The CompTIA Cybersecurity Analyst (CySA+) is a globally recognised certification that validates your ability to proactively capture, monitor and respond to network security threats. By undertaking this course, you'll gain critical knowledge of cybersecurity threats, security architecture, risk management, and incident response.
Choosing to study in these instructor-led virtual classrooms provides a rich, immersive learning environment that not only equips you with essential theoretical knowledge, but also allows for practical, hands-on experience.
The instructors are industry experts who bring a wealth of real-world experience to the table, ensuring you receive up-to-date and relevant knowledge. The interactive nature of these virtual classrooms encourages active participation and enables you to gain insights from your instructors and peers alike.
In a rapidly evolving digital world, cybersecurity skills are in high demand. With the CySA+ certification under your belt, you'll be well-positioned to step up your career in the dynamic field of cybersecurity.
This 5 day course runs regularly over consecutive days and delegates will have 6 months to complete from date of enrolment. Delegates will arrange course start dates directly with the course provider once they have been approved for funding.
The CompTIA CySA+ Cyber Security Analyst course syllabus is comprehensive, covering a range of topics and concepts essential to the role of a Cyber Security Analyst. When you enrol onto this course, you can expect to learn:
o Security Analytics
o Threat Management
o Appropriate Tools
o Identity and Access Management
o Software Development Lifecycle
o Threat Detection Tools
o Appropriate Forensics Tools
o Review Security Architecture
o Performance Data Analysis
o Security Issues Related
o Post Incident Response Process
o Network Vulnerabilities and Access Management
Module 1: Threat and Vulnerability Management
Intelligence sources
Indicator management
Threat classification
Threat actors
Intelligence cycle
Commodity malware
Information sharing and analysis communities
1.2 Given a scenario, utilise threat intelligence to support organisational security.
Attack frameworks
Threat research
Threat modelling methodologies
Threat intelligence sharing with supported functions
1.3 Given a scenario, perform vulnerability management activities.
Vulnerability identification
Validation
Remediation/mitigation
Scanning parameters and criteria
Inhibitors to remediation
1.4 Given a scenario, analyse the output from standard vulnerability assessment tools.
Web application scanner
Infrastructure vulnerability scanner
Software assessment tools and techniques
Enumeration
Wireless assessment tools
Cloud Infrastructure assessment tools
1.5 Explain the threats and vulnerabilities associated with specialised technology.
Mobile
Internet of Things (IoT)
Embedded
Real-time operating system (RTOS)
System-on-Chip (SoC)
Field programmable gate array (FPGA)
Physical access control
Building automation systems
Vehicles and drones
Workflow and process automation systems
Industrial control system
Supervisory control and data acquisition (SCADA)
1.6 Explain the threats and vulnerabilities associated with operating in the cloud.
Cloud service models
Cloud deployment models
Function as a Service (FaaS)/ serverless architecture
Infrastructure as code (IaC)
Insecure application programming interface (API)
Improper key management
Unprotected storage
Logging and monitoring
1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.
Attack types
Vulnerabilities
Module 2.0: Software and Systems Security
2.1 Given a scenario, apply security solutions for infrastructure management.
Cloud vs on-premises
Asset management
Segmentation
Network architecture
Change management
Virtualisation
Containerisation
Identity and access management
Cloud access security broker (CASB)
Honeypot
Monitoring and logging
Encryption
Certificate management
Active defence
2.2 Explain software assurance best practices.
Platforms
Software development life cycle (SDLC) integration
DevSecOps
Software assessment methods
Secure coding best practices
Static analysis tools
Dynamic analysis tools
Formal methods for verification of critical software
Service-oriented architecture
2.3 Explain hardware assurance best practices.
Hardware root of trust
eFuse
Unified Extensible Firmware Interface (UEFI)
Trusted foundry
Secure processing
Anti-tamper
Self-encrypting drive
Trusted firmware updates
Measured boot and attestation
Bus encryption
Module 3.0: Security Operations and Monitoring
3.1 Given a scenario, analyse data as part of security monitoring activities.
Heuristics
Trend analysis
Endpoint
Network
Log review
Impact analysis
Security information and event management (SIEM) review
Query writing
E-mail analysis
3.2 Given a scenario, implement configuration changes to existing controls to improve security.
Permissions
Safelisting
Denylisting
Firewall
Intrusion prevention system (IPS) rules
Data loss prevention (DLP)
Endpoint detection and response (EDR)
Network access control (NAC)
Sinkholing
Malware signatures
Sandboxing
Port security
3.3 Explain the importance of proactive threat hunting
Establishing a hypothesis
Profiling threat actors and activities
Threat hunting tactics
Reducing the attack surface area
Bundling critical assets
Attack vectors
Integrated intelligence
Improving detection capabilities
3.4 Compare and contrast automation concepts and technologies.
Workflow orchestration
Scripting
Application programming interface (API) integration
Automated malware signature creation
Data Enrichment
Threat feed combination
Machine learning
Use of automation protocols and standards
Continuous integration
Continuous deployment/delivery
Module 4.0: Incident Response
4.1 Explain the importance of the incident response process.
Communication plan
Response coordination with relevant entities
Factors contributing to data criticality
4.2 Given a scenario, apply the appropriate incident response procedure.
Preparation
Detection and analysis
Eradication and Recovery
Post-incident activities
4.3 Given an incident, analyse potential indicators of compromise.
Network-related
Host-related
Application-related
4.4 Given a scenario, utilise basic digital forensics techniques.
Network
Endpoint
Mobile
Cloud
Virtualisation
Legal hold
Procedures
Hashing
Carving
Data acquisition
Module 5.0: Compliance and Assessment
5.1 Understand the importance of data privacy and protection.
Privacy vs security
Non-technical controls
Technical controls
5.2 Given a scenario, apply security concepts to support organisational risk mitigation.
Business impact analysis
Risk identification process
Risk calculation
Communication of risk factors
Risk prioritisation
Systems assessment
Documented compensating controls
Training and exercises
Supply chain assessment
5.3 Explain the importance of frameworks, policies, procedures, and controls.
Frameworks
Policies and procedures
Category
Control type
Audits and assessments
Exams
CompTIA CySA+ CS0-003 Exam Details
o Exam Code: CS0-003
o Certification: CompTIA Cybersecurity Analyst (CySA+)
o Exam Duration: 165 minutes
o Number of Questions: Maximum of 85 questions
o Question Type: Multiple Choice and Performance-Based
o Passing Score: 750 (on a scale of 100-900)
o Language: English
o Exam Purpose: The CySA+ exam verifies the successful candidate has the knowledge and skills required to apply threat detection techniques, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organisation with the end goal of securing and protecting applications and systems within an organisation.
Please note that CompTIA certification exams, policies and procedures are subject to change, so please check the official CompTIA website for the most current information before your exam.
Your enrolment includes practice labs.