The CompTIA CySA+ training and certification course is designed for individuals who are keen to delve into the stimulating world of cyber security. It serves as the perfect stepping stone for those aiming to build a prosperous career in this rapidly growing field, especially for individuals who are already working in IT and wish to transition towards cyber security.
For those who are new to the IT industry, we recommend a structured learning journey. Commence with the CompTIA A+ to familiarise yourself with the foundational concepts, progress to the CompTIA Network+ to gain valuable networking skills, and then move on to the CompTIA Security+ to understand essential security principles. Once you have mastered these areas, ideally with some experience in the field, you are then sufficiently equipped to take on the CySA+ course, which will amplify your understanding and application of cyber security techniques.
The CompTIA CySA+ certification opens doors to a range of rewarding job roles in Cyber Security.
Each role involves unique responsibilities, and salaries vary depending on experience and expertise.
Here are some potential job roles, from entry-level to senior positions, along with their average UK salaries*:
IT Technician: An entry-level role involving basic IT support tasks. Average salary: £20,000 to £30,000 per annum.
Cyber Security Analyst: This role involves protecting IT infrastructure through threat analysis and mitigation. Average salary: £30,000 to £50,000 per annum.
Information Security Analyst: This position involves planning and implementing security measures. Average salary: £35,000 to £55,000 per annum.
Network Security Specialist: This role involves protecting an organisation's network from threats. Average salary: £45,000 to £65,000 per annum.
Cyber Security Engineer: This role involves designing, implementing, and managing secure IT systems. Average salary: £50,000 to £80,000 per annum.
Cyber Security Manager: A leadership role, overseeing an organisation's cyber security strategy and team. Average salary: £60,000 to £100,000 per annum.
Chief Information Security Officer (CISO): A senior leadership role, responsible for an organisation's information and data security. Average salary: £80,000 to £150,000 per annum.
*Source Payscale
Our CompTIA CySA+ Cyber Security Analyst course syllabus is comprehensive, covering a range of topics and concepts essential to the role of a Cyber Security Analyst. When you enrol on our course, you can expect to learn:
Security Analytics: Understanding and applying the principles of security analytics, and using these to identify potential threats and vulnerabilities.
Threat Management: Learning to identify, assess, and manage threats to IT infrastructure.
Appropriate Tools: Selecting and utilising the right tools for threat detection, vulnerability management, and cyber incident responses.
Identity and Access Management: Implementing effective identity and access management strategies to safeguard sensitive information.
Software Development Lifecycle: Understanding the software development lifecycle and how security considerations should be integrated at each stage.
Threat Detection Tools: Gaining competencies in using threat detection tools to identify and mitigate cyber threats.
Appropriate Forensics Tools: Picking and using the appropriate forensics tools to investigate and analyse cyber incidents.
Review Security Architecture: Reviewing and enhancing security architecture to improve overall security posture.
Performance Data Analysis: Analysing performance data to identify potential security issues and improve systems' resilience.
Security Issues Related: Identifying and addressing security issues related to networking, applications, and systems.
Post Incident Response Process: Learning to effectively manage the post-incident response process, including documentation, analysis, and implementation of preventative measures.
Network Vulnerabilities and Access Management: Identifying network vulnerabilities and implementing appropriate access management measures to maintain security.
Intelligence sources
Open-source intelligence
Proprietary/closed-source intelligence
Timeliness
Relevancy
Accuracy
Indicator management
Structured Threat Information eXpression (STIX)
Trusted Automated eXchange of Indicator Information (TAXII)
OpenIoC
Threat classification
Known threat vs unknown threat
Zero-day
Advanced persistent threat
Threat actors
Nation-state
Hacktivist
Organised crime
Insider threat
Intentional
Unintentional
Intelligence cycle
Requirements
Collection
Analysis
Dissemination
Feedback
Commodity malware
Information sharing and analysis communities
Healthcare
Financial
Aviation
Government
Critical infrastructure
Attack frameworks
MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Kill chain
Threat research
Reputational
Behavioural
Indicator of compromise (IoC)
Standard vulnerability scoring system (CVSS)
Threat modelling methodologies
Adversary capability
Total attack surface
Attack vector
Impact
Likelihood
Threat intelligence sharing with supported functions
Incident response
Vulnerability management
Risk management
Security engineering
Detection and monitoring
