+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 45
  1. Member
    Join Date
    Jul 2010
    Posts
    94

    Certifications
    CISSP, OSCP, GXPN, CSXP, CEHv7, CCNA, CCNA Security, GCED, CCSK, Net+, Sec+, Project+
    #1

    Default ISACA CSX Practitioner Exam Experience

    A few days ago I took and passed the ISACA CSX Practitioner (CSXP) exam. I havenít seen any write-ups on Techexams for this, so I thought Iíd share my experience.

    For those who donít know what the CSXP is, itís a relatively new certification from ISACA that is entirely hands-on. There are no multiple choice questions to answer. You receive a virtual environment with multiple virtual machines and you have various incident response related tasks that need to be completed. This can vary from scanning for hosts on a net block and comparing the output to a list of known good hosts, to using Wireshark to detect malicious activity, and even blocking a malicious host at the firewall. You have 3.5 hours to complete the various tasks and itís no joke.

    To prepare for the exam, you really need to know your stuff. ISACA lists the various tools one should be familiar with at https://cybersecurity.isaca.org/csx-...ification-exam . That said, if you donít have experience with pfSense, Kali, Security Onion (including Snorby/Snort), Wireshark, and Nmap, you will probably have a hard time with the exam. It looks like ISACA also offers training in the form of a one week Bootcamp and other training, but I canít speak to those, as I didnít take them.

    The certification itself is one of the more difficult tests Iíve taken in my career. You canít study for this cert the week before and expect to pass. Passing this certification shows that you can walk the walk. Iíve had the opportunity to interview candidates for info sec jobs in the past 5 years and Iíve seen my share of candidates that look great on paper, but have little to no hands-on skills. You canít braindump this cert. You have to prove your capabilities. Iím not sure Iíd go as far as saying that the CSXP is the OSCP equivalent cert for Incident Response, but itís the closest cert Iíve seen to it. Iíll definitely be putting CSXP preferred in the job postings for my company moving forward.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    881

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #2
    Nice! I've seen ISACA advertise the cert(s) a lot, but never heard of anybody actually going through them. Given this feedback I may add this to my list of suggested certs for my newbies to look into as I prefer the hands-on stuff rather than straight by-the-books knowledge which doesn't get you very far when you sit down and start trying to actually do something.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Nov 2011
    Posts
    814
    #3
    My exam is scheduled for July after I take CISA in June. This is definitely on my to do list. Thanks for sharing. The 3 modules for practice are on their portal as well.

    And to think the Specialist exam isn't out yet and is going to be harder!
    Last edited by Remedymp; 04-30-2016 at 12:15 AM.
    Reply With Quote Quote  

  5. Senior Member Itrimble's Avatar
    Join Date
    Jul 2013
    Location
    Baton Rouge, LA
    Posts
    220

    Certifications
    HP Devices,Cloud+,Server+,A+,N+,Security+,Project+,CIW ID0-610, CIW ID0-520,CIW ID0-635, MCSA Office 365,MCSA 2012, MCTS 70-533 , GSEC, GCIH
    #4
    Where are the 3 practice modules ?
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Nov 2011
    Posts
    814
    #5
    Quote Originally Posted by Itrimble View Post
    Where are the 3 practice modules ?

    Performance practice modules to help you gear up for the exam as the exam is performance based. But, if you've never worked with the tools and applications, it's actually very good to get comfortable with a new job.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Apr 2015
    Posts
    8

    Certifications
    Prince2, CSX-F, eJPT, eNDP, GMON
    #6
    Did you take the 3 lab modules, 500$ each? Or is there any documentation to purchase for the exam? The exam looks challenging and a bit similar to eNPD from elearnsecurity.
    Reply With Quote Quote  

  8. Member
    Join Date
    Jul 2010
    Posts
    94

    Certifications
    CISSP, OSCP, GXPN, CSXP, CEHv7, CCNA, CCNA Security, GCED, CCSK, Net+, Sec+, Project+
    #7
    Quote Originally Posted by princesamus View Post
    Did you take the 3 lab modules, 500$ each? Or is there any documentation to purchase for the exam? The exam looks challenging and a bit similar to eNPD from elearnsecurity.
    Yes. It seems they've changed some of their pricing around since I was in the labs, but it's very similar. Having dedicated labs for 6 months is definitely worth it. The environment ISACA provides is also a dedicated one. You won't be sharing VM's with other students and the problems that arise from other students restarting VM's in the middle of your work.

