Introduction
CompTIA CySA+ (Cybersecurity Analyst) is the intermediate-level certification that bridges the gap between Security+ and advanced credentials like CISSP or OSCP. While Security+ proves you understand security fundamentals, CySA+ proves you can actively detect and respond to threats.
If you are working in or targeting SOC analyst roles, CySA+ is one of the most valuable certifications you can earn.
Exam Overview
| Detail | Information |
|---|---|
| Exam Code | CS0-003 |
| Questions | Maximum 85 (MCQ + PBQ) |
| Passing Score | 750 (on scale of 100-900) |
| Exam Length | 165 Minutes |
| Cost | $404 (USD) |
| Renewal | Every 3 years (CEUs) |
The Four Exam Domains
1. Security Operations (33%)
The largest domain focuses on day-to-day SOC operations:
- Monitoring network traffic and logs for suspicious activity
- Using SIEM tools for correlation and analysis
- Threat intelligence and threat hunting concepts
- Automation and orchestration (SOAR)
- Incident response process
Key focus: You need to know how to investigate alerts using SIEM data, correlate events, and determine if an incident has occurred.
Build SOC skills with hands-on CySA+ training
Get Started2. Vulnerability Management (26%)
- Vulnerability scanning tools and techniques
- Interpreting scan results and prioritizing findings
- Remediation planning and patch management
- Penetration testing concepts (who, when, how)
- Compliance scanning and reporting
Key focus: You will be given scan output and asked to interpret the results, recommend remediation, and prioritize based on risk.
3. Incident Response and Management (22%)
- Incident response lifecycle
- Forensic data collection (disk, memory, network)
- Analyzing attack vectors (phishing, malware, web attacks)
- Containment, eradication, and recovery strategies
- Communication and stakeholder management
Key focus: Know the IR process and be able to determine the correct action at each stage. Understand forensic order of volatility.
4. Reporting and Communication (19%)
- Technical report writing
- Executive-level communication
- Metrics and KPIs for security operations
- Compliance reporting requirements
- Cross-team collaboration
Key focus: CySA+ is unique in emphasizing communication skills. Expect questions about how to present findings to different audiences.
Key Differences From Security+
| Aspect | Security+ | CySA+ |
|---|---|---|
| Focus | Security fundamentals | Threat detection and response |
| Depth | Broad, introductory | Deeper, hands-on |
| Tools | Concepts only | SIEM, scanning tools, forensics |
| Questions | What/why | How/when |
| Audience | Entry-level | Intermediate (1-3 years experience) |
Study Resources
| Resource | Type | Cost |
|---|---|---|
| CompTIA CySA+ Study Guide (Sybex) | Book | ~$45 |
| Jason Dion CySA+ Video Course | Video | ~$15 |
| CertMaster Labs for CySA+ | Lab | ~$199 |
| SLAMM CySA+ Training | Course | Varies |
| Practice Tests (CompTIA or Dion) | Practice | ~$15 |
6-Week Study Plan
Weeks 1-2: Security Operations + Vulnerability Management
- Study domains 1 and 2
- Practice with SIEM interfaces (Splunk, Kibana)
- Set up a vulnerability scanner (OpenVAS or Nessus)
Weeks 3-4: Incident Response + Communication
- Study domains 3 and 4
- Practice forensic analysis with FTK Imager or Autopsy
- Write mock incident reports
Weeks 5-6: Practice Tests + Review
- Take 3-4 full practice tests
- Focus on PBQs (log analysis, vulnerability scan interpretation)
- Target 85%+ before scheduling
What Comes After CySA+?
CySA+ positions you perfectly for advanced certifications:
| Career Path | Next Certification | Target Role |
|---|---|---|
| SOC / Blue Team | CISSP or GCIA | SOC Manager, Security Architect |
| GRC / Compliance | CISA or CISM | IT Auditor, Compliance Manager |
| Cloud Security | CCSP or AWS Security | Cloud Security Engineer |
| Offensive Security | CEH or OSCP | Penetration Tester |
CySA+ + Security+ qualifies for DoD 8570 IAT Level II and CSSP Analyst roles. This combination is highly valued by government contractors.
Ready to advance from Security+ to CySA+?
Get Started