CS0-002 to CS0-003, Major Changes to the CompTIA CySA+ Exam

CS0-002 to CS0-003 Major Changes to the CompTIA CySA+ Exam

The CompTIA CySA+ is the world’s premier certification for cybersecurity analysts. CompTIA’s State of the Tech Workforce report shows that demand for skilled cybersecurity analysts will remain strong, with growth that’s expected to be 253% above the national rate over the next 10 years. The CySA+ certification is designed specifically for cybersecurity analysts and is globally recognized.

The CySA+ is updated every three years.  Each iteration of the exam is labelled according to its series number.  Previous versions of the exam were labelled as CS0-001 and CS0-002.  CompTIA updates this exam to keep the materials current with the latest trends relevant for cybersecurity analysts and security operations. The latest update is CS0-003 and includes major changes to the exam.

Each update brings new exam objectives, concepts, and technologies to the exam. For example, the latest version, CS0-003 introduces cloud infrastructure and web application testing tools and technologies. We’ve highlighted the significant changes below.

Introduction of the CS0-003 version of the CompTIA CySA+ Exam

The CS0-002 version of the exam was published on April 21, 2020 and is set to retire on December 5th 2023.  It will be replaced by the CS0-003 version of the exam, which is scheduled to be introduced June 6, 2023. 

This exam significantly changed the exam objectives and testable content to remain current with recent security trends. CompTIA interviewed incident response managers and security operations center (SOC) managers to find the most relevant skills needed for cybersecurity analysts. The test takes into account recent cybersecurity attacks and threat patterns.

Differences between the CS0-002 and CS0-003 CySA+ Exam

We’ve outlined the differences between the two exams below:

Exam Codes CS0-002CS0-003 
Launch Date November 12, 2020November 1, 2023
Exam DescriptionCompTIA Cybersecurity Analyst (CySA+) will verify the successful candidate has the knowledge and skills required to:
• Leverage intelligence and threat detection techniques
• Analyze and interpret data
• Identify and address vulnerabilities
• Suggest preventative measures
• Effectively respond to and recover from incidents
This is equivalent to 4 years of hands-on experience in a technical cybersecurity job role.
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all the content of this examination.
The CompTIA Cybersecurity Analyst (CySA+) certification exam will certify the successful candidate
has the knowledge and skills required to:
• Detect and analyze indicators of malicious activity
• Understand threat hunting and threat intelligence concepts
• Use appropriate tools and methods to manage, prioritize, and respond to attacks and vulnerabilities
• Perform incident response processes
• Understand reporting and communication concepts related to vulnerability management and incident
response activities
Number of QuestionsMaximum of 90 questionsMaximum of 85 questions
Type of QuestionsMultiple choice and performance-basedMultiple choice and performance-based
Length of Test165 minutes165 minutes
Passing Score750 (on a scale of 100-900)750 (on a scale of 100-900)
Required ExperienceNo experience is required to take the examNo experience is required to take the exam
LanguagesEnglish, JapaneseEnglish, Japanese
Retirement December 5th, 2023TBD, likely October 1st, 2026
Testing Provider Pearson VUE
Testing Centers Online Testing
Pearson VUE
Testing Centers Online Testing
Exam PriceCompTIA Store Price $392 USD
Cyberkraft Price $345 USD
CompTIA Store Price $392 USD
Cyberkraft Price $345 USD
Self-Paced Video Training Price$398 USD
(Includes the Official CompTIA Learn+Labs Environment, priced at $764)
$398 USD
(Includes the Official CompTIA Learn+Labs Environment, priced at $764)
Instructor Led Training Cost$2,270 USD
($392 exam fee included)
$2,270 USD
($392 exam fee included)

Changes to the CySA+ Domains from CS0-002 to CS0-003

CompTIA CySA+ CS0-002 Exam DomainsCompTIA CySA+ CS0-003 Exam Domains
1) Threat and Vulnerability Management
2) Software and Systems Security
3) Security operations and Monitoring
4) Incident Response
5) Compliance and Assessment
1) Security Operations
2) Vulnerability Management
3) Incident Response and Management
4) Reporting and Communication
CySA+ CS0-002 Exam ObjectivesCySA+ CS0-003 Exam Objectives

The most obvious change between the exams is the reduction of the number of test domains from five to four. Every existing domain was completely changed in some way. This new CySA+ version 003 is one of the most extreme changes to a certification exam that our Cyberkraft team has ever seen.

