CySA+: Current status

August 29, 2019 by Greg Belding


For the longest time, certifications focusing on high-quality, intermediate cybersecurity skills were hard to come by. Recent changes in the cyberattack landscape prompted the release of the Cyber Security Analyst, or CySA+, certification for cybersecurity analysts and other information security professionals. 

This article will detail the current status of the CySA+ certification, including what CySA+ is, what material it covers, current exam details and question format. This article will give you a solid picture of the exam as a whole and will leave you in a better position to determine if this certification is right for you.

What is CySA+?

The CompTIA CySA+ is an intermediate-level professional IT workforce certification that was originally released in 2017. This certification was originally released as CSA+, but due to an undisclosed copyright issue, the naming acronym was changed to CySA+. This certification bridges the proverbial gap between fundamental IT certifications and advanced skill level certifications. 

CySA+ is a relatively new certification — so new that it is only on its first official exam version, CS0-001. The lifespan of the certification is three years, so it is unlikely that we will see another version until 2020 at the earliest. 

Why CySA+?

Simply put, CySA+ is a product of the new era of cyberattacks we are now living in. Beginning in approximately 2013, cyberattackers shifted their focus from firewalls and antivirus-based attacks to new attack approaches including the target breach, Advanced Persistent Threat and others. This change in cyberattacks necessitated the inception of a security analytics-focused certification that covers these new cyberattack technologies unlike older certifications.

What does CySA+ cover?

CySA+ covers a significant spread of cybersecurity knowledge, divided up into four domains of knowledge. These domains are:

  • 1.0 Threat Management
  • 2.0 Vulnerability Management
  • 3.0 Cyber Incident Response
  • 4.0 Security Architecture and Tool Sets

Domain 1.0 Threat management

Accounting for 27% of the CySA+ certification exam material, this domain covers:

  • Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
  • Given a scenario, analyze the results of a network reconnaissance
  • Given a network-based threat, implement or recommend the appropriate response and countermeasure
  • Explain the purposes of practices used to secure a corporate environment

Domain 2.0 Vulnerability management

Making up 26% of the exam, this domain covers:

  • Given a scenario, implement an information security vulnerability management process
  • Given a scenario, analyze the output resulting from a vulnerability scan
  • Compare and contrast common vulnerabilities found in organization-based targets

Domain 3.0 Cyber incident response

Representing 23% of the certification exam, domain 3.0 covers:

  • Given a scenario, distinguish threat data or behavior to determine the impact of an incident
  • Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation
  • Explain the importance of communication during the incident response process
  • Given a scenario, analyze common symptoms to select the best course of action to support incident response
  • Summarize the incident recovery and post-incident response process 

Domain 4.0 Security architecture and tool sets

The last 24% of certification exam material covers:

  • Explain the relationship between frameworks, common policies, controls and procedures
  • Given a scenario, use data to recommend remediation of security issues related to identity and access management
  • Given a scenario, review security architecture and make recommendations to implement compensating controls
  • Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC)
  • Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

Current exam details

CySA+ is still on its first exam version, CS0-001. This means that we get the opportunity to see CySA+ as its creators first envisioned it. 

While there are no official prerequisites for this exam, CompTIA has recommended a few things for exam candidates. First, candidates should have three to four years of hands-on information security experience. Second, candidates should have already earned the Security+ or Network+ certification, or at least have the requisite knowledge of these certification exams. 

Other details about the exam include:

  • Number of questions: A maximum of 85
  • Length of exam: 165 minutes
  • Minimum passing score: 750

Exam format

The CySA+ certification exam is presented in the form of traditional multiple-choice questions and performance-based questions. The multiple-choice questions are no different from what you are typically used to.

Performance-based questions

The performance-based questions in this certification exam require candidates to perform tasks or solve problems in a simulated real-world IT environment and then answer questions based upon it. These questions may be part of the reason why CompTIA recommends three to four years of hands-on information security experience, as candidates without this experience may struggle with this section.


CySA+ is one of the latest professional IT workforce certifications available for information security professionals to use to help boost their career paths. This exam covers four domains of knowledge that reflect recent changes in the information security landscape, making it one of the most cutting-edge certifications today. I am sure we will be hearing more about this certification as it further evolves in response to the latest in cyberattacks.



  1. CompTIA CySA+, CompTIA
  2. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives, CompTIA
  3. Mike Chapple and David Seidl, “CompTIA CySA+ Study Guide: Exam CS0-001,” Sybex, 2017
Posted: August 29, 2019
Articles Author
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.

Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117