The CySA+ knowledge domains


The new CompTIA Cybersecurity Analyst Certification (CySA+), exam code CS0-002, came into effect as of April 21, 2020, replacing the CySA+ exam (CS0-001). The new certification verifies that CySA+-certified professionals have the skills and knowledge required to deploy intelligence and threat detection techniques, analyze and interpret data, find and remediate vulnerabilities, suggest preventive measures and effectively respond and recover from the security incidents.

This article will detail the five knowledge domains of the CySA+ certification exam (CS0-002) and what material you can expect to be covered on the exam. Here is a breakdown.

Cybersecurity Live - Boston

CySA+ certification exam background

The CySA+ certification exam is divided into five general categories of knowledge domains:

DomainsExam percentage
1.0 Threat and Vulnerability Management22%
2.0 Software and Systems Security18%
3.0 Security Operations and Monitoring25%
4.0 Incident Response22%
5.0 Compliance and Assessment13%

These five general categories of knowledge domains can be further broken down into smaller domains, but these will be explored in subsequent articles.

1.0 Threat and Vulnerability Management

Cyberthreats and vulnerabilities are continually proliferating and organizations are looking for solutions to enable greater cyber resilience. The first domain spells out everything about cybersecurity threats and vulnerabilities, including the importance of threat data and vulnerabilities, vulnerability management activities, vulnerability assessment tools, threats and vulnerabilities associated with specialized technologies (e.g., mobile or IoT), as well as threats and vulnerabilities in the cloud. The following sections list all the contents under this domain: 

1.1 Explain the importance of threat data and intelligence

  • Intelligence sources
  • Confidence levels
  • Indicator management
  • Threat classification
  • Threat actors
  • Intelligence cycle
  • Commodity malware
  • Information sharing and analysis communities

1.2 Given a scenario, analyze the results of a network reconnaissance 

  •  Attack frameworks
  • Threat research
  • Threat modeling methodologies
  • (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: