If you are able to join a cybersecurity team and instantly start taking the right steps to improve the security posture of an organization, you will be a very valuable asset. If you can do that, but also engage on-net adversaries in hand-to-hand combat and prevail, then you will be invaluable to your organization. You will not struggle to find and keep jobs that are interesting and pay well. But how do you convey these skills to a prospective employer within the confines of a one- or two-page resume? Using the title CySA+, like a picture, can be worth a thousand words.

Why Become a CySA+?

To be clear, adding four characters to the end of your signature line will not make you the superstar we described in the preceding paragraph. It will, however, elevate employers’ expectations. Hiring officials oftentimes screen resumes by looking for certain key terms, such as CySA+, before referring them to technical experts for further review. Attaining this certification improves your odds of making it past the first filters, and also sets a baseline for what the experts can expect from you during an interview. It lets them know they can get right to important parts of the conversation without first having to figure out how much you know about the role of a cybersecurity analyst. The certification sets you up for success.

It also sets you up for lifelong self-learning and development. Preparing for and passing this exam will not only elevate your knowledge, but also reveal to you how much you still have to learn. Cybersecurity analysts never reach a point where they know enough. Instead, this is a role that requires continuous learning because both the defenders and attackers are constantly evolving their tools and techniques. The CySA+ domains and objectives provide you a framework of knowledge and skills on which you can plan your own professional development.

The CySA+ Exam

The CySA+ exam is administered at authorized testing centers and will cost you $320. It consists of up to 85 questions, which must be answered in no more than 165 minutes. In order to pass, you must score 750 points out of a maximum possible 900 points. The test is computer-based and adaptive, which means different questions will earn you different numbers of points. The bulk of the exam consists of short, multiple-choice questions with four or five possible responses. In some cases, you will have to select multiple answers in order to receive full credit. Most questions are fairly straightforward, so you should not expect a lot of “trick” questions or ambiguity. Still, you should not be surprised to find yourself debating between two responses that both seem correct at some point.

A unique aspect of the exam is its use of scenario questions. You will only see a few of these (maybe three to five), but they will require a lot of time to complete. In these questions, you will be given a short scenario and a network map. There will be hotspots in the map that you can click to obtain detailed information about a specific node. For example, you might click a host and see log entries or the output of a command-line tool. You will have to come up with multiple actions that explain an observation, mitigate threats, or handle incidents. Deciding which actions are appropriate will require that you look at the whole picture, so be sure to click every hotspot before attempting to answer any of the questions.

Your exam will be scored on the spot, so you will know whether you passed before you leave the test center. You will be given your total score, but not a breakdown by domain. If you fail the exam, you will have to pay the exam fee again, but may retake the test as soon as you’d like. Unlike other exams, there is no waiting period for your second attempt, though you will have to wait 14 days between your second and third attempts if you fail twice.

What Does This Book Cover?

This book covers everything you need to know to become a CompTIA-certified cybersecurity analyst (CySA+). It teaches you how successful organizations manage cyber threats to their systems. These threats will attempt to exploit weaknesses in the systems, so the book also covers the myriad of issues that go into effective vulnerability management. As we all know, no matter how well we manage both threats and vulnerabilities, we will eventually have to deal with a security incident. The book next delves into cyber incident response, including forensic analysis. Finally, it covers security architectures and tools with which every cybersecurity analyst should be familiar.

Though the book gives you all the information you need to pass the test and be a successful CySA+, you will have to supplement this knowledge with hands-on experience on at least some of the more popular tools. It is one thing to read about Wireshark and Snort, but you will need practical experience with these tools in order to know how best to apply them in the real world. The book guides you in this direction, but you will have to get the tools as well as practice the material covered in these pages.

Tips for Taking the CySA+ Exam

Though the CySA+ exam has some unique aspects, it is not entirely unlike any other computer-based test you might have taken. The following is a list of tips in increasing order of specificity. Some may seem like common sense to you, but we still think they’re important enough to highlight.

•  Get lots of rest the night before.

•  Arrive early at the exam site.

•  Read all possible responses before making your selection, even if you are “certain” that you’ve already read the correct option.

•  If the question seems like a trick one, you may be overthinking it.

•  Don’t second-guess yourself after choosing your responses.

•  Take notes on the dry-erase sheet (which will be provided by the proctor) whenever you have to track multiple data points.

•  If you are unsure about an answer, give it your best shot, mark it for review, and then go on to the next question; you may find a hint in a later question.

•  When dealing with a scenario question, read all available information at least once before you attempt to provide any responses.

•  Don’t stress if you seem to be taking too long on the scenario questions; you will only be given a handful of those.

•  Don’t expect the exhibits (for example, log files) to look like real ones; they will be missing elements you’d normally expect, but contain all the information you need to respond.

How to Use This Book

Much effort has gone into putting all the necessary information into this book. Now it’s up to you to study and understand the material and its various concepts. To best benefit from this book, you might want to use the following study method:

•  Study each chapter carefully and make sure you understand each concept presented. Many concepts must be fully understood, and glossing over a couple here and there could be detrimental to you.

•  Make sure to study and answer all the questions. If any questions confuse you, go back and study those sections again.

•  If you are not familiar with specific topics, such as firewalls, reverse engineering, and protocol functionality, use other sources of information (books, articles, and so on) to attain a more in-depth understanding of those subjects. Don’t just rely on what you think you need to know to pass the CySA+ exam.

•  If you are not familiar with a specific tool, download the tool (if open source) or a trial version (if commercial) and play with it a bit. Since we cover dozens of tools, you should prioritize them based on how unfamiliar you are with them.

Using the Objectives Map

The Objectives Map included in Appendix A has been constructed to help you cross-reference the official exam objectives from CompTIA with the relevant coverage in the book. A reference has been provided for each exam objective exactly as CompTIA has presented it, the chapter number, and a page reference.

Practice Exams

This book includes practice exams that feature the Total Tester exam software, which allows you to generate a complete practice exam or to generate quizzes by chapter module or by exam domain. For more information about the accompanying software, see Appendix B.