🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
CCOA
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
CCOA ISACA Coming Soon

CCOA

The CCOA certification program teaches foundational and associate‑level concepts across technology essentials, risk principles, adversarial tactics, incident detection, and asset security, enabling analysts to apply practical skills in SOC environments.

240
Minutes
140
Questions
450/800
Passing Score
${'member': 575, 'non_member': 760}
Exam Cost

Who Should Take This

SOC analysts with one to three years of hands‑on experience in security monitoring, incident response, and threat analysis benefit from this certification. It prepares them to validate expertise in technology fundamentals, risk management, adversarial techniques, and asset protection, supporting career advancement toward senior SOC or cyber‑operations roles.

What's Covered

1 All domains and objectives in the ISACA Certified Cybersecurity Operations Analyst (CCOA) exam: Domain 1 Technology Essentials
2 , Domain 2 Cybersecurity Principles and Risk
3 , Domain 3 Adversarial Tactics, Techniques, and Procedures
4 , Domain 4 Incident Detection and Response
5 , and Domain 5 Securing Assets

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

55 learning goals
1 Domain 1: Technology Essentials
3 topics

Networking fundamentals

  • Identify key networking components including routers, switches, firewalls, load balancers, and their roles in enterprise and cloud network architectures.
  • Describe TCP/IP protocol stack layers, common protocols (HTTP, DNS, DHCP, SSH, TLS), and their significance for security monitoring and traffic analysis.
  • Apply network analysis techniques using packet capture tools and flow data to identify normal traffic patterns and detect anomalous network behavior.
  • Describe wireless networking standards, security protocols including WPA3, and common wireless vulnerabilities relevant to security monitoring.

Operating systems and virtualization

  • Identify key operating system concepts including process management, memory management, file systems, and user account structures for Windows and Linux.
  • Apply command-line interface skills in Windows (PowerShell, CMD) and Linux (Bash) to perform security-relevant system administration and investigation tasks.
  • Describe virtualization and containerization technologies including hypervisors, virtual machines, Docker, and Kubernetes and their security implications.
  • Apply operating system security features including access control mechanisms, audit logging, and security event generation to support security monitoring.

Cloud computing and databases

  • Identify cloud service models (IaaS, PaaS, SaaS) and deployment models and describe the shared responsibility model for security in cloud environments.
  • Describe database types including relational and NoSQL databases and identify common database security controls and vulnerabilities relevant to SOC operations.
  • Apply scripting and programming fundamentals using Python or similar languages to automate repetitive security tasks and parse security log data.
  • Describe cloud security services and controls including cloud-native SIEM, workload protection platforms, and cloud access security brokers.
2 Domain 2: Cybersecurity Principles and Risk
3 topics

Cybersecurity foundations

  • Describe the CIA triad and fundamental security concepts including defense in depth, zero trust, least privilege, and separation of duties.
  • Identify cybersecurity governance concepts including security strategy alignment with business objectives, security frameworks, and organizational security roles.
  • Apply basic risk assessment concepts to identify threats, vulnerabilities, and potential impacts to organizational information assets.
  • Describe security operations center (SOC) models including tiered analyst structures, SOAR integration, and shift management for continuous monitoring.

Security frameworks and compliance

  • Identify common security frameworks including NIST CSF, ISO 27001, CIS Controls, and their relevance to cybersecurity operations and compliance requirements.
  • Apply security control categories and types to map organizational controls to framework requirements and identify coverage gaps.
  • Analyze the role of cybersecurity operations in supporting organizational compliance with regulations such as GDPR, HIPAA, PCI-DSS, and SOX.

Cryptography and security technologies

  • Identify cryptographic concepts including symmetric and asymmetric encryption, hashing algorithms, digital signatures, and PKI components.
  • Apply encryption and hashing techniques to verify data integrity, authenticate communications, and protect sensitive information in transit and at rest.
3 Domain 3: Adversarial Tactics, Techniques, and Procedures
2 topics

Threat landscape and attacker methodology

  • Identify threat actor categories including nation-state, organized crime, hacktivists, and insider threats and describe their motivations, capabilities, and typical targets.
  • Describe the MITRE ATT&CK framework structure including tactics, techniques, and sub-techniques and their application to threat detection and analysis.
  • Apply adversarial thinking to anticipate attacker TTPs including initial access, persistence, privilege escalation, lateral movement, and exfiltration techniques.
  • Analyze common malware types including ransomware, trojans, rootkits, and fileless malware to identify behavioral indicators and detection opportunities.
  • Describe the cyber kill chain model and compare it with MITRE ATT&CK for understanding multi-stage attack progression and identifying defensive intervention points.

