INTRODUCTION

Why Go for the CySA+?

Why do people go for any certification? For recognition? For self-assurance of knowledge and experience? Job security? Maybe all the above?

Not every certification can deliver “all the above,” but the CySA+ can and will. The CySA+ combines considerable difficulty, industry approval, and specialization. I know this might look like marketing hyperbole, but read on and you’ll learn why getting this credential should be your top priority. But waste no time afterward—you need to practice and study!

The CySA+ Is Intermediate Level: Not for Beginners

You might already know CompTIA has a beginner infosec certification: Security+. Being an entry-level certification, the Security+ “casts a wide net,” attracting candidates from outside information security circles, such as database admins, system admins, network engineers, and general IT professionals. For people coming from outside information security, the Security+ starts them on the path of information security professional. It’s safe to assume that many Security+ candidates pass the exam based on diligent studying, but likely have minimal actual infosec experience. Getting by with just book know-how is not the case with the CySA+.

By comparison, a CySA+ candidate must possess knowledge beyond the core book knowledge. If you read the exam details, you see there is no absolute work experience prerequisite. However, CompTIA does recommend a minimum of three to four years of hands-on experience. The difference is, the CySA+ has a strong, technical, hands-on focus. You will see this in the wording of the questions and explanations.

The CySA+ Is Specialized: Not for Generalists

Exams for other information security certifications (including the Security+) will test candidates on a broad range of topics: risk and threat management, incident detection and handling, as well as penetration testing and IT auditing. The CySA+ exam does cover the first few main topics, with a deeper focus on analytics and incident response. However, penetration testing and auditing are purposefully detached from the CySA+ coverage.

Instead of generalizing the CySA+, CompTIA took penetration testing and auditing and created another separate intermediate-level cert for information security professionals: PenTest+. I would assume this was done to better reflect real life. Full-time security analysts and penetration testers are typically different people, each with a respectable depth of knowledge of their role. More about PenTest+ can be found online.

The Industry Recognizes Your Good Work

Of course, there are no guarantees or absolute job security. And adding a few letters next to your name on your resume doesn’t guarantee you are a rock star. But if you seek an information security analyst position, the CySA+ credential labels your experience and value. Your employer, whether current or expected, recognizes the CySA+ and what was required from you to earn it.

What to Expect from the CySA+ Exam

To reap that sweet, sweet professional karma we talked about, you must take the CySA+ exam. Be forewarned: it isn’t easy. (Why should it be?) Let’s talk about what to expect when you take the CySA+ exam.

Some bullet points:

•   It is composed of up to 85 questions. (You might get fewer, but doubtful.)

•   The format is multiple choice, plus a few “performance-based” questions (a few comments about those later).

•   You’ll have 165 minutes to complete the exam. (That’s 2 hours and 45 minutes.)

•   To pass, you need to score a 750 or higher, out of 900.

Some quick math shows you have roughly two minutes per question. Anyone who has ever taken such an exam before knows that some questions will take you five seconds while others may plague you for five minutes.

One warning I will give: do not be surprised by the performance-based questions if they come early. Do not panic about them taking all your time. After you handle the performance-based questions, the standard multiple-choice questions will seem to go by quickly.

Lastly, because the exam delivers only up to 85 questions, it is not possible to be questioned on every topic and subtopic listed in the Exam Objectives map. In this book, however, you can be assured that at least one question will touch each and every bullet point on the Objective map, to help you assess your knowledge and prepare for the exam.

How to Use This Book

This is a practice exam book, not a study guide. The goal of this book is to prepare you for the CompTIA CySA+ exam. Use this book as a tool to assess your knowledge. Only after you assess what you know (and don’t know), can you decide confidently whether you’re ready to take the exam. Therefore, you want to use this book as your tool to gauge your readiness.

Based on the Exam Structure

This book takes a practical and systematic approach, more than other books available. This book’s 15 chapters are divided into four parts:

•   Threat Management

•   Vulnerability Management

•   Cyber Incident Response

•   Security Architecture and Tool Sets

These should look familiar, as they are the same four domains found on the CySA+ exam.

Weighted by Exam Domain Distribution

There are about 300 questions in total across all four parts (and many more in the TotalTester software). Of these questions, the number allotted to each part also mimics the same percentage each domain is allotted on the CySA+ exam. As with this guide, the CompTIA exam consists of four domains (categories). CompTIA indicates the relative level of importance of each domain with the following weighting in the exam:

And lastly, the question content and coverage were carefully written to best prepare you for the questions you will encounter on the exam. In fact, every topic, subtopic, and bullet point of the CompTIA CySA+ Exam Objectives is covered at some point within the respective chapters. This was double-checked by a third-party reviewer before this book was permitted to be published.

Taking a Practical Approach

To assess your knowledge, this book takes the simple, proven approach: you have a question and you choose among the provided answers. Like on the CySA+ exam, all of questions are multiple choice, with at least four, up to five, potential answers. The explanations given for each question do reinforce the correct answer, as well as clarify why incorrect answers are wrong.

Performance questions, very much like you’ll find on the exam, are also available to you via the TotalTester software. For more information, see the “About the Digital Content” appendix.

Using the Digital Content

This book comes complete with TotalTester customizable practice exam software containing 200 multiple-choice practice exam questions, a pre-assessment test, and ten performance-based questions. For details on accessing and using the content, see the “About the Digital Content” appendix.

Using the Objective Map

The following Objective Map has been constructed to help you cross-reference the official exam objectives from CompTIA with the relevant coverage in the book. References have been provided for the exam objectives exactly as CompTIA has presented them, along with the chapter and question numbers.