Pages

Thursday, September 1, 2016

CompTIA Cybersecurity Analyst+ Exam (Updated December 2016)

https://certification.comptia.org/certifications/cybersecurity-analyst
I had the opportunity to take the CompTIA Cybersecurity Analyst beta certification exam (CompTIA CSA+) beta certification exam. This intended to be a new certification that is a vendor neutral certification path between CompTIA's Security+ and the CompTIA Advanced Security Practitioner (CASP) certifications. Similar to other CompTIA exams, the exam consists of both multiple choice and performance based questions. The exam I took had a total of 103 questions with 5 of those questions being performance based. The total test time allotted for the beta exam was 165 minutes. CompTIA plans to release the final exam in 1Q2017 so the makeup could change for the final exam.

The performance based questions rely on the test taker's ability to analyze snippets of log files and then using that information from the log files to determine what is occurring within the network or with an external source. You could be faced with questions to review a scan and answer the questions (e.g. determine false positives and scan type), review network traffic/workstation/server logs to determine the host containing malware and the infected process running. These are more detailed than the CompTIA Security+ performance based questions so prepare yourself and budget your time. The only nit I had with these questions is the floating dialog box with the simulation description. It can be resized but it was getting in the way of the log file analysis.

The multiple choice questions have the typical CompTIA wording flavor. The questions are to the point but remember to look for the specific keywords that are essential to answering the multiple choice question with the best answer. The beta multiple choice questions included but limited to Incident Response Management, Security Information and Event Management (SIEM), choose the correct open source tool invocation to perform a task, identify what has occurred based on a snippet of network traffic. The tools in the exam and log files are based on common open source software tools available to security analysts. CompTIA's examples from the beta exam website are:

Open Source Software Description URL
Wireshark Network protocol analyzer / packet capture tool https://www.wireshark.org
Bro and/or Snort Network intrusion detection systems (NIDS) https://www.bro.org
https://www.snort.org
AlienVault Open Source SIEM (OSSIM) with Open Threat Exchange [OTX]) Security Information and Event Management (SIEM) software https://www.alienvault.com/products/ossim

I do not know if this will be identified in the DoD 8570 Approved Certification list but it will be in CompTIA's best interest if it is ultimately included. My guess is, if it is included, it will fall in with the CND-SP certifications instead of IAT, IAM, and IASAE.


The exam is intended for someone with a couple of years of cyber analyst experience with hands on tool experience. I found the beta exam to be refreshing and if the final is similar to the beta exam then I believe that CompTIA will have a great exam for Cyber Security Analysts. Based on the beta exam, I recommend keeping eyes open for the release of the final exam in 1Q2017 and taking a look at it.

Updated December 7, 2016: I was notified today by CompTIA that I passed the Cybersecurity Analyst+ (CSA+) certification exam. CompTIA's website states that the exam will be available to the general public on February 15, 2017. Good luck with the new exam.