Future Skills Fiesta:
 Get up to 30% OFF on Career Booster Combos
AVAIL NOW
D H M S

CompTIA CySA+ Training in San Diego
Read Reviews

CompTIA CYSA+ certification provided by InfosecTrain is a cybersecurity analyst certification that helps to apply analytics in the network to detect cybersecurity threats in the environment.

Watch Intro Video

CompTIA CySA+ Course Highlights

  • 40 Hrs Instructor-led Training
  • Immersive Learning
  • Career-oriented Skill-based Course
  • Guaranteed Lowest Price
  • CompTIA Authorized Training Partner
  • Exam Voucher
  • Extended Post Training Support
  • Access to Recorded Sessions

Accredited By

Choose your Preferred Learning Mode

ON DEMAND TRAINING

Learn on Your Own Time
1-to-1 learning
Customized Solutions

Contact US

ONLINE TRAINING

Flexibility, Convenience & Time Saving
More Effective
Learning Cost Savings

Classes starting from

5th Sep: Weekend

15th Sep: Weekday

ENROLL NOW Preferred

CORPORATE TRAINING

Anytime, Anywhere – Across The Globe
Hire A Trainer
At Your Own Pace
Customized Corporate Training

Contact US For Business

you were looking for your convenient time & date

REQUEST A BATCH

CompTIA CySA+ Course Description

The CompTIA Cybersecurity Analyst (CySA+) certification showcases your proficiency in utilizing behavioral analytics and detection techniques to spot and respond to cybersecurity threats. To earn the CySA+ certification, you’ll need to thoroughly understand the key topics covered in its body of knowledge, such as threat intelligence, data interpretation, and vulnerability management. CySA+ training offers a comprehensive approach to network monitoring, incident analysis, and the use of sophisticated threat detection tools. It equips professionals with the ability to mitigate risks, address vulnerabilities, and secure systems, applications, and networks. From detecting potential security breaches to implementing effective response protocols, the CySA+ certification ensures you have the expertise to defend an organization’s infrastructure against evolving threats.

Target Audience

  • IT Security Analysts
  • Vulnerability Analysts
  • Threat Intelligence Analysts
  • Anyone who is trying to get a better understanding of the concepts involved in conducting cybersecurity analysis

Pre-Requisite

  • Basic knowledge of Network+, Security+, or equivalent discipline
  • Minimum of 4 years of hands-on experience as an Incident Response Analyst or Security Operations Center (SOC) Analyst or similar domain

Exam Information

Exam Format Performance Based & Multiple Choice
No. of Questions 85 Questions
Exam Duration 165 Minutes
Passing Score 750 (on a scale of 100-900)
Languages English, Japanese, Portuguese and Spanish to follow
1800-843-7890
Call Now

GET A FREE DEMO CLASS

For
Captcha*
7 + 5 =
loader-infosectrain

CompTIA CySA+ Course Objectives

  • Detect and analyze indicators of malicious activity
  • Understand threat hunting and threat intelligence concepts
  • Use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities
  • Perform incident response processes
  • Understand reporting and communication concepts related to vulnerability management and incident response activities

CompTIA CySA+ Course Content

Domain 1: Security Operations (33%)

