Quick Reference

CySA+ Cheat Sheet

Essential concepts, tools, and acronyms for the CS0-003 exam. Bookmark this page for your final review.

⏱️ 165 Mins ❓ Max 85 Qs 🎯 Passing 750/900
🔒

Domain 1: Security Operations (33%)

Architecture Concepts

  • System Hardening: Techniques to shore up IT assets.
  • Zero Trust: No implicit trust; validate every interaction.
  • Virtualization: Dividing hardware into VMs.
  • Containerization: Bundling apps with libraries (Docker).

Cloud Models

  • Public: Off-premises, not owned by user.
  • Hybrid: Mix of cloud and on-premises.
  • On-Premises: Private, brick-and-mortar.

Key Acronyms

PKI: Public Key Infrastructure
SSO: Single Sign-On
MFA: Multi-Factor Auth
DLP: Data Loss Prevention
PII: Personally Identifiable Info

Analysis Tools

  • Wireshark: Packet capture (GUI).
  • tcpdump: Packet analyzer (CLI).
  • SIEM: Security Info & Event Mgmt.
  • SOAR: Orchestration & Automation.
  • EDR: Endpoint Detection & Response.

Threat Actors

  • APT: Advanced Persistent Threat (Nation-state).
  • Hacktivists: Politically motivated.
  • Script Kiddie: Unskilled, uses pre-made tools.
  • Insider Threat: Threat from within.
🛡️

Domain 2: Vulnerability Management (30%)

Scanning Types

  • Credentialed: Uses privileged access (more accurate).
  • Non-Credentialed: External view, no access.
  • Passive: Silent monitoring, no traffic generation.
  • Active: Noisy, targets specific ports.

Core Tools

  • Nmap: Network mapping & port scanning.
  • Burp Suite: Web app security testing.
  • Nessus/OpenVAS: Vulnerability scanners.
  • Metasploit: Penetration testing framework.
  • Nikto: Web server scanner.

CVSS Metrics

Attack VectorNetwork, Local, Physical
Attack ComplexityLow, High
Privileges RequiredNone, Low, High
User InteractionNone, Required
ScopeChanged, Unchanged
CIA ImpactHigh, Low, None

Common Vulns

  • XSS: Injected scripts into websites.
  • CSRF: Tricking users into actions.
  • SQLi: Injection into database queries.
  • Directory Traversal: Accessing restricted files.
🚨

Domain 3: Incident Response (20%)

Frameworks

  • Cyber Kill Chain: Lockheed Martin's 7 steps.
  • Diamond Model: Adversary, Capability, Infrastructure, Victim.
  • MITRE ATT&CK: Real-world tactics and techniques.

The Cycle (PICERL)

  1. Preparation: Planning, training, tools.
  2. Identification: Detection & analysis.
  3. Containment: Isolation (Short/Long term).
  4. Eradication: Removal of threat.
  5. Recovery: Restore systems.
  6. Lessons Learned: Post-incident report.

Evidence Handling

  • Chain of Custody: Documentation of evidence handling.
  • Legal Hold: Preserving data for litigation.
  • Order of Volatility: CPU Cache > RAM > Swap > HDD > Archives.
📊

Domain 4: Reporting (17%)

Report Content

  • Executive Summary (High level, no jargon).
  • Technical Details (IoCs, scope, impact).
  • Timeline (Who, what, when).
  • Recommendations (Mitigation steps).

Metrics (KPIs)

  • MTTD: Mean Time to Detect.
  • MTTR: Mean Time to Respond.
  • MTTRM: Mean Time to Remediate.
  • Alert Volume: Number of alerts.

Ready to test your knowledge?

Use this cheat sheet to review, then take our practice quiz to simulate the real exam experience.

🚀 Launch CySA+ Practice Quiz