Cheat Sheet
CompTIA CySA+ (CS0-003) Cheat Sheet
By The Exam Atlas Editorial Team · Verified 2026-05-29
A final-revision summary for CompTIA CySA+ (CS0-003). Study aid only — no notes in the proctored exam.
The four domains and weights
| Domain | Approx. weight |
|---|
| Security Operations | ~33% |
| Vulnerability Management | ~30% |
| Incident Response and Management | ~20% |
| Reporting and Communication | ~17% |
Detection and monitoring
| Term | Idea |
|---|
| SIEM | Collects and correlates logs to raise alerts |
| IoC | Indicator of Compromise — evidence of an intrusion |
| TTP | Tactics, Techniques and Procedures of an attacker |
| Baseline | Normal behaviour, used to spot anomalies |
| SOAR | Automates and orchestrates response |
Vulnerability scoring (CVSS)
| Band | CVSS score |
|---|
| Low | 0.1–3.9 |
| Medium | 4.0–6.9 |
| High | 7.0–8.9 |
| Critical | 9.0–10.0 |
Prioritise by real-world risk (exposure, exploitability, asset value), not the raw score alone.
Incident response lifecycle
Preparation → Detection and Analysis → Containment → Eradication → Recovery → Lessons Learned.
| Term | Meaning |
|---|
| MTTD / MTTR | Mean Time To Detect / Respond |
| Chain of custody | Documented handling of evidence |
| Containment | Limiting the spread of an incident |
FAQ
- Can I bring a cheat sheet into the CySA+ exam?
- No. It is a proctored exam with no notes allowed. Use this for final revision only.
Sources