  • 1.1: Explain the Importance of System and Network Architecture Concepts in Security Operations
    • Log Ingestion
      • Time Synchronization
      • Logging Levels
    • Operating System (OS) Concepts
      • Windows Registry
      • System Hardening
      • File Structure
        • Configuration File Locations
      • System Processes
      • Hardware Architecture
    • Infrastructure Concepts
      • Serverless
      • Virtualization
      • Containerization
    • Network Architecture
      • On-Premises
      • Cloud
      • Hybrid
      • Network Segmentation
      • Zero Trust
      • Secure Access Secure Edge (SASE)
      • Software-Defined Networking (SDN)
    • Identity and Access Management
      • Multi Factor Authentication (MFA)
      • Single Sign-On (SSO)
      • Federation
      • Privileged Access Management (PAM)
      • Passwordless
      • Cloud Access Security Broker (CASB)
    • Encryption
      • Public Key Infrastructure (PKI)
      • Secure Sockets Layer (SSL) Inspection
    • Sensitive Data Protection
      • Data Loss Prevention (DLP)
      • Personally Identifiable Information (PII)
      • Cardholder Data (CHD)
  • 1.2: Given a Scenario, Analyze Indicators of Potentially Malicious Activity
    • Network-Related
      • Bandwidth Consumption
      • Beaconing
      • Irregular Peer-to-Peer Communication
      • Rogue Devices on the Network
      • Scans/Sweeps
      • Unusual Traffic Spikes
      • Activity on Unexpected Ports
    • Host-Related
      • Processor Consumption
      • Memory consumption
      • Drive Capacity Consumption
      • Unauthorized Software
      • Malicious Processes
      • Unauthorized Changes
      • Unauthorized Privileges
      • Data Exfiltration
      • Abnormal OS Process Behavior
      • File System Changes or Anomalies
      • Registry Changes or Anomalies
      • Unauthorized Scheduled Tasks
    • Application-Related
      • Anomalous Activity
      • Introduction of new Accounts
      • Unexpected Output
      • Unexpected Outbound Communication
      • Service Interruption
      • Application Logs
    • Other
      • Social Engineering Attacks
      • Obfuscated Links
  • 1.3: Given a Scenario, Use Appropriate Tools or Techniques to Determine Malicious Activity
    • Tools
      • Packet Capture
        • Wireshark
        • tcpdump
      • Log Analysis/Correlation
        • Security Information and Event Management (SIEM)
        • Security Orchestration, Automation, and Response (SOAR)
      • Endpoint Security
        • Endpoint Detection and Response (EDR)
      • Domain Name Service (DNS) and Internet Protocol (IP) Reputation
        • WHOIS
        • AbuseIPDB
      • File Analysis
        • Strings
        • VirusTotal
      • Sandboxing
        • Joe Sandbox
        • Cuckoo Sandbox
      • Common Techniques
        • Pattern Recognition
          • Command and Control
        • Interpreting Suspicious Commands
        • Email Analysis
          • Header
          • Impersonation
          • DomainKeys Identified Mail (DKIM)
          • Domain-based Message Authentication, Reporting, and Conformance (DMARC)
          • Sender Policy Framework (SPF)
          • Embedded Links
        • File Analysis
          • Hashing
        • User Behavior Analysis
          • Abnormal Account Activity
          • Impossible Travel
      • Programming Languages/Scripting
        • JavaScript Object Notation (JSON)
        • Extensible Markup Language (XML)
        • Python
        • PowerShell
        • Shell Script
        • Regular Expressions
  • 1.4: Compare and Contrast Threat-Intelligence and Threat-Hunting Concepts
    • Threat Actors
      • Advanced Persistent Threat (APT)
      • Hacktivists
      • Organized Crime
      • Nation-State
      • Script Kiddie
      • Insider Threat
        • Intentional
        • Unintentional
      • Supply Chain
    • Tactics, Techniques, and Procedures (TTP)
    • Confidence Levels
      • Timeliness
      • Relevancy
      • Accuracy
    • Collection Methods and Sources
      • Open Source
        • Social Media
        • Blogs/Forums
        • Government Bulletins
        • Computer Emergency Response Team (CERT)
        • Cybersecurity Incident Response Team (CSIRT)
        • Deep/Dark Web
      • Closed Source
        • Paid Feeds
        • Information Sharing Organizations
        • Internal Sources
    • Threat Intelligence Sharing
      • Incident Response
      • Vulnerability Management
      • Risk Management
      • Security Engineering
      • Detection and Monitoring
    • Threat Hunting
    • Indicators of compromise (IoC)
      • Collection
      • Analysis
      • Application
    • Focus areas
      • Configurations/Misconfigurations
      • Isolated Networks
      • Business-Critical Assets and Processes
    • Active Defense
    • Honeypot
  • 1.5: Explain the Importance of Efficiency and Process Improvement in Security Operations
    • Standardize Processes
      • Identification of Tasks Suitable for Automation
        • Repeatable/do not Require Human Interaction
      • Team Coordination to Manage and Facilitate Automation
    • Streamline Operations
      • Automation and Orchestration
        • Security Orchestration, Automation, and Response (SOAR)
      • Orchestrating Threat Intelligence Data
        • Data Enrichment
        • Threat Feed Combination
      • Minimize Human Engagement
    • Technology and Tool Integration
      • Application Programming Interface (API)
      • Webhooks
      • Plugins
    • Single Pane of Glass

