CompTIA CySA+ Certification (PLA)

L3 Level 3
Part Time
Contact us for dates
PLA: This course is free for employed adults eligible for a Personal Learning Account (PLA). To see if you could be eligible for a PLA go to - For a full list of PLA courses go to

About this course

The CompTIA Cybersecurity Analyst (CySA+) is a globally recognised certification that validates your ability to proactively capture, monitor and respond to network security threats. By undertaking this course, you'll gain critical knowledge of cybersecurity threats, security architecture, risk management, and incident response.

Choosing to study in these instructor-led virtual classrooms provides a rich, immersive learning environment that not only equips you with essential theoretical knowledge, but also allows for practical, hands-on experience.

The instructors are industry experts who bring a wealth of real-world experience to the table, ensuring you receive up-to-date and relevant knowledge. The interactive nature of these virtual classrooms encourages active participation and enables you to gain insights from your instructors and peers alike.

In a rapidly evolving digital world, cybersecurity skills are in high demand. With the CySA+ certification under your belt, you'll be well-positioned to step up your career in the dynamic field of cybersecurity.

This 5 day course runs regularly over consecutive days and delegates will have 6 months to complete from date of enrolment. Delegates will arrange course start dates directly with the course provider once they have been approved for funding.

What you will study

The CompTIA CySA+ Cyber Security Analyst course syllabus is comprehensive, covering a range of topics and concepts essential to the role of a Cyber Security Analyst. When you enrol onto this course, you can expect to learn:

o Security Analytics

o Threat Management

o Appropriate Tools

o Identity and Access Management

o Software Development Lifecycle

o Threat Detection Tools

o Appropriate Forensics Tools 

o Review Security Architecture

o Performance Data Analysis

o Security Issues Related

o Post Incident Response Process

o Network Vulnerabilities and Access Management

Module 1: Threat and Vulnerability Management

Intelligence sources

Indicator management

Threat classification

Threat actors

Intelligence cycle

Commodity malware

Information sharing and analysis communities

1.2 Given a scenario, utilise threat intelligence to support organisational security.

Attack frameworks

Threat research

Threat modelling methodologies

Threat intelligence sharing with supported functions

1.3 Given a scenario, perform vulnerability management activities.

Vulnerability identification



Scanning parameters and criteria

Inhibitors to remediation

1.4 Given a scenario, analyse the output from standard vulnerability assessment tools.

Web application scanner

Infrastructure vulnerability scanner

Software assessment tools and techniques


Wireless assessment tools

Cloud Infrastructure assessment tools

1.5 Explain the threats and vulnerabilities associated with specialised technology.


Internet of Things (IoT)


Real-time operating system (RTOS)

System-on-Chip (SoC)

Field programmable gate array (FPGA)

Physical access control

Building automation systems

Vehicles and drones

Workflow and process automation systems
Industrial control system

Supervisory control and data acquisition (SCADA)

1.6 Explain the threats and vulnerabilities associated with operating in the cloud.

Cloud service models

Cloud deployment models

Function as a Service (FaaS)/ serverless architecture

Infrastructure as code (IaC)

Insecure application programming interface (API)

Improper key management

Unprotected storage

Logging and monitoring

1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.

Attack types


Module 2.0: Software and Systems Security

2.1 Given a scenario, apply security solutions for infrastructure management.

Cloud vs on-premises

Asset management


Network architecture

Change management



Identity and access management

Cloud access security broker (CASB)


Monitoring and logging


Certificate management

Active defence

2.2 Explain software assurance best practices.


Software development life cycle (SDLC) integration

Software assessment methods

Secure coding best practices

Static analysis tools

Dynamic analysis tools

Formal methods for verification of critical software

Service-oriented architecture

2.3 Explain hardware assurance best practices.

Hardware root of trust


Unified Extensible Firmware Interface (UEFI)

Trusted foundry

Secure processing


Self-encrypting drive

Trusted firmware updates

Measured boot and attestation

Bus encryption

Module 3.0: Security Operations and Monitoring

3.1 Given a scenario, analyse data as part of security monitoring activities.


Trend analysis



Log review

Impact analysis

Security information and event management (SIEM) review

Query writing

E-mail analysis

3.2 Given a scenario, implement configuration changes to existing controls to improve security.





Intrusion prevention system (IPS) rules

Data loss prevention (DLP)

Endpoint detection and response (EDR)

Network access control (NAC)


Malware signatures


Port security

3.3 Explain the importance of proactive threat hunting

Establishing a hypothesis

Profiling threat actors and activities

Threat hunting tactics

Reducing the attack surface area

Bundling critical assets

Attack vectors

Integrated intelligence

Improving detection capabilities

3.4 Compare and contrast automation concepts and technologies.

Workflow orchestration


Application programming interface (API) integration

Automated malware signature creation

Data Enrichment

Threat feed combination

Machine learning

Use of automation protocols and standards

Continuous integration

Continuous deployment/delivery

Module 4.0: Incident Response

4.1 Explain the importance of the incident response process.

Communication plan

Response coordination with relevant entities

Factors contributing to data criticality

4.2 Given a scenario, apply the appropriate incident response procedure.


Detection and analysis

Eradication and Recovery

Post-incident activities

4.3 Given an incident, analyse potential indicators of compromise.




4.4 Given a scenario, utilise basic digital forensics techniques.






Legal hold




Data acquisition

Module 5.0: Compliance and Assessment

5.1 Understand the importance of data privacy and protection.

Privacy vs security

Non-technical controls

Technical controls

5.2 Given a scenario, apply security concepts to support organisational risk mitigation.

Business impact analysis

Risk identification process

Risk calculation

Communication of risk factors

Risk prioritisation

Systems assessment

Documented compensating controls

Training and exercises

Supply chain assessment

5.3 Explain the importance of frameworks, policies, procedures, and controls.


Policies and procedures


Control type

Audits and assessments


CompTIA CySA+ CS0-003 Exam Details

o Exam Code: CS0-003

o Certification: CompTIA Cybersecurity Analyst (CySA+)

o Exam Duration: 165 minutes

o Number of Questions: Maximum of 85 questions

o Question Type: Multiple Choice and Performance-Based

o Passing Score: 750 (on a scale of 100-900)

o Language: English

o Exam Purpose: The CySA+ exam verifies the successful candidate has the knowledge and skills required to apply threat detection techniques, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organisation with the end goal of securing and protecting applications and systems within an organisation.

Please note that CompTIA certification exams, policies and procedures are subject to change, so please check the official CompTIA website for the most current information before your exam.

Your enrolment includes practice labs.

Important points

  • The College welcomes contact with parents/guardians of students who are under 18.
  • Additional support is available for students with learning difficulties and disabilities.
  • Cardiff and Vale College is committed to inclusion and values diversity. We are determined to promote equality of opportunity and to treat everyone fairly and with respect.
  • Cardiff and Vale College reserves the right to make changes to this course without prior notice.
  • Course fees are subject to change. Your fee will be confirmed prior to enrolment.
  • All courses are accurate at the time of upload or print.
  • Courses can only run if there are sufficient numbers.
  • Please note, if you choose three or more course choices, then you may be referred for a careers appointment first. This does not apply to A Level or GCSE choices.
Key information

Start date

Contact us for dates

Time of day

Day Time

Part Time

35 hours per week


Maps & directions
PLA: This course is free for employed adults eligible for a Personal Learning Account (PLA). To see if you could be eligible for a PLA go to - For a full list of PLA courses go to

Course code



CompTIA Cybersecurity Analyst (CySA )