CompTIA CySA+ (CySA Plus) Exam Syllabus

CySA+ PDF, CS0-004 Dumps, CS0-004 PDF, CySA+ VCE, CS0-004 Questions PDF, CompTIA CS0-004 VCE, CompTIA CySA Plus Dumps, CompTIA CySA Plus PDFUse this quick start guide to collect all the information about CompTIA CySA+ (CS0-004) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the CS0-004 CompTIA Cybersecurity Analyst exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual CompTIA CySA Plus certification exam.

The CompTIA CySA+ certification is mainly targeted to those candidates who want to build their career in Cyber domain. The CompTIA Cybersecurity Analyst (CySA+) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of CompTIA CySA Plus.

CompTIA CySA+ Exam Summary:

Exam Name CompTIA Cybersecurity Analyst (CySA+)
Exam Code CS0-004
Exam Price $439 (USD)
Duration 165 mins
Number of Questions 85
Passing Score 750 on a scale of 100 to 900
Schedule Exam Pearson VUE
Sample Questions CompTIA CySA+ Sample Questions
Practice Exam CompTIA CS0-004 Certification Practice Exam

CompTIA CS0-004 Exam Syllabus Topics:

Topic Details

Security Operations - 34%

Explain concepts related to system and network architecture in security operations. - Logging concepts
  • Ingestion
  • Configuration
  • Integrity and security
  • Time synchronization
  • Retention

- Operating system concepts

  • System hardening
  • File structure
    - Critical files
  • System processes

- Infrastructure/system architecture concepts

  • Cloud native
  • Virtualization
  • Containerization
  • Application programming interfaces (APIs)

- Device management concepts

  • Mobile
  • Endpoint

- Network architecture concepts

  • Zero Trust Network Architecture (ZTNA)
  • Secure access service edge (SASE)
  • Hybrid cloud

- Identity and access management (IAM)

  • Privileged access management (PAM)
  • Authentication and authorization methods
  • Secrets management

- Encryption techniques
- Data protection concepts
- Critical infrastructure concepts

  • Operational technology (OT)
  • Industrial control system (ICS)
  • Supervisory control and data acquisition (SCADA)
Given a scenario, analyze indicators of potential malicious activity. - Network-related indicators
  • Rogue devices
  • Enumeration
  • Anomalous activity
  • Activity on unexpected ports

- Host-related indicators

  • Resource consumption
  • Unauthorized software
  • Anomalous activity
    - Suspicious or rogue processes
    - Living Off the Land Binaries (LOLBins) and Scripts
    - File system changes
    - Data exfiltration

- Unauthorized configuration
- Application-related indicators

  • Service disruption
  • Anomalous activity

- Cloud-related indicators

  • Anomalous activity
  • Resource compromise

- Social engineering attacks

  • Typosquatting
  • URL shorteners

- Identity-based indicators

  • IAM account compromise
  • Unauthorized access
  • Impossible travel

- Email-related attacks

  • Business email compromise (BEC)
Given a scenario, use tools to determine malicious activity. - Tools
  • Decoding/parsing
    - CyberChef
  • Packet analysis
    - Wireshark
    - tcpdump
    - Snort
    - Suricata
    - Zeek
  • Log analysis
    - Security information and event management (SIEM)
  • Threat-intelligence platforms
    - Open Threat Exchange (OTX)
    - Malware Information Sharing Platform (MISP)
    - Open Cyber Threat Intelligence (OpenCTI)
  • Endpoint security
    - Endpoint detection and response (EDR) and extended detection and response (XDR)
    - Mobile device management (MDM)
  • Domain and IP reputation
    - WHOIS
    - AbuseIPDB
    - Geolocation by IP Address (GEO-IP)
  • File analysis
    - Strings
    - VirusTotal
    - Yet another recursive acronym (YARA)
  • Sandboxing
    - Joe Sandbox
    - Cuckoo Sandbox
  • Pattern recognition
    - Regular expressions
    - Interpreting suspicious commands
  • Email analysis
    - MXToolbox
  • User and entity behavior analysis (UEBA)
    - Open User and Entity Behavior Analytics (OpenUBA)

- File formats

  • JSON
  • XML
  • YAML
  • EVTX

- Programming/scripting languages

  • Python
  • PowerShell
  • Shell script
Explain threat intelligence and threat-hunting concepts. - Threat actors
  • Advanced persistent threat (APT)
  • Insider threat

- Tactics, techniques, and procedures (TTPs)

  • Heat maps
  • Pyramid of Pain
  • MITRE ATT&CK
  • Attribution

- Confidence-level impacts

  • Timeliness
  • Relevance
  • Accuracy

- Collection methods and sources

  • Open-source intelligence (OSINT)
  • Closed-source intelligence
  • Threat intelligence sharing

- Indicator of compromise (IoC)

  • Collection
  • Analysis
  • Application/usage
  • Types
    - Atomic
    - Behavioral

- Threat modeling

  • Spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege (STRIDE)

- Threat mapping
- Cyber deception

Explain the importance of efficiency and process improvement in security operations. - Standardize processes
  • Manage and facilitate team coordination
  • Playbook/runbook creation

- Streamline operations

  • Automation and orchestration
    - Security orchestration, automation, and Response (SOAR)
    - Infrastructure as code (IaC)
  • Data enrichment
    - Rule/alert tuning
    - Dashboard creation

