Overview

What You Get
- CompTIA CySA+ Exam Voucher
- 35 hours of high quality classroom or live online training
- Access to CertMaster Study
- CompTIA CySA+ Accredited Instructor
- More than 120 end of chapter drill questions with answer keys
- Online access to CompTIA CySA+ learning resources
- Official CompTIA CySA+ Digital Courseware
- Certificate of Attendance
- Exam Prep Guarantee
- Unlimited course refresher for 1 year (Note: exams are not included)
Course Benefits
CompTIA Cybersecurity Analyst (CySA+) is an IT workforce certification that applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats through continuous security monitoring.
CompTIA CySA+ includes both multiple-choice and hands-on, performance-based questions — ensuring candidates are tested on real-world skills, not just theory.
In this training, you will be able to proactively capture, monitor, and respond to network traffic findings. You also learn about application security, automation, threat hunting, and IT regulatory compliance, which affects the daily work of security analysts.
You Will Learn How To
- Assess and respond to security threats and operate a systems and network security platform
- Collect and use cybersecurity intelligence and threat data
- Identify modern cybersecurity threat actors types and tactics, techniques, and procedures
- Analyze data collected from security and event logs and network packet captures
- Respond to and investigate cybersecurity incidents using forensic analysis techniques
- Assess information security risk in computing and network environments
- Implement a vulnerability management program
- Address security issues with an organization’s network architecture
- Understand the importance of data governance controls
- Address security issues with an organization’s software development life cycle
- Address security issues with an organization‘s use of cloud and service-oriented architecture
Who Should Attend
This course is designed for those who are seeking the CompTIA CySA+ CS0-003.
Certification and who are aiming for job roles such as:
- Security Analyst
- Security Operations Center (SOC) Analyst
- Security Administrator
- Incident Response Analyst
- Vulnerability Management Analyst
- Security Engineer
Course Prerequisites
- Network+, Security+, or equivalent knowledge
- Minimum of 4 years of hands-on experience as an incident response analyst, security operations center (SOC) analyst, or equivalent experience
About the Exam
- Maximum of 85 questions
- Multiple choice and performance-based
- 165 minutes
- Passing Score: 750 (scale of 100 - 900)
- Testing Provider: Pearson Vue Testing Centers or Online Testing
Course Outline
Understanding Vulnerability Response, Handling and Management
- Establishes the foundation for the course by covering how cybersecurity leaders govern and protect organizational assets
- Explores cybersecurity leadership concepts, vision-setting, and decision-making in security teams
- Covers the different types and methods of security controls reventive, detective, corrective, and more
- Explains patch management principles and how organizations systematically respond to and handle vulnerabilities
Exploring Threat Intelligence and Threat Hunting Concepts
- Studies threat actor concepts who attackers are, their motivations, and their tactics, techniques, and procedures (TTPs)
- Teaches how to identify active threats in real time using threat intelligence feeds and IoCs
- Introduces threat hunting proactively searching networks and systems for hidden adversaries that bypass traditional defenses
- Covers frameworks like MITRE ATT&CK to understand and categorize adversary behavior
Explaining Important System and Network Architecture Concepts
- Reviews of core architecture concepts including network topologies, segmentation, and cloud environments
- Covers Identity and Access Management (IAM) managing user identities, permissions, and access controls
- Explains how to maintain operational visibility through logging, monitoring, and asset management
- Helps analysts detect anomalies by understanding the normal baseline of systems and networks
Understanding Process Improvement in Security Operations
- Focuses on leadership within Security Operations Centers (SOCs) and how to drive operational efficiency
- Covers key technologies like SIEM, SOAR, and automation tools that streamline analyst workflows
- Examines on how to reduce alert fatigue, define meaningful security metrics, and improve response times
- Aligns security operations processes with broader organizational goals and compliance requirements
Implementing Vulnerability Scanning Methods
- Explains how compliance frameworks (PCI-DSS, HIPAA, NIST) drive vulnerability scanning requirements
- Teaches how to configure and execute vulnerability scans effectively across different environments
- Covers credentialed vs. non-credentialed scans and their respective advantages and limitations
- Addresses special considerations for scanning sensitive systems, cloud infrastructure, and OT/ICS environments
Performing Vulnerability Analysis
- Teaches how to interpret and prioritize vulnerability scan results using CVSS scoring
- Goes beyond raw scores by examining contextual factors like asset criticality and business impact
- Explores exploitability, threat exposure, and environmental factors in risk-based decision making
- Helps analysts determine which vulnerabilities require immediate remediation versus longer-term planning
Communicating Vulnerability Information
- Covers how to translate complex vulnerability data into clear, actionable reports for different audiences
- Teaches effective communication principles tailored for both technical teams and executive stakeholders
- Explain how to structure vulnerability reports, define remediation action plans, and set timelines
- Addresses on how to track remediation outcomes and maintain accountability across the organization
Explaining Incident Response Activities
- Introduces the full IR lifecycle: preparation, detection and analysis, containment, eradication, recovery, and lessons learned
- Covers evidence handling best practices including chain of custody, volatile vs. non-volatile data, and hash integrity
- Explores containment strategies such as network isolation, account lockouts, allow/deny lists, and segmentation
- Teaches eradication and recovery procedures including clean imaging, patch validation, and staged reintroduction
Demonstrating Incident Response Communication
- Focuses on stakeholder communication during and after a security incident
- Covers escalation procedures, legal and PR coordination, and executive reporting during active incidents
- Teaches how to deliver structured post-incident reports and conduct root cause analysis
- Introduces key IR metrics such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and Mean Time to Remediate
Applying Tools to Identify Malicious Activity
- Bridges theory and practice by applying security tools to detect threats in live environments
- Studies attack methodology frameworks including the Cyber Kill Chain and MITRE ATT&CK
- Covers detection techniques such as log analysis, packet captures, endpoint detection, and behavioral analytics
- Helps analysts recognize attacker patterns and techniques to respond faster and more accurately
Analyzing Potentially Malicious Activity
- Explores network-based attack indicators such as unusual traffic patterns and command-and-control (C2) communications
- Covers host-based attack indicators including unauthorized processes, registry changes, and suspicious file activity
- Introduces a toolkit of vulnerability assessment tools — scanners, exploit frameworks, and forensic utilities
- Teaches how to validate and investigate suspicious behavior across both network and endpoint systems
Understanding Application Vulnerability Assessment
- Focuses on assessing vulnerabilities in web applications using the OWASP Top 10 as a reference
- Covers common web threats including SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF)
- Examines cloud-specific vulnerabilities such as misconfigurations, insecure APIs, and storage exposure
- Applies the cloud shared responsibility model to understand where security obligations lie
Exploring Scripting Tools and Analysis Concepts
- Introducing scripting languages commonly used in security operations, particularly Python and PowerShell
- Teaches how to write and interpret scripts for log parsing, task automation, and threat detection
- Covers how attackers use scripting for exploitation, lateral movement, persistence, and data exfiltration
- Develops the ability to recognize and analyze malicious scripts encountered during investigations
Understanding Application Security and Attack Mitigation Best Practices
- Explores secure software development lifecycle (SSDLC) practices and the DevSecOps approach
- Teaches how to recommend controls that mitigate application attacks — input validation, WAFs, and secure coding standards
- Covers implementation of preventive and detective controls to harden applications against exploitation
- Equips analysts to collaborate with development teams and advocate for security throughout the software lifecycle
