CySA+: Current status [updated 2021]

June 17, 2021 by Greg Belding

It is a sort of unwritten law that about every three years, a new edition of a certification exam is released. Among those certifications is the CompTIA Cybersecurity Analyst certification, or CySA+. CompTIA released this certification in 2017, and it was practically the only intermediate cybersecurity analyst certification on the market. 

This new certification exam version, CS0-002, is about 35% different from the last exam version. This article will detail the current status of CySA+ and will explore what the exam is, what it covers, the different domains of knowledge, further details about the exam, and more. If you have been looking for a rundown of the new version of the CySA+ exam, look no further.

What is CySA+?

The CompTIA CySA+ is an intermediate-level professional IT workforce certification and is relatively new. It was originally released as CSA+, but due to an undisclosed copyright issue, CompTIA changed the naming acronym to CySA+. This certification bridges the proverbial gap between fundamental IT certifications and advanced skill level certifications that were lacking for many years.

The new exam, CS0-002, released in April 2020, has had a fair amount of changes since CS0-001. 

Why CySA+?

Beginning around 2013, cyberattackers shifted their focus from firewalls and antivirus-based attacks to new attack approaches including the target breach, advanced persistent threat and others. This change in cyberattacks necessitated the inception of a security analytics-focused certification that covers these new cyberattack technologies. CompTIA released the first version of the CySA+ exam in 2017.

What does CySA+ cover?

CySA+ covers a significant spread of cybersecurity knowledge, divided into five domains of knowledge, which were previously four domains in CS0-001. Below is a comparison of the domains contained in both the CS0-001 and CS0-002 exam versions.

As you can see, not only does CS0-002 contain more domains but some, such as domains 1.0 and 2.0 in CS0-001, have been combined in CS0-002. Below, we will explore each domain of knowledge by presenting its subsections, which are essential questions that guide the material throughout each domain.

Domain 1 – Threat and vulnerability management

1.1 Explain the importance of threat data and intelligence

1.2 Given a scenario, use threat intelligence to support the security of the organization

1.3 Given a scenario, apply appropriate vulnerability management activities

1.4 Analyze common vulnerability assessment tools output based upon the scenario

1.5 Explain which threats and vulnerabilities are associated with specialized technology

1.6 Explain threats and vulnerabilities that are associated with operating in the cloud

1.7 Given a scenario, mitigate attacks and software vulnerabilities by implementing controls

Domain 2 – Software and systems security

2.1 Applying security solutions for infrastructure management given certain scenarios

2.2 Explain software assurance best practices

2.3 Explain hardware assurance best practices

Domain 3 – Security operations and monitoring

3.1 Given a scenario, analyze data for security monitoring activities

3.2 Given a scenario, improve security by implementing configuration changes to existing controls

3.3 Explain the proactive threat hunting

3.4 Compare and contrast automation concepts and technologies

Domain 4 – Incident response

4.1 Explain the importance of the incident response process

4.2 Given a scenario, apply the appropriate incident response procedure

4.3 Given an incident, analyze potential indicators of compromise (IOC)

4.4 Use basic digital forensics techniques in given scenarios

Domain 5 – Compliance and assessment

5.1 Understand the importance of data privacy and protection

5.2 Given a scenario, apply security concepts in support of organizational risk mitigation

5.3 Explain the importance of frameworks, policies, procedures and controls

Current CySA+ exam details

Remember that this second version of the CySA+ certification exam has had some changes since the first version. Those that have taken the exam have remarked that it is harder than the first version, which informed some of the changes to the exam details. Below are the details for the current exam version, CS0-002.

While there are no “official” prerequisites to take the exam, CompTIA does provide some recommendations for certification candidates. First, and one of the most striking changes, is that candidates are recommended to have four years of work experience at a minimum before taking the exam. This is an increase from the three-year minimum recommended for CS0-001. This increase in the need for foundational knowledge is because the exam is significantly harder because of the changes to the domains of knowledge.

Another reason for the increased difficulty is that CySA+ CS0-002, unlike 001, is approved by the United States Department of Defense to satisfy the requirements of DoD 8570.01-M. This equals more focus on in-demand industry skills.

Despite being a harder exam with more domains, the basic details of the exam such as the number of questions have not changed. Below is what you need to know about the exam.

  • Exam questions: a maximum of 85
  • Minimum passing score: 750
  • Exam Length: 165 minutes

Exam format

The CySA+ exam format is a hybrid; it is part multiple-choice questions and part performance-based questions.

Performance-based questions

Performance-based questions require candidates to perform tasks or solve problems in a simulated real-world IT environment with questions that follow. These questions are part of the reason why CompTIA recommends four years of hands-on information security experience, as candidates without this experience may struggle with this section. This is especially true being that the exam has been approved by the DoD since the last exam version.

Be mindful of the CySA+ exam updates

CySA+ is a rarity in that it is a cybersecurity analyst certification and intended for the intermediate to mid-career level professional. This second version of the certification exam is a good deal more difficult and has one more domain of knowledge than the first exam version. With this said, you will have to source study materials that are based on the CS0-002 exam as the changes to the exam material are substantial.



CompTIA CySA+, CompTIA

Mike Chapple and David Seidl, “CompTIA CySA+ Study Guide: Exam CS0-002,” Sybex, 2020, 2nd ed.

Posted: June 17, 2021
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.