Vulnerability identification
Asset criticality
Active vs passive scanning
Mapping/enumeration
Validation
True positive
False positive - True negative
False-negative
Remediation/mitigation
Configuration baseline
Patching
Hardening
Compensating controls
Risk acceptance
Verification of mitigation
Scanning parameters and criteria
Risks associated with scanning activities
Vulnerability feed
Scope
Credentialed vs non-credentialed
Server-based vs agent-based
Internal vs external
Special considerations
Types of data
Technical constraints
Workflow
Sensitivity levels
Regulatory requirements
Segmentation
Intrusion prevention system (IPS), intrusion detection system (IDS), and firewall settings
Inhibitors to remediation
Memorandum of understanding (MOU)
Service-level agreement (SLA)
Organisational governance
Business process interruption
Degrading functionality
Legacy systems
Web application scanner
OWASP Zed Attack Proxy (ZAP)
Burp suite
Nikto
Arachni
Infrastructure vulnerability scanner
Nessus
OpenVAS
Qualys
Software assessment tools and techniques
Static analysis
Dynamic analysis
Reverse engineering
Fuzzing
Enumeration
Nmap
hoping
Active vs passive
Responder
Wireless assessment tools
Aircrack-ng
Reaver
oclHashcat
Cloud Infrastructure assessment tools
ScoutSuite
Prowler
Pacu
Mobile
Internet of Things (IoT)
Embedded
Real-time operating system (RTOS)
System-on-Chip (SoC)
Field programmable gate array (FPGA)
Physical access control
Building automation systems
Vehicles and drones
CAN bus
Workflow and process automation systems
Industrial control system
Supervisory control and data acquisition (SCADA)
Modbus
Cloud service models
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Cloud deployment models
Public
Private
Community
Hybrid
Function as a Service (FaaS)/ serverless architecture
Infrastructure as code (IaC)
Insecure application programming interface (API)
Improper key management
Unprotected storage
Logging and monitoring
Insufficient logging and monitoring
Inability to access
Attack types
Extensible markup language (XML) attack
Structured query language (SQL) injection
Overflow attack
Buffer
Integer
Heap
Remote code execution
Directory traversal
Privilege escalation
Password spraying
Credential stuffing
Impersonation
Man-in-the-middle attack
Session hijacking
Rootkit
Cross-site scripting
Reflected
Persistent
Document object model (DOM)
Vulnerabilities
Improper error handling
Dereferencing
Insecure object reference
Race condition
Broken authentication
Sensitive data exposure
Insecure components - Insufficient logging and monitoring - Weak or default configurations - Use of insecure functions - strcpy
Cloud vs on-premises
Asset management
Asset tagging
Segmentation
Physical
Virtual
Jumpbox
System isolation
Air gap
Network architecture
Physical
Software-define
Virtual private cloud (VPC)
Virtual private network (VPN)
Serverless
Change management
Virtualisation
Virtual desktop infrastructure (VDI)
Containerisation
Identity and access management
Privilege management
Multifactor authentication (MFA)
Single sign-on (SSO)
Federation
Role-based
Attribute-based
Mandatory
Manual review
Cloud access security broker (CASB)
Honeypot
Monitoring and logging
Encryption
Certificate management
Active defence
2.2 Explain software assurance best practices.
Platforms
Mobile
Web application
Client/server
Embedded
System-on-chip (SoC)
Firmware
Software development life cycle (SDLC) integration
DevSecOps
Software assessment methods
User acceptance testing
Stress test application
Security regression testing
Code review
Secure coding best practices
Input validation
Output encoding
Session management
Authentication
Data protection
Parameterised queries
Static analysis tools
Dynamic analysis tools
Formal methods for verification of critical software
Service-oriented architecture
Security Assertions Markup Language (SAML)
Simple Object Access Protocol (SOAP)
Representational State Transfer (REST)
Microservices
Hardware root of trust
Trusted platform module (TPM)
Hardware security module (HSM)
eFuse
Unified Extensible Firmware Interface (UEFI)
Trusted foundry
Secure processing
Trusted execution
Secure enclave
Processor security extensions
Atomic execution
Anti-tamper
Self-encrypting drive
Trusted firmware updates
Measured boot and attestation
Bus encryption
Heuristics
Trend analysis
Endpoint
Malware
Reverse engineering
Memory
System and application behaviour
Known-good behaviour
Anomalous behaviour
Exploit techniques
File system
User and entity behaviour analytics (UEBA)
Network
Uniform Resource Locator (URL) and domain name system (DNS) analysis
Domain generation algorithm
Flow analysis
Packet and protocol analysis
Malware
Log review
Event logs
Syslog
Firewall logs
Web application firewall (WAF)
Proxy
Intrusion detection system (IDS)/ Intrusion prevention system (IPS)
Impact analysis
Organisational impact vs localised impact
Immediate vs total
Security information and event management (SIEM) review
Rule writing
Known-bad Internet protocol (IP)
Dashboard
Query writing
String search
Script
Piping
E-mail analysis
Malicious payload
Domain Keys Identified Mail (DKIM)
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Sender Policy Framework (SPF)
Phishing