    If you're preparing for the exam, my advice is to be able to do all the labs and comprehensive without looking at any of the step-by-step instructions. I believe there are either PDF's or Power Points that come with this course, however, they're not needed to pass the 100% hands-on part of the exam. The step-by-step instructions for the labs are all built into the VM environment that loads in your browser.

    For example, a task on the lab/exam may request that you "Identify all hosts on the 10.0.0.x network that are missing patch KBXXXXXX and apply the patch as necessary". There are accompanying PowerPoint slide sections that reinforce this learning, explaining why patches are necessary and they mostly align with the NIST Cybersecurity Framework. Hopefully that makes sense.
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Nov 2016
    Posts
    9
    #8
    Hello "thegoodbye",

    I hope you are doing well.

    Firstly, I must say that you are one of the first person I have met who has achieved OSCP as well as CSXP. Kudos to you and I am sure it must have taken some phenomenal efforts to achieve it.

    I had a question for you in terms of the amount of efforts involved, amount of learning learnt, which amongst these two would you suggest to consider first?

    My background is such that I need to have expertise of both, although I do not have Penetration Testing background. Having said that, it is more from my eagerness to learn it and I have already completed my training on Linux and Python as was suggested on OSCP site. I was about to start with some basic Kali Linux training (prior to enrolling for actual course), when I learnt about CSXP and currently in a dilemma as to which amongst this is good to consider first both bein gfrom perspective of learning.

    Thanks in advance.
    Reply With Quote Quote  

  10. Member
    Join Date
    Jul 2010
    Posts
    94

    Certifications
    CISSP, OSCP, GXPN, CSXP, CEHv7, CCNA, CCNA Security, GCED, CCSK, Net+, Sec+, Project+
    #9
    The CSXP is easier and less time consuming than the OSCP. The CSXP is focused on IR, not PT. There is some minor overlap as some of the CSXP labs cover basic exploitation. Both online virtual environments align well with the exam environment. If you can complete the CSXP labs without needing to look through the step-by-step instructions, you should be able to pass the exam.

    How much time you spend on either certification will depend on your previous knowledge/skills, and how quickly you can attain new information and apply it hands-on. If you're new to IT and/or IT security in general, I'd advise against the OSCP, as you'll likely find it overwhelming. The CSXP will hold your hand on the labs, aside from the comprehensive. Additionally, for most people, I recommend having the Security+ & Network+ certifications or equivalent foundational knowledge before attempting the CSXP or OSCP.

    Please also understand that the CSXP is a newer certification and most individuals in the field haven't heard of it. Few job postings will list the CSXP until it gains more market penetration. Many that play the certification game have heard of the OSCP and it's highly respected and sought after.
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Nov 2016
    Posts
    9
    #10
    Thank you for your quick response.

    This certainly help. I am currently working as an Information Security Auditor and have completed my CISSP, CISA and CCNA. I guess I should have mentioned it earlier but the earlier post came more from the heart as I truly keen to get some hands on exam done.

    Having said that, yes, I am more interested in learning vs certification and considering my background, I too have some proximity towards CSXP first and will then consider OSCP later.

    Thank you once again and will stay in touch !!
    Reply With Quote Quote  

  12. Junior Member Registered Member
    Join Date
    Dec 2016
    Posts
    1
    #11
    Hello "thegoodbye"

    Thank you for throwing some light on the newer certification - CSXP.

    I am an auditor, and mainly working on SOX and ITGC. Have a fair theoretical background on Information Security processes and various frameworks like NIST, SOX, etc. and have CISA and ISO LA certification. I don't have technical hands on experience. How much practice is required?
    Reply With Quote Quote  

  13. Member
    Join Date
    Jul 2010
    Posts
    94

    Certifications
    CISSP, OSCP, GXPN, CSXP, CEHv7, CCNA, CCNA Security, GCED, CCSK, Net+, Sec+, Project+
    #12
    When you sign up for the course, you'll have 6 months lab time, which will allow you to access the virtual environment. Once you're able to do all of the labs without following the step-by-step instructions, you're ready. If you're not technical, this may take a few hundred hours, as this is a very technical focused exam.
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Dec 2016
    Posts
    6
    #13
    Hi thegoodbye,

    There are 3 courses according to the ISACA website;
    1- Identification and Protection
    2- Detection
    3- Respond and Recover

    Do you pay $500 per lab for each course? $1500 for 3 courses or $500 for all 3 courses above?
    May CSX Practitioner Labs(6 months $500 per lab) used as the only studying material for the exam?
    Do the Labs come with a course material to learn and understand the each subject?

