About CompTIA CySA+ Practice Exam
The CompTIA Cybersecurity Analyst (CySA+) exam has been built to assess the skills of the candidate needed to handle tasks including -
Implementing intelligence and threat detection techniques
Examining and interpreting data
Observing and addressing vulnerabilities
Recommend preventative measures
Ability to effectively respond and recover from incidents.
CompTIA CySA+ Course Outline
The CompTIA CySA+ (CS0-002) Exam develops skills on topics -
DOMAIN 1 - Describe Threat and Vulnerability Management - 22%
1.1 Understand the importance of threat data and intelligence.
Learn Intelligence sources
Learn Confidence levels
Learn Indicator management
Learn Threat classification and factors
Learn Intelligence cycle
Learn Commodity malware
Learn Information sharing and analysis communities
1.2 Learn to utilize threat intelligence for supporting organizational security.
Understand the Attack frameworks
Overview of Threat research
Learn about Threat modeling methodologies
Overview of Threat intelligence sharing
Understanding the concept of Validation
Understanding Scanning parameters and scenario
Learn about Inhibitors to remediation
1.3 Understand and examine the output from common vulnerability assessment tools.
Lean Web application scanner
Learn Infrastructure vulnerability scanner
Overview of Software assessment tools and techniques
Understanding the concept of Enumeration
Learn about Wireless assessment tools
Understanding Cloud infrastructure assessment tools
1.4 Understanding threats and vulnerabilities with specialized technology.
Understanding Internet of Things (IoT)
Overview of Real-time operating system (RTOS)
Overview of System-on-Chip (SoC)
Understanding Field programmable gate array (FPGA)
Understand Physical access control
Learn and build automation systems
Overview of Vehicles and drones
Learning Workflow and process automation systems
Understanding industrial control system
Overview of SCADA - Supervisory Control and Data Acquisition (SCADA)
1.5 Understand threats and vulnerabilities with operating in the cloud.
Overview of Cloud service models
Understanding cloud deployment models
Learn Function as a Service (FaaS)/serverless architecture
Overview of Infrastructure as code (IaC)
Describe Insecure application programming interface (API)
Understand improper key management
Learn about Unprotected storage
Overview of Logging and monitoring
1.6 Learn to execute controls to mitigate attacks and software vulnerabilities.
Understanding types of Attack
Learning about vulnerabilities
DOMAIN 2 - Software and Systems Security
2.1 Learn to implement security solutions for infrastructure management.
Overview of Cloud vs. on-premises
Understanding Asset management
Understanding Network architecture
Describe Change management
Learn concepts of Virtualization and Containerization
Overview of Identity and access management
Understanding Cloud access security broker (CASB)
2.2 Understanding software assurance best practices.
Overview of Software development life cycle (SDLC) integration
Learn about Software assessment methods
Learn Secure coding best practices
Understand Static analysis tools
Overview of Dynamic analysis tools
Learn about methods for verification of critical software
Understanding Service-oriented architecture
2.3 Explain hardware assurance best practices.
Understanding Hardware root of trust
Overview of eFuse
Describe Unified Extensible Firmware Interface (UEFI)
Understanding Trusted foundry
Overview of Secure processing
Overview of Anti-tamper
Understanding Self-encrypting drive
Overview of Trusted firmware
Understanding measured boot and attestation
DOMAIN 3 - Describe Security Operations and Monitoring - 25%
3.1 Examine data as part of security monitoring activities.
Learning Heuristics and Trend analysis
Overview of Endpoint and Network
Describe Log reviews
Conducting Impact analysis
Overview of Query writing concept
Understanding E-mail analysis
3.2 Learn to examine configuration changes to existing controls.
Overview of Whitelisting
Overview of Firewall
Define Intrusion prevention system (IPS) rules
Learning about Data loss prevention (DLP)
Overview of Endpoint detection and response (EDR)
Understanding Network access control (NAC)
Understanding Malware signatures
Learn about Sandboxing and Port security
3.3 Understanding the significance of proactive threat hunting.
Learn about establishing a hypothesis
Overview of profiling threat actors and activities
Understanding Threat hunting tactics
Understanding the attack surface area
Overview of bundling critical assets
Understanding Attack vectors
Overview of Integrated intelligence
Learning about detection capabilities
3.4 Understand automation concepts and technologies.
Understanding Workflow orchestration
Overview of Scripting
Learning about application programming interface (API) integration
Creating Automated malware signature
Overview of Data enrichment
Understanding threat feed combination
Understanding Machine learning
Learning automation protocols and standards
3.5 Describe Security Content Automation Protocol (SCAP)
Learning continuous integration
Overview of continuous deployment/delivery
DOMAIN 4 - Describe Incident Response - 22%
4.1 Understand the significance of the incident response process.
Understanding Communication plan
Learn about Response coordination
Understanding Factors contributing to data criticality
4.2 Learn to implement incident response procedure.
Learn about Detection and analysis
Learn about Containment
Overview of Eradication and recovery
Understanding Post-incident activities
4.3 Learn to examine potential indicators of compromise.
Overview of Network-related
Overview f Host-related
4.4 Understand and Implement basic digital forensics techniques.
Overview of Network
Overview of Endpoint
Learning about Mobile
Overview of Cloud
Learn about Virtualization
Understand Legal hold
Learn Procedures of Hashing
Understanding Data acquisition
DOMAIN 5 - Describe Compliance and Assessment - 13%
5.1 Explain the significance of data privacy and protection.
Overview of Privacy vs. security
Understanding Non-technical controls
Learn about Technical controls
5.2 Understand and Implement security concepts in support of organizational risk mitigation.
Understanding Business impact analysis
Overview of a risk identification process and risk calculation
Overview of risk factors and Risk prioritization
Understanding systems assessment
Learning documented compensating controls
Learn about Supply chain assessment
Understanding Control type
Learn concepts of audits and assessments