- Technology and tool integration

  • APIs
  • Webhooks
  • Plug-ins
Summarize concepts related to the use of AI in security operations. - AI risks
  • Hallucinations
  • Data exposure
  • Model poisoning
  • Malicious prompts

- Governance

  • Legal or regulatory compliance
  • AI usage policies

- Use cases

  • Comparing artifacts
  • Analyzing log files
  • Document creation
  • Incident investigation
  • Event correlation
  • Automation and orchestration

Vulnerability Management - 26%

Given a scenario, implement the appropriate vulnerability scanning method. - Asset inventory
- Planning considerations
  • Scheduling
  • Operations
  • Performance
  • Sensitivity levels
  • Segmentation
  • Regulatory requirements

- Scan types

  • Internal vs. external
  • Agent vs. agentless
  • Credentialed vs. non-credentialed
  • Passive vs. active
  • Discovery
    - Mapping scans
    - Device fingerprinting
  • Security baseline scanning
    - Payment Card Industry Data Security Standard (PCI DSS)
    - Center for Internet Security (CIS) benchmarks
    - International Organization for Standardization (ISO) 27000 series
Given a scenario, analyze output from vulnerability assessment tools. - Network scanning and mapping
  • Angry IP Scanner
  • Masscan

- Multipurpose tools

  • Nmap
  • Metasploit Framework (MSF)
  • Maltego
  • Recon-ng

- Web application scanners

  • Burp Suite
  • Zed Attack Proxy (ZAP)
  • Nikto

- Vulnerability scanners

  • Nessus
  • Nuclei
  • Open Vulnerability Assessment Scanner (OpenVAS)

- Cloud infrastructure assessment tools

  • ScoutSuite
  • Prowler
  • Trivy
  • Checkov

- Breach attack simulation (BAS) tools

  • Atomic Red Team
  • Caldera
Given a scenario, analyze data to prioritize and mitigate vulnerabilities. - Criteria
  • Exploitability
  • Active exploitation/threat intelligence
  • Asset value
  • Impact
  • Patch/remediation availability
  • True/false positives
  • True/false negatives

- Scoring methods

  • Common Vulnerability Scoring System (CVSS) metrics
  • First Exploitability Prediction Scoring System (EPSS)

- Context awareness

  • Internal
  • External
  • Isolated

- Mitigation strategies

  • Attack surface management
  • Secure coding best practices
  • Patching and configuration managemen
  • Exceptions
  • Compensating controls

- Validation of remediation

Explain concepts related to control types, risks, and vulnerability management. - Control types
  • Administrative
  • Technical
  • Physical

- Control functions

  • Preventative
  • Detective
  • Responsive
  • Corrective

- Risk concepts

  • Risk appetite
  • Residual risk
  • Inherent risk

- Risk management strategies

  • Accept
  • Transfer
  • Avoid
  • Mitigate

- Policies, governance, and service-level objectives (SLOs)
- Application security

  • Static application security testing (SAST)
  • Dynamic application security testing (DAST)
  • Software Assurance Maturity Model (SAMM)

- Third-party risk

  • Supply chain
  • Software composition analysis (SCA)
  • Software bill of materials (SBOM)

Incident Response and Management - 24%

Summarize concepts related to attack methodology frameworks. - Cyber Kill Chain
- Diamond Model of Intrusion Analysis
- MITRE ATT&CK
Summarize the incident response process. - Preparation
- Detection
- Analysis
- Containment
- Eradication
- Recovery
- Post-incident
Given a scenario, implement incident response techniques. - Developing plans
  • Incident response plan
  • Communication plan

- Creating playbooks
- Defining roles
- Performing training

  • Tabletop
  • Simulation

- Log collection
- Log correlation
- Log augmentation and enrichment
- Alerts and notifications
- Triage
- Establishment of a timeline
- Determining severity and impact
- Prioritization
- Evidence gathering

  • Chain of custody
  • Data integrity validation
  • Preservation
  • Legal hold

- Isolating affected targets
- Escalation
- Remediation and verification
- Release from isolation
- Performing restoration
- Root cause analysis (RCA)
- Corrective action development

Reporting and Communication - 16%

Explain the importance of vulnerability management reporting and communication. - Vulnerability scan reports
- Compliance findings
- Risk scorecards
- Action plans
  • Escalation
  • Dependencies

- Inhibitors to remediation

  • Contractual agreements
  • Organizational governance
  • Business process interruption
  • Degrading functionality
  • Legacy systems
  • Proprietary systems
  • Patch availability

- Stakeholder identification and communication
- Metrics and key performance indicators (KPIs)

  • Trends
  • Top risks
  • Service-level agreement (SLA)
Explain the importance of security operations and incident response reporting and communication. - Incident declaration and escalation
- Executive summary
- Communication plan
  • Stakeholder identification
  • Legal team
  • Public relations
  • Regulatory reporting agencies
  • Law enforcement
  • Customers

- Operational security awareness

  • Communication channels

- Post-incident reporting

  • After action report
  • Lessons learned
  • Root cause analysis

- Shift/incident handover
- Internal threat intelligence report

  • Tailored to organization/environment

- Metrics and KPIs

  • Alert volume
  • False-positive rate
  • True-positive rate
  • Mean time to close
  • Mean time to detect
  • Mean time to respond
  • Mean time to remediate
  • Phishing campaign click rate

To ensure success in CompTIA CySA Plus certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for CompTIA Cybersecurity Analyst (CS0-004) exam.

Rating: 5 / 5 (1 vote)