The performance based questions rely on the test taker's ability to analyze snippets of log files and then using that information from the log files to determine what is occurring within the network or with an external source. You could be faced with questions to review a scan and answer the questions (e.g. determine false positives and scan type), review network traffic/workstation/server logs to determine the host containing malware and the infected process running. These are more detailed than the CompTIA Security+ performance based questions so prepare yourself and budget your time. The only nit I had with these questions is the floating dialog box with the simulation description. It can be resized but it was getting in the way of the log file analysis.
The multiple choice questions have the typical CompTIA wording flavor. The questions are to the point but remember to look for the specific keywords that are essential to answering the multiple choice question with the best answer. The beta multiple choice questions included but limited to Incident Response Management, Security Information and Event Management (SIEM), choose the correct open source tool invocation to perform a task, identify what has occurred based on a snippet of network traffic. The tools in the exam and log files are based on common open source software tools available to security analysts. CompTIA's examples from the beta exam website are:
|Open Source Software||Description||URL|
|Wireshark||Network protocol analyzer / packet capture tool||https://www.wireshark.org|
|Bro and/or Snort||Network intrusion detection systems (NIDS)||https://www.bro.org
|AlienVault Open Source SIEM (OSSIM) with Open Threat Exchange [OTX])||Security Information and Event Management (SIEM) software||https://www.alienvault.com/products/ossim|
I do not know if this will be identified in the DoD 8570 Approved Certification list but it will be in CompTIA's best interest if it is ultimately included. My guess is, if it is included, it will fall in with the CND-SP certifications instead of IAT, IAM, and IASAE.
The exam is intended for someone with a couple of years of cyber analyst experience with hands on tool experience. I found the beta exam to be refreshing and if the final is similar to the beta exam then I believe that CompTIA will have a great exam for Cyber Security Analysts. Based on the beta exam, I recommend keeping eyes open for the release of the final exam in 1Q2017 and taking a look at it.