CompTIA Cybersecurity Analyst (CySA+) Certification Exam CS0-002
As attackers have learned to evade traditional signature-based solutions, such as firewalls and anti-virus software, an analytics-based approach within the IT security industry is increasingly important for organizations. CompTIA CySA+ applies behavioral analytics to networks to improve the overall state of security through identifying and combating malware and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface. It will validate an IT professional’s ability to proactively defend and continuously improve the security of an organization. CySA+ will verify the successful candidate has the knowledge and skills required to:
- Leverage intelligence and threat detection techniques
- Analyze and interpret data
- Identify and address vulnerabilities
- Suggest preventative measures
- Effectively respond to and recover from incidents
Why is it different?
- CompTIA CySA+ is the only intermediate high-stakes cybersecurity analyst certification with both hands-on, performance-based questions and multiple-choice questions.
- CySA+ focuses on the candidate’s ability to not only proactively capture, monitor, and respond to network traffic findings, but also emphasizes software and application security, automation, threat hunting, and IT regulatory compliance, which affects the daily work of security analysts.
- CySA+ covers the most up-to-date core security analyst skills and upcoming job skills used by threat intelligence analysts, application security analysts, compliance analysts, incident responders/handlers, and threat hunters, bringing new techniques for combating threats inside and outside of the Security Operations Center (SOC)
Reason for the Update: Industry Changes
Security analyst core job functions remain the same but additional functions are needed. The job role is a moving target as newer technologies and regulations affecting it.
- Core function remains the same: Continuous security monitoring
- More focus on software security
- The growing trend of “going on the offense with defense”
- Emphasis on incident response
- Increased IT regulatory environment
How Industry Changes Affected Job Roles
Primary job roles remain the same:
- Continuous security monitoring (Security Analyst, Security Engineer, and Threat Intelligence Analyst)
Secondary job roles are changing along with the industry:
- More focus on software security (Application Security Analyst)
- Growing trend of “Going on the offense with defense” (Threat Hunter)
- Emphasis on the incident response (Incident Response or Handler)
- Increased IT regulatory environments (Compliance Analyst)
Six Changes to Exam Domains
- The Threat Management and Vulnerability Management exam domains have combined into one because many of these skills are now covered in Security+, which is earlier in the CompTIA cybersecurity career pathway.
- Software security grew into an exam domain. As networks become more secure across the globe, software risks have grown. The Application Security Analyst job role is now a covered job role in CySA+.
- The Security Architecture and Tool Sets domain were distributed throughout the new domains, as they are applicable to most topics. Tools are now distributed by topic, instead of all tools listed in one domain. It is an instructional design improvement.
- The Security Operations and Monitoring domain cover how to go on the offense with defense. Growing job roles such as Threat Hunter bring new techniques for finding incidents outside of the Security Operations Center (SOC).
- The Incident Response domain has been updated to include more cloud security environments, embedded/IoT devices, and automation. Job roles such as Incident Response or Handler are included in the growing list of job roles covered by CySA+.
- The Compliance and Assessment domain was added because security analysts must understand how to help their employers comply with and maintain regulatory compliance to avoid fines. Growing job roles such as Compliance Analyst demonstrates the importance of regulatory compliance.
|Launch Date||February 15, 2017||April 21, 2020|
|Exam Description||The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization, with the end goal of securing and protecting applications and systems within an organization.||The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to leverage intelligence and threat detection techniques, analyze and interpret data, identify and address vulnerabilities, suggest preventative measures, and effectively respond to and recover from incidents.|
|Number of Questions||Maximum of 85 questions|
|Type of Questions||Multiple choice and performance-based|
|Length of Test||165 minutes|
|Passing Score||750 (on a scale of 100-900)|
|Recommended Experience||Network+, Security+ or equivalent knowledge.
Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, CySA+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.
|Network+, Security+ or equivalent knowledge. Minimum of 4 years of hands-on information security or related experience.|
|Languages||English, Japanese, and Simplified Chinese||English, Japanese, TBD – others|
|Retirement||October, 2020||TBD – Usually three years after launch|