Facebook Pixel
Microsoft Certification Training
Search classes by keyword:
Search classes by category:
Microsoft Certification and Microsoft Training, Cisco Certification and MCSE Certification
CompTIA CySA+ SecurityX PenTest+ space


Live CompTIA CySA+ / SecurityX/ PenTest+ Certification Training

CompTIA CySA+/ SecurityX / PenTest+

Course Number: #CED-1814
Course Length: 15 days
Number of Exams: 3
Certifications: CompTIA Cybersecurity Analyst (CySA+)
CompTIA SecurityX
CompTIA PenTest+

DoD Approved 8570: IAT Level II, CSSP Analyst, CSSP Infrastructure Support, CSSP Incident Responder, CSSP Auditor, IAT Level III, IAM Level II, IASAE Level I, IASAE Level II, CSSP Incident Responder

Grants (discounts) are available for multiple students for the same or different courses.

Upcoming Dates Class Times Class Format Quote
Call (800) 611-1840 for Class Schedule

Instructor-Led

  • CompTIA Official Courseware
  • CompTIA Official Labs (6 months of access)
  • Official Exam Prep
  • Certification exam(s) (with exam pass guarantee)

If you aren't successful with your first attempt at the exam, we have an exam pass guarantee.

You may re-sit the course in its entirety for an additional exam voucher for up to 6 months (must provide proof of a failed exam for an additional exam voucher).

Instant Quote


CED Solutions Rewards Points Program

CED Solutions Rewards Points Program


"The instructor was excellent. I was able to grasp many concepts that assisted me greatly in my exams. The boot camp is a must for any IT Professional who needs to be certified. It is by far the best and quickest way to obtain your certification."

-Howard Beresford, Atlanta, GA

CompTIA Cybersecurity Analyst (CySA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

The CompTIA SecurityX is an advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterprise's cybersecurity readiness.

CompTIA PenTest+ is the most comprehensive exam covering all penetration testing stages. Unlike other penetration testing exams that only cover a portion of stages with essay questions and hands-on, PenTest+ uses both performance-based and knowledge-based questions to ensure all stages are addressed.


CompTIA Cybersecurity Analyst (CySA+)

CompTIA Cybersecurity Analyst (CySA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

Overview

As attackers have learned to evade traditional signature-based solutions such as firewalls, an analytics-based approach within the IT security industry is increasingly important for most organizations. The behavioral analytics skills covered by CySA+ identify and combat malware, and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface. CompTIA CySA+ is for IT professionals looking to gain the following security analyst skills:

  • Configure and use threat detection tools.
  • Perform data analysis.
  • Interpret the results to identify vulnerabilities, threats and risks to an organization.
CySA+ certified skills are in-demand

Properly trained IT security staff who can analyze, monitor and protect cybersecurity resources are in high demand. The U.S. Bureau of Labor Statistics (BLS) predicts that information security analysts will be the fastest growing overall job category, with 37 percent overall growth between 2012 and 2022.

CySA+ is globally recognized

CompTIA CySA+ is ISO/ANSI 17024 accredited and is awaiting approval by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements.

CySA+ provides substantial earnings potential

A career in information security analysis ranked seventh on U.S. News and World Report's list of the 100 best technology jobs for 2017. According to the Bureau of Labor Statistics, the median pay for an information security analyst is $90,120 per year.

Target Student

The CompTIA CySA+ examination is designed for IT security analysts, vulnerability analysts or threat intelligence analysts. The exam will certify that the successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization with the end goal of securing and protecting applications and systems within an organization.

Prerequisite

The CompTIA CySA+ exam is an internationally targeted validation of intermediate-level security skills and knowledge. While there is no required prerequisite, the CompTIA CySA+ certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, "hands-on" focus on IT security analytics.

