Author: David Dacalio

In this post, I’ll examine a few resources when preparing for the CySA+ exam.

This guide is meant for those planning to take the CS0-002 version of the CySA+ exam.

Edits were made to this post on 4-20-2021, as indicated by italicized text.

Overview

CompTIA’s CYSA+ is a massive exam meant for security professionals with four years of professional experience. While this may seem a bit intimidating for new graduates with little experience, it also is an opportunity for those wishing to showcase their skills. Middle Georgia State University has an excellent cybersecurity program that covers many of objectives listed in the CySA+. The exam’s broad range of topics combined with demonstration through performance-based questions should prove very valuable to those wishing to break into this exciting field. For this blog post, I’ll focus on the actual study materials I’m currently using to study for the CySA+. After taking the exam, I’ll come back and add some final thoughts to make this experience as comprehensive as possible.

Edit: Good news, I passed! The other news is that the exam wasn’t what I was expecting. I don’t believe this is bad, but instead, reflective of the amount of experience you should have before attempting this exam. By no means does this mean people without cybersecurity experience should not attempt this exam. I believe you should be well-prepared before going into the exam.

CompTIA’s Objectives

For English-speaking test takers, the first version of the CySA+, the CS0-001, retired on October of 2020. The new exam, the CS0-002, will be around for at least three years after that date. Because this is such a broad exam, it is highly recommended that you focus on material geared for the current exam. Before you begin your studies, download the CySA+ CS0-002 exam objectives from CompTIA https://www.comptia.org/training/resources/exam-objectives.

The de facto standard

The de facto standard, at least from what is gathered on various forums, for forming a foundational knowledge of the CySA+ is Mike Chapple’s and David Seidl’s CompTIA CySA+ Study Guide: Exam CS0-002, published by Sybex. At the time of this writing, the Sybex study guide costs around $36 on Amazon. At the end of each chapter, there are questions and labs. In total, the Sybex study guide contains over 400 multiple choice questions. If you are a student enrolled in a cybersecurity field, you may have already performed labs that are quite similar to the ones in this study guide. One final note: the Sybex study guide is concise, but very dense.

Edit: For those who do not have experience in cybersecurity, Mike Chapple’s and David Seidl’s CompTIA CySA+ Study Guide: Exam CS0-002 should be the foundation of knowledge that any test takers should start with.

Have you ever heard of LinkedIn learning?

Mike Chapple narrates an 18-hour course on LinkedIn learning titled, Become a CompTIA Cybersecurity Analyst (CySA+ CS0-002). I believe this course is meant as a complement to the Sybex study guide. The material is professionally-produced and contains a wide array of lab walk throughs. I highly recommend that everyone interested in the CySA+ watch this course, especially considering you can get one month of LinkedIn learning for free.

Dion’s Udemy course

For an additional source of foundational knowledge, Jason Dion’s Udemy course for the CS0-002 is highly recommended. Jason provides his students with 32.5 hours of high-quality video content and one 90 question exam. It’s worth noting that Jason provides performance-based questions in all of his exams. Anyone familiar with Udemy knows they should only purchase these courses when Udemy has one of their frequent 85-90% off sales. Jason really goes beyond the objectives of the course, and his knowledge is second to very few. I really like video lessons because you can use these lessons to guide yourself through labs of your own or as the actual lab experience. Watching videos at 2X speed is always a nice convenience.

Edit: For me, Jason’s course is valuable, and there are a few questions that I would not have answered correctly if it weren’t for his course. However, this is a massive course that goes well beyond the specific objectives of the CySA+ exam. I will refer back to my notes I made for this course for years to come.

Lots of practice questions

I believe practice questions are invaluable for getting test takers in the right mindset. Trying to remember an abstract concept from simply reading a statement or hearing phrase can be challenging. However, when you place yourself in a position to think critically about something (i.e., practice it through a lab or questions) you use a different pathway that makes the material stick. This concept, I believe, is especially true when you understand why an answer is correct AND, more importantly, why the incorrect answer is such. For this reason, I recommend using practice questions that explain why the answers are correct or incorrect. In fact, that is why the CySA+ Companion practice questions were designed in this manner.

Sybex practice questions

As previously mentioned, the Sybex study guide contains over 400 practice questions. I recommend that prospective test takers access this material through efficientlearning.com. The instructions for setting up this account are found within the Sybex study guide. Furthermore, Mike Chapple and David Seidl offer an additional 1,200 questions within the CompTIA CySA+ Practice Tests: Exam CS0-002. At the time of this writing, these questions cost $24 on Kindle. Similar to the study guide, these questions are accessible through efficientlearning.com—follow the instructions in the book to add these questions to your account. I recommend using the online platform to work through these questions as a simple matter of convenience versus using the book or e-book. Finally, these 1,200 practice questions heavily emphasize log and terminal outputs. This can be quite a bit intimidating if you’ve never read a vulnerability report, but the experience is perfectly suited for the exam.

Edit: The Sybex practice questions are amazing, but they seem more straighforward than the actual exam. On the exam, there were many questions that read, “choose the BEST answer. This was a bit frustrasting because usually two of the answers were really good answers.

Dion’s practice questions

Let’s circle back around to Jason Dion’s offerings. Jason offers another “course,” which are basically 6 practice exams. Each exam consists of 75 questions: multiple choice with a few performance-based questions thrown in. These questions are also top-notch, and I recommend test-takers take advantage of them as well.

Total cost

So where does this leave us in terms of cost? The Sybex offerings will run about $36 and $24 dollars for the study guide and practice questions, respectively. Jason Dion’s offerings average $12 each for both the study guide and questions (on sale). Working through these questions makes me believe that all the mentioned material is worth going over. However, one important thing to keep in mind is that these questions (both the Sybex questions and Dion’s questions) are not very mobile friendly. Here at CySA+ Companion, we have designed our platform to be as mobile friendly as possible. We hope that everyone who follows us does well on the exam, and we will continue to offer these questions and more at no charge.

Edit: Would I do anything differently? Yes, I would have studied longer. I work full-time, I’m in school, and I pushed myself to take this exam with 1.5 months of studying. I felt confident with the technical questions, but there were many questions relating to operations and orchestration that seemed to hurt the most. The high-level details are often missed by those who love learning about the technology.