The New CompTIA CySA+ (V4): Your Certification Questions Answered

We’ve been getting a lot of questions about the new CompTIA Cybersecurity Analyst (CySA+) V4 exam (CS0-004), and we want to make sure you have the answers you need to decide whether it’s the right next step for your cybersecurity career. In this post, we're answering some of your biggest questions. 

CySA+ V4 quick facts 

• Exam Code: V4 (CS0-004) 
• Availability: June 2026 
• Number of Questions: Maximum of 85 
• Question Types: Multiple-choice and performance-based 
• Passing Score: 750 (on a scale of 100–900) 
• Recommended Experience: Approximately four years of hands-on cybersecurity experience 
• Exam Price: $425 
• Certification Renewal: Every three years 
• DoD Compliance: Approved for DoD Directive 8140.03M requirements 

What is CompTIA CySA+? 

CompTIA Cybersecurity Analyst (CySA+) is an intermediate, vendor-neutral certification designed for cybersecurity professionals responsible for incident detection, prevention, and response through continuous security monitoring. It validates the hands-on skills needed to proactively defend an organization, manage vulnerabilities, and support incident response activities. 

With the goal of continuously improving an organization’s security posture, CompTIA CySA+ validates the knowledge and skills required to: 

• Detect and analyze indicators of malicious activity 
• Understand threat hunting and threat intelligence concepts 
• Use appropriate tools and methods to manage, prioritize, and respond to attacks and vulnerabilities 
• Perform incident response processes 
• Understand reporting and communication concepts related to vulnerability management and incident response activities 

Who is CySA+ for?

CompTIA CySA+ is for IT cybersecurity professionals with three to four years of hands-on information security or related experience or equivalent training.

CompTIA CySA+ prepares you for cybersecurity roles such as: 

• Security analyst 
• Security operations center (SOC) analyst 
• Vulnerability analyst 
• Threat intelligence analyst 
• Security engineer/operations
• Incident responder/incident response analyst
• Application security analyst
• Compliance/risk analyst

What's on the new CySA+ exam? 

The new CompTIA CySA+ V4 exam applies behavioral analytics to combat modern cybersecurity threats through continuous security monitoring, incident response, and vulnerability management. The updated exam introduces dedicated coverage of artificial intelligence (AI) use cases and risks, along with modern security technologies and frameworks used in today’s Security Operations Centers (SOCs). 

Like previous versions, CySA+ V4 focuses on core cybersecurity analyst responsibilities, including: 

• Leveraging intelligence and threat detection techniques 
• Analyzing and interpreting security data 
• Identifying and addressing vulnerabilities 
• Recommending preventative security measures 
• Responding to and recovering from cybersecurity incidents 

New and expanded areas of focus include: 

Artificial intelligence in security operations 

CySA+ V4 introduces dedicated coverage of: 

• AI use cases within the SOC 
• AI-related security risks 
• AI governance and oversight 
• AI-enhanced threat detection and response workflows 

Modern security architectures 

Candidates should understand: 

• Zero Trust Network Access (ZTNA) 
• Secure Access Service Edge (SASE) 
• Cloud-native security operations 
• Hybrid environment monitoring and protection 

Advanced vulnerability management 

The exam expands coverage of: 

• Software Bill of Materials (SBOM) 
• Vulnerability prioritization using Exploit Prediction Scoring System (EPSS) 
• Risk-based remediation planning 
• Software supply chain security 

Security operations automation 

Candidates are expected to understand: 

• Security Information and Event Management (SIEM) 
• Security Orchestration, Automation and Response (SOAR) 
• Endpoint Detection and Response (EDR) 
• Extended Detection and Response (XDR) 
• Automated threat intelligence workflows 

What can I expect from the CySA+ exam? 

You can expect a maximum of 85 multiple-choice and performance-based questions on the CompTIA CySA+ V4 exam. Candidates must achieve a passing score of 750 on a scale of 100 to 900. The exam validates applied, scenario-based cybersecurity skills across four core domains. 