Social engineering and attack techniques

  • Identify social engineering attack types including phishing, spear phishing, vishing, smishing, pretexting, and business email compromise and their indicators.
  • Describe common application attack vectors including SQL injection, cross-site scripting, CSRF, SSRF, and remote code execution and their detection signatures.
  • Analyze network attack patterns including man-in-the-middle, DNS poisoning, ARP spoofing, DDoS variants, and credential stuffing to identify detection opportunities.
4 Domain 4: Incident Detection and Response
3 topics

Security monitoring and detection

  • Describe SIEM platform capabilities including log ingestion, normalization, correlation rules, alert generation, and dashboard visualization for security monitoring.
  • Apply log analysis techniques to examine system, application, network, and security logs for indicators of compromise and suspicious activity patterns.
  • Apply alert triage procedures to validate, prioritize, and escalate security alerts while distinguishing true positives from false positives.
  • Analyze threat intelligence feeds and indicators of compromise to enhance detection capabilities and contextualize security events.
  • Apply network traffic analysis techniques using NetFlow, sFlow, and packet inspection to identify command-and-control communications and data exfiltration.
  • Apply threat hunting methodologies including hypothesis-driven hunting, IOC-based searching, and behavioral analytics to proactively identify threats.

Incident response procedures

  • Describe incident response lifecycle phases including preparation, detection, analysis, containment, eradication, recovery, and post-incident review.
  • Apply incident analysis techniques to determine attack scope, identify affected systems, and document findings using standardized incident documentation.
  • Apply containment strategies including network isolation, account disabling, and system quarantine to limit the impact of active security incidents.
  • Analyze incident evidence to reconstruct attack timelines, identify root causes, and determine the effectiveness of response actions taken.
  • Apply eradication procedures including malware removal, compromised account remediation, and persistence mechanism elimination to fully remove threat actor presence.
  • Apply recovery validation procedures to verify system integrity after incident remediation including baseline comparison and security control verification.

Digital forensics and evidence handling

  • Describe digital forensics fundamentals including order of volatility, chain of custody, evidence preservation, and forensic imaging procedures.
  • Apply evidence collection procedures to preserve volatile and non-volatile data from compromised systems while maintaining forensic integrity.
  • Analyze post-incident review outcomes to identify detection gaps, response improvement opportunities, and preventive control enhancements.
  • Apply memory forensics techniques to extract volatile data including running processes, network connections, and encryption keys from compromised systems.
5 Domain 5: Securing Assets
3 topics

Endpoint and network protection

  • Describe endpoint security controls including antimalware, EDR, application whitelisting, host-based firewalls, and disk encryption technologies.
  • Apply network security controls including firewall rule configuration, network segmentation, IDS/IPS deployment, and secure DNS configuration.
  • Apply vulnerability scanning tools and processes to identify security weaknesses in systems, applications, and network infrastructure.
  • Describe data loss prevention technologies including network DLP, endpoint DLP, and cloud DLP and their role in protecting sensitive data from exfiltration.

Security hardening and configuration

  • Apply system hardening techniques including disabling unnecessary services, configuring secure baselines, and implementing CIS benchmark recommendations.
  • Apply patch management procedures to assess, test, and deploy security patches in a timely manner based on vulnerability severity and asset criticality.
  • Analyze security configuration assessments to identify deviations from baselines and recommend remediation actions for non-compliant systems.
  • Apply secure configuration management tools including configuration management databases and automated compliance scanning to maintain security baselines.

Identity and access management operations

  • Describe IAM concepts including authentication methods, authorization models, MFA implementations, and privileged access management approaches.
  • Apply access control monitoring techniques to detect unauthorized access attempts, privilege escalation, and anomalous authentication patterns.

Scope

Included Topics

  • All domains and objectives in the ISACA Certified Cybersecurity Operations Analyst (CCOA) exam: Domain 1 Technology Essentials (25%), Domain 2 Cybersecurity Principles and Risk (20%), Domain 3 Adversarial Tactics, Techniques, and Procedures (10%), Domain 4 Incident Detection and Response (34%), and Domain 5 Securing Assets (11%).
  • Foundational cybersecurity operations knowledge including networking fundamentals, operating system concepts, cloud and virtualization technologies, scripting and automation, and database fundamentals.
  • Cybersecurity principles: CIA triad, defense in depth, zero trust, least privilege, cybersecurity governance alignment with business drivers, cross-organizational communication, and security strategy fundamentals.
  • Adversarial TTPs: MITRE ATT&CK framework, common attack patterns, threat actor motivations and methods, malware behavior analysis, social engineering techniques, and attacker mindset development.
  • Incident detection and response: SIEM operations, log analysis, alert triage, threat hunting basics, incident response procedures, containment and eradication, evidence preservation, and recovery operations.
  • Asset security: endpoint protection, network security controls, application security fundamentals, vulnerability management, patch management, secure configuration, and security monitoring.
  • Performance-based and scenario-driven questions requiring hands-on application of cybersecurity operations concepts in simulated environments.

Not Covered

  • Strategic security program management and executive-level security governance (covered by CISM).
  • IT audit planning and execution procedures (covered by CISA).
  • Advanced penetration testing and red team operations beyond SOC analyst scope.
  • Privacy engineering and data protection implementation (covered by CDPSE).
  • Enterprise IT governance and investment management (covered by CGEIT).
  • Vendor-specific SIEM or EDR platform administration beyond conceptual understanding.

Official Exam Page

Learn more at ISACA

Visit

CCOA is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

ISACA®, CISA®, CISM®, CRISC®, CGEIT®, and CDPSE® are registered trademarks of ISACA. ISACA does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.