There are many people that have taken what is considered the Trinity of CompTIA: A+, Network+, and Security+. But, what comes after Security+? Some people in the security industry suggest tests like the CompTIA Advanced Security Practitioner (CASP), Systems Security Certified Practitioner (SSCP), or even the Certified Ethical Hacker (CEH) exam, but those seem like a jump away from the fundamentals that Security+ offers. That is why CompTIA has introduced an exam that fits in between Security+ and CompTIA Advanced Security Practitioner (CASP) called CompTIA Cybersecurity Analyst+ (CSA+).
CompTIA Cybersecurity Analyst+ (CS0-0001)
Like any other exam from the people over at CompTIA, the Cybersecurity Analyst+ test is vendor neutral. It aims to test applicable knowledge with tools used by security professionals for tasks such as threat detection, data analysis, and vulnerability assessment. The ideal candidate should also know how to detect and combat malware and Advance Persistent Threats (APTs) through skills such as user and network behavior analytics. They should be able to show proficient use with tools such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Information Event Manager (SIEM), and packet sniffers.
Experience
It is recommended that the candidate looking to take this exam should have 3-4 years of experience in a security role. But, if a candidate feels they do not have the required experience required to take Cybersecurity Analyst+, Security+ is a good exam to take first. For candidates with almost no security experience or knowledge, it is recommended the candidate sit for Network+ to demonstrate core competencies required for Security+ and then Cybersecurity Analyst+.
Exam Objectives
| Domain | % of Exam |
| 1.0 Threat Management | 27% |
| 2.0 Vulnerability Management | 26% |
| 3.0 Cyber Incident Response | 23% |
| 4.0 Security Architecture and Tool Sets | 21% |
| Total | 100% |
Testing Methods
The Cybersecurity Analyst+ exam is comprised of both multiple choice and performance-based questions. Overall, the exam has 85 questions and allows one to sit for 165 minutes (2:45 H). The performance-based questions are simulations of tasks performed by security analyst in their daily roles. Candidates may be requested to look over log files, tool output to determine false positives, or Event Viewer logs to determine systems with malware. In order to prepare for these questions, CompTIA recommends experience with open-source analytics tools, team work and cyberwarfare exercises with red teams (pen testing) and blue teams (incident responders).
Software
In order to prepare for the Cybersecurity Analyst+ exam, some of the mentioned open-source platforms include Wireshark, a popular packet sniffer; Bro and Snort, two popular Intrusion Detection Systems; and AlienVault Open Source SEIM, a popular Security Information and Event Management (SIEM) platform. The exam is not limited to these softwares, nor is their inclusion an indicator that they will be included on the exam.
Launch Date
At the time of this writing, the CompTIA website states that the exam will be available on February 15, 2017 and will cost $320 for one exam voucher. Potential candidates can also signup for more details at the bottom of the new page and receive sample questions and exam objectives.
You can also download CompTIA Cybersecurity Analyst+ Exam Objectives.
Wiley also has a book, CompTIA Cybersecurity Analyst (CSA+) Study Guide: Exam CS0-001, written by Michael J. Chapple and David Seidl.
