As an instructor, I teach a number of different cybersecurity courses, and one of them is CompTIA’s CySA+. If you are pursuing this certification, there are a few things to know about preparing for, taking, and passing the exam. As I did for the CISSP exam, I am going to let the people who recently took and passed the exam discuss how they prepared.
From J.D. Watts via Reddit –
Jason Dion CySA+ 002 course on Udemy ($12)
In my opinion, this course is a nice introduction to the CySA+ material but won’t be enough on its own to pass the exam. This course does come with one practice exam but I found it to be absolutely terrible (grammatical errors, questions not even relevant to the exam objectives, etc.)
This was my first resource I used before moving onto the Sybex material
Sybex CompTIA CySA+ Study Guide Exam CS0-002 and Sybex CompTIA CySA+ Practice Tests: Exam CS0-002 ($60)
This book was by far and away the best resource I used along with the associated practice exams. Be sure to register your books online via the Wiley website to get access to all of the practice questions from either a mobile app or a web browser.
InfoSec Bootcamp ($0, provided by my employer)
I took this bootcamp right before my exam and it was a nice refresher of all the material. I had a great instructor that provided us with practice exams and other course material that was very helpful.
The Exam itself
I am the same guy who wrote this and I took the CySA+ exam about 2 months after I passed Security+ which I do feel helped as there is some overlap between Security+ and the CySA+ exam. This exam is definitely a step up from Security+ given the broad range of topics and due to the fact that there just isn’t much material available at the time of this post. A lot of the same general recommendations I provided in my Security+ post still apply to this exam. When I first logged into the exam I felt overwhelmed and I quickly skipped the PBQ’s which looked like an absolute nightmare given all of the charts/graphs/logs that I saw associated with them. Upon getting to the first 10-20 multiple choice questions, I was sure that I was going to fail. A lot of the questions I read the first time around did not have a clear answer to them and I marked the questions I was unsure about (probably around 40 questions) for review and then doubled back to the PBQ’s. I was initially nervous about the PBQ’s but for anyone reading this post, I would say that they are not as bad as you think and I calmly finished them with about an 1 hour and 45 minutes to go back and review my multiple choice questions. One piece of advice I can give is that you will have plenty of time to take this exam so do not rush. A huge help for me and one that I highly recommend when it comes to the multiple choice questions is to use the process of elimination. There were some answers that clearly didn’t belong given the question asked and I feel that this tactic allowed me to at least have a 50/50 shot at getting the correct answer. I reviewed my last few questions and submitted my exam with about an hour left. I got my score, a 820/900 which I could not believe given that I felt that I had failed this exam the entire time. My advice to anyone taking this exam is to relax, reread the question, use the process of elimination, and select the best answer choice left. Again, you will have plenty of time to take this exam so do not rush.
If you have any other questions about my exam experience or my background feel free to ask and good luck on all of your future CompTIA exams!
From a student of mine – RF
One of my PBQs was verifying multiple device configurations to ensure they covered the stated criteria, and note exceptions if present. Very interactive. I had 2 very dynamic pbq as first questions, but only 70 questions total. Skipped both pbq, answered all questions first pass (even with best guess) that took ~80 min. Returned to pbq for ~60 min, then spent remainder of time correcting flagged items. Used every last second until clock expired.
From a student – JF
I had 2 simulations one of them was actually the one from the Practice Exam I got that one right. The other one was a three part question where where I had to read the logs for a File Server, Email Server and I can’t remember what the last one was and figure out how many users clicked on a phishing email. What was the name of the client where the phishing email was, and how many computers were affected?
From a post by Jack Baylor:
Go back to the PBQ’s. Take your time, read through the problem statement. You have the option of bringing up a whiteboard with which you can copy and paste log files in to etc. I used this heavily for all PBQs. For ones involving logs, I highlighted each of the individual data flows, or color coordinated each stream. I put colored boxes around different data flows from each device etc. I did everything I could to ensure that I teased out each individual unique server/network flow etc until I was certain which object was talking to which other object.
From RG –
Performance example i got was something like your company received ransomware via email. How many people clicked the link, how many computers got effected. You get a sample email logs to firewall and email server
More information on Performance Based Questions (PBQs):
- https://www.comptia.org/testing/testing-options/about-comptia-performance-exams/performance-based-questions-explained Just one simulation, but worth a look.
- https://medium.com/@jackbaylor/preparing-for-the-comptia-cybersecurity-analyst-cysa-certification-c147f56bd742 (excerpt is above)