CompTIA is renowned for offering a number of vendor-neutral certifications, including entry-level and advanced-level. The CompTIA CySA+ certification exam is one of them.
This article will talk about the five domains of the CySA+ exam, and what you can expect on the CS0-002 exam.
What is the CompTIA CySA+ certification exam?
The CompTIA CySA+ certification, exam code CS0-002, was introduced in April 2020, replacing the CS0-001 exam. The new CompTIA Cyber Security Analyst certification focuses on the most up-to-date core security analyst skills and knowledge needed to improve an organization's security.
CompTIA CySA+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. Also, the new CompTIA CySA+ certification exam complaint with government regulations under the Federal Information Security Management Act (FISMA).
A certified CompTIA CySA+ professional will have the following skills and knowledge required to:
- Leverage intelligence and threat detection techniques
- Analyze and interpret data
- Identify and address vulnerabilities
- Suggest preventative measures
- Effectively respond to and recover from incidents
CompTIA CySA+ exam details
Required exam: CS0-002 Number of questions: Maximum of 85 Types of questions: Multiple choice and performance-based Length of test: 165 Minutes Recommended experience: • 4 years of hands-on experience in a technical cybersecurity job role • Security+ and Network+, or equivalent knowledge and experience Passing score: 750 (on a scale of 100–900)
CompTIA CySA+ exam objectives (domains)
The CompTIA CySA+ exam objectives are divided into the five major categories:
1.0 Threat and Vulnerability Management - 22% 2.0 Software and Systems Security - 18% 3.0 Security Operations and Monitoring - 25% 4.0 Incident Response - 22% 5.0 Compliance and Assessment - 13%
Domain - 1.0 Threat and Vulnerability Management
1.1 Explain the importance of threat data and intelligence.
Intelligence sources Confidence levels Indicator management Threat classification Threat actors Intelligence cycle Commodity malware Information sharing and analysis communities
1.2 Given a scenario, utilize threat intelligence to support organizational security.
• Attack frameworks • Threat research • Threat modeling methodologies • Threat intelligence sharing with supported functions
1.3 Given a scenario, perform vulnerability management activities.
• Vulnerability identification • Validation • Remediation/mitigation • Scanning parameters and criteria • Inhibitors to remediation
1.4 Given a scenario, analyze the output from common vulnerability assessment tools.
• Web application scanner • Infrastructure vulnerability scanner • Software assessment tools and techniques • Enumeration • Wireless assessment tools • Cloud infrastructure assessment tools
1.5 Explain the threats and vulnerabilities associated with specialized technology.
• Mobile • Internet of Things (IoT) • Embedded • Real-time operating system (RTOS) • System-on-Chip (SoC) • Field programmable gate array (FPGA) • Physical access control • Building automation systems • Vehicles and drones • Workflow and process automation systems • Industrial control system • Supervisory control and data acquisition (SCADA)
1.6 Explain the threats and vulnerabilities associated with operating in the cloud.
• Cloud service models • Cloud deployment models • Function as a Service (FaaS)/ serverless architecture • Infrastructure as code (IaC) • Insecure application programming interface (API) • Improper key management • Unprotected storage • Logging and monitoring
1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.
• Attack types • Vulnerabilities
2.0 Software and Systems Security
2.1 Given a scenario, apply security solutions for infrastructure management.
Cloud vs. on-premises Asset management Segmentation Network architecture Change management Virtualization Containerization Identity and access management Cloud access security broker (CASB) Honeypot Monitoring and logging Encryption Certificate management Active defense 2.2 Explain software assurance best practices
Platforms Software development life cycle (SDLC) integration DevSecOps Software assessment methods Secure coding best practices Static analysis tools Dynamic analysis tools Formal methods for verification of critical software Service-oriented architecture 2.3 Explain hardware assurance best practices
Hardware root of trust eFuse Unified Extensible Firmware Interface (UEFI) Trusted foundry Secure processing Anti-tamper Self-encrypting drive Trusted firmware updates Measured boot and attestation Bus encryption
3.0 Security Operations and Monitoring
3.1 Given a scenario, analyze data as part of security monitoring activities.
Heuristics Trend analysis Endpoint Network Log review Impact analysis Security information and event Management (SIEM) review Query writing Email analysis 3.2 Given a scenario, implement configuration changes to existing controls to improve security.
Permissions Whitelisting Blacklisting Firewall Intrusion prevention system (IPS) rules Data loss prevention (DLP) Endpoint detection and response (EDR) Network access control (NAC) Sinkholing Malware signatures Sandboxing Port security 3.3 Explain the importance of proactive threat hunting.
Establishing a hypothesis Profiling threat actors and activities Threat hunting tactics Reducing the attack surface area Bundling critical assets Attack vectors Integrated intelligence Improving detection capabilities 3.4 Compare and contrast automation concepts and technologies.
Workﬂow orchestration Scripting Application Programming Interface (API) integration Automated malware signature creation Data enrichment Threat feed combination Machine learning Use of automation protocols and standards Continuous integration Continuous deployment/delivery ##4.0 Incident Response
4.1 Explain the importance of the incident response process.
Communication plan Response coordination with relevant entities Factors contributing to data criticality 4.2 Given a scenario, apply the appropriate incident response procedure.
Preparation Detection and analysis Containment Eradication and recovery Post-incident activities 4.3 Given an incident, analyze potential indicators of compromise.
Network-related Host-related Application-related 4.4 Given a scenario, utilize basic digital forensics techniques.
Network Endpoint Mobile Cloud Virtualization Legal hold Procedures Hashing Carving Data acquisition
5.0 Compliance and Assessment
5.1 Understand the importance of data privacy and protection.
Privacy vs. security Non-technical controls Technical controls 5.2 Given a scenario, apply security concepts in support of organizational risk mitigation.
Business impact analysis Risk identification process Risk calculation Communication of risk factors Risk prioritization Systems assessment Documented compensating controls Training and exercises Supply chain assessment 5.3 Explain the importance of frameworks, policies, procedures, and controls.
• Frameworks • Policies and procedures • Control types • Audits and assessments