Ready to Start Your Career?
December 26, 2016
CompTIA's New Cybersecurity Analyst (CSA+) Certification
December 26, 2016
In August I had the opportunity to take the CompTIA Cybersecurity Analyst+ (CompTIA CSA+) beta certification exam. CompTIA intends this to be a new vendor-neutral certification path between CompTIA's Security+ and the CompTIA Advanced Security Practitioner (CASP). Similar to other CompTIA exams, this exam consists of both multiple choice and performance-based questions. My exam had a total of 103 questions and 5 of the questions were performance based. The total test time allotted for the beta exam was 165 minutes. CompTIA plans to release the final exam on February 15, 2017, so the makeup may be slightly altered when the exam is released to the public.The performance based questions rely on the test taker's ability to analyze snippets of log files and using that information to determine what is occurring within the network or with an external source. You could be faced with questions to review a scan and answer the questions (e.g. determine false positives and scan type), review network traffic/workstation/server logs to determine the host containing malware and the infected process. These are more detailed than the CompTIA Security+ performance based questions so prepare yourself and budget your time.The multiple choice questions have the typical CompTIA wording flavor. The questions are to the point but remember to look for the specific keywords that are essential to answering the with the best answer. The multiple choice questions included but limited to Incident Response Management, Security Information and Event Management (SIEM), choose the correct open source tool invocation to perform a task, identify what has occurred based on a snippet of network traffic. The tools in the exam and log files are based on common open source software tools available to security analysts. CompTIA's examples from their website include:
- Open Source Software Description URL
- Bro and/or Snort
- AlienVault Open Source SIEM (OSSIM) with Open Threat Exchange [OTX])