CompTIA Cybersecurity Analyst+

There are many people that have taken what is considered the Trinity of CompTIA: A+, Network+, and Security+. But, what comes after Security+? Some people in the security industry suggest tests like the CompTIA Advanced Security Practitioner (CASP), Systems Security Certified Practitioner (SSCP), or even the Certified Ethical Hacker (CEH) exam, but those seem like a jump away from the fundamentals that Security+ offers. That is why CompTIA has introduced an exam that fits in between Security+ and CompTIA Advanced Security Practitioner (CASP) called CompTIA Cybersecurity Analyst+ (CSA+).

CompTIA Cybersecurity Analyst+ (CS0-0001)

Like any other exam from the people over at CompTIA, the Cybersecurity Analyst+ test is vendor neutral. It aims to test applicable knowledge with tools used by security professionals for tasks such as threat detection, data analysis, and vulnerability assessment. The ideal candidate should also know how to detect and combat malware and Advance Persistent Threats (APTs) through skills such as user and network behavior analytics. They should be able to show proficient use with tools such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Information Event Manager (SIEM), and packet sniffers.


It is recommended that the candidate looking to take this exam should have 3-4 years of experience in a security role. But, if a candidate feels they do not have the required experience required to take Cybersecurity Analyst+, Security+ is a good exam to take first. For candidates with almost no security experience or knowledge, it is recommended the candidate sit for Network+ to demonstrate core competencies required for Security+ and then Cybersecurity Analyst+.

Exam Objectives

Domain % of Exam
1.0 Threat Management 27%
2.0 Vulnerability Management 26%
3.0 Cyber Incident Response 23%
4.0 Security Architecture and Tool Sets 21%
Total 100%

Testing Methods

The Cybersecurity Analyst+ exam is comprised of both multiple choice and performance-based questions. Overall, the exam has 85 questions and allows one to sit for 165 minutes (2:45 H). The performance-based questions are simulations of tasks performed by security analyst in their daily roles. Candidates may be requested to look over log files, tool output to determine false positives, or Event Viewer logs to determine systems with malware. In order to prepare for these questions, CompTIA recommends experience with open-source analytics tools, team work and cyberwarfare exercises with red teams (pen testing) and blue teams (incident responders).


In order to prepare for the Cybersecurity Analyst+ exam, some of the mentioned open-source platforms include Wireshark, a popular packet sniffer; Bro and Snort, two popular Intrusion Detection Systems; and AlienVault Open Source SEIM, a popular Security Information and Event Management (SIEM) platform. The exam is not limited to these softwares, nor is their inclusion an indicator that they will be included on the exam.

Launch Date

At the time of this writing, the CompTIA website states that the exam will be available on February 15, 2017 and will cost $320 for one exam voucher. Potential candidates can also signup for more details at the bottom of the new page and receive sample questions and exam objectives.

You can also download CompTIA Cybersecurity Analyst+ Exam Objectives.

Wiley also has a book, CompTIA Cybersecurity Analyst (CSA+) Study Guide: Exam CS0-001, written by Michael J. Chapple and David Seidl.

Should I Become a Cybersecurity Practitioner (CSX)?

There are a lot of different security certificates one can achieve in order to increase their knowledge in the cybersecurity field. Since cybersecurity is a young, still-growing field, there are a lot of new certificates still being created. One of the more recent certificates is the Cybersecurity Practitioner (CSXP) by ISACA. It is different from many of the other exams in the security field, because it is a real-time, hands-on exam where the candidate has to prove their knowledge by dealing with different incident response scenarios in a virtual environment.

Basic Information About CSX Practitioner Certification

The Cybersecurity Practitioner (CSXP) exam is a vendor-neutral, performance-based certification from ISACA. It is a real-world, live, virtual lab environment designed to test the practical knowledge of a candidate. There are no multiple choice questions. The time limit for the exam is 3.5 hours. There will be few instructions and the candidate will be expected to switch between multiple virtual machines while multitasking. ISACA also offers a lab preview for demonstration purposes.

The exam will test for knowledge in domains of prevention, detection, and response in relation to a cybersecurity incident. It is focused around the role of a first responder, and is designed to demonstrate experience with firewalls, patching, anti-virus, vulnerability scans with basic analysis, and the ability to implement common security controls. It assumes knowledge of Kali Linux, Microsoft Windows Server and Workstation, as well as Ubuntu Linux. It is the second new exam in the ISACA library of certificates, immediately following the Cybersecurity Fundamentals Certificate, which is designed to demonstrate fundamental knowledge of cybersecurity.

Fees and Training

Breakdown of knowledge domains

  • Protect: 33-37%
  • Detect: 21-24%
  • Respond: 16-18%
  • Identify: 13-15%
  • Recover: 10-12%

Familiar tools and techniques

  1. Linux system administration (entry level)
  2. Md5deep64
  3. Microsoft Windows Domain Administration (entry level)
  4. Microsoft Security Essentials
  5. Network troubleshooting commands
  6. Nmap/Zenmap
  7. Pfsense
  8. Security Onion
  9. Snorby
  10. Snort
  11. Tcpdump
  12. Terminal applications
  13. Wireshark


Although training will not be required to sit for this exam, ISACA does offer their own training labs, which cost $500 per lab with six months of total access. ISACA also offers bootcamps and training at conferences, for a fee. The author could find no other training outside of ISACA at the time of this writing.

Exam fees

  • ISACA members: $540
  • Non-members: $725

Testing Locations

Testing locations are proctored by Prometric. Once a candidate purchases an exam voucher, the candidate is allowed to sit for the exam within the next seven months. Candidates can find testing locations at prometric.com/isaca. Exams are only available in English at the time of this writing.

More Information

ISACA provides a PDF with more information, for those serious about sitting the CSXP exam. Candidates can also view the ISACA website for more detailed information than this article provides. One can also find more information on maintaining the CSXP certification there, as well. This certification shows that a candidate has hands-on, practical experience and knows how to protect a network and resolve security-related issues. Since this certification is a real-time, practical exam it stands out from most of the other multiple choice exams in this space. It is definitely a certification worth considering.