Your Next Move. Plan for your future!

Click a career path and your experience level, and we'll show you the CompTIA certifications you need to get there!

What is a Cybersecurity Specialist?

Cybersecurity Professionals detect cyberthreats and implement changes to protect an organization. A security operations center (SOC) team likely has several tiers of cybersecurity professionals that are responsible for monitoring, directing, containing and remediating IT threats. Cybersecurity Professionals may be tasked with anything from installing, administering and troubleshooting security solutions to writing up security policies and training documents for colleagues. While other job roles are responsible for specific part of the overall system, Cybersecurity Professionals must be able to take a step back and see the big picture to keep it secure from threats.

Experience LevelBeginnerIntermediateAdvanced
Median annual salary*   
Job Postings*
18709
53739
44331
Number of certificates available at each level
2

CompTIA Network+

CompTIA Security+

6

CompTIA CySA+

CompTIA PenTest+

CompTIA Project+

ISACA

GIAC

Cisco

2

CompTIA CASP+

ISC2 CISSP

Experience LevelBeginnerIntermediateAdvanced

*Burning Glass Technologies. (2019). Labor Insights.

Required skills at this level
  • Scan and assess network for vulnerabilities
  • Monitor network traffic for unusual activity
  • Investigate a violation when a breach occurs
  • Install and use software to protect sensitive information
  • Prepare reports that document security breaches
  • Research new security technology
  • Help end-users when they need to install or learn about new products and procedures

Cybersecurity Specialist Certifications

2-IT-cyber New Copy copy 3
CERT MAP-cyber-MOBILE
Step 1

CompTIA Certifications

Certifications like ITF+, CompTIA A+ and Network+ give you the background you need if you don’t already have it, and CompTIA Security+ is recommended to begin your career as a Cybersecurity Professional.

CompTIA Network+
CompTIA Network+

Network+ certifies the essential skills needed to confidently design, configure, manage and troubleshoot wired and wireless networks.

Learn more Example questions
CompTIA IT Network+
CompTIA It Network+ Certification

The table below lists the domains measured by the full examination and the extent to which they are represented.

Domain and percentage of examination

1.0  Networking Concepts 23%
2.0  Infrastructure 18%
3.0  Network Operations 17%
4.0  Network Security 20%
5.0  Network Troubleshooting and Tools 22%
Total 100%

Example Questions

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

An office workstation receives an Internet Protocol version 4 (IPv4) address from a Dynamic Host Configuration Protocol (DHCP) server. The IP lease includes the default gateway address which is the address of the office's layer 3 switch. A network administrator confirmed network connectivity by pinging the gateway. At what layer of the Open Systems Interconnection (OSI) are these two devices communicating with each other when using the ping command?

A. Layer 3 - Network B. Layer 2 - Data Link C. Layer 6 - Presentation D. Layer 7 - Application

A manager informs a support technician that users spend too much time using company computers for personal reasons. Which of the following can the technician implement to address the issue?

A. UTM appliance B. Layer 7 firewall C. Content filter D. Smart jack

A network consultant is doing IT contingency planning and is trying to identify likely points of failure for the network. Which of the following would the consultant identify as Single Points of Failure in need of upgrades for added redundancy? (Select all that apply)

A. There is a lack of a load balancing device. B. A backup power generator is available on-site. C. There is a single power supply for a critical server. D. The main server is set up for full backup operations.

An employee uses a key fob that contains a chip with a digital certificate and authenticates a person through a reader. Which of the following types of authentication factors does this describe?

A. Something you know B. Something you have C. Something you are D. Something you do

A network administrator purchased new network switches from a vendor. Upon receiving and installing them, what should the admin do to harden the device to ensure secure device configuration of the switches? (Select all that apply)

A. Change default usernames and passwords. B. Remove vendor-installed backdoors. C. Disable or close unused ports and services. D. Implement a common prevalent password.

A user installs a financial software package that requires cloud access. For some reason, the application fails to connect to the cloud server. What caused this issue?

