CompTIA Certifications


CompTIA Cybersecurity Analyst+

CompTIA CySA+ (CS0-002) English Exam Retires December 5, 2023.


The CompTIA Cybersecurity Analyst (CySA+) examination is the only intermediate high-stakes cybersecurity analyst certification with performance-based questions covering security analytics, intrusion detection and response. High-stakes exams are proctored at a Pearson VUE testing center in a highly secure environment. CySA+ is the most up-to-date security analyst certification that covers advanced persistent threats in a post-2014 cybersecurity environment. The behavioral analytics skills covered by the CompTIA CySA+ certification identify and combat malware and advanced persistent threats (APTs), resulting in better threat visibility across a broad attack surface by focusing on network behavior, including an organization’s interior network. The exam will certify that the successful candidate has the knowledge and skills required to:

  • Leverage intelligence and threat detection techniques
  • Analyze and interpret data
  • Identify and address vulnerabilities
  • Suggest preventative measures
  • Effectively respond to and recover from incidents

CompTIA CySA+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is compliant with government regulations under the Federal Information Security Management Act (FISMA). Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Over 1.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

Exam Domains with % of Exam

CySA+ CS0-003
CySA+ CS0-002
  • Security Operations (33%)
  • Vulnerability Management (30%)
  • Incident Response Management (20%)
  • Reporting and Communication (17%)
  • Security Operations and Monitoring (25%)
  • Threat and Vulnerability Management (22%)
  • Incident Response (22%)
  • Software and Systems Security (18%)
  • Compliance and Assessment (13%)

Intended Job Roles

  • Network Security Specialist
  • Network Security Operations
  • Network Security Analyst
  • Application Security Analyst
  • Threat Hunter
  • Threat Intelligence Analyst
  • Security Operations Center (SOC) Analyst
  • Security Architect
  • Cybersecurity Engineer

Organizations That Contributed to Exam Development

  • US Department of Defense
  • US Navy
  • John Hopkins Applied Physics Laboratory
  • Amazon Web Services
  • Bank of Montreal (BMO)
  • VISA


What’s New

Information security threats are rising around the world, leaving organizations in search of well-trained security analysts.  CySA+ CS0-003 has been updated to reflect current trends in security analyst tools like enterprise Security Information and Event Management (SIEM) systems and EDR/XDR, which have matured to include more automated features. In addition, the CySA+ exam includes expanded coverage of cloud, mobile, and zero trust indicators of compromise and more emphasis on threat hunting topics, automation of intel, and prioritizing alerts for better incident response.

CySA+ also bridges the professional level CompTIA Security+ (which targets cybersecurity professionals with at least two years of on-the-job experience) and the mastery level CompTIA Advanced Security Practitioner CASP certification (which targets security pros with five or more years of experience).

Exam Details

Exam Codes CS0-003 CS0-002
Launch Date  June 6, 2023 April 21, 2020
Exam Description The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to detect and analyze indicators of malicious activity, understand threat intelligence and threat management, respond to attacks and vulnerabilities, perform incident response, and report and communicate related activity. The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to leverage intelligence and threat detection techniques, analyze and interpret data, identify and address vulnerabilities, suggest preventative measures, and effectively respond to and recover from incidents.
Number of Questions Maximum 85 questions
Length of Test 165 Minutes
Passing Score 750 (on a scale of 100-900)
Recommended Experience Network+, Security+ or equivalent knowledge. Minimum of 4 years of hands-on experience as an incident response analyst or security operations center (SOC) analyst, or equivalent experience. Network+, Security+ or equivalent knowledge. Minimum of 4 years of hands-on information security or related experience.
Languages English, with Japanese, Portuguese and Spanish to follow English, Japanese
Retirement  TBD – Usually three years after launch December 5, 2023 – English, Japanese to follow.