It is recommended for CompTIA CySA+ certification candidates to have the following:

  • 3-4 years of hands-on information security or related experience
  • Network+, Security+ or equivalent knowledge

Course Content

Threat Management
  • Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
  • Given a scenario, analyze the results of a network reconnaissance.
  • Given a network-based threat, implement or recommend the appropriate response and countermeasure.
  • Explain the purpose of practices used to secure a corporate environment.
Vulnerability Management
  • Given a scenario, implement an information security vulnerability management process.
  • Given a scenario, analyze the output resulting from a vulnerability scan.
  • Compare and contrast common vulnerabilities found in the following targets within an organization.
Cyber Incident Response
  • Given a scenario, distinguish threat data or behavior to determine the impact of an incident.
  • Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
  • Explain the importance of communication during the incident response process.
  • Given a scenario, analyze common symptoms to select the best course of action to support incident response.
  • Summarize the incident recovery and post-incident response process.
Security Architecture and Tool Sets
  • Explain the relationship between frameworks, common policies, controls, and procedures.
  • Given a scenario, use data to recommend remediation of security issues related to identity and access management.
  • Given a scenario, review security architecture and make recommendations to implement compensating controls.
  • Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).
  • Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

[ back to top ]

CompTIA SecurityX

The CompTIA SecurityX (CAS-005) is an advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterprise's cybersecurity readiness.

What Skills Will You Gain?

Security Architecture Analyze security requirements in hybrid networks to work toward an enterprise-wide, zero trust security architecture with advanced secure cloud and virtualization solutions.

Security Operations Address advanced threat management, vulnerability management, risk mitigation, incident response tactics and digital forensics analysis.

Governance, Risk, and Compliance Prove an organization's overall cybersecurity resiliency metric and compliance to regulations, such as CMMC, PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST and CCPA.

Security Engineering and Cryptography Configurations for endpoint security controls, enterprise mobility, cloud/hybrid environments, and enterprise-wide PKI and cryptographic solutions.

Jobs that use CompTIA SecurityX

  • Security Architect
  • Senior Security Engineer
  • SOC Manager
  • Cyber Risk Analyst
  • Chief Information Security Officer