CySA+ V4 exam domains and weights 

• Security Operations: 34% 
• Vulnerability Management: 26% 
• Incident Response and Management: 24% 
• Reporting and Communication: 16% 

The exam is designed to test real-world cybersecurity analyst skills rather than memorization. 

Performance-based questions may require candidates to: 

• Analyze SIEM alerts 
• Review logs and security events 
• Investigate indicators of compromise (IoCs) 
• Prioritize vulnerabilities 
• Support incident response activities 
• Recommend remediation actions 

CySA+ V3 vs. CySA+ V4 

Artificial intelligence 

• V3: Limited coverage 
• V4: Dedicated AI use cases, risks, and governance 

Vulnerability prioritization 

• V3: Traditional approaches 
• V4: Expanded EPSS-based prioritization 

Security architecture 

• V3: Basic Zero Trust concepts 
• V4: Expanded ZTNA and SASE coverage 

Security operations 

• V3: SIEM and SOAR focus 
• V4: AI-assisted SOC workflows 

Software security 

• V3: General coverage 
• V4: Enhanced SBOM and software supply chain risk coverage 

How much does CySA+ cost? 

The retail price for the CompTIA CySA+ V4 certification exam voucher is $425 in the United States. CompTIA offers numerous ways to reduce this cost, including exam bundles, training packages, promotional discounts, and learning solutions that combine exam preparation resources with certification vouchers.  

Check out our article on how to save on exam vouchers.  

How can I train and prepare for CySA+? 

Start by reviewing the exam objectives to understand what topics are covered and get examples of questions that you might see. 

CompTIA also offers a full suite of training solutions: 

• CompTIA CertMaster Perform is a comprehensive eLearning to prepare you for your CompTIA certification exam with multi-faceted instruction and skill-building through a robust series of labs. 
• CompTIA CertMaster Learn is a comprehensive eLearning solution that offers 40+ hours of engaging content with 15 lessons, including interactive performance-based questions. The platform includes narrative instruction, visual aids, videos, games, flashcards, and more, and it is designed to help you learn in an engaging and flexible way. A personalized dashboard and countdown calendar help you track your progress and keep you on pace for your scheduled exam. 
• CompTIA CertMaster Labs provides you with the platform to gain critical hands-on experience. The labs within each course are independent of each other and can be used in any order.  
• CompTIA CertMaster Practice is a knowledge assessment and certification training companion that determines what you have already mastered and what you still need to learn to improve your confidence before taking the exam. The system tailors feedback to help you build knowledge in your weaker areas, keeping you engaged and focused throughout your study session. 

How much time will I need to prepare for CySA+? 

Because CySA+ is an intermediate cybersecurity certification, CompTIA recommends a minimum of four years of hands-on experience in a Security Operations Center (SOC), incident response role, vulnerability management position, or equivalent cybersecurity role. Most candidates should expect to spend between 30 and 55 hours studying and practicing cybersecurity skills before taking the exam. 

We recommend that you have CompTIA Network+, CompTIA Security+, or equivalent knowledge, plus a minimum of four years of hands-on experience as an incident response analyst or security operations center (SOC) analyst or equivalent experience. We also suggest that you dedicate between 30 and 40 hours of studying before sitting for the exam. 

Preparation time varies depending on: 

• Existing cybersecurity experience 
• Familiarity with security operations workflows 
• Knowledge of vulnerability management 
• Experience with incident response processes 
• Exposure to SIEM, SOAR, and EDR technologies 

Why would I choose CySA+ over other cybersecurity certifications? 

CompTIA CySA+ stands out because it is a vendor-neutral cybersecurity analyst certification that validates hands-on, scenario-based skills used across a wide range of security tools, platforms and environments. Unlike vendor-specific certifications, CySA+ teaches analytical skills that can be applied across multiple technologies and employers. 

Key advantages include: 

• Vendor-neutral curriculum 
• Performance-based exam questions 
• Focus on real-world SOC operations 
• Coverage of threat hunting and incident response 
• Alignment with modern cybersecurity workflows 
• DoD 8140.03M compliance  

What's the difference between CySA+ and Security+?  

