Course Introduction Banner

CompTIA Cybersecurity Analyst+ (CySA+) CS0-003 Online Course

Course Format:Online Course
Self-Study Time:Approximately 120 Hours (Self-Study)
Delivery Time:1-2 Working Days (Email)
Based on 227 reviews from
Course Fees & Payment Options
Pay in full today:
Payment in full on checkout by Card or Paypal
3 monthly payments:
Pay over 3 payments on checkout with Klarna
6 monthly payments:
1 payment of £168.00 taken now 5 further payments of £50.40 - taken monthly with GoCardless
6 Month Payment Option Details:
1 initial payment of £168.00 followed by 5 monthly payments of £50.40 by Direct Debit
Course Description

The CompTIA Cybersecurity Analyst+ (CySA+) Online Course covers the CS0-003 examination syllabus. CySA+ is designed to be a vendor-neutral certification for cybersecurity, threat, and vulnerability analysts. The CySA+ certification is designed for security analysts and engineers as well as security operations center (SOC) staff, vulnerability analysts, and threat intelligence analysts. The course focuses on security analytics and practical use of security tools in real-world scenarios.

CompTIA CySA+ covers four major areas:

  • Security Operations
  • Vulnerability Management
  • Incident Response and Management
  • Reporting and Communications

These four areas include a range of topics, from reconnaissance to incident response and forensics, while focusing heavily on scenario-based learning. The CySA+ exam fits between the entry-level Security+ exam and the CompTIA Advanced Security Practitioner (CASP+) certification, providing a mid-career certification for those who are seeking the next step in their certification and career path.

The CompTIA Cybersecurity Analyst+ (CySA+) Online Course can benefit those preparing for the CompTIA CySA+ Exam, but is also useful for those whose job duties include Security Analyst, Vulnerability Analyst, Cybersecurity Specialist, Threat Intelligence Analyst or Security Operations Centre (SOC) Analyst.

On successful completion of this course, learners can arrange their CySA+ CS0-003 exam through Pearson Vue testing centres.

CySA+ Course Format

This course is delivered through an online portal and will give students 12 months access to their materials.

The course notes are in a written format and will also include some videos. As well as the course notes, the materials also include a pre-assessment, flash cards, a short quiz in each lesson, live labs, a post-assessment and a practice test.

The CompTIA Cybersecurity Analyst+ (CySA+) Online Course includes the following units:

The course starts by teaching you how to assess cybersecurity threats, as well as how to evaluate and select controls to keep your networks and systems secure.

The following topics are covered:

  • Cybersecurity Objectives
  • Privacy vs. Security
  • Evaluating Security Risks
  • Building a Secure Network
  • Secure Endpoint Management
  • Penetration Testing
  • Reverse Engineering
  • Efficiency and Process Improvement
  • The Future of Cybersecurity Analytics
  • Summary
  • Exam Essentials
  • Lab Exercises

Understanding the underlying architecture that makes up your organization's infrastructure will help you defend your organization. In this lesson you will explore concepts like serverless and containerization technology as well as virtualization. You will also explore logs and logging, network architecture and design concepts, identity and access management concepts, and how encryption can be used for security and data protection.

The following topics are covered:

  • Infrastructure Concepts and Design
  • Operating System Concepts
  • Logging, Logs, and Log Ingestion
  • Network Architecture
  • Identity and Access Management
  • Encryption and Sensitive Data Protection
  • Summary
  • Exam Essentials
  • Lab Exercises

Analyzing events and identifying malicious activity is a key part of many security professionals roles. In this lesson you will explore how to monitor for and detect host-based, network-based, and application-based attacks and indicators of compromise. You will also explore how logs, email, and other tools and data sources can be used as part of your investigations.

The following topics are covered:

  • Analyzing Network Events
  • Investigating Host-Related Issues
  • Investigating Service- and Application-Related Issues
  • Determining Malicious Activity Using Tools and Techniques
  • Summary
  • Exam Essentials
  • Lab Exercises

Security professionals need to fully understand threats in order to prevent them or to limit their impact. In this lesson, you will learn about the many types of threat intelligence, including sources and means of assessing the relevance and accuracy of a given threat intelligence source. You'll also discover how to use threat intelligence in your organization.

The following topics are covered:

  • Threat Data and Intelligence
  • Threat Classification
  • Applying Threat Intelligence Organizationwide
  • Summary
  • Exam Essentials
  • Lab Exercises

Gathering information about an organization and its systems is one of the things that both attackers and defenders do. In this lesson, you will learn how to acquire intelligence about an organization using popular tools and techniques. You will also learn how to limit the impact of intelligence gathering performed against your own organization.

