CompTIA Cybersecurity Analyst (CySA+)

Course Code: CS0-002

With the end goal of proactively defending and continuously improving the security of an organization, the CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to leverage intelligence and threat detection techniques, analyze and interpret data, identify and address vulnerabilities, suggest preventative measures, and effectively respond to and recover from incidents.


After taking this study course, you will be able to:

  • Detect and analyze indicators of malicious activity
  • Understand threat hunting and threat intelligence concepts
  • Use appropriate tools and methods to manage, prioritize, and respond to attacks and vulnerabilities
  • Perform incident response processes
  • Understand reporting and communication concepts related to vulnerability management and incident response activities

Network+, Security+ or equivalent knowledge. Minimum of 4 years of hands-on information security or related experience. it is recommended that you have the following skills and knowledge before starting this course:

  • Know basic network terminology and functions (such as OSI Model, Topology, Ethernet, Wi-Fi, switches, routers).
  • Understand TCP/IP addressing, core protocols, and troubleshooting tools.
  • Identify network attack strategies and defences.
  • Know the technologies and uses of cryptographic standards and products.
  • Identify network-and host-based security technologies and practices.
  • Describe the standards and products used to enforce security on web and communications technologies.
  • Incident Response Analyst
  • Security Architect
  • Cybersecurity Engineer
  • Threat Hunter
  • Cybersecurity Analyst
  • Vulnerability Analyst
  • Security Operation Center (SOC) Analyst
  • Application Security Analyst
  • Threat Intelligence Analyst
1.1 Explain the importance of system and network architecture concepts in security operations.
1.2 Given a scenario, analyze indicators of potentially malicious activity.
1.3 Given a scenario, use appropriate tools or techniques to determine malicious activity.
1.4 Compare and contrast threat-intelligence and threat-hunting concepts.
1.5 Explain the importance of efficiency and process improvement in security operations.
2.1 Given a scenario, implement vulnerability scanning methods and concepts.
2.2 Given a scenario, analyze output from vulnerability assessment tools.
2.3 Given a scenario, analyze data to prioritize vulnerabilities.
2.4 Given a scenario, recommend controls to mitigate attacks and software vulnerabilities.
2.5 Explain concepts related to vulnerability response, handling, and management.
3.1 Explain concepts related to attack methodology frameworks.
3.2 Given a scenario, perform incident response activities.
3.3 Explain the preparation and post-incident activity phases of the incident management life cycle.
4.1 Explain the importance of vulnerability management reporting and communication.
4.2 Explain the importance of incident response reporting and communication.
Length of exam 165 minutes
Number of questions 85 questions
Question format Multiple choice and performance-based
Passing grade 750 (on a scale of 100-900)
Exam availability English, Japanese, TBD – others
Testing center Pearson VUE Testing Center