We’ve been getting a lot of questions about the new CompTIA Cybersecurity Analyst (CySA+) exam (CS0-002), and we want to make sure you have the answers you need to decide whether or not it’s right for you. In this post, we’re answering some of your biggest questions.
What’s on the new CompTIA CySA+ exam?
The new CompTIA CySA+ exam applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats through continuous security monitoring.
Like its predecessor, CompTIA CySA+ (CS0-002) still covers core cybersecurity analyst skills while emphasizing software and application security, automation, threat hunting and IT regulatory compliance.
With the end goal of proactively defending and continuously improving the security of an organization, people who have CompTIA CySA+ have the hands-on knowledge and skills required to do the following:
- Leverage intelligence and threat detection techniques
- Analyze and interpret data
- Identify and address vulnerabilities
- Suggest preventative measures
- Effectively respond to and recover from incidents
Download the exam objectives for free to find out everything that’s covered.
How much does CompTIA CySA+ cost?
The retail price for CompTIA CySA+ (CS0-002) is $370. CompTIA offers numerous ways to reduce this cost. Check out our article on how to save on exam vouchers as well as information about financing options.
How can I train for CompTIA CySA+?
Start by downloading the exam objectives and practice test questions to understand what topics are covered and get examples of questions that you might see. If you’re ready to start studying now, you can work through the self-paced CompTIA CertMaster Learn and CertMaster Practice online training products that are available now. The Official CompTIA CySA+ Study Guide eBook for CS0-002 is expected in early June. If classroom study is more your speed, you can also watch for instructor-led training options to come over the next few months.
The amount of time you’ll need to prepare for CompTIA CySA+ depends on your existing knowledge on the topics and your hands-on cybersecurity experience. We recommend that you have CompTIA Network+, CompTIA Security+ or the equivalent knowledge plus a minimum of four years of hands-on information security or related experience.
We also suggest that you dedicate between 30 and 40 hours of studying before sitting for the exam.
Why would I choose CompTIA CySA+ over other cybersecurity certifications?
CompTIA CySA+ is the only intermediate high-stakes cybersecurity analyst certification with hands-on, performance-based questions and multiple-choice questions that covers the most up-to-date core cybersecurity analyst skills and upcoming job skills used by threat intelligence analysts, application security analysts, compliance analysts, incident responders/handlers and threat hunters, bringing new techniques for combating threats inside and outside of the Security Operations Center (SOC).
CompTIA exams are developed through an intensive process that includes workshops where IT pros come together and discuss what knowledge, skills and abilities are required to do certain job roles. So, the topics covered by CompTIA CySA+ match the knowledge, skills and abilities cybersecurity analysts need today.
Can I still take the CompTIA CySA (CS0-001)?
Yes. Older versions of CompTIA exams are generally available for about six months after the new version comes out. The CompTIA CySA+ (CS0-001) exam will be available until October 2020.
I’ve been studying for CompTIA CySA+ (CS0-001). Should I switch gears and study for CompTIA CySA+ (CS0-002) instead?
If you’ve been studying for the CompTIA CySA+ (CS0-001), we would recommend reviewing the exam objectives to see how much of what you’ve already studied is on the new exam. If it makes sense for your time and level of knowledge, you may want to switch gears and prepare for the new exam (CS0-002).
Some of the benefits of taking the new CompTIA CySA+ is that it covers the latest subject matter with an emphasis on software and application security, automation, threat hunting and IT regulatory compliance.
The following cybersecurity job roles align with CompTIA CySA+:
- Cybersecurity Analyst
- Threat intelligence analyst
- Application security analyst
- Incident response or handler
- Threat hunter
- Compliance analyst
Keep in mind that if you choose to pursue CS0-001, you must take it before it retires in October 2020 to get your CompTIA CySA+ certification.
What can I expect from the CompTIA CySA+ exam?
You can expect performance-based and multiple-choice questions across five domains:
- Threat and Vulnerability Management
- Software and Systems Security
- Security Operations and Monitoring
- Incident Response
- Compliance and Assessment
These domains relate back to the primary job of a cybersecurity analyst, which is to monitor and identify vulnerabilities introduced on the network as a result of nonsecure systems and software, regardless of the language, and respond to the threats.
You should also be familiar with three broad categories of tools used by cybersecurity analysts:
- Packet Capture: Wireshark
- Intrusion Detection System (IDS): Zeek and Snort
- Security Information and Event Management (SIEM): AT&T Cybersecurity/AlienVault OSSIM
For example, a cybersecurity analyst would need to plan, install, configure, monitor and analyze an IDS or SIEM. Analyzing the output from the tool to determine threats would be an example of a performance-based question you might find on the exam. Or you may find a question on continuous monitoring activities such as log reviews, impact analysis and response. To learn more about potential topics, please download the exam objectives.
Can I go straight to CompTIA CySA+ instead of getting CompTIA Security+?
You can, but it’s not recommended because you need to know how a network works (CompTIA Network+) and how to secure it (CompTIA Security+) before you can analyze it (CompTIA CySA+). The CompTIA Cybersecurity Career Pathway shows how each certification builds on the previous one, and skipping CompTIA Security+ could leave a gap in your baseline cybersecurity skills.
We recommend having a minimum of four years of hands-on information security or related experience before taking the CompTIA CySA+ exam.
How long is CompTIA CySA+ good for, and how can it be renewed?
As with many CompTIA certifications, CySA+ is good for three years. CompTIA offers a number of ways for you to renew your certifications. Learn more in the continuing education (CE) section of our website.
I need to renew my CompTIA Security+ certification. If I pass CompTIA CySA+ will that renew it?
Yes, CompTIA CySA+ will renew CompTIA Security+, since it’s considered a higher-level certification. Learn more about renewing with a higher-level certification in the CE section of our website.
Is CompTIA CySA+ approved by the DoD for 8570 requirements?
Yes! CompTIA CySA+ is U.S. Department of Defense (DoD) 8570 approved. It complies with government regulations under the Federal Information Security Management Act (FISMA).
DoD 8570, DoD 8570.01-m and DoD 8140 identify the skills needed for a cyber-ready workforce and align those skills with certain IT certifications. Learn more about DoD regulations and how you can apply them in the private sector.