menu

CySA+ Tips and Tricks

Less than a year after passing the Security+, I can finally proudly say that I passed CySA+ as well. I set my sights on this exam the same day I passed the Security+ and I focused on studying for it extensively over the past two months. I passed it with 845 out of 900 and was really surprised at how well it went despite the fact that CompTIA recommends you to have 3-4 years of technical experience minimum. I’ve got 0. I have no IT or Security work experience, but what I do have is determination and the will to succeed. If such an underqualified 20 year old could pass this exam thanks to those two things, you can as well. The purpose of this blogpost is to share some of the things I found helpful during my studies for it. I explored a diverse range of study materials and I will tell you which ones worked for me and which ones didn’t.

Choosing a Study Guide

When preparing for the exam, I didn’t think one would be enough, so I got two of the most popular ones: the Sybex CySA+ Study Guide by Mike Chapple and David Seidl as well as the All-In-One CySA+ Exam Guide by Fernando Maymi and Brent Chapman.

Sybex Study Guide

I will always have a soft spot in my heart for Mike Chapple. His Security+ video course was my main study material for that exam and this time he didn’t disappoint either. The book really does cover almost everything there was on the exam. I found it easy to read and more than that, even enjoyable. I went through the book in less than a week and then went through it again to take notes. This is a good study guide especially for those who either don’t have much experience or have forgotten many of the things they learned for the Security+, as was the case for me. It refreshes your mind on a lot of the basics and then goes on to introduce the exam topics in a straightforward, easy to understand way. The book also includes a couple free practice exams online, which is a nice little bonus. If you only have the time and money for one study guide, go for this one if you are new to the field. I would however recommend to pair it with the study guide below, if you can afford it.

All-In-One CySA+ Exam Guide

This book is quite clearly aimed at professionals with experience in the security industry. The things it covers, it goes more in-depth about. It goes past simple definitions and talks more about the real-life applicability of concepts than the other study guide. Despite what it says on the book cover, All-In-One is not all you need, unless you are an industry veteran. It does not cover several important concepts because the authors expect you to know the fundamentals already. This book was also very enjoyable to read through and I particularly enjoyed the anecdotes authors provided from their decades of industry practice. The book includes practice performance-based questions and practice tests on the CD, but I cannot vouch for them, as I don’t even have a CD-ROM in my house. If you only have the time and money for one study guide, go for this one if you have information security experience. For best effect, complement it with the other one.

Choosing a Video Course

When preparing for the exam, I explored the most popular video course recommended for this exam, which is Jason Dion’s CySA+ Complete Course and Practice Exam on Udemy. In addition to that, I watched Mike Chapple’s CySA+ Cert Prep on Lynda.com

Jason Dion’s Complete Course

I’ve spent a significant amount of time reading every single post that has the “CySA” keyword on the CompTIA subreddit and this was by far the most mentioned video course for this exam. People loved it because it followed the popular Sybex study guide nearly word for word, which helped them reinforce the material. The video course is well-written and well-recorded. I watched the first domain fully, but ended up switching to the other video course I mention below.

Mike Chapple’s Cert Prep

Despite the fact that Mike is a co-author of the Sybex Study Guide, his Lynda video course does not cover it word for word. In fact, it covers some areas and definitions the study guide doesn’t. The video course doesn’t include a practice test, but what it does include is top-notch study and review material. Lynda.com will be gone in the future and all of their courses are now a part of LinkedIn Learning. One thing LinkedIn Learning inherited from Lynda is their amazing quality control. All of their videos are presented in a concise, professional and understandable way. They put a lot of effort into writing every single sentence for their scripts and it shows. This video course is not as wordy as Jason Dion’s, but it is no less informative. I finished almost all of it and I wish I had more time to watch it. There is a reason people call Lynda the Netflix for IT professionals. One quick note though, don’t waste your time with pauses and put the video playback to 1.75 or 2.0

Choosing a Practice Test

During my test prep I’ve explored the three most popular practice tests recommended by r/CompTIA: David Seidl’s and Mike Chapple’s Sybex Practice Tests, Jason Dion’s 5 Practice Certification Exams and the CSA+ Analyst Exam Pro.

Sybex Practice Tests

These practice tests made me feel absolutely stupid. I took my first practice test from this book 4 days before my actual exam and I scored 64%. It made me study much harder and made me much more stressed about the exam, but I was relieved to find out that the actual questions are not as hard as these practice tests. These tests cover a lot of the things the Sybex Study Guide doesn’t cover. The authors on purpose include tools and technologies that you are not going to be familiar with, because that’s what will happen on the exam. After I intensified my last-minute review, I started scoring in the 70’s and 80’s on these questions, but I would actually recommend you ignore the scores entirely. You can do these questions online through their website and they have a practice mode, where you continuously go through them and get immediate question-level feedback. It really trains you to pay attention to the question and read the scenario carefully, which is needed on the exam.

