What is covered on the CCOA exam?

The Certified Cybersecurity Operations Analyst™ (CCOA™) exam consists of 115 multiple choice questions and 25 performance based questions, covering five job practice domains, all testing your knowledge and ability on real-life job practices leveraged by expert professionals.

25%
Domain 1

Technology Essentials
20%
Domain 2

Cybersecurity Principles and Risks
10%
Domain 3

Adversarial Tactics, Techniques, and Procedures
34%
Domain 4

Incident Detection and Response
10%
Domain 5

Securing Assets
GET YOUR EXAM CANDIDATE GUIDE ACCESS EXAM PREP MATERIALS

Job practice areas tested for and validated by a CCOA certification

25% DOMAIN 1 – TECHNOLOGY ESSENTIALS

Identify the key components of computer and cloud networking, understand how databases, virtualization, and containerization are leveraged, and become familiar with command-line interfaces, programming, scripting, and more.

A–NETWORKING

  1. Cloud Networking
  2. Computer Networking
  3. Devices, Ports, and Protocols
  4. Network Access
  5. Network Tools
  6. Network Topology
  7. Segmentation (Logical, Physical)

B–SYSTEMS/ENDPOINT

  1. Databases
  2. Command Line
  3. Containerization/Virtualization
  4. Middleware
  5. Operating Systems

C –APPLICATIONS

  1. Application Programming Interface (API)
  2. Automated Deployment
  3. Cloud Applications
  4. Scripting/Coding

20% DOMAIN 2 – CYBERSECURITY PRINCIPLES AND RISK

Understand cybersecurity governance and alignment with business drivers, define cybersecurity strategy based on enterprise objectives, establish effective cross-organizational communication for cybersecurity and more.

A–CYBERSECURITY PRINCIPLES

  1. Compliance
  2. Cybersecurity Objectives
  3. Governance
  4. Risk Management
  5. Roles and Responsibilities
  6. Cybersecurity Models

B–CYBERSECURITY RISK

  1. Application Risk
  2. Cloud Technology Risk
  3. Data Risk
  4. Network Risk
  5. Supply Chain Risk
  6. System/Endpoint Risk
  7. Web Application Risk

10% DOMAIN 3 – ADVERSARIAL TACTICS, TECHNIQUES, AND PROCEDURES

Understand common adversarial tactics, techniques, and procedures (TTPs), develop critical and creative thinking skills for threat detection and response, differentiate between dashboard events, attacker mindset insights and more.

A–THREAT LANDSCAPE

  1. Attack Vectors
  2. Threat Actors/Agents
  3. Threat Intelligence Sources

B–MEANS AND METHODS

  1. Attack Types
  2. Cyber Attack Stages
  3. Exploit Techniques
  4. Penetration Testing

34% DOMAIN 4 – INCIDENT DETECTION AND RESPONSE

Understand the importance of cybersecurity-incident preparedness, recognize the significance of incident detection and response in mitigating their impact, appreciate the role of proactive planning, practice, process refinement and more.

A–INCIDENT DETECTION

  1. Data Analytics
  2. Detection Use Cases
  3. Indicators of Compromise and/or Attack
  4. Logs and Alerts
  5. Monitoring Tools and Technologies

B–INCIDENT RESPONSE

  1. Incident Containment
  2. Incident Handling
  3. Forensic Analysis
  4. Malware Analysis
  5. Network Traffic Analysis
  6. Packet Analysis
  7. Threat Analysis

11% DOMAIN 5 – SECURING ASSETS

Understand the importance of designing countermeasures to protect digital assets, recognize the iterative nature of securing systems and their ecosystems, appreciate the holistic approach to securing assets, consider technical aspects and organizational products, services and critical business processes, and more.

A–CONTROLS

  1. Contingency Planning
  2. Controls and Techniques
  3. Identity and Access Management
  4. Industry Best Practices, Guidance, Frameworks, and Standards

B–VULNERABILITY MANAGEMENT

  1. Vulnerability Assessment
  2. Vulnerability Identification
  3. Vulnerability Remediation
  4. Vulnerability Tracking

SUPPORTING TASKS

  1. Identify and analyse threats applicable to the organization.
  2. Identify and analyse vulnerabilities applicable to the organization.
  3. Monitor the threat landscape of an organization.
  4. Synthesize information to protect the organization from cybersecurity risks.
  5. Contextualize information to aid in the identification of threats/vulnerabilities to protect the organization from risk.
  6. Develop detection use cases and rule sets for monitoring.
  7. Monitor events for potential cybersecurity incidents.
  8. Triage events to determine if an incident has occurred.
  9. Handle cybersecurity incidents according to incident response documentation, including classification, escalation, and notification.
  10. Perform analysis considering type, volume, and impact/scale.
  11. Aid in determining business impact.
  12. Aid in the prioritization of cybersecurity incidents for management.
  13. Propose containment measures for a cybersecurity incident.
  14. Support forensic investigation processes.
  15. Interpret analysis results.
  16. Document and report on cybersecurity incidents, including the analysis process and results.
  17. Consult with external stakeholders (e.g., clients/customers/suppliers) regarding cybersecurity.
  18. Learn from cybersecurity incidents for continuous improvement.
  19. Support business objectives for an organization.
  20. Communicate and/or advise other departments regarding cybersecurity operations and risks.
  21. Contribute to cybersecurity policies and procedures to align with business objectives.

Getting ready for the exam

ISACA offers a variety of exam preparation resources including group training, self-paced training and study resources to help you prepare for your certification exam. Choose what works for your schedule and your studying needs.

ACCESS ALL CCOA EXAM PREP MATERIALS