Course Content

1.0 Governance, Risk, and Compliance
Given a set of organizational security requirements, implement the appropriate governance components.
  • Security program documentation
  • Security program management
  • Governance frameworks
  • Change/configuration management
  • Governance risk and compliance (GRC) tools
  • Data governance in staging environments
Given a set of organizational security requirements, perform risk management activities.
  • Impact analysis
  • Risk assessment and management
  • Third-party risk management
  • Availability risk considerations
  • Confidentiality risk considerations
  • Integrity risk considerations
  • Privacy risk considerations
  • Crisis management
  • Breach response
Explain how compliance affects information security strategies.
  • Awareness of industry-specific compliance
  • Industry standards
  • Security and reporting frameworks
  • Audits vs. assessments vs. certifications
  • Privacy regulations
  • Awareness of cross-jurisdictional compliance requirements
Given a scenario, perform threat-modeling activities.
  • Actor characteristics
  • Attack patterns
  • Frameworks
  • Attack surface determination
  • Methods
  • Modeling applicability of threats to the organization/environment
Summarize the information security challenges associated with artificial intelligence (AI) adoption.
  • Legal and privacy implications
  • Threats to the model
  • AI-enabled attacks
  • Risks of AI usage
  • AI-enabled assistants/digital workers
2.0 Security Architecture
Given a scenario, analyze requirements to design resilient systems.
  • Component placement and configuration
  • Availability and integrity design considerations
Given a scenario, implement security in the early stages of the systems life cycle and throughout subsequent stages.
  • Security requirements definition
  • Software assurance
  • Continuous integration/continuous deployment (CI/CD)
  • Supply chain risk management
  • Hardware assurance
  • End-of-life (EOL) considerations
Given a scenario, integrate appropriate controls in the design of a secure architecture.
  • Attack surface management and reduction
  • Detection and threat-hunting enablers
  • Information and data security design
  • DLP
  • Hybrid infrastructures
  • Third-party integrations
  • Control effectiveness
Given a scenario, apply security concepts to the design of access, authentication, and authorization systems.
  • Provisioning/deprovisioning
  • Federation
  • Single sign-on (SSO)
  • Conditional access
  • Identity provider
  • Service provider
  • Attestations
  • Policy decision and enforcement points
  • Access control models
  • Logging and auditing
  • Public key infrastructure (PKI) architecture
  • Access control systems
Given a scenario, securely implement cloud capabilities in an enterprise environment.
  • Cloud access security broker (CASB)
  • Shadow IT detection
  • Shared responsibility model
  • CI/CD pipeline
  • Terraform
  • Ansible
  • Package monitoring
  • Container security
  • Container orchestration
  • Serverless
  • API security
  • Cloud vs. customer-managed
  • Cloud data security considerations
  • Cloud control strategies
  • Customer-to-cloud connectivity
  • Cloud service integration
  • Cloud service adoption
Given a scenario, integrate Zero Trust concepts into system architecture design.
  • Continuous authorization
  • Context-based reauthentication
  • Network architecture
  • API integration and validation
  • Asset identification, management, and attestation
  • Security boundaries
  • Deperimeterization
  • Defining subject-object relationships
3.0 Security Engineering
Given a scenario, troubleshoot common issues with identity and access management (IAM) components in an enterprise environment.
  • Subject access control
  • Biometrics
  • Secrets management
  • Conditional access
  • Attestation
  • Cloud IAM access and trust policies
  • Logging and monitoring
  • Privilege identity management
  • Authentication and authorization
Given a scenario, analyze requirements to enhance the security of endpoints and servers.
  • Application control
  • Endpoint detection response (EDR)
  • Event logging and monitoring
  • Endpoint privilege management
  • Attack surface monitoring and reduction
  • Host-based intrusion protection system/ host-based detection system (HIPS/ HIDS)
  • Anti-malware
  • SELinux
  • Host-based firewall
  • Browser isolation
  • Configuration management
  • Mobile device management (MDM) technologies
  • Threat-actor tactics, techniques, and procedures (TTPs)
Given a scenario, troubleshoot complex network infrastructure security issues.
  • Network misconfigurations
  • IPS/IDS issues
  • Observability
  • Domain Name System (DNS) security
  • Email security
  • Transport Layer Security (TLS) errors
  • Cipher mismatch
  • PKI issues
  • Issues with cryptographic implementations
  • DoS/distributed denial of service (DDoS)
  • Resource exhaustion
  • Network access control list (ACL) issues
Given a scenario, implement hardware security technologies and techniques.
  • Roots of trust
  • Security coprocessors
  • Virtual hardware
  • Host-based encryption
  • Self-encrypting drive (SED)
  • Secure Boot
  • Measured boot
  • Self-healing hardware
  • Tamper detection and countermeasures
  • Threat-actor TTPs
Given a set of requirements, secure specialized and legacy systems against threats.
  • Operational technology (OT)
  • Internet of Things (IoT)
  • System-on-chip (SoC)
  • Embedded systems
  • Wireless technologies/radio frequency (RF)
  • Security and privacy considerations
  • Industry-specific challenges
  • Characteristics of specialized/legacy systems
Given a scenario, use automation to secure the enterprise.
  • Scripting
  • Cron/scheduled tasks
  • Event-based triggers
  • Infrastructure as code (IaC)
  • Configuration files
  • Cloud APIs/software development kits (SDKs)
  • Generative AI
  • Containerization
  • Automated patching
  • Auto-containment
  • Security orchestration, automation, and response (SOAR)
  • Vulnerability scanning and reporting
  • Security Content Automation Protocol (SCAP)
  • Workflow automation
Explain the importance of advanced cryptographic concepts.
  • Post-quantum cryptography (PQC)
  • Key stretching
  • Key splitting
  • Homomorphic encryption
  • Forward secrecy
  • Hardware acceleration
  • Envelope encryption
  • Performance vs. security
  • Secure multiparty computation
  • Authenticated encryption with associated data (AEAD)
  • Mutual authentication
Given a scenario, apply the appropriate cryptographic use case and/or technique.
  • Use cases
  • Techniques
4.0 Security Operations
Given a scenario, analyze data to enable monitoring and response activities.
  • Security information event management (SIEM)
  • Aggregate data analysis
  • Behavior baselines and analytics
  • Incorporating diverse data sources
  • Alerting
  • Reporting and metrics
Given a scenario, analyze vulnerabilities and attacks, and recommend solutions to reduce the attack surface.
  • Vulnerabilities and attacks
  • Mitigations
Given a scenario, apply threat-hunting and threat intelligence concepts.
  • Internal intelligence sources
  • External intelligence sources
  • Counterintelligence and operational security
  • Threat intelligence platforms (TIPs)
  • Indicator of compromise (IoC) sharing
  • Rule-based languages
  • Indicators of attack
Given a scenario, analyze data and artifacts in support of incident response activities.
  • Malware analysis
  • Reverse engineering
  • Volatile/non-volatile storage analysis
  • Network analysis
  • Host analysis
  • Metadata analysis
  • Hardware analysis
  • Data recovery and extraction
  • Threat response
  • Preparedness exercises
  • Timeline reconstruction
  • Root cause analysis
  • Cloud workload protection platform (CWPP)
  • Insider threat

