+ Reply to Thread
Results 1 to 6 of 6
  1. Junior Member
    Join Date
    Jun 2017
    Posts
    10

    Certifications
    Net+, Sec+, CSA+
    #1

    Default How much log analysis is there on the CSA+?

    I'm 3/4 done with the Wiley CSA+ book and I noticed that only the last chapter is about log analysis. For those of who you have taken the CSA+, how much log analysis is there? Should I spend a decent amount of time in wireshark, snort, and other tools before trying to take this test?
    Reply With Quote Quote  

  2. SS -->
  3. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #2
    I have not looked at the CSA+, but "log analysis" is about interpreting the events written to log files and sent to log collection system via the syslog protocol. Logs are created by firewalls, proxy servers, Web servers, DNS servers, IDS/IPS, operating systems, etc. A SIEM is a typical tool used to analyze logs, not Wireshark and Snort, which both do packet analysis.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  4. Tecnomancer trojin's Avatar
    Join Date
    May 2013
    Location
    Ireland
    Posts
    104

    Certifications
    A+,S/S/S+,N+, CASP,CSA+,CCNA R/S & Sec & Cyber OPS, SSCP,EMC NetWorker Specialist,SNIA SCSE,Prince 2,EITCA-IS,F5 BIG-IP CA, Intel Sec NSP
    #3
    Quote Originally Posted by TwoJ View Post
    I'm 3/4 done with the Wiley CSA+ book and I noticed that only the last chapter is about log analysis. For those of who you have taken the CSA+, how much log analysis is there? Should I spend a decent amount of time in wireshark, snort, and other tools before trying to take this test?
    I did beta exam last year. At least 1/3 questions was related to logs
    Good horse is expensive... A Trojan horse even more
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Jun 2017
    Posts
    10

    Certifications
    Net+, Sec+, CSA+
    #4
    Quote Originally Posted by JDMurray View Post
    I have not looked at the CSA+, but "log analysis" is about interpreting the events written to log files and sent to log collection system via the syslog protocol. Logs are created by firewalls, proxy servers, Web servers, DNS servers, IDS/IPS, operating systems, etc. A SIEM is a typical tool used to analyze logs, not Wireshark and Snort, which both do packet analysis.
    I feel like a noob now, but thanks for clearing that up.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Jun 2017
    Posts
    10

    Certifications
    Net+, Sec+, CSA+
    #5
    Quote Originally Posted by trojin View Post
    I did beta exam last year. At least 1/3 questions was related to logs
    that's very interesting, you're experience defintely conflicts with what I've read from another poster on another forum. He claimed there he only got 3-5 questions on logs/packet analysis and even made the claim that if you've taken the Sec+ you should be able to pass the CSA+ with minimal study
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jan 2013
    Posts
    220

    Certifications
    CSA+, CWTS, Storage+, Sec+, A+, N+, Mobility+, MCP, etc.
    #6
    I took the CSA+ beta last Summer. While there is no doubt that having studied for Security+ will probably enhance one's chances of studying "less" for CSA+ - and when I say "less" I mean "less than someone who has never studied for, nor taken, Security+ - I would not be so bold to say that CSA+ requires "minimal" study if you have Security+. CSA+ does cover some redundant information, as Network+ covers some info you already covered if you took A+ prior, or Security+ covers information that was also covered in A+ and Network+. There is generally overlap in CompTIA exams to some degree.

    Still, CSA+ stands on it's own. Someone could study for it, and not take Sec+, but CSA+ will build on a lot of the information. To me, if you are studying for CSA+ and pass it, and don't have Sec+, I'd say for Sec+ you could then minimally study, having done the work for CSA+.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks