🛡️ CompTIA CySA+ (CS0-003)
Free, independent CompTIA CySA+ cybersecurity-analyst exam-preparation with a signed certificate. Learn the modules, pass the exam.
Last updated: June 2026
An independent, free exam-preparation course that walks through the publicly published CompTIA CySA+ CS0-003 exam objectives across the four official domains — Security Operations (33%), Vulnerability Management (30%), Incident Response & Management (20%) and Reporting & Communication (17%). It uses visual lessons, worked analyst scenarios, original self-check questions and a 45-question final exam to build exam-ready skill in threat intelligence, SIEM and log analysis, network and endpoint telemetry, malware and behavioural analysis, vulnerability scanning and CVSS-based prioritisation, threat hunting, the MITRE ATT&CK framework, the incident-response lifecycle, digital forensics and analyst reporting. It is awareness/prep only — not the official CompTIA training or the certification exam itself — and claims no CompTIA affiliation or endorsement. The course is organized into 22 modules, ending with a final exam (pass mark 80%). It is independent, free exam-preparation training — not an official or accredited review course.
What you'll learn
- Domain 1: CySA+ CS0-003 Map & Analyst Role
- System & Network Architecture Concepts
- Logging, Telemetry & the Standard Operating Environment
- Threat Intelligence: Sources, IOCs & TTPs
- Attack Frameworks: Kill Chain, Diamond & MITRE ATT&CK
- SIEM, Correlation & Detection Engineering
- Network Traffic & Packet Analysis
- Endpoint, Host & Email Analysis
- Malware Behaviour & Sandboxing
- Threat Hunting & Behavioural Analytics
- Domain 2: Vulnerability Scanning & Tooling
- CVE, CWE & Common Identifiers
- CVSS Scoring & Risk-Based Prioritisation
- Validation: False Positives & Negatives
- Web App & Cloud Vulnerabilities
- Remediation, Mitigation & Compensating Controls
- Domain 3: Incident-Response Lifecycle
- Containment, Eradication & Recovery in Depth
- Digital Forensics & Evidence Handling
- IR Governance: Plans, Playbooks & Coordination
- Domain 4: Reporting, Metrics & Communication
- Exam Strategy & Final Review
Learning objectives
- Map the four CySA+ CS0-003 domains and their exam weightings to plan a focused study path.
- Apply system and network security concepts and standard operating-environment telemetry to security operations.
- Use threat intelligence, the threat-hunting cycle and the MITRE ATT&CK framework to detect malicious activity.
- Analyse SIEM output, packet captures, endpoint and email artefacts to identify indicators of compromise.
- Identify common malware behaviours and use sandboxing and reverse-engineering basics for triage.
- Implement vulnerability scanning, validate findings and reduce false positives.
- Prioritise vulnerabilities using CVSS v3.x metrics, asset context and threat exposure.
- Recommend remediation, mitigation and compensating controls and track them to closure.
- Execute the incident-response lifecycle: preparation, detection, containment, eradication and recovery.
- Apply digital-forensics and evidence-handling principles, including chain of custody.
- Produce clear analyst reports, metrics and stakeholder communication that drive action.
- Pass a 45-question exam (80% to earn your certificate).