CompTIA CSA+ Study Guide. Mike Chapple
Seidl is the senior director for Campus Technology Services at the University of Notre Dame. As the senior director for CTS, David is responsible for central platform and operating system support, database administration and services, identity and access management, application services, email and digital signage, and document management.
During his over 20 years in information technology, he has served in a variety of leadership, technical, and information security roles, including leading Notre Dame’s information security team as Notre Dame’s director of information security. He currently teaches a popular course on networking and security for Notre Dame’s Mendoza College of Business and has written books on security certification and cyberwarfare, including co-authoring CISSP (ISC)2 Official Practice Tests (Sybex 2016).
David holds a bachelor’s degree in communication technology and a master’s degree in information security from Eastern Michigan University, as well as CISSP, GPEN, and GCIH certifications.
Introduction
CompTIA Cybersecurity Analyst (CSA+) Study Guide provides accessible explanations and real-world knowledge about the exam objectives that make up the Cybersecurity Analyst+ certification. This book will help you to assess your knowledge before taking the exam, as well as provide a stepping-stone to further learning in areas where you may want to expand your skillset or expertise.
Before you tackle the CSA+, you should already be a security practitioner. CompTIA suggests that test takers have between 3 and 4 years of existing hands-on information security experience. You should also be familiar with at least some of the tools and techniques described in this book. You don’t need to know every tool, but understanding how to approach a new scenario, tool, or technology that you may not know using existing experience is critical to passing the CSA+ exam.
CompTIA is a nonprofit trade organization that offers certification in a variety of IT areas, ranging from the skills that a PC support technical needs, which are covered in the A+ exam, to advanced certifications like the CompTIA Advanced Security Practitioner, or CASP certification. CompTIA divides its exams into four different categories based on the skill level required for the exam and what topics it covers, as shown in the following table:
CompTIA recommends that practitioners follow a cybersecurity career path as shown here:
As you can see, despite the A+, Network+, and Security+ falling into the Professional certification category, the Cybersecurity Analyst+ exam is a more advanced exam, intended for professionals with hands-on experience and who possess the knowledge covered by the prior exams.
CompTIA certifications are ISO and ANSI accredited, and they are used throughout multiple industries as a measure of technical skill and knowledge. In addition, CompTIA certifications, including the Security+ and the CASP, have been approved by the U.S. government as Information Assuance baseline certifications and are included in the State Department’s Skills Incentive Program.
The Cybersecurity Analyst+ exam, which CompTIA refers to as the CSA+, is designed to be a vendor-neutral certification for cybersecurity, threat, and vulnerability analysts. The CSA+ certification is designed for security analysts and engineers as well as Security Operations Center (SOC) staff, vulnerability analysts, and threat intelligence analysts. It focuses on security analytics and practical use of security tools in real-world scenarios. It covers four major domains: Threat Management, Vulnerability Management, Cyber Incident Response, and Security Architecture and Tool Sets. These four areas include a range of topics, from reconnaissance to incident response and forensics, while focusing heavily on scenario-based learning.
The CSA+ exam fits between the entry-level Security+ exam and the CompTIA Advanced Security Practitioner (CASP) certification, providing a mid-career certification for those who are seeking the next step in their certification and career path.
The CSA+ exam is conducted in a format that CompTIA calls “performance-based assessment.” This means that the exam uses hands-on simulations using actual security tools and scenarios to perform tasks that match those found in the daily work of a security practitioner. Exam questions may include multiple types of questions such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-based problems.
CompTIA recommends that test takers have 3–4 years of information security–related experience before taking this exam. The exam costs $320 in the United States, with roughly equivalent prices in other locations around the globe. More details about the CSA+ exam and how to take it can be found at https://certification.comptia.org/certifications/cybersecurity-analyst.
A test preparation book like this cannot teach you every possible security software package, scenario, or specific technology that may appear on the exam. Instead, you should focus on whether you are familiar with the type or category of technology, tool, process, or scenario as you read the book. If you identify a gap, you may want to find additional tools to help you learn more about those topics.
CompTIA recommends the use of NetWars-style simulations, penetration testing and defensive cybersecurity simulations, and incident response training to prepare for the CSA+.
Additional resources for hands-on exercises include the following:
● Exploit-Exercises.com provides virtual machines, documentation, and challenges covering a wide range of security issues at https://exploit-exercises.com/.
● Hacking-Lab provides Capture the Flag (CTF) exercises in a variety of fields at https://www.hacking-lab.com/index.html.
● The OWASP Hacking Lab provides excellent web application–focused exercises at https://www.owasp.org/index.php/OWASP_Hacking_Lab.
● PentesterLab provides a subscription-based access to penetration testing exercises at https://www.pentesterlab.com/exercises/.
● The InfoSec Institute provides online capture-the-flag activities with bounties for written explanations of successful hacks at http://ctf.infosecinstitute.com/.
Since the exam uses scenario-based learning, expect the questions to involve analysis and thought, rather than relying on simple memorization. As you might expect, it is impossible to replicate that experience in a book, so the questions here are intended to help you be confident that you know the topic well enough to think through hands-on exercises.
Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase your exam voucher:
www.comptiastore.com/Articles.asp?ID=265&category=vouchers
CompTIA partners with Pearson VUE’s testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson Vue website, where you will need to navigate to “Find a test center.”