← Cybersecurity

CS0-003 · Syllabus & Exam Outline 2026

CompTIA CySA+ (CS0-003)

In short

The CompTIA CySA+ (CS0-003) exam has up to 85 questions in 165 minutes and a fixed passing score of 750 out of 900. It covers security operations, vulnerability management, incident response and management, and reporting and communication. It costs $425. Free practice questions and a full study plan are below.

Practice deck · one-time $4.99

Unlock 1,000+ CompTIA CySA+ (CS0-003) active-recall practice cards

Lifetime access to the full deck, with free updates — on web and in the app. Make it yours: add your own sources and edit any card.

  • Lifetime access
  • Free updates
  • Web + mobile app
  • Fully editable
Unlock for $4.99
Questions
Maximum of 85
Time limit
165 minutes
Passing score
750 (on a scale of 100-900)
Cost
$425 USD
Format
Multiple-choice · performance-based
Delivery
Pearson VUE (in-person testing center or online testing)
Prep time
~120 hours
CompTIA CySA+ Certification Page (Exam Objectives Form)

Exam overview

The CompTIA Cybersecurity Analyst (CySA+) CS0-003 certification exam assesses a candidate's ability to proactively defend and continuously improve the security posture of an organization. This intermediate-level exam validates that you possess the hands-on skills necessary to capture, monitor, and respond to network traffic findings, understand software and operational vulnerabilities, and execute incident response, threat hunting, and IT regulatory compliance activities. Earning the CySA+ certification demonstrates to employers that you can leverage modern intelligence and threat detection techniques to identify vulnerabilities and mitigate risks before they result in catastrophic breaches. It covers four major domains: Security Operations, Vulnerability Management, Incident Response and Management, and Reporting and Communication. Preparing for the CS0-003 exam requires a structured approach to studying a vast amount of technical information. To make this manageable, Only Ever maps every domain to 15-minute study topics, allowing you to master complex concepts like CVSS scoring, SIEM queries, and attack methodology frameworks in short, focused learning sessions.

Exam domains & weighting

Each domain's share of the exam — study deepest where the weight is highest. Open one for how to study it and its objectives.

How to study this domain

This is the most heavily weighted domain, so dedicate significant time to understanding network and host-based malicious indicators. Practice analyzing packet captures using tools like Wireshark and TCPDump, and familiarize yourself with SIEM and SOAR platforms. Ensure you can differentiate between various threat actors and their tactics, techniques, and procedures (TTPs).

Key objectives

  • Log Ingestion and OS Concepts
  • Infrastructure and Network Architecture
  • Identity, Access, Encryption, and Sensitive Data
  • Network-Related Malicious Indicators
  • Host, Application, and Other Indicators
  • Tools for Malicious Activity Detection
  • Detection Techniques and Scripting
  • Threat Actors and TTPs
  • Threat Intelligence Collection and Sharing
  • Threat Hunting Concepts
  • Efficiency and Process Improvement
Study this domain

Readiness self-check

Tick off everything you can confidently explain. Anything left unchecked is your study list — tap “Review” to jump straight into that domain.

Readiness

0 / 8

Security Operations

Review

Vulnerability Management

Review

Incident Response and Management

Review

Reporting and Communication

Review

Quick reference

Essential Cybersecurity Acronyms

Common acronyms drawn directly from the official CompTIA CySA+ CS0-003 exam objectives.

APT
Advanced Persistent ThreatA stealthy threat actor, typically a nation-state or state-sponsored group, which gains unauthorized access to a network.
CASB
Cloud Access Security BrokerSoftware or hardware that sits between cloud service users and cloud applications.
CVSS
Common Vulnerability Scoring SystemAn industry standard for assessing the severity of computer system security vulnerabilities.
EDR
Endpoint Detection and ResponseCybersecurity technology that continually monitors an endpoint to mitigate malicious threats.
IoC
Indicators of CompromiseEvidence on a computer or network that indicates a security breach.
SIEM
Security Information and Event ManagementSoftware products and services combining security information management and security event management.
SOAR
Security Orchestration, Automation, and ResponseTechnologies that enable organizations to collect inputs monitored by the security operations team.
TTP
Tactics, Techniques, and ProceduresThe behavior of a threat actor, utilized heavily in threat intelligence frameworks.

Recommended Lab Hardware & Software

Sample tools and environments suggested by CompTIA to practice CySA+ concepts.

Kali Linux

A Linux-based OS designed for digital forensics and penetration testing.

Commando VM

A fully customizable Windows-based penetration testing virtual machine environment.

Metasploitable

An intentionally vulnerable Linux virtual machine used to practice exploiting security flaws.

Wireshark & TCPDump

Packet capture and protocol analysis tools critical for spotting malicious network traffic.

OpenVAS & Nessus

Vulnerability scanners used to map asset exposures across environments.

Frequently asked questions

Good to know

  • The exam includes performance-based questions (PBQs) that require candidates to solve problems in simulated environments.
  • The exam emphasizes 4 years of recommended hands-on experience as an incident response analyst or SOC analyst.
  • CompTIA frequently reviews exam content; bulleted examples in the syllabus are not exhaustive, meaning related technologies may appear on the actual test.
  • Use of unauthorized third-party training sites ('brain dumps') is strictly prohibited and can result in certification revocation.

Reading isn’t remembering.

Preparing for the CySA+ exam requires mastering complex incident response processes, threat hunting, and continuous security monitoring, which can be overwhelming to synthesize.

Only Ever breaks down the official CompTIA CySA+ syllabus into 15-minute, highly focused study sessions. Our content maps directly to the CS0-003 exam objectives to ensure maximum retention and test readiness.