HealthyByte: Bridge That Gap

View Original

How I passed my Comptia CySa+?


CompTIA CySA+ exam
 helps validate the skills necessary to join the rapidly expanding field of cybersecurity professionals. Here's my advice on how to study for the new CompTIA CySA+ (CS0-002) exam.

An Overview of the Cysa+ exam: 

CompTIA CySA+ certification involves both hands-on, performance-based questions and multiple-choice questions. It focuses on the ability to capture, monitor proactively, and respond to network traffic findings. It also stresses software and application security, automation, threat hunting, and IT regulatory compliance and affects daily.  

Knowledge and skills required to prepare and pass the Cysa+:

  • Leverage intelligence and threat detection techniques

  • Analyze and interpret data

  • Identify and address vulnerabilities

  • Suggest preventative measures

  • Effectively respond to and recover from incidents

Essential skills one will gain in the following areas: 

Threat and Vulnerability Management: 

  • Ability to utilize and apply proactive threat intelligence to support organizational security.

  • Perform vulnerability management activities.

Software and Systems Security: 

  • You are applying security solutions for infrastructure management.

  • Demonstrating software & hardware assurance best practices.

Compliance and Assessment:  

  • Use security concepts to support organizational risk mitigation.

  • Comprehend the significance of frameworks, policies, procedures, and controls.

Security Operations and Monitoring: 

  • Analyze data as part of constant security monitoring activities.

  • Enforce configuration changes to existing controls to improve security.

Incident Response:

  • Apply the proper incident response procedure.

  • Analyze potential indicators of compromise.

  • Utilize primary digital forensics techniques.

My Preparation for the exam

My Preparation involved a total of 4months. 

Month 1: Passive Reading [Getting familiar with specific terms & concepts]

Month 2: Active Reading [Immersing myself in the modules]

  • Primary focus on Incident Response, Security Monitoring & Operations, Digital forensics, Technical Hardware Assurance

Month 3: Procrastination & Passive Reading [Falling ill during Month3 and other responsibilities slowed my progress, but I still got to some passive reading, (listening to video training on your phone)] 

Month 4: Went All-In [Made a Schedule to study every day and give practice tests] 

  • I am a nocturnal being, all my studying & activities happen during the night. I like to avoid the noise and bustle.

  • Focus on Spaced Repetition & Active Recall.

Choosing the study material

Yes, there is lots of great material out there and not-so-great material out there. The material I chose was

  • Jason Dion's Udemy course [Video training]

    • This course also does provide a great study guide.

  • Jason Dion Practice tests [6 practice tests]

  • CompTIA CertMaster

  • CompTIA self-paced labs

  • Mike Chapple Practice Tests

Jason Dion's video course is well thought out, written, and recorded. What I liked most about this course is that it gives you short snippets with exam tips. I did not choose multiple video courses as it can sometimes get very jarring. 

The main area that I focused on was Practice tests. I think you should focus on these very hard because these areas will test your memory and ability to find the right solution in a pool of similar-looking correct answers. 

  • I started initially with Jason Dion's practice test. They are good but can get very ambiguous.

  • I ended up liking the CertMaster Practice tests. They provide a great explanation as to why you choose one answer over the rest. I also like CertMaster as I found it the most closely aligned with the exam. It also includes Performance-based questions, and solving these will help you with time management and effectively increase your speed during the exam.

  • Comptia's self-paced labs are a great resource. It will help you a lot through PBQs.

    • I primarily focused on networking, incidence response, email monitoring, and digital forensics labs.

  • Mike Chapple's practice tests were just an add-on to see the variety of questions.

  • A common myth with these practice questions is that you should be scoring a continuous 85%+ to pass this exam. I highly disregard this myth. I suggest you clear your fundamental concepts very well. This exam is structured to confuse the person appearing for it. Specific keywords will be twisted, and if you are unclear about the underlying concept, you will mark the wrong answer.

    • Quick Example: the difference between Malware and Polymorphic Malware. If you do not understand what malware does and there's no option stating only malware, chances are you will end up marking the wrong answer because you did not see the option you were familiar with.

    • Another example: hex codes for decoding URLs

  • With that said I suggest you to aim high on the exam. You need a 750 to pass but aim for an above 800 minimum. If you aim at just passing the exam, you will subconsciously train your mind to attempt the at-least rather than at-most and end up not succeeding.

Super Helpful Tip: Make your own Notes. Your notes should cover the core concepts and help you in a way you understand. I use Notion for pretty much everything, feel free to use what makes you comfortable. I also used hand written notes.

I gave close to 10-12 practice tests in the final two weeks. There was a point where my score was just stagnant. I couldn't crack 80% for a while and finally realized that PBQs are a significant part of the exam. So do not stress about breaking a particular percentage barrier. 

Final Points

I gave the Cysa+ exam as it was very relevant to what I am doing daily. This exam core focuses on risk mitigation and defense in depth. I understand why this exam can be challenging as it requires an advanced level of understanding of multiple domains and facets of security which involves a lot of practical knowledge. In simple terms, you won't be able to tie a complex rope knot just by reading about it, you would have to get your hands dirty. The exam covers a broad scope and will expose you to new terms. Know your strengths and focus on the weaknesses and grind through them. Overall, great exam, and one should attempt it. If you need any advice, suggestions, or knowledge about a topic, please feel free to reach out.