## background I took this exam with around over a year and a half of experience in IT, already having obtained the Security+ certification. I studied for a little under month, using a variety of material including the Sybex book and Jason Dion's Udemy course. ## my_experience I started off by purchasing the CompTIA CySA+ CS0-001 "All-in-One" certification guide from Amazon. I read this book front to back once, and although I do think that it is a fine source of study material, I don't know if I would recommend it. I did not feel like I absorbed as much information from this book as I should have, nor did it feel like a good chunk of the material in the book was relevant to the actual exam. After that, I purchased Jason Dion's CySA+ CS0-001 course on Udemy. As I mentioned in my Network+ Study guide, I HIGHLY recommend Jason Dion's Udemy courses. I took handwritten notes throughout the entire course and filled up nearly 20 pages of my notebook. I prefer taking handwritten notes compared to typing into a Word/Google doc as I feel I retain the information better writing it down. Next, I purchased the "CompTIA CySA+ Practice Tests: Exam CS0-001" book from Sybex. I will say that this book was not what I expected. I expected more of the easy, straightforward practice questions that were in the All-in-One book, and that was not at all what was in the Sybex book. The questions in the Sybex book are MUCH harder than what is on the actual test. Don't get me wrong, there are questions in the book that were very similar to questions on the exam, however due to the fact that there are 1000 practice questions, there is an abundance of questions that expect you to know information that is NOT included in the exam objectives, such as extremely specific Linux directories, extremely obscure tools, or extremely obscure laws and regulations. If you want to purchase this book for additional practice, it wouldn't hurt, just don't bother to memorize anything that is not included in the actual CySA+ exam objectives. After running through the 1000 questions plus the 2 practice exams at the end of the book, I scheduled my test a week in advance. In that time, I went over and highlighted my handwritten notes, studied Quizlet flashcards, semi-listened to the Jason Dion course again, and tried my best to relax. On test day, I finished the exam with around 30 minutes to spare. CompTIA gives you 2 hours and 45 minutes to finish CySA+ which should help ease your anxiety. As usual, I was not very confident and gave myself a 50/50 chance of passing. I ended up passing the exam with a 797 on my first attempt. ## tips - **KNOW HOW TO READ AND COMPREHEND LOGS**. I cannot stress this enough. With CySA+ being a "blue team" certification, there are probably 2 dozen questions on the exam where you are presented with a log from a Firewall, IDS/IPS, web server, etc. accompanied by a scenario, where you will be expected to make a determination based off of the log presented. Make sure you know how to spot a brute force attack, a port scan, etc. - Have a strong "blue team" mindset and good grasp of network defense methodology. If presented with a scenario where you're expected to analyze, investigate, a log or alert from a security appliance, make sure you are capable of making a determination based off of your own conclusion. - Threat Management & Vulnerability Management make up the majority of the exam, and although it's based off of my own experience with the exam, it felt like they made up even more of a majority. Be sure to be competent in these two domains. - Know every tool, appliance, software, etc. mentioned in the exam objectives. Obviously you won't get a question on every single one, but there will be questions were a random tool will be mentioned and you will have to make a determination based off of that information. - Know and memorize your acronyms. ## links https://a.co/d/9eYIvA0 https://www.udemy.com/course/comptia-cysa-003/ https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-003-exam-objectives-2-0