 

Domain 2: Vulnerability Management (30%)

  • 2.1: Given a Scenario, Implement Vulnerability Scanning Methods and Concepts
    • Asset Discovery
      • Map Scans
      • Device Fingerprinting
    • Special Considerations
      • Scheduling
      • Operations
      • Performance
      • Sensitivity Levels
      • Segmentation
      • Regulatory Requirements
    • Internal vs. External Scanning
    • Agent vs. Agentless
    • Credentialed vs. Non-Credentialed
    • Passive vs. Active
    • Static vs. Dynamic
      • Reverse Engineering
      • Fuzzing
    • Critical Infrastructure
      • Operational Technology (OT)
      • Industrial Control Systems (ICS)
      • Supervisory Control and Data Acquisition (SCADA)
    • Security Baseline Scanning
    • Industry Frameworks
      • Payment Card Industry Data Security Standard (PCI DSS)
      • Center for Internet Security (CIS) Benchmarks
      • Open Web Application Security Project (OWASP)
      • International Organization for Standardization (ISO) 27000 Series
  • 2.1: Given a Scenario, Implement Vulnerability Scanning Methods and Concepts
    • Asset Discovery
      • Map Scans
      • Device Fingerprinting
    • Special Considerations
      • Scheduling
      • Operations
      • Performance
      • Sensitivity Levels
      • Segmentation
      • Regulatory Requirements
    • Internal vs. External Scanning
    • Agent vs. Agentless
    • Credentialed vs. Non-Credentialed
    • Passive vs. Active
    • Static vs. Dynamic
      • Reverse Engineering
      • Fuzzing
    • Critical Infrastructure
      • Operational Technology (OT)
      • Industrial Control Systems (ICS)
      • Supervisory Control and Data Acquisition (SCADA)
    • Security Baseline Scanning
    • Industry Frameworks
      • Payment Card Industry Data Security Standard (PCI DSS)
      • Center for Internet Security (CIS) Benchmarks
      • Open Web Application Security Project (OWASP)
      • International Organization for Standardization (ISO) 27000 Series
  • 2.2: Given a Scenario, Analyze Output from Vulnerability Assessment Tools
    • Tools
      • Network Scanning and Mapping
        • Angry IP Scanner
        • Maltego
      • Web Application Scanners
        • Burp Suite
        • Zed Attack Proxy (ZAP)
        • Arachni
        • Nikto
      • Vulnerability Scanners
        • Nessus
        • OpenVAS
      • Debuggers
        • Immunity Debugger
        • GNU Debugger (GDB)
      • Multipurpose
        • Nmap
        • Metasploit Framework (MSF)
        • Recon-ng
      • Cloud Infrastructure Assessment Tools
        • Scout Suite
        • Prowler
        • Pacu
  • 2.3: Given a Scenario, Analyze Data to Prioritize Vulnerabilities
    • Common Vulnerability Scoring System (CVSS) Interpretation
      • Attack Vectors
      • Attack Complexity
      • Privileges Required
      • User Interaction
      • Scop
      • Impact
        • Confidentiality
        • Integrity
        • Availability
    • Validation
      • True/False Positives
      • – True/False Negatives
    • Context Awareness
      • Internal
      • External
      • Isolated
    • Exploitability/Weaponization
    • Asset Value
    • Zero-Day
  • 2.4: Given a Scenario, Recommend Controls to Mitigate Attacks andSoftware Vulnerabilities
    • Cross-Site Scripting
      • Reflected
      • Persistent
    • Overflow Vulnerabilities
      • Buffer
      • Integer
      • Heap
      • Stack
    • Data Poisoning
    • Broken Access Control
    • Cryptographic Failures
    • Injection Flaws
    • Cross-Site Request Forgery
    • Directory Traversal
    • Insecure Design
    • Security Misconfiguration
    • End-of-life or Outdated Component
    • Identification and Authentication Failures
    • Server-side Request Forgery
    • Remote Code Execution
    • Privilege Escalation
    • Local File Inclusion (LFI)/Remote File Inclusion (RFI)
  • 2.5: Explain Concepts Related to Vulnerability Response, Handling, and Management
    • Compensating Control
    • Control Types
      • Managerial
      • Operational
      • Technical
      • Preventative
      • Detective
      • Responsive
      • Corrective
    • Patching and Configuration Management
      • Testing
      • Implementation
      • Rollback
      • Validation
    • Maintenance Windows
    • Exceptions
    • Risk Management Principles
      • Accept
      • Transfer
      • Avoid
      • Mitigate
    • Policies, Governance, and Service- Level Objectives (SLOs)
    • Prioritization and Escalation
    • Attack Surface Management
      • Edge Discovery
      • Passive Discovery
      • Security Controls Testing
      • Penetration Testing and Adversary Emulation
      • Bug bounty
      • Attack Surface Reduction
    • Secure Coding Best Practices
      • Input Validation
      • Output Encoding
      • Session Management
      • Authentication
      • Data Protection
      • Parameterized Queries
    • Secure Software Development Life Cycle (SDLC)
    • Threat Modeling

