The CSA+ exam is performance based and includes hands-on simulations. These simulations require test takers to perform security analyst job tasks during the exam. To prepare for these performance-based questions, trainers, educators and publishers should emphasize open-source analytics tools, teamwork and cyberwarfare exercises with red teams as pen testers and blue teams as security analysts/incident responders.

Security analysts require hands-on experience, so training must include virtual labs and software tools. Table 2, below, shows common open-source tools used by security analysts, as determined by experts in the field who participated in the CSA+ job-task analysis workshop.