[ back to top ]

CompTIA PenTest+

CompTIA PenTest+ (PT0-002) is for cybersecurity professionals tasked with penetration testing and vulnerability management.

Why is it different?

CompTIA PenTest+ is the most comprehensive exam covering all penetration testing stages. Unlike other penetration testing exams that only cover a portion of stages with essay questions and hands-on, PenTest+ uses both performance-based and knowledge-based questions to ensure all stages are addressed.

PenTest+ is the only exam on the market to include all aspects of vulnerability management. It not only covers hands-on vulnerability assessment, scanning, and analysis, but also includes planning, scoping, and managing weaknesses, not just exploiting them.

PenTest+ is the most current penetration testing exam covering the latest techniques against expanded attack surfaces. It is a unique exam that requires a candidate to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises.

What Skills Will You Learn?

Planning and Scoping

Includes updated techniques emphasizing governance, risk, and compliance concepts, scoping and organizational/customer requirements, and demonstrating an ethical hacking mindset.

Information Gathering and Vulnerability Scanning

Includes updated skills on performing vulnerability scanning and passive/active reconnaissance, vulnerability management, as well as analyzing the results of the reconnaissance exercise.

Attacks and Exploits

Includes updated approaches to expanded attack surfaces, researching social engineering techniques, performing network attacks, wireless attacks, application-based attacks and attacks on cloud technologies, and performing post-exploitation techniques.

Reporting and Communication

Expanded to focus on the importance of reporting and communication in an increased regulatory environment during the pen testing process through analyzing findings and recommending appropriate remediation within a report.

Tools and Code Analysis

Includes updated concepts of identifying scripts in various software deployments, analyzing a script or code sample, and explaining use cases of various tools used during the phases of a penetration test. It is important to note that no scripting and coding is required.

Jobs that use CompTIA PenTest+

  • Penetration Tester
  • Security Consultant
  • Cloud Penetration Tester
  • Web App Penetration Tester
  • Cloud Security Specialist
  • Network & Security Specialist

Class Outline

1.0 Planning and Scoping

Compare and contrast governance, risk, and compliance concepts.
  • Regulatory compliance considerations
  • Location restrictions
  • Legal concepts
  • Permission to attack
Explain the importance of scoping and organizational/customer requirements.
  • Standards and methodologies
  • Rules of engagement
  • Environmental considerations
  • Target list/in-scope assets
  • Validate scope of engagement
Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.
  • Background checks of penetration testing team
  • Adhere to specific scope of engagement
  • Identify criminal activity
  • Immediately report breaches/ criminal activity
  • Limit the use of tools to a particular engagement
  • Limit invasiveness based on scope
  • Maintain confidentiality of data/information
  • Risks to the professional

