I used the CySA+ Cert Guide by Troy McMillan. This book gives a pretty good overview of all the material you’ll be quizzed on. I’d definitely recommend starting off your studying by giving the book a read through. I didn’t get any of the other books so I can’t directly compare, but this one in particular covers all the theory needed.
This book came with some practice tests, which I thought were pretty easy. Having taken the exam, these practice tests are nothing like the actual test. Instead of considering them practice tests, I’d view them more like “content enforcement”, where you’ll be quizzed on general terms and processes that are in the book. Don’t expect to read the book, start acing the exams, and be able to ace the CySA+. For reference, I read the entire book, but I only did a practice test or two.
I purchased the deluxe bundle for the CySA, which gave me access to Certmaster. I would consider this in the same vein as the Troy McMillan practice tests, great for learning terms and theory but not a proper representation of the test. While it’s not like the actual exam, I do think the Certmaster is worthwhile to work through to 100%. The theory is solid and will help you on the exam.
The program is divides the CySA content up into four domains. You’ll be quizzed pretty heavily in each domain. It took me 10+ hours to go through all the quizzes and a little extra time to do refreshers (retaking failed questions in past quizzes) prior to the exam.
I watched a couple videos in the CySA+ video series by Jason Dion. I thought his content was good, but was way too basic for me. If you’re fresh out of college or need a little bit extra hand holding, I’d definitely recommend this course @ the $11 USD price point that I paid. For me personally, I got 10 or so videos in and stopped watching the series. I figured it’d be worth a mention as a potential resource for anyone reading.
I have Cybrary Insider Pro, which is a paid subscription to labs, practice tests, and whole other slew of extra learning materials from Cybrary (and Cybrary affiliated companies). What specifically helped me here were the Kaplan practice tests. This was the practice test that was most like the exam. I went over most of the test bank and made sure I understood the questions I got wrong. This was hands down the most helpful resource I used.
Without giving away too much, I’ll just talk about my impressions of the exam as a whole.
It was harder than I anticipated. Where the Sec+ felt like a regurgitation of terminology and theory, I had to truly think through many of the CySA+ questions. I finished the first pass of the exam in an hour and fifteen minutes, then spent some time rereading all my answers to make sure I didn’t make any sloppy mistakes. In the end, I got a 851⁄900, which I was surprised with. I wasn’t confident with several of my answers, but I must have guessed right on them.
You’re definitely going to need knowledge outside of the book. I’d recommend looking deeper into all the tools and operating systems mentioned in the book. Try to have more “first hand” knowledge on topics than just knowing that “John the Ripper is a password cracker”, for example. This will help you not only on the test but in your career in general.
All in all, I walked out of the exam room happy with the test and the entire CySA+ experience. I believe this test is meant to certify someones ability to be a decent security analyst (or at the very least, the potential to be one). This test does a great job to determine that. I don’t think anyone can pass that exam and not be competent at being (or learning to be) a security analyst. If you want to validate your skills or perhaps just need to renew your Sec+, I’d highly recommend taking this cert.