Introduction

CompTIA CySA+ bridges the skills gap between CompTIA Security+ and CompTIA Advanced Security Practitioner (CASP+). Building on CySA+, IT professionals can pursue CASP+ to prove their mastery of the hands-on cybersecurity skills required at the 5- to 10-year experience level. Earn the CySA+ certification to grow your career within the CompTIA recommended cybersecurity career pathway.

CompTIA CySA+ certification is designed to be a “vendor-neutral” exam that measures your knowledge of industry-standard technology.

Goals and Methods

The number-one goal of this book is a simple one: to help you pass the 2020 version of the CompTIA CySA+ certification exam, CS0-002.

Because the CompTIA CySA+ certification exam stresses problem-solving abilities and reasoning more than memorization of terms and facts, this book is designed to help you master and understand the required objectives for each exam.

To aid you in mastering and understanding the CySA+ certification objectives, this book uses the following methods:

• The beginning of each chapter identifies the CompTIA CySA+ objective addressed in the chapter and defines the related topics covered in the chapter.

• The body of the chapter explains the topics from a hands-on and theory-based standpoint. This includes in-depth descriptions, tables, and figures that are geared toward building your knowledge so that you can pass the exam. The structure of each chapter generally follows the outline of the corresponding exam objective, which not only enables you to study the exam objectives methodically but also enables you to easily locate coverage of specific exam objectives that you think you need to review further.

• Key Topic icons identify important figures, tables, and lists of information that you should know for the exam. Key topics are interspersed throughout the chapter and are listed in a table at the end of the chapter.

• Key terms in each chapter are emphasized in bold italic and are listed without definitions at the end of each chapter. Write down the definition of each term and check your work against the complete key terms in the glossary.

Who Should Read This Book?

The CompTIA CySA+ exam is designed for IT security analysts, vulnerability analysts, and threat intelligence analysts. The exam certifies that a successful candidate has the knowledge and skills required to leverage intelligence and threat detection techniques, analyze and interpret data, identify and address vulnerabilities, suggest preventative measures, and effectively respond to and recover from incidents.

The recommended experience for taking the CompTIA CySA+ exam includes Network+, Security+, or equivalent knowledge as well as a minimum of four years of hands-on information security or related experience.

This book is for you if you are attempting to attain a position in the cybersecurity field. It is also for you if you want to keep your skills sharp or perhaps retain your job due to a company policy that mandates that you update security skills.

This book is also for you if you want to acquire additional certifications beyond Network+ or Security+. The book is designed to offer easy transition to future certification studies.

Strategies for Exam Preparation

Strategies for exam preparation vary depending on your existing skills, knowledge, and equipment available. Of course, the ideal exam preparation would consist of three or four years of hands-on security or related experience followed by rigorous study of the exam objectives.

Before and after you have read through the book, have a look at the current exam objectives for the CompTIA CySA+ Certification Exam, listed at https://www.comptia.org/certifications/cybersecurity-analyst#examdetails. If there are any areas shown in the certification exam outline that you would still like to study, find those sections in the book and review them.

When you feel confident in your skills, attempt the practice exams found on the website that accompanies this book. As you work through the practice exams, note the areas where you lack confidence and review those concepts or configurations in the book. After you have reviewed those areas, work through the practice exams a second time and rate your skills. Keep in mind that the more you work through the practice exams, the more familiar the questions will become.

After you have worked through the practice exams a second time and feel confident in your skills, schedule the CompTIA CySA+ CS0-002 exam through Pearson Vue (https://home.pearsonvue.com). To prevent the information from evaporating out of your mind, you should typically take the exam within a week of when you consider yourself ready to take it.

The CompTIA CySA+ certification credential for those passing the certification exams is now valid for three years. To renew your certification without retaking the exam, you need to participate in continuing education (CE) activities and pay an annual maintenance fee of $50 (that is, $150 for three years). See https://www.comptia.org/continuing-education/learn/ce-program-fees for fee details. To learn more about the certification renewal policy, see https://certification.comptia.org/continuing-education.

How the Book Is Organized

Table I-1 outlines where each of the CySA+ exam objectives is covered in the book. For a full dissection of what is covered in each objective, you should download the most recent set of objectives from https://www.comptia.org/certifications/cybersecurity-analyst#examdetails.

Table I-1 CySA+ CSO-002 Exam Objectives: Coverage by Chapter

Book Features

To help you customize your study time using this book, the core chapters have several features that help you make the best use of your time:

• Foundation Topics: These are the core sections of each chapter. They explain the concepts for the topics in that chapter.

• Exam Preparation Tasks: After the “Foundation Topics” section of each chapter, the “Exam Preparation Tasks” section provides the following study activities that you should do to prepare for the exam:

• Review All Key Topics: As previously mentioned, the Key Topic icon appears next to the most important items in the “Foundation Topics” section of the chapter. The Review All Key Topics activity lists the key topics from the chapter, along with their page numbers. Although the contents of the entire chapter could be on the exam, you should definitely know the information listed in each key topic, so you should review these.

• Define Key Terms: Although the CySA+ exam might be unlikely to ask a question such as “Define this term,” the exam does require that you learn and know a lot of cybersecurity-related terminology. This section lists the most important terms from the chapter, asking you to write a short definition of each and compare your answer to the glossary entry at the end of the book.

