Passed CySa+

charismaticxcharismaticx Member Posts: 160 ■■■■□□□□□□
No joke this exam was rough! I would say it wasn't as hard as GCIH but definitely harder than CEH. For those that wondering about the amount of log questions, I would honestly say a majority of the exam was riddled with logs but they weren't too difficult. The SIMS I saved for last after glancing the first question for about a minute. I would definitely take everyone else's advice on this. I had just recently passed CEH a couple weeks ago and I was determined to take this exam. Without going into specifics about the test, I would say look over snort rules, incident response procedures, ASCII. I had used the Sybex book as my main resource to study and I had taken the udemy practice test. I also glanced over the All in one but that one only helped with the log review. I was constantly reviewing what everyone had used to study or what they ran into and that also helped considerably. Next up GSNA and Linux +!


  • xagreusxagreus Member Posts: 108 ■■■■□□□□□□
    Congrats, and thanks for sharing your insights!
    2023 goals: (ISC)2 Certified in Cybersecurity; CompTIA CySA+; Microsoft SC-900 Security, Compliance, and Identity Fundamentals; LPI Linux Essentials; CompTIA Project+; AWS SysOps Admin-Associate; WGU BS-NOS; maybe CSA Certificate of Cloud Security Knowledge (CCSK)
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Congrats on the pass! I'm taking it in 6 days. Starting to suspect people generally underestimate this exam, in the same way that people perceive the A+ as kind of noobish and Network+ as inferior to the CCNA. The reputation gives an immediate perception of the CySA+ as being the A+ of cyber analyst certs, so to speak.

    Apparently not as you are not the first to admit this exam ended up being harder than anticipated.

    Also, thanks for the incident response, ASCII, and Snort rules tips.

    In my opinion, there seems to be some herd journalism going on among the three CySA+ study book authors and the Udemy courses (exception to this being the Lakhani/Muniz LiveLessons course). What I mean is that one author wrote something, and all the other authors "sheep" that same point into their version of the book, without coming up with their own unique spin on it.

    I've seen some course content that is almost word for word echoed in another course's content, right down to getting the specs. wrong.

    And then for some reason there are a dozen or so acronyms in the CySA+ objectives that aren't in any of three books. So your advice on Snort and ASCII is much appreciated.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • charismaticxcharismaticx Member Posts: 160 ■■■■□□□□□□
    I definitely didn't underestimate the exam but the experience required to read logs is a must. I feel like there isn't one cookie cutter way to learn but to actually dive into the logs. The other day I had an IA guy come down and work on a case I was working on. He was like we don't have the time or the experience to learn how to read logs. He was suggesting a cookie cutter tool to read the logs. We had suggested splunk to him but even that requires some level of skill to interpret the logs. This truly does feel like an intermediate skill to have. I think it's definitely pushed me to go back and study Linux some more before I tackle CASP.
    Goals: PNPT; OSCP; GPYC; GSE
Sign In or Register to comment.