A. Duplicate IP (Internet Protocol) address B. Incorrect host-based firewall settings C. Incorrect time D. Unresponsive service
CompTIA Security+
CompTIA Security+

Security+ provides a global benchmark for best practices in IT network and operational security, one of the fastest-growing fields in IT.

Learn more Example questions
CompTIA Security+
CompTIA Security+ Certification

The table below lists the domains measured by the full examination and the extent to which they are represented.

Domain and percentage of examination

1.0  Threats, Attacks and Vulnerabilities 21%
2.0  Technologies and Tools 22%
3.0  Architecture and Design 15%
4.0  Identity and Access Management 16%
5.0  Risk Management 14%
6.0  Cryptography and PKI 12%
Total 100%

Example Questions

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

An attacker impersonates a member of the cleaning crew for a company's building, and requests an employee to hold the door open while the impersonator brings in a cleaning cart. The employee fell victim to what type of attack?

A. A lunchtime attack B. Shoulder surfing C. Piggy backing D. Dumpster diving

The DMZ (demilitarized zone) has a new virtual firewall server. A user reported that Internet websites are viewable, but no longer has a connection to an FTP (file transfer protocol) site. Which of the following is most likely the cause of the disconnection?

A. The user does not have access to the FTP site. B. A network cable disconnected from the server. C. The Firewall implicitly denied access to the FTP site. D. The ACL still requires setting up.

A user has multiple documents to review, regarding a device from an authorized government vendor, with approval to use the documents. While attempting to send the documents to a personal email, to review later at home, the email returned with a message saying it failed to send. What is most likely the cause of this? (Select two)

A. Based on policy, the employee cannot use personal email. B. The DLP system flagged an incident. C. The antivirus software flagged the documents. D. The attachment file size is too large.

After exploiting a vulnerability during testing, an administrator released a Security Update as a patch for Microsoft Internet Explorer. How should the administrator proceed in applying the patch?

A. Apply the patch directly to production. B. Apply the Security Update to the staging environment and test the system functionality. C. Wait for the quarterly update before patching the vulnerability. D. Apply the patch to the sandbox environment and test functionality.

Fingerprint scanning is one of the most straightforward methods of biometric identification. Which of these concerns are most pertinent to the use of this technology?(Select two)

A. Ease of spoofing B. Surfaces must be clean and dry C. Revocability of credentials D. High expense of installation

Key strength is based on length and randomness. One way to strengthen a key is to add a nonce or an Initialization Vector (IV). The same is true for passwords, which can be strengthened by adding a salt to a hashed password value. Evaluate the following to identify the statements that are true about nonces, IVs, and salts.(Select two)

A. The value of a nonce is hidden. B. A salt could be a counter value. C. Use of a salt ensures identical plaintexts produce different ciphertexts. D. Use of an initialization vector ensures identical plaintexts produce different ciphertexts.

* Burning Glass Technologies. (2019). Labor Insights.

Required skills at this level
  • Manage and configure tools to monitor network activity
  • Conduct penetration testing
  • Analyze reports from tools to identify unusual network behavior
  • Plan and recommend changes to increase the security of the network
  • Apply security patches to protect the network
  • Help end-users when they need to install or learn about new products and procedures
  • Train beginner cybersecurity professionals

Cybersecurity Specialist Certifications

2-IT-cyber New Copy copy 3
CERT MAP-cyber-MOBILE
Step 1

CompTIA Certifications

Certifications like CompTIA Cybersecurity Analyst (CySA+), PenTest+ and Project+ can prove you have the skills to take your cybersecurity career to the next level.

CompTIA CySA+
CompTIA CySA+

Cybersecurity Analyst (CySA+) applies behavioral analytics to the IT security field to improve the overall state of IT security.

Learn more Example questions
CompTIA CySA+
CompTIA CySA+ Certification

The table below lists the domains measured by the full examination and the extent to which they are represented.

Domain and percentage of examination

Core 1 (220-1001)

1.0  Threat and Vulnerability Management 22%
2.0  Software and Systems Security 18%
3.0  Security Operations and Monitoring 25%
4.0  Incident Response 22%
5.0  Compliance and Assessment 13%
Total 100%

Example Questions

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

What passive method can you use to discover the topology of a target network?

