OffSec Defense Analyst (OSDA, SOC-200) Practice Test
Prepare for the OffSec OSDA exam with free practice tests built around the real hands-on SOC-200 certification. Each test includes 20 questions with a proportional timer of about 4 hours to help you build the patience, investigative workflow, detection mindset, and reporting discipline needed for security operations and defensive analysis.
Mixed Set — OffSec Defense Analyst (OSDA, SOC-200) Practice Tests
These mixed sets pull questions from the major SOC-200 learning areas, including Windows event analysis, SIEM investigation, threat hunting, network traffic review, detection engineering, malware fundamentals, forensics, and reporting. They are designed to reflect how the real OSDA expects you to connect evidence from multiple sources instead of answering isolated theory questions.
Domain Wise — OffSec Defense Analyst (OSDA, SOC-200) Mock Tests
Use these targeted topic-wise tests to focus on one SOC-200 skill area at a time. Each mock test contains 20 questions built around a single defensive analysis topic so you can sharpen weak areas before returning to mixed practice.
About the OffSec Defense Analyst (OSDA) Certification Exam
Everything you need to know about SOC-200, the OSDA exam, eligibility expectations, and why practical detection and analysis skills matter for modern blue-team work.
What Is the OSDA?
The OffSec Defense Analyst (OSDA) is the certification aligned to SOC-200, OffSec’s Security Operations and Defensive Analysis course. OffSec describes SOC-200 as a foundational course, and says learners who complete it and pass the associated exam demonstrate the ability to detect and assess security incidents. :contentReference[oaicite:1]{index=1}
OSDA is best suited for junior SOC analysts, blue-team practitioners, defenders building detection skills, and security professionals who want more hands-on experience with Windows telemetry, SIEM workflows, threat hunting, network analysis, and incident reporting. Related information security analyst roles in the United States had a median annual wage of $124,910 in May 2024. :contentReference[oaicite:2]{index=2}
Exam Format (2026)
Testing method: Practical, proctored defensive analysis exam. :contentReference[oaicite:3]{index=3}
Exam/course code: SOC-200 leading to the OSDA certification. :contentReference[oaicite:4]{index=4}
Exam environment: The exam network consists of a SIEM machine and is divided into 10 phases containing attacker actions that must be detected, understood, and documented. Starting September 10, 2025, the exam structure was updated to use pre-recorded logs aligned with challenge labs. :contentReference[oaicite:5]{index=5}
Duration: 23 hours 45 minutes for the exam, plus 24 hours to submit documentation. :contentReference[oaicite:6]{index=6}
Question style: Practical investigation and reporting tasks rather than multiple-choice questions. Points are earned by locating and documenting attacker actions in the SIEM. :contentReference[oaicite:7]{index=7}
Passing score: At least 75 points. :contentReference[oaicite:8]{index=8}
Resources allowed: Open book, including notes, online resources other than AI chatbots or LLMs with direct prompt access, and the OffSec Learning Platform. :contentReference[oaicite:9]{index=9}
Training price: Course + Cert Bundle is listed at $1,749 with 90 days of access and 1 exam attempt, while Learn One is $2,749 per year with 1 year of access and 2 exam attempts. :contentReference[oaicite:10]{index=10}
Eligibility Requirements
Formal prerequisite: No public formal prerequisite is listed for sitting the exam, but OffSec identifies foundational prerequisite topics in Linux basics, Windows basics, and networking basics. :contentReference[oaicite:11]{index=11}
Recommended readiness: OffSec recommends understanding the majority of the course concepts and completing the challenge labs before attempting the exam. :contentReference[oaicite:12]{index=12}
Report requirement: You must submit a professional report documenting evidence, conclusions on attacker techniques, compromises for each phase, screenshots from the SIEM, and any queries used. :contentReference[oaicite:13]{index=13}
Retake policy: OffSec says all exams have a cooling-off period between attempts. :contentReference[oaicite:14]{index=14}
Course access model: SOC-200 is available through the Course & Cert Exam Bundle and Learn subscription packages. :contentReference[oaicite:15]{index=15}
OSDA Objective Weights — SOC-200 Practice Mapping
OffSec publicly describes the SOC-200 course and OSDA exam format, but the surfaced official pages do not publish a visible percentage-weight table for the defensive topics on this page. Because your page uses 10 domain-wise tests, the table below uses an even practice mapping across those 10 topic groups so mixed sets remain balanced and predictable.
| Objective | Topic | Practice Weight |
|---|---|---|
| D1 | Windows Endpoint Fundamentals | 10% |
| D2 | Windows Event Logs and Finding Evil | 10% |
| D3 | Security Monitoring and SIEM | 10% |
| D4 | Threat Hunting with Elastic | 10% |
| D5 | Network Traffic Analysis | 10% |
| D6 | Intrusion Detection and Prevention | 10% |
| D7 | Malware Analysis Fundamentals | 10% |
| D8 | YARA and Sigma Detection | 10% |
| D9 | Digital Forensics Fundamentals | 10% |
| D10 | Security Incident Reporting | 10% |
How Our Practice Tests Are Designed
Built around the official SOC-200 scope — OffSec describes SOC-200 as foundational security operations and defensive analysis, so these practice tests emphasize detection, investigation, hunting, and evidence-backed reporting rather than generic security trivia. :contentReference[oaicite:16]{index=16}
Timer matched to the real exam pace — The live OSDA exam gives you 23 hours and 45 minutes for a 10-phase practical investigation. That works out to a long-form analytical workflow, so each 20-question practice set is timed at about 4 hours to build sustained focus. This is an inference based on the official exam duration and practical format. :contentReference[oaicite:17]{index=17}
Investigator mindset — The real exam awards points for locating and documenting attacker actions through the SIEM, so these practice sets reward careful log reading, event correlation, timeline reconstruction, and defensible conclusions. :contentReference[oaicite:18]{index=18}
Reporting matters — Because OffSec requires a professional report with screenshots, queries, and conclusions for each phase, the question style reinforces disciplined note-taking and clear explanation of attacker behavior. :contentReference[oaicite:19]{index=19}
OSDA Exam Preparation Tips
Study Strategy
Get strong on fundamentals first: OffSec’s prerequisite topics for SOC-200 include Linux basics, Windows basics, and networking basics, so weak fundamentals will slow your investigations. :contentReference[oaicite:20]{index=20}
Think in evidence chains: Strong defensive analysis is about proving what happened from telemetry, not guessing. Practice correlating endpoint, SIEM, and network clues into one coherent attacker narrative.
Finish the challenge labs: OffSec explicitly recommends understanding most course concepts and completing the challenge labs before attempting the exam. :contentReference[oaicite:21]{index=21}
Test-Taking Strategy
Plan the long exam window: With 23 hours and 45 minutes plus 24 hours for report submission, decide in advance how you will pace investigation, breaks, evidence capture, and final writing. :contentReference[oaicite:22]{index=22}
Document while you investigate: Do not wait until the end to rebuild your analysis. Capture SIEM screenshots, queries, attacker actions, and compromise details as soon as you validate them. :contentReference[oaicite:23]{index=23}
Use open-book access wisely: Since the exam is open book, organize your notes and references so you can quickly retrieve query ideas, event IDs, and methodology without losing momentum. :contentReference[oaicite:24]{index=24}
Frequently Asked Questions
Ready to Test Your OSDA Skills?
Start with a mixed set to measure your readiness, then use topic-wise tests to sharpen the exact defensive analysis skills you need for SOC-200.
Start OffSec OSDA Practice Test 1 →