Jason Dion’s 5 Practice Certification Exams

I bought this one a day after getting the Sybex Practice Questions and was very disappointed. I’ve only gone through the first practice exam, but that is already enough for me to know what to expect on the other ones. Nearly every question is a rephrased question taken straight out of the Sybex Practice Tests. Even the answers are the same and are given in the same order. I recommend you get the original Sybex material instead. They have a superior application for practice, as opposed to the Udemy platform that was never really intended for quizzes and their scenarios are more thorough, not watered down. The real CySA+ will have some very wordy questions that are sometimes several paragraphs long, so don’t be fooled into thinking they will be as short as the ones Jason Dion provides.

CSA+ Analyst Exam Pro

This one is an AppStore creation and just like Jason Dion’s practice tests, it simply takes questions from Sybex. It is superior to Udemy though, because it provides you the same features the original does and it includes all 1000+ questions. I found it extremely helpful to just whip out my phone whenever I have a free minute to practice 10 or 20 questions. It also includes a test session mode, flashcards and a detailed glossary. It’s only $6.99, so it’s a great deal in my book. I highly recommend it.

Study Tips

I would like to share some of the tactics I employed in my test prep. They worked well for me and they should be at least remotely helpful to you.

Taking Notes

As I was reading my two study guides, I kept writing down the things I didn’t know already. Long story short, I ended up with 30 pages in my Google Documents file. It made studying an absolute chore and made me much more likely to procrastinate and slack off instead, however it achieved several important things. Firstly, I collected everything I need to put more time into in one spot. I read these notes every day the last week before the exam and it made me memorize all the stuff I missed much better. Secondly, me putting the concepts into writing helped memorize them. It takes understanding to put things into your own words and that certainly engraved a lot of them in my head for the exam. Here is a link to my notes, however i urge you to write your own. I wrote them only for myself and they include information relevant and understandable to me. I am also too lazy to go fix all the typos, so that’s one more reason for you to write your own.

Logs and CySA

One good link I picked up from reddit was an OSSEC Log Sample page. You won’t need to know the specifics of any one of these, in fact, most of them will not even appear on the exam. You will however be required to be able to look at any kind of logs without getting lost. If you have never seen logs before, you should familiarize yourself with these samples. Just be comfortable reading them and try to understand what it is that you are seeing.

Command Output

Performance-Based Questions will use this heavily and there really is no better way to familiarize yourself with these than to simply run them. As you go through your study guide, try to run the commands you are taught. It will help you in the long run. My exam happened to mention mostly Windows commands, but Linux ones are also going to be included.

Packet Captures

Have you ever used Wireshark before? If not, put the time to get familiar with it. You will see it time and time again and the exam expects you to be comfortable with it. You will most likely see packet captures in your Performance-Based Questions, which makes it that much more important.

Vulnerability Reports

The exam will require you to be able to interpret vulnerability scans. You will be given a scan and you will need to figure out what systems are affected, what systems are not affected, what services are affected, how urgent it is and what should be the remediation steps. The best way to practice this would be the Sybex practice tests. I swear, like every other question there is a vulnerability report, which is good, because Vulnerability Management is a big part of CySA+. You will see these in PBQ’s as well. Please pay special attention to False Positives. The exam will mention them frequently and you need to be able to identify them.

What Domains should you prioritize?

The first domain, Threat Management, is going to be 27% of the exam and you should probably put the biggest number of hours into studying it. A close second is Vulnerability Management. It is a very important part of the exam and you should spend nearly as much time studying it as for Threat Management. Trailing behind is Cyber Incident Response, which is important, but not nearly as much as Vulnerability Management and after it there’s Tools and Architecture.

The Best Tip for Those Without Experience

Be zealous. If you aren’t zealous about cybersecurity, you don’t have a chance at passing this with no experience. You are at a disadvantage due to your lack of experience and you have to compensate for it with passion, zeal and rigorous studies. If you don’t want to do any of that, maybe this is not an exam for you.

Exam Difficulty and Closing Remarks

This exam is actually not as difficult as people online, CompTIA itself and practice tests will have you believe. Simply put the time to study. That is the secret. Get multiple overlapping study materials, just like you would with security controls. Remember Defense in Depth? Use it in your studies and you will be good to go. Shoot a question if you have any and I’ll do my best to answer it. I cannot divulge too much because of the NDA, but I will try to at least point you in the right direction.