The CompTIA Cybersecurity Analyst (CySA+) course prepares students for the CS0-003 certification and focuses on incident detection, prevention, and response through continuous security monitoring. It covers improving security operations processes, differentiating between threat intelligence and threat hunting, analyzing malicious activity, implementing vulnerability assessments, prioritizing vulnerabilities, and making mitigation recommendations. The certification also includes updated attack methodology frameworks, incident response activities, incident management lifecycle, and communication best practices in vulnerability management and incident response.
The course includes the following high level objectives:
Security Operations
- Explain the importance of system and network architecture concepts in security operations.
- Given a scenario, analyse indicators of potentially malicious activity.
- Given a scenario, use appropriate tools or techniques to determine malicious activity.
- Compare and contrast threat-intelligence and threat-hunting concepts.
- Explain the importance of efficiency and process improvement in security operations.
Vulnerability Management
- Given a scenario, implement vulnerability scanning methods and concepts.
- Given a scenario, analyse output from vulnerability assessment tools.
- Given a scenario, analyse data to prioritize vulnerabilities.
- Given a scenario, recommend controls to mitigate attacks and software vulnerabilities.
- Explain concepts related to vulnerability response, handling, and management.
Incident Response and Management
- Explain concepts related to attack methodology frameworks.
- Given a scenario, perform incident response activities.
- Explain the preparation and post-incident activity phases of the incident management life cycle.
Reporting and Communication
- Explain the importance of vulnerability management reporting and communication.
- Explain the importance of incident response reporting and communication.