The following topics are covered:

  • Mapping, Enumeration, and Asset Discovery
  • Passive Discovery
  • Summary
  • Exam Essentials
  • Lab Exercises

Managing vulnerabilities helps to keep your systems secure. In this lesson, you will learn how to identify, prioritize, and remediate vulnerabilities using a well-defined workflow and continuous assessment methodologies.

The following topics are covered:

  • Identifying Vulnerability Management Requirements
  • Configuring and Executing Vulnerability Scans
  • Developing a Remediation Workflow
  • Overcoming Risks of Vulnerability Scanning
  • Vulnerability Assessment Tools
  • Summary
  • Exam Essentials
  • Lab Exercises

Vulnerability reports can contain huge amounts of data about potential problems with systems. In this lesson, you will learn how to read and analyze a vulnerability scan report, what CVSS scoring is and what it means, as well as how to choose the appropriate actions to remediate the issues you have found. Along the way, you will explore common types of vulnerabilities and their impact on systems and networks.

The following topics are covered:

  • Reviewing and Interpreting Scan Reports
  • Validating Scan Results
  • Common Vulnerabilities
  • Summary
  • Exam Essentials
  • Lab Exercises

In this lesson, we turn our attention to what happens after a vulnerability is discovered—the ways that organizations respond to vulnerabilities that exist in their environments. We'll begin with coverage of the risk management process and then dive into some of the specific ways that you can respond to vulnerabilities.

The following topics are covered:

  • Analyzing Risk
  • Managing Risk
  • Implementing Security Controls
  • Threat Classification
  • Managing the Computing Environment
  • Software Assurance Best Practices
  • Designing and Coding for Security
  • Software Security Testing
  • Policies, Governance, and Service Level Objectives
  • Summary
  • Exam Essentials
  • Lab Exercises

This lesson focuses on building a formal incident response handling program and team. You will learn the details of each stage of incident handling from preparation, to detection and analysis, to containment, eradication, and recovery, to the final post-incident recovery, as well as how to classify incidents and communicate about them.

The following topics are covered:

  • Security Incidents
  • Phases of Incident Response
  • Building the Foundation for Incident Response
  • Creating an Incident Response Team
  • Classifying Incidents
  • Attack Frameworks
  • Summary
  • Exam Essentials
  • Lab Exercises

Security professionals monitor for indicators of compromise, and once found they are analyzed to determine if an incident happened. In this lesson you will explore IoCs related to networks, systems, services, and applications. You will also dive into data and log analysis as well as evidence acquisition and analysis.

The following topics are covered:

  • Indicators of Compromise
  • Investigating IoCs
  • Evidence Acquisition and Preservation
  • Summary
  • Exam Essentials
  • Lab Exercises

Once an incident has occurred and the initial phases of incident response have taken place, you will need to work on recovering from it. That process involves containing the incident to ensure that no further issues occur and then working on eradicating malware, rootkits, and other elements of a compromise. Once the incident has been cleaned up, the recovery stage can start, including reporting and preparation for future issues.

The following topics are covered:

  • Containing the Damage
  • Incident Eradication and Recovery
  • Validating Data Integrity
  • Wrapping Up the Response
  • Summary
  • Exam Essentials
  • Lab Exercises

Communications and reporting are key to ensuring organizations digest and use information about vulnerabilities and incidents. In this lesson you'll explore both communications related to vulnerability management and incident response. You'll explore how to leverage vulnerability management and risk scores while understanding the most common inhibitors to remediation. You'll also look at incident reports, how to engage stakeholders, and how lessons learned can be gathered and used.

The following topics are covered:

  • Vulnerability Management Reporting and Communication
  • Incident Response Reporting and Communication
  • Summary
  • Exam Essentials
  • Lab Exercises

Understanding what occurred on a system, device, or network, either as part of an incident or for other purposes, frequently involves forensic analysis. In this lesson, you will learn how to build a forensic capability and how the key tools in a forensic toolkit are used.

The following topics are covered:

  • Building a Forensics Capability
  • Understanding Forensic Software
  • Conducting Endpoint Forensics
  • Network Forensics
  • Cloud, Virtual, and Container Forensics
  • Post-Incident Activity and Evidence Acquisition
  • Forensic Investigation: An Example
  • Summary
  • Exam Essentials
  • Lab Exercises
Practice Tests & Quizzes

This study guide uses a number of common elements to help you prepare. These include the following:

Pre-Assessment Quiz:

At the end of the introduction, there is a pre assessment quiz that you can use to test your readiness for the course and the exam.