CS0-002 to CS0-003 Major Changes to the CompTIA CySA+ Exam

Domain 1 Security Operations

Security Operations has been changed from domain 3 to domain 1. This new domain emphasizes the correct analysis of malicious activity. This domain teaches how to use security tools such as Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), and Security Orchestration Automation, and Response (SOAR) and how to incorporate these into network architectures.

The Security Operations domain also focuses on identifying threat groups and Advanced Persistent Threats (APTs). Students will also learn how to identify threats and malicious activity. The content also includes the identification of specific malicious code strings.

In version CS0-002, threats and vulnerabilities were taught simultaneously, both included in Domain 1. Now, threats are taught in Domain 1 while vulnerabilities are discussed in Domain 2.

Domain 2 Vulnerability Management

This domain now heavily focuses on the use of software tools for vulnerability assessment. Students will be expected to understand the basic functionality of various software tools such as Burp Suite, Maltego, Arachni, Nessus, OpenVAS, Prowler, Metasploit, and Recon-NG. The exam will include practical questions to test candidates’ ability to correctly configure these tools.

Domain section 2.4 requires students to understand web application vulnerabilities. This section draws heavily from the Open Worldwide Application Security Project (OWASP) Top 10 list of web application vulnerabilities.

Notably, the amount of content on the exam focused on Governance, Risk, and Compliance (GRC) has been drastically reduced.

Domain 3 Incident Response and Management

Domain 3 is closely tied to Domain 4, both of which focus on Incident Response techniques. Domain 3 tests student’s knowledge of penetration testing frameworks, MITRE ATT&CK, the Diamond Model of Intrusion Analysis, and the Cyber Kill Chain. Students must understand how to properly manage incidents and respond to those incidents through containment, eradication, and recovery.

Digital Forensics is a major concept in this domain. Students are required to understand chain of custody and must demonstrate the ability to properly analyze and preserve digital evidence. Business Continuity and Disaster Recovery are also a main focus in this domain, particularly in the context of preparing a SOC for continued operations.

Domain 4 Reporting and Communication

Domain 4 is the shortest domain with only two sections. It could even be considered a continuation of Domain 3 as its main focus is on incident response. Students must understand reporting concepts such as what data to report to which stakeholders. Students are also taught how to create an incident repose report which includes an executive summary, recommendations, timeline, impact, scope, and evidence.

Metrics are also a major focus in this domain. Students must understand how to measure Key Performance Indicators (KPIs), commonly used KPIs, and how to correctly report them.

Why is the change to the CySA+ exam important?

This update to the CySA+ exam brings major changes to the course content. Since the content is so much different from the previous version, students who have been studying the CS0-002 material will find their efforts wasted if they fail to take the CS0-002 exam before December 5th. After that date, students will need to learn the new CS0-003 material and only the 003 test will be available.

Cyberkraft CySA+ Live Classes

If you haven’t found the time to study on your own or if you work a full time job, then you might want to consider live training. Our CySA+ Bootcamp will teach you everything you need to ace the exam and earn your Security+ with 40 hours of live instructor-led training. You are guaranteed to pass with our bootcamp or we’ll pay for your second exam attempt with our Second Shot Guarantee! Plus, we have flexible training options available with daytime and evening classes available for busy professionals.

CompTIA CySA+ Bootcamp CS0-003

Cyberkraft Self-Paced CySA+ Training

If you’re interested in training at your own pace, our self-paced course will fully prepare you to ace your exam on your first try and comes with a 7 day full money back guarantee. This course (as well as our live training) includes the official CompTIA CertMaster Learn+Labs Environment. You’ll be able to work with real-world security tools with over 30 custom built lab exercises. Our video lessons in this course are taught by our CompTIA trained and certified instructors. Plus, we provide you with six full simulation exams and 12 quizzes (over 600 questions) so you can be fully prepared for test day.

CompTIA CySA+ Course CS0-003

Try the course now risk free with our 7 day full money back guarantee!

Free 1 on 1 CySA+ Training Session

If you have any questions about these changes, the CySA+ exam, or how to get certified, please reach out to us using one of the methods below.

If you’re interested in a free 30 private study session with one of our expert, CompTIA trained instructors, e-mail or text us with the subject line “Free CySA+ Training Session” and we’ll schedule a free, 30 minute private class with you.

E-mail: [info@cyberkrafttraining.com]

Call or Text: +1 (724) 875-5448

Schedule a Free Training Consultation: https://calendly.com/cyberkraft

Chat with us anytime using the chat feature on this page.

Related Articles