The primary difference between CompTIA Security+ and CompTIA CySA+ is scope and depth. CompTIA CySA+ includes more analytics with a different focus on addressing the growing specialization in cybersecurity. CompTIA Security+ provides candidates with a baseline of general cybersecurity knowledge and skills. 

CompTIA CySA+	CompTIA Security+
Intermediate cybersecurity analyst certification	Foundational cybersecurity certification
Security operations and analytics focus	Broad security concepts
Threat detection and response	Broad security concepts
Active monitoring and investigation	Security administration
Applied cybersecurity analyst skills	Baseline cybersecurity skills

Security+ validates that candidates understand cybersecurity concepts. CySA+ validates that candidates can actively apply those concepts in operational environments 

Can I go straight to CySA+ instead of getting CompTIA Security+? 

You can take CompTIA CySA+ without first earning Security+, but it is generally not recommended unless you already have substantial cybersecurity experience. You need to know how a network works (CompTIA Network+) and how to secure it (CompTIA Security+) before you can analyze it (CompTIA CySA+). The CompTIA Cybersecurity Career Pathway shows how each certification builds on the previous one, and skipping CompTIA Security+ could leave a gap in your baseline cybersecurity skills. 

The recommended progression is: 

1. CompTIA Network+ 
2. CompTIA Security+ 
3. CompTIA CySA+ 
4. Advanced cybersecurity specializations 

How long is CySA+ good for, and how can it be renewed?

CompTIA CySA+ remains valid for three years from the date it is earned. Certification holders can renew through the CompTIA Continuing Education (CE) program by completing qualifying activities or earning additional certifications. 

You can renew your CompTIA certification by completing a single activity: 

• Complete CompTIA CertMaster Continuing Education (CE) 
• Earn a higher-level CompTIA certification 
• Earn a non-CompTIA IT industry certification 
• Pass the latest release of your CompTIA exam 

Alternatively, you can complete a combination of activities to earn the number of CEUs you need to renew your CompTIA certification, such as: 

• Earn another CompTIA certification 
• Earn non-CompTIA IT industry certifications 
• Complete training and higher education 
• Participate in IT industry activities 
• Publish a relevant article, white paper, blog post, or book 
• Gain related work experience 

CompTIA's CE program proves that your IT knowledge has evolved with technology and ensures that you stay current with your skills. 

Does CySA+ renew Security+? 

Yes. Because CompTIA CySA+ is considered a higher-level certification within the CompTIA Cybersecurity Career Pathway, earning CySA+ automatically renews eligible lower-level certifications, including CompTIA Security+. 

How many questions are on the CySA+ exam? 

The CompTIA CySA+ V4 exam includes a maximum of 85 questions. Candidates can expect a combination of multiple-choice questions and performance-based questions that assess real-world cybersecurity analyst skills. 

Is CySA+ approved by the DoD for 8570 requirements? 

Yes! CompTIA CySA+ is approved by the U.S. Department of Defense under Directive 8140.03M and continues to support government and defense workforce requirements. The certification is also compliant with ISO 17024 standards and maps to multiple Department of Defense Cyber Workforce Framework (DCWF) and NICE Cybersecurity Workforce Framework roles. 

Common mapped work roles include: 

• Threat analysis 
• Incident response 
• Cyber defense analysis 
• Vulnerability assessment 
• Security operations 

Is CySA+ worth it? 

For cybersecurity professionals seeking to advance beyond foundational security knowledge, CySA+ can provide significant career value. The certification validates practical skills in security operations, threat detection, vulnerability management, and incident response that are directly applicable to many in-demand cybersecurity roles.

By combining vendor-neutral knowledge, performance-based testing, and alignment with modern cybersecurity operations, CySA+ continues to serve as one of the most widely recognized certifications for security analysts. 

Ready to get started with CompTIA CySA+? 

The new CompTIA CySA+ V4 exam reflects the skills cybersecurity analysts need to protect today’s organizations, from threat detection and incident response to AI-enabled security operations and risk-based vulnerability management. If you have experience in cybersecurity and are ready to build on your foundational knowledge, CySA+ can help you validate your skills and prepare for the next stage of your career.

Explore CompTIA CySA+ training options, review the exam objectives, and choose the resources that fit your goals.