Flash Cards:

The course has an interactive Flash Card Quiz specifically written to test your knowledge, so don’t get discouraged if you don’t ace your way through them at first! They’re there to ensure that you know critical terms and concepts and you’re really ready for the exam.


The Summary section of each lesson briefly explains the lesson, allowing you to easily understand what is covered.

Exam Essentials:

The Exam Essentials focus on major exam topics and critical knowledge that you should take into the test. These Exam Essentials focus on the exam objectives provided by the test provider.

Lab Exercises:

The written labs provide more in-depth practice opportunities to expand your skills and to better prepare for performance-based testing on the exam.

Post Assessment:

This is a final indicator to gauge a student’s readiness and should be attempted after completing all lessons.

Practice Exam Quiz:

A Practice Exam Quiz is included for completion at the end of the course.

CySA+ Live Labs

This course includes access to Live Labs which are designed to give you a practical knowledge of the subject through remote access to real computer equipment, networked together and conveniently accessible over the internet using virtualization.

The CySA+ Course includes Live Labs which will cover the following:

  • System & Networking Security Implementation Concepts
  • Threat Intelligence & Threat Gathering Concepts
  • Techniques to Determine Malicious Activity
  • Vulnerability Scanning Tools & Techniques
  • Identifying & Analyzing Malicious Activity
  • Tools for Identifying Malicious Activity
  • Attack Methodology Frameworks
  • Vulnerability Data Analysis and Prioritization
  • Incident Response Management Techniques
  • Incident Response Communication & Reporting
  • Vulnerability Reporting Concepts
  • Vulnerability Patching & Attack Surface Management

There is no required prerequisite for CompTIA CS0-003 certification exam, but the candidate should hold CompTIA Network+, Security+ or equivalent knowledge. It is recommended that you have a minimum of 4 years of hands-on experience as an incident response analyst or security operations center (SOC) analyst, or equivalent experience.

Course Duration & Online Support

You can register at any time and have 12 months access to the course from enrolment. The course is designed as a self-study course, but if you have any problems you can email our support email service.

As this is a self-study course, how quickly it takes to complete will depend on the learner and the amount of time they have available to study.


Assessment is in the form of the CySA+ Certification CS0-003 examination. The Examination has a maximum of 85 questions which are a in a multiple choice and performance-based format over a 165 minute period. The Exam is graded on a scale of 100 - 900 with a minimum passing score of 750.

CompTIA Cybersecurity Analyst+ Certification

CompTIA CySA+ On completion of the Cybersecurity Analyst+ Online Course you can apply for the CompTIA CySA+ CS0-003 Examination.

Examinations must be sat at a registered Pearson VUE testing centre. The exam fee is currently £240.00 + VAT. This price is subject to change so please check directly with Pearson Vue for confirmation.

CompTIA Exams can be arranged in-person through a testing centre or remotely/online. You can find or register for your nearest exam centres by selecting the Test Takers option from the Pearson Vue Website.

Please Note: The CompTIA CySA+ CS0-003 exam was released in June 2023 and the retirement date will be approximately 3 years from the initial release.

Quick Question

Let us know if you have a question about this course and we will get back to you ASAP.

Student Testimonials
Get the TOTUM Pro Student Card!
Get the TOTUM Pro Student Card!

This course is eligible for the TOTUM Pro Student Card. 

TOTUM PRO is made especially for professional learners, and opens up a whole world of fantastic savings and discounts on everything from dining out and keeping fit to travel abroad... Find Out More

Save money on hundreds of offers for:

  • Fashion
  • Eating Out
  • Music & Technology
  • Supermarkets
  • Health & Fitness
  • Home & Garden
  • Travel
Why Study With Us?
Huge Choice of Courses
We currently offer over 250+ diffeent distance learning courses leading to full Ofqual Regulated Qualifications or Accredited Certificates from National Awarding Bodies.
Customer Reviews
We're a top rated home learning provider on the Find Courses / Independent reviews site, Trustpilot - currently rated 9.6/10 for customer service.
Payment Plans
Choose to pay for your course in full, or spread the cost with monthly instalments. Payment plans are interest-free, with no credit checks.
Quick Delivery
We process all applications quickly and most course materials are available to start within 1 to 3 working days!
Tutor Support
All courses are fully supported and tutors are available to answer any questions, mark your assignments and offer feedback and guidance throughout your course.
Study At Your Pace
Work at your own pace. Our team will support you, but won't chase you for work or apply deadlines for submissions.
Recently Viewed (1)
CompTIA Cybersecurity Analyst+ (CySA+) CS0-003 Online Course
CompTIA Cybersecurity Analyst+ (CySA+) CS0-003 Online Course
From as little as £50.40 per month