About This Domain
Domain 1 — Security Operations — accounts for 33% of the CYSA certification exam. This domain evaluates your understanding of siem configuration and tuning, threat intelligence sources and formats (stix/taxii), log analysis and correlation, and related concepts. SOC operations, threat intelligence, and monitoring. To pass this section you need practical knowledge of how these technologies work together.
What You'll Be Tested On
- SIEM configuration and tuning
- Threat intelligence sources and formats (STIX/TAXII)
- Log analysis and correlation
- Proactive threat hunting
Key Technologies in This Domain
Study Strategy for Domain 1
At 33% of the exam, this is the highest-weighted domain — invest proportionally more study time here.
Exam Tips for Domain 1
This is 33% — largest domain. Know SIEM and threat intel deeply.
Frequently Asked Questions
How many questions come from Domain 1?
Domain 1 (Security Operations) makes up 33% of the CYSA exam.
What should I focus on for Domain 1?
Key topics include Security Operations.
How should I prepare for Security Operations questions?
Review key topics, then practice with domain-specific questions focusing on real-world scenarios.
What's the best order to study CYSA domains?
Start with highest-weighted: Security Operations (33%), Vulnerability Management (30%), Incident Response and Management (20%), Reporting and Communication (17%).
Practice Domain 1 Questions
Test your knowledge of Security Operations with practice questions from our CYSA question bank.
Start Practice Quiz →