This blog post is going to address some of the questions I have been asked about the study material and study methods I used to pass the Cybersecurity Analyst Plus from CompTIA. Now keep in mind, I have a different background and history, so be mindful when comparing my methods to yours. This post will be broken up into different sections from experience with the test to study material that I thought was best.
Background: CompTIA classifies the CySA + as an intermediate level certification above the Sec+. This test, according to CompTIA, is for individuals already working in the world of Cyber Security with 3 – 4 years experience under their belt with Network+, Security+ or equivalent knowledge. I don’t have 3-4 years of hands-on experience let alone one year, as I’m trying to break into the world of cyber. However, I do believe me acquiring my Linux certified system admin (RHCSA) and my junior Pen testing (eJTP) certifications helped make up for the lack of experience along with the Net+ and Sec+( received 3 weeks before passing the test).
Video Material: I used Mike Chapel’s course on LinkedIn learning and Jason Dion on Udemy. Both were played at 2x speed, note taking was at a minimum because I realized that a lot of the material that was being taught was the same information I learned from studying for the Sec+ within the same month ( Professor Messor was the only material for Sec+). Mike Chapel’s video material was of higher quality than Jason Dion’s with more hands on demonstrations, the sections were also better broken up. At the end of the day both did cover all the material needed to pass the CySA but I would say that Mike Chapel’s videos were way more beneficial.
Study Guide Material: Jason Dion’s Udemy course comes with a lengthy PDF, 100+ page, detailed study guide that I found to be very useful. I occasionally had it open off to the side while watching videos or taking practice tests. I also received a study guide from Linux Academy, it was very dense but still useful. For the Mike Chapel’s LinkedIn course, no study guide was provided, which if you are the type of person that learns by typing/writing notes would be the best way and then the missing parts that are found in your notes can be found in different study guides you might find in your research.
Practice test: Buying Jason Dion’s course on Udemy does provide you with one practice exam, but I personally bought an additional five practice tests. In my personal opinion, I saw little benefit from his practice tests, as most questions did seem to be reused with the answer key not providing enough information. On the other hand, Mike Chapel’s practice questions were the best by far(CompTIA CySA+ Practice Test by Mike Chapple and David Seidl) (can be bought from Amazon hard copy or online PDF at https://www.oreilly.com). It had 200 questions per domain ( 4 X 200 ) this allowed me to only take questions on the domains I knew I needed more experience on plus 2 additional practice questions. Everything from the format of the questions to the log review questions were as close as you can be to the actual test. His answer sheet got the job done but was not as detailed as Professor Messer’s Sec+ answer sheet. I would recommend when taking his test, to type your answer in excel so it is easier to keep track as you go over the answer sheet afterwards. I did also take PersonVUE CySA practice test. All I have to say these provided the least help as most of the questions didn’t compare to the real exam.
Testing Process: I passed my CySA with an 831 out of 900 taking it from home. Taking the test from home is simple, as they don’t ask for much, test takers must have a clean and clear area that has no sign of study materials (you must provide a picture right before the test as proof ). The two things that I do not like about taking the test from home is that you do not have a whiteboard to write on as you would if you were to take the test in person. Also, the mirror video feed on the top of your screen saying, “recording” it can be annoying seeing yourself for over 2 hours. The test proctor did chat with me at the end once I got my result to please be seated due to me jumping out of my seat when I got my score.
Test itself: I had five performative based questions with 70 multiple-choice questions. The five Performance-based questions took up the most time as 3/5 were difficult. For the PBQ’s I had to write firewall rules, choose from a drop down on best way to fix vulnerability from a report, and identified an infected machine from looking at Netstat command outputs. The 70 questions took me about 1 hour to finish with 40 mins spent on PBQ’s and of the time was spent reviewing questions I flagged. This next part will be a very brief section on the types of multiple choice questions I remember receiving without going against the CompTIA NDA.
- Methods for reusing hard drives after an incident
- BYOD remediation recommendations
- Best firewall entry to prevent similar future attacks
- Identify the best way to show in court that data was not modified
- What types of attack are shown in packet capture data
- Which vulnerability should be taken care of 1st from list
- Scenario given this is the symptom of a ( type of attack)
- What should be done after an incident technical and no technical questions
- What tool is used for what purpose (free/paid)
- Administrative prevention/detection/help methods (outsourcing/dual control/ reviews)
- Different techniques to identify issues ( fuzzing/ stress test)
- From data provided this IP is doing what? ( scanning / extrafiltrating data)
- What can be done to better secure this network from the statement provided
- Password hashing questions
- What Linux command should would be most suspicious
- What nmap/ping/traceroute configuration provides information needed in statement
- Identify weird things and attacks in these logs outputs
- Some questions regarding pen testing methods and legal stuff
- Types of programming languages
- No questions regarding NIST, or other frameworks (I was shocked)
*I will add to this list if I can remember any more types of questions*
Final Thoughts: I would consider this to be a slight step up from the security plus but not by too much since I do feel that I only had to study up on domain 4 (Security Architecture and Tool Sets) with a bit on domain 3 (Cyber Incident Response). I took the Sec + and then the CySA three weeks later with only about a week’s worth of studying. But, I do feel that having my Linux and pentesting certifications helped me a fair amount to understand outputs, commands, and identifying attacks. Having this certification in my opinion does carry some weight on a resume as it shows knowledge and understanding of tools with log reading. My recommendation to anyone that gets the Sec+ is to go for the CySA+ right away as I feel it adds the last piece needed to become a cybersecurity individual.
If you have any questions please feel free to reach out to me via email or LinkedIn.