    Thanks
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Nov 2011
    Posts
    814
    #14
    Quote Originally Posted by cissp2015 View Post
    Hi thegoodbye,

    There are 3 courses according to the ISACA website;
    1- Identification and Protection
    2- Detection
    3- Respond and Recover

    Do you pay $500 per lab for each course? $1500 for 3 courses or $500 for all 3 courses above?
    May CSX Practitioner Labs(6 months $500 per lab) used as the only studying material for the exam?
    Do the Labs come with a course material to learn and understand the each subject?

    Thanks
    It's actually $1400 if you buy all three. However, it's everything you need for the exam.
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Dec 2016
    Posts
    6
    #15
    Thanks for the reply Remedymp,

    In which format is the training material delivered(PDF, PPT, embedded content in the browser which cannot be downloaded, etc...)? I understand that the Labs are valid for 6 months but how long does it take to complete them? How was your exam experience?
    Reply With Quote Quote  

  17. Member
    Join Date
    Jul 2010
    Posts
    94

    Certifications
    CISSP, OSCP, GXPN, CSXP, CEHv7, CCNA, CCNA Security, GCED, CCSK, Net+, Sec+, Project+
    #16
    You'll receive training material in two ways.
    1. PDF's with the theory surrounding the course. This is good information to know, however, won't really apply to the test.
    2. Step-by-step instructions that are embedded into the virtual lab machine environment. This is all loaded in the browser when you launch the course. You can also download these instructions I believe. An example of instructions might be, "Create a Windows firewall rule by doing X, Y, Z".

    How much time you need to go through the labs will depend on your experience in IR. There are about 70 labs that take around an hour each. If you're familiar with an area, it may only take you 15 - 30 minutes to complete it. There may be other areas that you want to go back and revisit until you're comfortable with them. If you're not familiar with linux command line, expect to take longer to learn some basics.

    The exam is challenging, but mostly straight forward. You're asked to apply the knowledge from the labs in a "real world" scenario. No multiple choice questions, just actions to complete. An example question may be something like, "Your team has identified that external host x.x.x.x is conducting malicious activity against x.x.x.x. Block it the external host at the firewall." There are multiple ways to complete this, including command line & GUI. How you complete it is up to you.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Apr 2013
    Posts
    1,939
    #17
    This looks very interesting, wondering if anyone else has taken the training or exams?
    Reply With Quote Quote  

  19. rkv
    rkv is offline
    Junior Member Registered Member
    Join Date
    Feb 2017
    Posts
    2
    #18

    Post alternative of Labs

    Nice information, brother is there any alternative to practice the labs. I do not want to buy due to lack of money. I want to do this certification and having idea of all modules of CSX. I am in security penetration tester since 2 years. Can you suggest any alternative to practice this exam.
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    Nov 2016
    Posts
    9
    #19
    Has anyone else booked the CSXP exam? I am possibly going to book it on 14th Feb depending upon my approval on the certification course from my organization.
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Nov 2016
    Posts
    9
    #20
    Hi rkv,

    Considering that your background is in penetration testing, maybe you can think of OSCP. You can follow the JollyFrog's tale thread in techexam.net.
    Reply With Quote Quote  

  22. rkv
    rkv is offline
    Junior Member Registered Member
    Join Date
    Feb 2017
    Posts
    2
    #21
    Thanks Temya,
    I will do but after some time as it require lot of time to practice.
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Nov 2016
    Posts
    9
    #22
    Hey All,

    I have finally enrolled for the labs of CSXP . Although I am yet to prepare a plan and how to go about it, I will keep everyon posted in weeks to follow. I did not purchase the exam voucher though and will do so after a few months.
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Nov 2016
    Posts
    9
    #23
    Hey All,

    I have completed the pdf and the Lab for "Identification". Overall, I think it is really a great course designed by ISACA.

    I would certainly say that just doing the labs would not be sufficient and you would need to experiment more by doing multiple tasks. As an example, there may be a task to run nmap and you can follow the labs to complete the task. However, at the same time, it would be how curious you are to explore all the options of nmap and utlizing the labs to the fullest.

    So far, I am targeting just to stick to basics, complete the pdf and then complete the labs. Once done, I will start exploring more and more options within the labs, VirtualBox and open source web content.

    Back to studies now .. will keep you all posted !!
    Reply With Quote Quote  

  25. Junior Member Registered Member
    Join Date
    Mar 2017
    Posts
    1
    #24
    Hi guys may I know in which region did you take the exam because those who took the exam in Singapore say that the bandwidth connection to he exam server is very slow and hence cannot complete the exam
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    320

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE, CISSP (endorsement in progress)
    #25
    CSXP seem interesting cert to get... and it will be easy to sell to my boss. He believe a lot into ISACA org..
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks