Sections E4 to F6 – Learning CPSA, Levelling Up Security+
Week 4 felt a bit like I was playing two games at once — one called CPSA, the other Security+. Every time I learned something for CREST, I accidentally unlocked a bonus level in CompTIA. Here’s how the week went down…
🖥️ E4 – Security Assessment & Testing
In CPSA, this is about checking systems with scans, pen tests, and reviews to make sure they’re actually secure.
🔗 Security+ crossover: Domain 2 – Security Operations.
Think of it as training for the Security+ “Boss Fight” where you have to name the difference between a vulnerability scan and a pen test. CPSA gives me the why and how, so Security+ just feels like an open-book quiz.
📑 E5 – Compliance & Legal Requirements
CPSA took me on a guided tour of GDPR, DPA, ISO 27001, and PCI DSS. Basically, the “don’t go to cyber jail” rules.
🔗 Security+ crossover: Domain 5 – Governance, Risk, and Compliance.
Security+ asks, “What’s GDPR?” CPSA says, “Here’s GDPR, how it works, why it matters, and what happens if you ignore it.” Double win — I’m learning the theory and the scary consequences.
🕵️♀️ E6 – Security Auditing
Auditing in CPSA is all about evidence gathering, verifying controls, and making sure nobody’s colouring outside the lines.
🔗 Security+ crossover: Also Domain 5.
CPSA is like teaching me how to be the auditor; Security+ just wants to make sure I can spot one from across the room.
🔗 F1 – Cryptography Basics
Hashes, ciphers, and encryption 101. CPSA explains the mechanics in enough detail to make my brain sweat.
🔗 Security+ crossover: Domain 3 – Cryptography and PKI.
Security+ loves to throw crypto acronyms at you in multiple choice form. Thanks to CPSA, I now have mental flashcards ready.
🔐 F2 – Symmetric & Asymmetric Encryption
One key vs two keys — CPSA dives into the maths and scenarios for each.
🔗 Security+ crossover: Same domain.
Security+ feels easy here now; it’s basically just “Name that encryption type!” after CPSA made me learn the family tree.
📜 F3 – Public Key Infrastructure (PKI)
From root CAs to certificate revocation lists, CPSA covers PKI like it’s telling me a spy story.
🔗 Security+ crossover: Again, same crypto domain.
In Security+, this is usually a diagram question. CPSA makes me able to draw the diagram from scratch.
🛡️ F4 – Network Security Controls
Firewalls, IDS, IPS, NAC — the castle defences. CPSA gets very “engineer mode” here.
🔗 Security+ crossover: Domain 4 – Network Security.
Security+ loves to ask which tool you’d use in a scenario. CPSA trains me to actually configure the thing.
🧑💻 F5 – Secure Protocols
HTTPS, TLS, SSH, S/MIME — CPSA says “Here’s the config and why it matters.”
🔗 Security+ crossover: Same domain again.
Security+ just says “Pick the secure one.” Feels like easy points after this week.
💥F6 – Common Network Attacks
DoS, MITM, spoofing, replay — CPSA shows you what they look like in the wild.
🔗 Security+ crossover: Domain 1 – Threats, Attacks, and Vulnerabilities.
Security+ here feels like the “name that animal” game after visiting the zoo all week.
CPSA is basically giving me Security+ on steroids. Every time I learn something here, the Security+ equivalent suddenly feels like a freebie. Two certs, one study stream.