A. Google search B. Vulnerability scan C. Port scan D. Social engineering

You are planning a penetration test for a client. You are about to discuss timings as part of the Rules of Engagement (ROE). What topics are likely to be covered?

A. When the client will pay for milestones achieved B. Maximum permissible delays by the rapid response team C. When active tests will be conducted D. Frequency of potentially destructive attacks during a single test

What is it called when a vulnerability scanner detects that port 80 is open on your web server but the port must remain open so that the system can fulfill its function?

A. A remediation B. An unfixed vulnerability C. A false positive D. An exception

If an attacker is able to breach the defenses of your network gatekeepers the attacker can find a way into the network. What are these network gatekeepers called?

A. Network segmentation B. Endpoints C. Virtual private networks (VPNs) D. Virtual network appliances

Which of the following tools best prevents contamination of disk-stored digital evidence?

A. Surveillance cameras B. A digital forensics workstation C. Hashing utilities D. A write blocker

Which of the following attacks is most likely to result in extreme bandwidth consumption?

A. Brute-force password cracking B. Man-in-the-middle C. Distributed Denial of Service (DDoS) D. Privilege escalation
CompTIA Project+
CompTIA Project+

Project+ gives technical and non-technical professionals the basic concepts to successfully manage small- to medium-sized projects.

Learn more Example questions
CompTIA Project+
CompTIA Project+ Certification

The table below lists the domains measured by the full examination and the extent to which they are represented.

Domain and percentage of examination

Core 1 (220-1001)

1.0  Project Basics 36%
2.0  Project Constraints 17%
3.0  Communication and Change Management 26%
4.0  Project Tools and Documentation 21%
Total 100%

Example Questions

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

You began a project on May 1 and the target completion date is December 15. On November 1 the client instructed you to stop work on the project immediately because they no longer need the project’s deliverables. You are to permanently archive everything you have done to this point. Should you now move to the close phase activities of the project management process?

A. No because the original scope of work was not completed. B. Yes because the project is considered complete. C. Yes because it is after November 1. D. No because the client may change their mind and re-open the project at a later date.

You have taken over a project from another project manager and are concerned that the consultant working on the project may leave before the project is completed. Which risk response strategy should you employ?

A .Exploit the risk B. Mitigate the risk C. Accept the risk but have a contingency D. Accept the risk without a contingency

You are working on a new purchasing system project and you are having difficulty finalizing the requirements with the purchasing department. You send a meeting notice to the purchasing manager and two purchasing clerks for a 15-minute meeting tomorrow in your online meeting software with an agenda of finalizing the requirements. What type of meeting is this?

A. In-person impromptu B. Virtual impromptu C. In-person scheduled D. Virtual scheduled

What is the difference between a merger and an acquisition? In a merger the companies are equals but in an acquisition the acquiring company is in control.

A. In a merger two companies become one but in an acquisition they stay separate companies. B. In an acquisition the companies are equals but in a merger one company is in control. C. In an acquisition two companies become one but in a merger they stay separate companies.

You are working on a project to upgrade the enterprise resource planning (ERP) system which includes a purchasing system and a new sales system. The project will take nearly a year and two months prior to implementation management approves the hiring of consultants to help complete the project. This is an example of what type of change?

A. Requirements change B. Risk event C. Quality change D. Resource change

The bridge over the Troubled Waters stream project will involve Public Works Dept. staff and several vendors. The project manager needs the communication plan to be complete and to be understandable by all. Which of the following should be included in a communication plan?

A. A list of stakeholders B. The stakeholder management strategy C. Definitions of communication terms D. An issue log
CompTIA PenTest+
CompTIA PenTest+

PenTest+ is for intermediate level cybersecurity professionals who are tasked with penetration testing to manage vulnerabilities on a network.

Learn more Example questions
CompTIA PenTest+
CompTIA PenTest+ Certification

The table below lists the domains measured by the full examination and the extent to which they are represented.

