will say professional IT certification today are different than they used to be. Most of these now require more than knowledge based answers and require experience with and interfacing with current technology that will only be available if you've actually interacted (used) with that type tool and experienced it's output.
So, post away with questions, we have many experienced members that may jump in to help or the hosts will answer with their experience.
One thing that would greatly benefit me, and I'm sure others, would be lots of examples for digging through logs. From what I've read on a few test forums (and before anyone thinks so, no, not for the answers, especially since having the answers doesn't prepare you for digging for threats in logs in the real world, you really need to know how to do it and not just to pass the test), they've said they had quite a few simulations to figure out where the threat was coming from, or how to mitigate a threat, etc, etc, (think SOC Analyst, hence why this cyber security analyst cert title). I would love to see more examples like what the National Cyber League does for their two (Fall and Spring) sessions. This would greatly benefit me and I'm sure many others who want to further their careers.
I just called CompTIA and they said there doesn't seem to be any information out there to learn the simulations. This is a huge disservice to people who want to advance their careers but cannot get the needed training to do it. Anyone can read a book to learn the topics, but when there are simulations that exist on the test, but you can't learn it on your own, there is no way to advance your career.
I really hope you guys create this information because I really want to move up in my career.
CompTIA is a vendor neutral certification organization. They do not test on any specific equipment configuration as much as the most generic material or the most commonly used in the industry.
Simulators must be licensed from the vendor because they own the technology. CompTIA doesn't make the equipment that you'll use as an SOC analyst.. You're likely to encounter technology from multiple vendors depending the shop you work. Each will vary in configuration and technology but not so much in implementation based on business case. CompTIA will not even tell you which vendor you'll be tested on because that is the point of being vendor neutral. The goal is not familiarity with a particular vendor's technology but in general terms the concepts, business scenarios, relatively common needed technology and knowledge needed.
The advancement of your career through vendor neutral certification means that you will be tested on concepts and general technologies that are common between them all. So the questioning, though not necessarily easy, will be more generalized rather than making sure you can identify a specific configuration.
Throughout our library, there are shows that give you specific examples of technologies in use. I've already mentioned some of them in a previous post. You can also check out the CEHv9 show that shows the basic tools used by hackers and how Ethical Hackers use them.
If you head to the CompTIA website, you'll find:
and specifically for the CSA+ https://certification.comptia.org/it-career-news/post/view/2017/03/27/comptia-csa-your-questions-answered
Which does tell you specifically the minimum technology to be familiar with before going into the exam.
We have Wireshark show and in the Cisco CyberSecurity show we demonstrated the use of Wireshark and Bro together along with Cisco Specific SOC devices. There is more coming in our library in the future. I cannot guarantee a timeline on when they will be recorded.
First time caller.. blah blah blah....
I just passed the CSA+ today. I did the videos, an sims through itprotv, and also did hacking lab exercises. I've done service desk work for over 5 years, am at a level 4 now, the lead, but I have NO experience with anything related to work for SIEM or vuln testing, looking over logs, and or going through protocol analyzers. But learning, building, and testing on my own network against other computers and or other VM's really helped me out. As you can see below, all the certs I've done are off working at home, building different labs, learning, messing up, learning more. If I can help anyway let me know.
- CompTia CSA+ Study Guide by Sybex
- CSA+ All in One Exam Book
- itpro.tv videos and sims
Previous Certs I took before this All 2.5 years or more
- Security +
- Network +
- Cloud +
- 3 various Microsoft certs