2.0 Information Gathering and Vulnerability Scanning

Given a scenario, perform passive reconnaissance.
  • DNS lookups
  • Identify technical contacts
  • Administrator contacts
  • Cloud vs. self-hosted
  • Social media scraping
  • Cryptographic flaws
  • Company reputation/security posture
  • Data
  • Open-source intelligence (OSINT)
Given a scenario, perform active reconnaissance.
  • Enumeration
  • Website reconnaissance
  • Packet crafting
  • Defense detection
  • Tokens
  • Wardriving
  • Network traffic
  • Cloud asset discovery
  • Third-party hosted services
  • Detection avoidance
Given a scenario, analyze the results of a reconnaissance exercise.
  • Fingerprinting
  • Analyze output
Given a scenario, perform vulnerability scanning.
  • Considerations of vulnerability scanning
  • Scan identified targets for vulnerabilities
  • Set scan settings to avoid detection
  • Scanning methods
  • Nmap
  • Vulnerability testing tools that facilitate automation

3.0 Attacks and Exploits

Given a scenario, research attack vectors and perform network attacks.
  • Stress testing for availability
  • Exploit resources
  • Attacks
  • Tools
Given a scenario, research attack vectors and perform wireless attacks.
  • Attack methods
  • Attacks
  • Tools
Given a scenario, research attack vectors and perform application-based attacks.
  • OWASP Top 10
  • Server-side request forgery
  • Business logic flaws
  • Injection attacks
  • Application vulnerabilities
  • API attacks
  • Directory traversal
  • Tools
  • Resources
Given a scenario, research attack vectors and perform attacks on cloud technologies.
  • Attacks
  • Tools
Explain common attacks and vulnerabilities against specialized systems.
  • Mobile
  • Internet of Things (IoT) devices
  • Data storage system vulnerabilities
  • Management interface vulnerabilities
  • Vulnerabilities related to supervisory control and data acquisition (SCADA)/ Industrial Internet of Things (IIoT)/ industrial control system (ICS)
  • Vulnerabilities related to virtual environments
  • Vulnerabilities related to containerized workloads
Given a scenario, perform a social engineering or physical attack.
  • Pretext for an approach
  • Social engineering attacks
  • Physical attacks
  • Impersonation
  • Tools
  • Methods of influence
Given a scenario, perform post-exploitation techniques.
  • Post-exploitation tools
  • Lateral movement
  • Network segmentation testing
  • Privilege escalation
  • Upgrading a restrictive shell
  • Creating a foothold/persistence
  • Detection avoidance
  • Enumeration

4.0 Reporting and Communication

Compare and contrast important components of written reports.
  • Report audience
  • Report contents
  • Storage time for report
  • Secure distribution
  • Note taking
  • Common themes/root causes
Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
  • Technical controls
  • Administrative controls
  • Operational controls
  • Physical controls
Explain the importance of communication during the penetration testing process.
  • Communication path
  • Communication triggers
  • Reasons for communication
  • Goal reprioritization
  • Presentation of findings
Explain post-report delivery activities.
  • Post-engagement cleanup
  • Client acceptance
  • Lessons learned
  • Follow-up actions/retest
  • Attestation of findings
  • Data destruction process

5.0 Tools and Code Analysis

Explain the basic concepts of scripting and software development.
  • Logic constructs
  • Data structures
  • Libraries
  • Classes
  • Procedures
  • Functions
Given a scenario, analyze a script or code sample for use in a penetration test.
  • Shells
  • Programming languages
  • Analyze exploit code
  • Opportunities for automation
Explain use cases of the following tools during the phases of a penetration test.
  • Scanners
  • Credential testing tools
  • Debuggers
  • OSINT
  • Wireless
  • Web application tools
  • Social engineering tools
  • Remote access tools
  • Networking tools
  • Misc.
  • Steganography tools
  • Cloud tools

[ back to top ]


CED Solutions is your best choice for CompTIA CySA+ SecurityX PenTest+, CompTIA CySA+ SecurityX PenTest+ training, CompTIA CySA+ SecurityX PenTest+ certification, CompTIA CySA+ SecurityX PenTest+ boot camp, CompTIA CySA+ SecurityX PenTest+ certification training, CompTIA CySA+ SecurityX PenTest+ certification course, CompTIA CySA+ SecurityX PenTest+ course, CompTIA CySA+ SecurityX PenTest+ class.



CompTIA CySA+ SecurityX PenTest+ space
Search classes by keyword:
Search classes by category:


Copyright © 2026 CED Solutions. CED Solutions Refund Policy. All Rights Reserved.