Hack The Box HTB Certified Defensive Security Analyst (HTB CDSA) Practice Test
Prepare for HTB CDSA with free practice tests focused on SOC analysis, SIEM investigation, threat hunting, malware triage, DFIR, and incident reporting. Because the real CDSA exam is a 7-day practical assessment rather than a timed multiple-choice test, each 20-question set uses a focused 30-minute timer for realistic SOC decision-making practice.
Mixed Set — HTB CDSA Practice Tests
Build exam readiness with mixed question sets covering all 15 HTB CDSA SOC Analyst modules. These tests help you move between SIEM investigation, Windows telemetry, threat hunting, network evidence, malware triage, DFIR, and report-focused scenarios the way a real SOC analyst does.
Domain Wise — HTB CDSA Mock Tests
Target one SOC Analyst module at a time with focused 20-question practice. HTB does not publish official percentage exam weights for CDSA, so each module is treated as an equal study-weight objective while the broader coverage table below groups related modules into practical SOC skill areas.
About the HTB CDSA Certification Exam
The Hack The Box Certified Defensive Security Analyst exam validates hands-on defensive security ability through practical investigation work rather than a traditional multiple-choice test.
What Is HTB CDSA?
HTB Certified Defensive Security Analyst (HTB CDSA) is a hands-on certification from Hack The Box for candidates who want to prove practical skill in security analysis, SOC operations, and incident handling. It focuses on finding security incidents, correlating evidence from different data sources, using SIEM workflows, and communicating findings through an actionable incident report.
The certification is especially relevant for aspiring SOC analysts, junior security analysts, incident handlers, detection analysts, threat hunters, and DFIR learners who want a practical blue-team credential. In the United States, the broader information security analyst occupation reports a median annual wage of $124,910, although actual compensation varies by country, seniority, employer, tool stack, and hands-on investigation experience.
Exam Format (2026)
Testing method: Browser-based HTB Academy practical lab, accessible through Pwnbox or VPN/local VM.
Questions: Not a fixed multiple-choice question count. Candidates work through practical objectives, submit flags in the exam panel, and document findings.
Duration: 7 days from the time the exam is started.
Question types: SOC investigation tasks, SIEM searches, log analysis, network and endpoint evidence review, IOC extraction, and report writing.
Passing score: No public scaled score. HTB checks the required points or flags and manually reviews the submitted report for quality.
Exam fee: HTB lists the CDSA certification at $490 with 1 voucher; checkout options, subscriptions, taxes, and regional pricing may vary.
Eligibility Requirements
Required path: The related HTB Academy SOC Analyst job-role path must be completed before using an exam voucher.
Experience: HTB does not list a formal degree or years-of-experience requirement, but candidates should be comfortable with SOC workflows and technical investigation.
Recommended knowledge: Web applications, operating systems, networking basics, web and infrastructure attack concepts, and the ability to navigate large volumes of data.
Report requirement: Candidates must submit a professional report in English. CDSA reports are submitted as PDF or ZIP, without a password, and within the stated file-size limit.
Attempts: Each HTB Academy exam voucher includes two attempts. If the first attempt fails, the retake must be started within the allowed feedback window.
HTB CDSA Coverage Areas — 2026 SOC Analyst Path
HTB publishes CDSA coverage through SOC Analyst path modules rather than official exam-weight percentages. The study weights below normalize the 15 modules into practical coverage areas so you can prioritize review without pretending these are official scoring weights.
| Area | Topic | Study Weight |
|---|---|---|
| Area 1 | SOC Processes and Methodologies | 13.3% |
| Area 2 | SIEM Operations (ELK/Splunk) and Tactical Analytics | 20% |
| Area 3 | Log Analysis | 6.7% |
| Area 4 | Threat Hunting | 6.7% |
| Area 5 | Active Directory Attack Analysis | 6.7% |
| Area 6 | Network Traffic Analysis | 20% |
| Area 7 | Malware Analysis | 13.3% |
| Area 8 | DFIR Operations | 13.3% |
How Our Practice Tests Are Designed
Practical SOC reasoning — Questions are written to reinforce analyst decision-making: what evidence matters, which pivot comes next, how to interpret telemetry, and how to communicate findings clearly.
Module-aligned mixed sets — Mixed practice tests draw from all 15 CDSA modules, including Splunk, Elastic, Windows event logs, threat hunting, network traffic analysis, IDS/IPS, malware triage, YARA, Sigma, digital forensics, and incident reporting.
Focused practice timer — The real HTB CDSA exam is a 7-day practical lab and does not publish a fixed MCQ question count, so a proportional real-exam timer is not meaningful. Each 20-question practice test uses about 30 minutes, or roughly 1.5 minutes per question, to build disciplined triage speed without misrepresenting the official lab format.
Domain-specific reinforcement — Use domain-wise tests after a mixed set to strengthen weak areas. This is useful when your mistakes cluster around a tool family such as Splunk or Elastic, an evidence type such as Windows logs or packet captures, or an output skill such as incident reporting.
HTB CDSA Exam Preparation Tips
Study Strategy
Complete the path first: Treat the HTB Academy SOC Analyst path as the core preparation resource. The exam expects comfort with the modules, labs, and investigation style.
Practice both SIEM stacks: Build confidence with Splunk search and Elastic/KQL workflows. CDSA-style investigations reward fast pivots across fields, hosts, users, processes, URLs, hashes, and timestamps.
Strengthen Windows and network evidence: Review Sysmon, common Windows event IDs, Active Directory attack traces, packet analysis, IDS/IPS alerts, and protocol behavior so you can correlate endpoint and network clues.
Write as you investigate: Keep clean notes, timestamps, screenshots, IOCs, assumptions, and query history. A strong report is easier when evidence is captured during analysis rather than reconstructed at the end.
Test-Taking Strategy
Read the engagement carefully: The letter of engagement defines scope, objectives, and deliverables. Revisit it often before spending time on an investigation path.
Work from timeline to impact: Build a timeline of initial access, execution, persistence, lateral movement, command-and-control, and actions on objectives. This helps connect isolated alerts into a complete incident story.
Validate before reporting: Avoid overclaiming. Confirm suspicious findings with logs, packet captures, process data, hashes, filenames, user context, or other supporting evidence.
Reserve time for the report: Passing is not only about finding flags. Plan enough time to produce a clear executive summary, technical analysis, timeline, IOCs, impact statement, and remediation guidance.
Frequently Asked Questions
Ready to Test Your HTB CDSA Knowledge?
Start with a mixed set to check your SOC readiness, then use module-wise tests to strengthen the investigation skills that need more practice.
Start HTB CDSA Practice Test 1 →Authors
-
Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.
-
Sudhanshu Thakur: ReviewerEnterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.