The CompTIA CySA+ exam contains up to 85 questions with a 165-minute time limit and a passing score of 750 out of 900 (~83%). CySA+ is CompTIA's intermediate-level cybersecurity certification focused on SOC analyst skills — threat detection, log analysis, vulnerability management, and incident response.
CySA+ bridges Security+ and CASP+, targeting blue team defensive security roles. Approved for DoD 8570/8140 CSSP Analyst positions. With ~2 minutes per question, CySA+ reflects the complexity of its scenario-based format. SOC analyst roles pay $75,000-$110,000.
| Domain | % | ~Questions | Key Topics |
|---|---|---|---|
| Security Operations | 33% | ~28 | SIEM, log analysis, threat intelligence, monitoring, automation |
| Vulnerability Management | 30% | ~26 | Scanning, assessment, CVSS scoring, remediation prioritization |
| Incident Response | 20% | ~17 | IR lifecycle, containment, eradication, recovery, forensics |
| Reporting and Communication | 17% | ~14 | Metrics, KPIs, vulnerability reports, stakeholder communication |
Realistic SOC situations analyzing log excerpts, scan outputs, and threat intelligence data.
| Level | Cert | Questions | Focus |
|---|---|---|---|
| Entry | Security+ | 90 / 90 min | Fundamentals |
| Intermediate | CySA+ | 85 / 165 min | Blue team analysis |
| Intermediate | PenTest+ | 85 / 165 min | Red team testing |
| Advanced | CASP+ | 90 / 165 min | Architecture |
Read and interpret logs from firewalls, IDS/IPS, web servers. Correlate events across sources. Identify anomalous patterns.
Asset discovery → scanning → analysis → prioritization (CVSS + business context) → remediation → verification → reporting.
OSINT, commercial feeds, ISACs, IOCs/IOAs, diamond model, kill chain, MITRE ATT&CK framework.
Security+ holders need 8-12 weeks at 2 hours daily:
Up to 85 in 165 minutes including scenario-based MC and PBQs.
750/900 (~83%).
Yes. Intermediate analysis skills including log analysis and threat hunting.
SOC analyst, threat analyst, vulnerability analyst, incident response.
Yes, CSSP Analyst and IAT Level II.
8-12 weeks for Security+ holders.
Blue team (defensive) vs red team (offensive).
the current CySA+ exam.
Build SOC analyst skills with adaptive practice questions.
Start Free Practice Test →