• Review Questions: Confirm that you understand the content that you just covered by answering these questions and reading the answer explanations.

• Web-based practice exam: The companion website includes the Pearson Test Prep practice test software that enables you to take practice exam questions. Use it to prepare with a sample exam and to pinpoint topics where you need more study.

What’s New?

With every exam update, changes in the relative emphasis on certain topics can change. Here is an overview of some of the most important changes:

• Increased content on the importance of threat data and intelligence

• Increased emphasis on regulatory compliance

• Increased emphasis on the options and combinations available for any given command

• Increased emphasis on identifying attacks through log analysis

• Increased coverage of cloud security

• Increased coverage of forming and using queries

The Companion Website for Online Content Review

All the electronic review elements, as well as other electronic components of the book, exist on this book’s companion website.

To access the companion website, which gives you access to the electronic content with this book, start by establishing a login at www.pearsonITcertification.com and register your book.

To do so, simply go to www.pearsonitcertification.com/register and enter the ISBN of the print book: 9780136747161. After you have registered your book, go to your account page and click the Registered Products tab. From there, click the Access Bonus Content link to get access to the book’s companion website.

Note that if you buy the Premium Edition eBook and Practice Test version of this book from Pearson, your book will automatically be registered on your account page. Simply go to your account page, click the Registered Products tab, and select Access Bonus Content to access the book’s companion website.

Please note that many of our companion content files can be very large, especially image and video files.

If you are unable to locate the files for this title by following the steps at left, please visit www.pearsonITcertification.com/contact and select the Site Problems/Comments option. Our customer service representatives will assist you.

How to Access the Pearson Test Prep Practice Test Software

You have two options for installing and using the Pearson Test Prep practice test software: a web app and a desktop app. To use the Pearson Test Prep application, start by finding the registration code that comes with the book. You can find the code in these ways:

• Print book: Look in the cardboard sleeve in the back of the book for a piece of paper with your book’s unique PTP code.

• Premium Edition: If you purchase the Premium Edition eBook and Practice Test directly from the www.pearsonITcertification.com website, the code will be populated on your account page after purchase. Just log in to www.pearsonITcertification.com, click Account to see details of your account, and click the Digital Purchases tab.

• Amazon Kindle: For those who purchase a Kindle edition from Amazon, the access code will be supplied directly from Amazon.

• Other bookseller e-books: Note that if you purchase an e-book version from any other source, the practice test is not included because other vendors to date have not chosen to vend the required unique access code.

Once you have the access code, to find instructions about both the PTP web app and the desktop app, follow these steps:

Step 1. Open this book’s companion website.

Step 2. Click the Practice Exams button.

Step 3. Follow the instructions listed there both for installing the desktop app and for using the web app.

Note that if you want to use the web app only at this point, just navigate to www.pearsontestprep.com, establish a free login if you do not already have one, and register this book’s practice tests using the registration code you just found. The process should take only a couple of minutes.

Customizing Your Exams

Once you are in the exam settings screen, you can choose to take exams in one of three modes:

• Study mode: Enables you to fully customize your exams and review answers as you are taking the exam. This is typically the mode you would use first to assess your knowledge and identify information gaps.

• Practice Exam mode: Locks certain customization options, as it is presenting a realistic exam experience. Use this mode when you are preparing to test your exam readiness.

• Flash Card mode: Strips out the answers and presents you with only the question stem. This mode is great for late-stage preparation when you really want to challenge yourself to provide answers without the benefit of seeing multiple-choice options. This mode does not provide the detailed score reports that the other two modes do, so you should not use it if you are trying to identify knowledge gaps.

In addition to these three modes, you will be able to select the source of your questions. You can choose to take exams that cover all of the chapters or you can narrow your selection to just a single chapter or the chapters that make up specific parts in the book. All chapters are selected by default. If you want to narrow your focus to individual chapters, simply deselect all the chapters and then select only those on which you wish to focus in the Objectives area.

You can also select the exam banks on which to focus. Each exam bank comes complete with a full exam of questions that cover topics in every chapter.. You can have the test engine serve up exams from all test banks or just from one individual bank by selecting the desired banks in the exam bank area.

There are several other customizations you can make to your exam from the exam settings screen, such as the time of the exam, the number of questions served up, whether to randomize questions and answers, whether to show the number of correct answers for multiple-answer questions, and whether to serve up only specific types of questions. You can also create custom test banks by selecting only questions that you have marked or questions on which you have added notes.

Updating Your Exams

If you are using the online version of the Pearson Test Prep software, you should always have access to the latest version of the software as well as the exam data. If you are using the Windows desktop version, every time you launch the software while connected to the Internet, it checks if there are any updates to your exam data and automatically downloads any changes that were made since the last time you used the software.

Sometimes, due to many factors, the exam data might not fully download when you activate your exam. If you find that figures or exhibits are missing, you might need to manually update your exams. To update a particular exam you have already activated and downloaded, simply click the Tools tab and click the Update Products button. Again, this is only an issue with the desktop Windows application.

If you wish to check for updates to the Pearson Test Prep exam engine software, Windows desktop version, simply click the Tools tab and click the Update Application button. This ensures that you are running the latest version of the software engine.