Domain and percentage of examination

Core 1 (220-1001)

1.0  Planning and Scoping 15%
2.0  Information Gathering and Vulnerability Identification 22%
3.0  Attacks and Exploits 30%
4.0  Penetration Testing Tools 17%
5.0  Reporting and Communication 16%
Total 100%

Example Questions

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

When attacking a wireless system what target do testers identify first?

A. Open ports on switches B. SSIDs C. Open ports on firewalls D. Badge readers

During a penetration test you are tasked with performing dynamic analysis on a running application to identify vulnerabilities. What action would you take to accomplish this task?

A. Review the source code for common insecure coding practices like input validation B. Scan the web server using nmap focusing on ports 80 and 443 C. Send the application random or unusual input data and note any failures or crashes that result D. Perform packet inspection looking for irregularities

What protocol does bluesnarfing use to communicate with other devices?

A. Internet Protocol (TCP/IP) B. An unfixed vulnerability C. IEEE 802.11 D. Object Exchange (OBEX)

For what reason does Hashcat claim it is the fastest password cracking tool available?

A. It uses the CPU B. It uses the GPU C. It uses RAM D. It uses ROM

During a pen test engagement you want to use an Nmap Scripting Engine (NSE) script to grab banners from every service it can discover on a host. What command would accomplish this?

A. nmap -Pn --script vuln 192.168.1.50 B. nmap --script=smb-os-discovery 192.168.1.50 C. nmap -sV 192.168.1.50 D. nmap -sV --script=banner 192.168.1.50

During a pen test you exploit a web app vulnerability and discover an /etc/shadow file containing hashes that begins with $1. What recommendation would you give to remediate this vulnerability?

A. Storing the passwords in plaintext B. Hashing passwords with the DES algorithm C. Using hashes that begin with $5 or $6 D. Hashing passwords with the MD5 algorithm
Step 2

Partner Certifications

CompTIA certifications establish a baseline foundation of skills that you can build upon with other vendor or technology-specific certifications.

ISACA

Validate skills in IT audit, security, governance and risk. ISACA certifications are based on primary responsibility, rather than a defined level:

Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Security Manager (CISM)
Certified in the Governance of Enterprise IT (CGEIT)

SANS/GIAC

Validate skills in security administration, management, audit, and software security; offering more than 30 specialized information security certifications that correspond to specific job duties.

Cisco (CCT, CCNA, CCIE)

Validates networking skills using Cisco equipment and technologies. Cisco organizes their certifications across 5 levels:

Entry (CCT)
Associate (CCNA)
Professional (CCNP)
Expert (CCIE)
Architect (CCAr)

* Burning Glass Technologies. (2019). Labor Insights.

Required skills at this level
  • Manage and configure tools to monitor network activity
  • Research the latest IT security trends
  • Develop security standards and best practices for the organization
  • Recommend security enhancements to management or senior staff
  • Develop and update business continuity and disaster recovery protocols
  • Help end-users when they need to install or learn about new products and procedures
  • Manage and train team

Cybersecurity Specialist Certifications

2-IT-cyber New Copy copy 3
CERT MAP-cyber-MOBILE
Step 1

CompTIA Certifications

Adding certifications like CompTIA Advanced Security Practitioner (CASP+) can validate your skills in the cybersecurity field and prepare you for a more advanced role within your organization.

CompTIA CASP+
CompTIA CASP+

CASP+ is an advanced certification that validates critical thinking and judgment across a spectrum of security disciplines in complex environments.

Learn more
Step 2

Partner Certifications

CompTIA certifications establish a baseline foundation of skills that you can build upon with other vendor or technology-specific certifications.

ISC2 CISSP

ISC2 is best recognized for its CISSP credential. CISSP recognizes information security leaders who understand cybersecurity strategy.

CompTIA Learning and Training

CompTIA offers everything you need to prepare for your certification exam. Explore training developed by CompTIA with options that fit various learning styles and timelines. Whether you prefer self-study or classroom training, CompTIA has you covered.

View Training by Certification

Considering a new exciting career as an Cybersecurity Specialist?

Start your tech career journey today!

DOWNLOAD YOUR CUSTOMIZED CAREER ROADMAP