 

Domain 3: Incident Response Management (20%)

  • 3.1: Explain Concepts Related to Attack Methodology Frameworks
    • Cyber Kill Chain
      • Reconnaissance
      • Weaponization
      • Delivery
      • Exploitation
      • Installation
      • Command and Control (C2)
      • Actions and objective
    • Diamond Model of Intrusion Analysis
      • Adversary
      • Victim
      • Infrastructure
      • Capability
    • MITRE ATT&CK
    • Open Source Security Testing Methodology Manual (OSSTMM)
    • OWASP Testing Guide
  • 3.2: Given a Scenario, Perform Incident Response Activities
    • Detection and Analysis
      • IoC
      • Evidence Acquisitions
      • Chain of Custody
      • Validating Data Integrity
      • Preservation
      • Legal hold
      • Data and Log Analysis
    • Containment, Eradication, and Recovery
      • Scope
      • Impact
      • Isolation
      • Remediation
      • Re-Imaging
      • Compensating Controls
  • 3.3: Explain the Preparation and Post-Incident Activity Phases of the Incident Management Life Cycle
    • Preparation
      • Incident Response Plan
      • Tools
      • Playbooks
      • Tabletop
      • Training
      • Business Continuity (BC)/ Disaster Recovery (DR)
    • Post-Incident Activity
      • Forensic Analysis
      • Root Cause Analysis
      • Lessons Learned

 

Domain 4: Reporting and Communication (17%)

  • 4.1: Explain the Importance of Vulnerability Management Reporting and Communication
    • Vulnerability Management Reporting
      • Vulnerabilities
      • Affected Hosts
      • Risk Score
      • Mitigation
      • Recurrence
      • Prioritization
    • Compliance Reports
    • Action Plans
      • Configuration Management
      • Patching
      • Compensating Controls
      • Awareness, Education, and Training
      • Changing Business Requirements
    • Inhibitors to Remediation
      • Memorandum of Understanding (MOU)
      • Service-Level Agreement (SLA)
      • Organizational Governance
      • Business Process Interruption
      • Degrading Functionality
      • Legacy Systems
      • Proprietary systems
    • Metrics and Key Performance Indicators (KPIs)
      • Trends
      • Top 10 Critical Vulnerabilities and Zero-days
      • SLOs
    • Stakeholder Identification and Communication
  • 4.2: Explain the Importance of Incident Response Reporting and Communication
    • Stakeholder Identification and Communication
    • Incident Declaration and Escalation
    • Incident Response Reporting
      • Executive summary
      • Who, What, When, Where, and Why
      • Recommendations
      • Timeline
      • Impact
      • Scope
      • Evidence
    • Communications
      • Legal
      • Public Relations
        • Customer Communication
        • Media
      • Regulatory reporting
      • Law enforcement
    • Root cause Analysis
    • Lessons Learned
    • Metrics and KPIs
      • Mean Time to Detect
      • Mean Time to Respond
      • Mean Time to Remediate
      • Alert Volume

Need customized curriculum Talk to Advisor

Related Courses

CompTIA Security+ Certification Training in Philippines
Explore
CompTIA Security+ Certification Training in Australia
Explore
CompTIA Security+ Certification Training in Uganda
Explore
CompTIA Security+ Certification Training in New Zealand
Explore

Here What people are saying about InfosecTrain

Why InfosecTrain

Guaranteed* to run Courses

4 hrs/day in Weekday/Weekend

Customized Training

Technical Support Post Training

Access to the recorded session

Accredited Instructors

TOP