Skip to main content

V3

CySA+ V3 (Retiring Version)

CompTIA Cybersecurity Analyst (CySA+) is the premier certification for cyber professionals tasked with incident detection, prevention, and response through continuous security monitoring. It validates a tech professional's expertise in incident response and vulnerability management processes, emphasizing the critical communication skills necessary for effective security analysis and compliance.

CySA+ V4 is now available. CySA+ V3 will retire in English on December 22, 2026. Japanese, Portuguese, and Spanish versions will retire on March 23, 2027.

Plus CySA+ Certification

Skills you'll learn

Build skills with CompTIA learning and validate them with CySA+ certification.

  • Enhance security operations processes, differentiate threat intelligence and threat hunting, and identify malicious activity using appropriate tools.

  • Conduct vulnerability assessments, prioritize vulnerabilities, and recommend effective mitigation strategies for vulnerability management.

  • Apply attack methodology frameworks, perform incident response, and understand the incident management lifecycle to handle security incidents effectively.

  • Utilize communication best practices to report on vulnerability management and incident response, providing stakeholders with actionable plans and meaningful metrics.

 

Exam details

  • Exam version: V3

  • Exam series code: CS0-003

  • Launch date: June 6, 2023

  • Number of questions: maximum of 85 questions, a mix of multiple-choice and performance-based questions

  • Retirement: English (December 22, 2026); Japanese, Portuguese, and Spanish (March 23, 2027)

  • Duration: 165 minutes

  • Passing score: 750 (on a scale of 100-900)

  • Languages: English, Japanese, Portuguese, and Spanish

  • Recommended experience: Network+, Security+, or equivalent knowledge, with a minimum of 4 years of hands-on experience as an incident response analyst, security operations center (SOC) analyst, or equivalent experience

  • DoD 8140 work roles: all source analyst, warning analyst, forensics analyst, cyber defense forensics analyst, cyber crime investigator, systems security analyst, cyber defense analyst, cyber defense incident responder, vulnerability assessment analyst, security control assessor

Pick the right learning and practice solutions for your skill-building and exam preparation needs

No matter where you are in your journey, CompTIA’s CertMaster products deliver flexible learning and practice experiences to help you build skills, boost confidence and achieve CySA+ exam readiness.

Shop CySA+ Learn and Practice products

 

  Learn+Labs Learn Practice Labs
Best for:

Best for those looking to build skills, learn concepts, and gain hands-on experience. No prior related job role experience needed.

Best for those building foundational knowledge and skills. No prior related job role experience needed.

Best for those having experience with the skills and concepts.

Best for those looking to gain hands-on experience applying skills.

Primary purpose:

Comprehensive learning with robust set of lab activities in real and simulated environments to practice skills and job readiness.

Comprehensive learning with lab activities to practice skills.

Confirm exam readiness and close gaps.

Apply skills in real-world scenarios.

Contains:

Instructional content, video, interactives, labs (simulated and live virtual machines), assessments, practice tests

Instructional content, video, interactives, labs (simulated), assessments, practice tests

Timed practice exams, objective quizzes, exam objective mastery scores

Live virtual lab environment with guided tasks and real world-scenarios

Estimated duration:

30–60 hours

25–40 hours

1020 hours

1525 hours

 

Learn more about CertMaster Learn+Labs

Learn more about CertMaster Learn

Learn more about CertMaster Practice

Learn more about CertMaster Labs


Save with popular CySA+ product bundles

Bundle our popular CertMaster products with an Exam Voucher plus Retake Assurance and save!

Shop all CySA+ product bundles

CySA+ (V3) exam objectives summary

Security operations (33%)

  • System and network architecture: explaining log ingestion, operating system (OS) concepts, infrastructure, network architecture, identity and access management (IAM), encryption, and sensitive data protection.
  • Malicious activity indicators: analyzing network anomalies like bandwidth spikes and rogue devices, host issues like unauthorized software and data exfiltration, application irregularities like unexpected communication and service interruptions, and threats like social engineering attacks.
  • Tools and techniques: detecting malicious activity using tools like Wireshark, security information and event management (SIEM), and VirusTotal, along with techniques like pattern recognition and email analysis, supported by scripting languages like Python and PowerShell.
  • Threat intelligence and hunting: comparing threat actors, tactics, techniques, and procedures (TTP); confidence levels; collection methods; intelligence sharing; and hunting techniques.
  • Process improvement: standardizing processes, streamlining operations, integrating tools, and using a single pane of glass.

Advance your career—Buy CySA+ certification exam or training today.

Vulnerability management (30%)

  • Vulnerability scanning: implementing asset discovery, internal vs. external scanning, agent vs. agentless, credentialed vs. non-credentialed, passive vs. active, static vs. dynamic, and critical infrastructure scanning.
  • Assessment tool output: analyzing network scanning, web application scanners, vulnerability scanners, debuggers, multipurpose tools, and cloud infrastructure assessments.
  • Vulnerability prioritization: interpreting common vulnerability scoring system (CVSS), validating findings, assessing exploitability, and considering asset value and zero-day vulnerabilities.
  • Mitigation controls: recommending controls for cross-site scripting (XSS), overflow vulnerabilities, and data poisoning.
  • Vulnerability response: explaining compensating controls, patching, configuration management, maintenance windows, exceptions, governance, service-level objectives (SLOs), secure software development life cycle (SDLC), and threat modeling.

Incident response management (20%)

  • Attack methodology frameworks: explaining cyber kill chains, diamond model of intrusion analysis, MITRE ATT&CK, Open Source Security Testing Methodology Manual (OSSTMM), and OWASP testing guide.
  • Incident response activities: performing detection, analysis, containment, eradication, and recovery.
  • Incident management life cycle: explaining incident response plans, tools, playbooks, tabletop exercises, training, business continuity (BC), disaster recovery (DR), forensic analysis, and root cause analysis.


Get exam-ready—Find your training and explore bundles.

Reporting and communication (17%)

  • Vulnerability management reporting: explaining compliance reports, action plans, inhibitors to remediation, metrics, key performance indicators (KPIs), and stakeholder communication.
  • Incident response reporting: explaining incident declaration, escalation, reporting, communication, root cause analysis, lessons learned, and metrics and KPIs.