Forwarding
Digital signature
E-mail signature block
Embedded links
Impersonation
Header
Permissions
Safelisting
Denylisting
Firewall
Intrusion prevention system (IPS) rules
Data loss prevention (DLP)
Endpoint detection and response (EDR)
Network access control (NAC)
Sinkholing
Malware signatures
Development/rule writing
Sandboxing
Port security
Establishing a hypothesis
Profiling threat actors and activities
Threat hunting tactics
Executable process analysis
Reducing the attack surface area
Bundling critical assets
Attack vectors
Integrated intelligence
Improving detection capabilities
Workflow orchestration
Security Orchestration, Automation, and Response (SOAR)
Scripting
Application programming interface (API) integration
Automated malware signature creation
Data Enrichment
Threat feed combination
Machine learning
Use of automation protocols and standards
Security Content Automation Protocol (SCAP)
Continuous integration
Continuous deployment/delivery
Communication plan
Limiting communication to trusted parties
Disclosing based on regulatory/ legislative requirements
Preventing inadvertent release of information
Using a secure method of communication
Reporting requirements
Response coordination with relevant entities
Legal Human resources
Public relations
Internal and external
Law enforcement
Senior leadership
Regulatory bodies
Factors contributing to data criticality
Personally identifiable information (PII)
Personal health information (PHI)
Sensitive personal information (SPI)
High-value asset
Financial information
Intellectual property
Corporate information
Preparation
Training
Testing
Documentation of procedures
Detection and analysis
Characteristics contributing to severity level classification
Downtime
Recovery time
Data integrity
Economic
System process criticality
Reverse engineering
Data correlation
Containment
Segmentation
Isolation
Eradication and Recovery
Vulnerability mitigation
Sanitisation
Reconstruction/reimaging
Secure disposal
Patching
Restoration of permissions
Reconstitution of resources
Restoration of capabilities and services
Verification of logging/ communication to security monitoring
Post-incident activities
Evidence retention
Lessons learned report
Change control process
Incident response plan update
Incident summary report
IoC generation
Monitoring
Network-related
Bandwidth consumption
Beaconing
Irregular peer-to-peer communication
The rogue device on the network
Scan/sweep
Unusual traffic spike
Common protocol over a non-standard port
Host-related
Processor consumption
Memory consumption
Drive capacity consumption
Unauthorised software
Malicious process
Unauthorised change
Unauthorised privilege
Data exfiltration
Abnormal OS process behaviour
File system change or anomaly
Registry change or anomaly
Unauthorised scheduled task
Application-related
Anomalous activity
Introduction of new accounts
Unexpected output
Unexpected outbound communication
Service interruption
Application log
Network
Wireshark
tcpdump
Endpoint
Disk
Memory
Mobile
Cloud
Virtualisation
Legal hold
Procedures
Hashing
Changes to binaries
Carving
Data acquisition
Privacy vs security
Non-technical controls
Classification
Ownership
Retention
Data types
Retention standards
Confidentiality
Legal Requirements
Data sovereignty
Data minimisation
Purpose limitation
A non-disclosure agreement (NDA)
Technical controls
Encryption
Data loss prevention (DLP)
Data masking
Deidentification
Tokenisation
Digital rights management (DRM)?
Watermarking
Geographic access requirements
Access controls
Business impact analysis
Risk identification process
Risk calculation
Probability
Magnitude
Communication of risk factors
Risk prioritisation
Security controls -
Engineering tradeoffs
Systems assessment
Documented compensating controls
Training and exercises
Red team
Blue team
White team
Tabletop exercise
Supply chain assessment
Vendor due diligence
Hardware source authenticity
Frameworks
Risk-based
Prescriptive
Policies and procedures
Code of conduct/ethics
Acceptable use policy (AUP)
Password policy
Data Ownership
Data retention
Account management
Continuous monitoring
Work product retention
Category
Managerial
Operational
Technical
Control type
Preventative
Detective
Corrective
Deterrent
Compensating
Physical
Audits and assessments
Regulatory
Compliance
Exam Code: CS0-003
Certification: CompTIA Cybersecurity Analyst (CySA+)
Exam Duration: 165 minutes
Number of Questions: Maximum of 85 questions
Question Type: Multiple Choice and Performance-Based
Passing Score: 750 (on a scale of 100-900)
Language: English
Exam Purpose: The CySA+ exam verifies the successful candidate has the knowledge and skills required to apply threat detection techniques, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organisation with the end goal of securing and protecting applications and systems within an organisation.
Please note that CompTIA certification exams, policies and procedures are subject to change, so please check the official CompTIA website for the most current information before your exam.
Choose any one from a HP Laptop, Fitbit Versa 2 or Apple Airpods*.
*Special terms and conditions apply to certain courses. See product page for details. View Deals