CompTIA Cybersecurity Analyst (CySA+)
The CompTIA Cybersecurity Analyst (CySA+) certification exam verifies that successful candidates have the knowledge and skills required to configure and use threat detection tools. The certification exam validates that the candidate’s ability to perform data analysis and interpret the results to identify vulnerabilities, threats, and risks to an organization, with the end goal of securing and protecting applications and systems within an organization.
CompTIA Cybersecurity Analyst (CySA+) CS0-001 exam is retired on October 21, 2020. An update CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam is available.
Recommended Experience
- Candidates should have the sound knowledge of Network+, Security+ or equivalent knowledge.
- Candidates should have a minimum of 3-4 years of hands-on information security or related experience.
Why is CompTIA Cybersecurity Analyst+ different?
CompTIA CySA+ certification is the only intermediate high-stakes cybersecurity analyst certification that includes both performance-based questions and multiple-choice questions. Also, the CySA+ lays special emphasis on software and application security, automation, threat hunting, and IT regulatory compliance, which affects the daily work of security analysts.
Exam Format
CompTIA CyberSecurity Analyst+ certification exam consists of 85 questions presented in the form of multiple-choice and performance-based. Candidates will be given 165 minutes to complete the exam and score at least 750 or more points. The exam will cost you $359 USD. Also, the exam is available in 3 languages, namely English, Japanese, and Simplified Chinese.
How to schedule the exam?
Candidates can schedule the CompTIA Cybersecurity Analyst+ exam at Pearson VUE. There are two possible ways to schedule the CySA+ exam-
- In-Person Testing
- Online Testing
Exam Detailed Course Outline
1.0 Threat Management
1.1 Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
- Procedures/common tasks
- Variables
- Tools
1.2 Given a scenario, analyze the results of a network reconnaissance.
- Point-in-time data analysis
- Data correlation and analytics
- Data output
- Tools
1.3 Given a network-based threat, implement or recommend the appropriate response and countermeasure.
- Network Segmentation
- Honeypot
- Endpoint security
- Group policies
- ACLs
- Hardening
- Network Access Control (NAC)
1.4 Explain the purpose of practices used to secure a corporate environment.
- Penetration testing
- Reverse engineering
- Training and exercises
- Risk evaluation
2.0 Vulnerability Management
2.1 Given a scenario, implement an information security vulnerability management process.
- Identification of requirements
- Establish scanning frequency
- Configure tools to perform scans according to specification
- Execute scanning
- Generate reports
- Remediation
- Ongoing scanning and continuous monitoring
2.2 Given a scenario, analyze the output resulting from a vulnerability scan.
- Analyze reports from a vulnerability scan
- Validate results and correlate other data points
2.3 Compare and contrast common vulnerabilities found in the following targets within an organization.
- Servers
- Endpoints
- Network infrastructure
- Network appliances
- Virtual infrastructure
- Mobile devices
- Interconnected networks
- Virtual Private Networks (VPNs)
- Industrial Control Systems (ICSs)
- SCADA devices
3.0 Cyber Incident Response
3.1 Given a scenario, distinguish threat data or behavior to determine the impact of an incident.
- Threat classification
- Factors contributing to incident severity and prioritization
3.2 Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
- Forensics kit
- Forensics investigation suite
3.3 Explain the importance of communication during the incident response process.
- Stakeholders
- Purpose of communication processes
- Role-based responsibilities
3.4 Given a scenario, analyze common symptoms to select the best course of action to support incident response.
- Common network-related symptoms
- Common host-related symptoms
- Also, Common application-related symptoms
3.5 Summarize the incident recovery and post-incident response process.
- Containment techniques
- Eradication techniques
- Validation
- Corrective actions
- Incident summary report
4.0 Security Architecture and Tool Sets
4.1 Explain the relationship between frameworks, common policies, controls, and procedures.
- Regulatory compliance
- Frameworks
- Policies
- Controls
- Procedures
- Verifications and quality control
4.2 Given a scenario, use data to recommend remediation of security issues related to identity and access management.
- Security issues associated with context-based authentication
- Security issues associated with identities
- Exploits
- Security issues associated with identity repositories
- Security issues associated with federation and single sign-on
4.3 Given a scenario, review security architecture and make recommendations to implement compensating controls.
- Security data analytics
- Manual review
- Defense in depth
4.4 Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).
- Best practices during software development
- Secure coding best practices
Exam Policies
CompTIA is one of the global providers of vendor-neutral IT certifications. Being one of the IT industry’s top-notch organizations, CompTIA provides exam polices that explain certain rules and regulations which are of supreme importance. The exam policies feature candidate’s questions regarding certification, including the retake policy, candidate conduct policy and the candidate appeals process.
For more Queries Visit: CompTIA Cybersecurity Analyst (CySA+) Exam FAQs
CompTIA Learning Resources
eLearning with CertMaster
CompTIA gives candidates to have access to the eLearning solution that is CertMaster Learn. CertMaster Learn is interactive and self-paced that includes a customizable learning plan and performance-based questions for CySA. However, this will help in taking you on a path of consistent learning toward your certification exam.
Virtual Labs
CompTIA Virtual Labs for Cybersecurity Analyst+ helps the candidate to acquire the necessary hands-on skills for the certification. Moreover, they will develop a deeper understanding of the subject matter and the practical aspects of the certification exam objectives. CompTIA Labs also helps candidates to address the practical aspects of Cybersecurity Analyst exam objectives and complement prior training through access to real equipment and software environments.
CertMaster Practice
CertMaster Practice is a tool that assesses your knowledge and exam readiness. This CertMaster Practice tool is filled with question-first design, real-time learning analytics, and content refreshers. Moreover, This will help candidates to prepare well by confirming strong areas and filling knowledge gaps in weak areas during studying.
Study Guides
While studying for the exam, it is good to prefer traditional textbook style learning, which is packed with informative and accessible content covering all Security exam objectives. This study guide will teach candidates the fundamental principles of installing and configuring cybersecurity controls and participating in incident response and risk mitigation.
Instructor-Led Training
For those looking for in-classroom or live online training, CompTIA provides best-in-class instructor-led training for both individuals and teams. These training sessions will help the candidates to understand the concepts more accurately in a short duration.
Practice Tests
Practice tests are important during the exam preparation time. That is to say, by assessing yourself with these tests you will know about your weak and strong areas. We all know time plays an essential role during the exam. So, by practicing you will be able to improve your answering skills that will result in saving a lot of time. Moreover, the best way to start doing practice tests is after completing one full topic as this will work as a revision part for you.