CompTIA Cybersecurity Analyst (CySA+) is a cybersecurity certification that validates your ability to detect, analyze, and respond to threats in security operations and vulnerability management roles. It focuses on incident detection, response, and continuous monitoring in modern environments, while managing vulnerabilities and effectively communicating critical risks.
V4
CySA+ V4 (New Version)
Skills you'll learn
Build skills with CompTIA learning and validate them with CySA+ certification.
Identify and investigate suspicious activity across networks, endpoints, and cloud environments to uncover potential security threats.
Monitor and analyze data using industry-standard tools such as SIEM and EDR platforms.
Identify, prioritize, and mitigate vulnerabilities using risk-based approaches.
Investigate and respond to security incidents using structured processes and real-world techniques.
Clearly communicate security findings and risks to stakeholders through reports and dashboards.
Apply security practices across cloud and hybrid environments while supporting efficient and effective operations.
Exam details
Exam version: V4
Exam series code: CS0-004
Launch date: June 23, 2026
Number of questions: Maximum of 85
Duration: 165 minutes
Passing score: 750 on a scale of 100 to 900
Languages: English, with French, Japanese, Spanish, and Portuguese coming soon
Recommended experience: About 4 years in a SOC analyst or vulnerability analyst role
Pick the right learning and practice solutions for your skill-building and exam preparation needs
No matter where you are in your journey, CompTIA’s CertMaster products deliver flexible learning and practice experiences to help you build skills, boost confidence and achieve CySA+ exam readiness.
Shop CySA+ Learn and Practice products
| Perform | Learn | Practice | Labs | |
| Best for: |
Best for those looking to build skills, learn concepts, and gain hands-on experience. No prior related job role experience needed. |
Best for those building foundational knowledge and skills. No prior related job role experience needed. |
Best for those having experience with the skills and concepts. |
Best for those looking to gain hands-on experience applying skills. |
| Primary purpose: |
Comprehensive learning with robust set of lab activities in real and simulated environments to practice skills and job readiness. |
Comprehensive learning with lab activities to practice skills. |
Confirm exam readiness and close gaps. |
Apply skills in real-world scenarios. |
| Contains: |
Instructional content, video, interactives, labs (simulated and live virtual machines), assessments, practice tests |
Instructional content, video, interactives, labs (simulated), assessments, practice tests |
Timed practice exams, objective quizzes, exam objective mastery scores |
Live virtual lab environment with guided tasks and real world-scenarios |
| Estimated duration: |
30–60 hours |
25–40 hours |
10–20 hours |
15–25 hours |
Save with popular CySA+ product bundles
Bundle our popular CertMaster products with an Exam Voucher plus Retake Assurance and save!
- Validate your skills and reduce exam risk
CySA+ Practice and Exam Bundle with Retake
Know you're ready before you test. Validate your skills and reduce exam-day risk with Practice, plus a built-in exam retake for peace of mind. Bundle includes: CertMaster Practice and a Voucher with Retake Assurance.
Buy now - Everything you need from learning to certification
CySA+ Complete Bundle with Retake
Everything you need to go from learning to exam-day confidence. Build skills, practice, and gain hands-on experience with an exam retake for peace of mind. Bundle includes: CertMaster Learn, Labs, Practice, and a Voucher with Retake Assurance.
Buy now
CySA+ (V4) exam objectives summary
Security Operations (34%)
- Explain system and network architecture concepts in security operations: Security architecture components, identity concepts, and logging practices that support secure environments.
- Analyze indicators of potential malicious activity: Suspicious activity across networks, endpoints, cloud, and identity systems.
- Use tools to determine malicious activity: SIEM, EDR, packet analysis tools, and threat intelligence platforms.
- Explain threat intelligence and threat-hunting concepts: Frameworks, data sources, and methods used to identify and investigate threats.
- Describe efficiency and process improvement in security operations: Automation, workflows, and processes used to improve operational efficiency.
- Summarize concepts related to the use of AI in security operations: Use cases, risks, and governance considerations.
Vulnerability Management (26%)
- Implement the appropriate vulnerability scanning method: Tools and techniques used to identify vulnerabilities across systems, networks, and applications.
- Analyze output from vulnerability assessment tools: Vulnerabilities, findings, and security gaps identified through scan results.
- Prioritize and mitigate vulnerabilities: Risk-based approaches using scoring systems, threat intelligence, and business context.
- Explain concepts related to control types, risks, and vulnerability management: Controls, policies, and compliance practices used to manage risk.
Incident Response and Management (24%)
- Summarize concepts related to attack methodology frameworks: Models such as MITRE ATT&CK and the Cyber Kill Chain.
- Outline the incident response process: Phases including preparation, detection, analysis, containment, eradication, and recovery.
- Implement incident response techniques: Triage, evidence handling, escalation, remediation, and root cause identification.
Reporting and Communication (16%)
- Explain vulnerability management reporting and communication: Reports, dashboards, and communication activities used to present findings and support escalation during security events.
- Describe security operations, incident response reporting, and communication: Incident documentation, post-incident reviews, and metrics such as detection time, response time, and remediation effectiveness.