I recently took the CySA+ exam (version 2) and thought it would be useful to share my thoughts on it. From my experience I felt the CySA+ exam is one of the best exams I’ve encountered that is specifically tailored towards Cyber Security Analysts working within a Security Operations Centre. Literally everything I came across while preparing for the exam would (at least in my opinion) be something I encountered as an analyst. I would 100% recommended giving it a go if you are thinking of it.
Resources:
In terms of resources, there isn’t much you need IMO:
- Sybex CompTIA CySA+ Study Guide Exam CS0–002 – The book covers pretty much everything you might encounter during the exam. Personally, I skimmed the book once and took notes during the second pass for the areas I was weak in. Overall, the book was written really well, and I encourage completing the end of chapter exam questions.
- Sybex CompTIA CySA+ Practice Tests: Exam CS0–002 Paperback – With 1000 questions this personally gave me the best insight on how the exam was going to be. Try and do as many questions as you can. Don’t use the book, rather the online simulator that you have access to once you’ve purchased a copy of the book (instructions are in the book). What I would do is line up 250 questions randomly in ‘learning mode’ and record the type of questions I was getting incorrect consistently, then jump back to the book and take notes in that section. I would recommend spending as much time as you have here, doing as many questions as possible.
- Jason Dion’s Udemy course was something that was recommended to me via CompTIA Subreddit. The course itself is quite good but only if you have the time. Not essential, but worth it if you looking to do some last-minute cramming (which is what I used it for). Set the speed to 1.2x.
Exam:
The exam itself is mixed up of a few PBQ (Performance Based Questions) which were not too bad. These are basically ‘interactive questions’ where they might ask you to review some logs and select the correct answer. Personally, I would leave the PBQ questions to the end, just skip them and focus on answering the multiple choice-based questions otherwise you might end up loosing track of time.
If you’ve ever sat these types of exams you might have already heard of the term ‘RTFQ’. Read the question, read the answers, then read the question again and the answers again before selecting. I cannot tell you the amount of times I would get the answer wrong whilst doing the practice exams because I read the question wrong. The aim is to select the most correct answer.
CompTIA recommend having completed their Security+ & Network+ before attempting the exam. In my personal opinion I don’t think it’s essential if you already have basic networking and cyber security knowledge. The exams can be taken remotely so find somewhere quiet and test your system beforehand. No one can walk into the room for example while you are doing the exam and you cannot leave the frame during the exam. You’ll get a few emails explaining the rules for sitting the exam.
And that’s it! Best of luck with the exam and give me a shout if you have questions!