CompTIA CS0-003 glossary of detection, threats, response terms, traps, and decision cues.
Use this glossary when CompTIA CySA+ (CS0-003) terms start to blur together. The goal is practical recognition, not encyclopedia coverage.
| Term | Exam meaning |
|---|---|
| SIEM | Security information and event management system for aggregating and analyzing logs. |
| EDR | Endpoint detection and response tooling for endpoint telemetry and containment. |
| IOC | Indicator of compromise, such as a hash, domain, IP, or artifact. |
| CVSS | Common Vulnerability Scoring System for severity scoring. |
| Containment | Incident response step that limits spread or impact. |
| Threat hunting | Proactive search for suspicious behavior based on hypotheses and data. |
| Pair | How to separate them |
|---|---|
| Security operations vs Vulnerability management | Ask which layer the scenario is testing, then match the answer to that layer only. |
| Control vs evidence | A control changes behavior; evidence proves behavior or supports investigation. |
| Managed service vs custom build | Managed services win for lower operational effort unless the requirement needs unsupported customization. |
| Prevention vs detection | Prevention blocks or reduces a bad event; detection finds or reports that it happened. |
Do not memorize terms in isolation. For each term, write one scenario where it is the best answer, one scenario where it is a distractor, and one signal that proves it worked.