I sat the CFR-410 beta: CertNexus CyberSec First Responder

2021-12-27 08:37:00

A few weeks ago CertNexus announced the public beta of their CyberSec First Responder (CFR) exam, version 410. Three years ago I took the beta for CFR-310. At the time I wasn't overly impressed by the exam, so I decided to take it again to see if they improved.

They did not. I can actually literally repeat what I said three years ago, while replacing "Examity" with "OnVue".

Comparing this to CySA+, I like CompTIA's exam a lot better.

My take-away: if you're in the US and must get a DoD 8570-listed certificate for one of the CSSP roles, then you may find CFR to be easier than CompTIA's CySA+ or Pentest+.

CFR is also marginally cheaper than CySA+ ($350 vs $370). But it's the renewal fees where you may want to opt for CompTIA, if you have more than one of their certs. Both companies charge $150 per three years, but in CompTIA's case the fees for multiple certs are often combined, so you don't have to pay multiple. 

I'm curious to see what the end-result of my scoring will be. But if I do pass, I will not be paying my CFR annual fees.

One thing I don't like about the CFR-410 exam is this section on page 5 of the objectives document:

"The information that follows is meant to help you prepare for your certification exam. This information does not represent an exhaustive list of all the concepts and skills that you may be tested on during your exam. [...] The information beyond the domains and objectives is meant to provide examples of the types of concepts, tools, skills, and abilities that relate to the corresponding domains and objectives. All of this information [...] does not necessarily correlate one-to-one with the content covered in your training program or on your exam.

It sounds like they're saying: the exam may include specific tools and techniques not listed as examples on the objectives document. 

You could argue that's fair enough, because it's impossible to list all tools that you'll ever run into on the job. But on the other it creates a moving target for students who are already anxious enough about taking a big exam. 

With CompTIA's exam objectives you can always count on it that "if it's not on the objectives, it's not on the exam". 

kilala.nl tags: , ,

View or add comments (curr. 0)