The CompTIA Security+ SY0-701 certification verifies that you have the core knowledge and skills required to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions. This study guide breaks down the exam into its five key domains, providing a structured path to mastering security concepts, threat analysis, architecture, operations, and governance. Use this guide to track your progress and ensure you are fully prepared for exam day.
General Security Concepts
12% of Exam Content
-
1.1 – Compare and contrast various types of security controls.
Distinguishes technical, physical, and administrative controls by purpose (preventive, detective, corrective, etc.).
Security controls are categorized by:
- Technical: Hardware or software mechanisms (e.g., Firewalls, Encryption).
- Administrative: Policies and procedures (e.g., AUP, Separation of Duties).
- Physical: Tangible protection (e.g., Locks, Fences, CCTV).
They are also classified by function: Preventive (stops attack), Detective (identifies attack), Corrective (fixes impact), Deterrent (discourages), and Compensating (alternative measure).
-
1.2 – Summarize fundamental security concepts.
Covers principles like CIA triad, AAA, Zero Trust, and least privilege.
Core concepts include:
- CIA Triad: Confidentiality, Integrity, Availability.
- AAA: Authentication, Authorization, Accounting (Auditing).
- Zero Trust: "Never trust, always verify." No implicit trust based on location.
- Least Privilege: Users have only minimum necessary access rights.
-
1.3 – Explain the importance of change management processes and the impact to security.
Describes how unmanaged changes create risk and disrupt secure environments.
Effective Change Management ensures updates are proposed, reviewed, tested, and documented. Key steps: Request for Change (RFC), Impact Analysis, Approval (CAB), Implementation, and Rollback Plan.
-
1.4 – Explain the importance of using appropriate cryptographic solutions.
Highlights the role of cryptography in confidentiality, integrity, and non-repudiation.
- Symmetric: Single key (AES, DES) for speed/confidentiality.
- Asymmetric: Public/Private key pair (RSA, ECC) for key exchange/signing.
- Hashing: One-way function (SHA-256, MD5) for integrity.
- Non-repudiation: Proof of origin (Digital Signatures).
Threats, Vulnerabilities, and Mitigations
22% of Exam Content
-
2.1 – Compare and contrast common threat actors and motivations.
Identifies adversaries like nation-states, hacktivists, and insiders based on objectives and sophistication.
- APT (Advanced Persistent Threat): Nation-states, highly sophistcated, long-term Access.
- Script Kiddie: Low skill, uses existing tools.
- Insider Threat: Employees or contractors (malicious or negligent).
- Hacktivist: Ideologically motivated.
-
2.2 – Explain common threat vectors and attack surfaces.
Describes how attackers exploit entry points such as emails, open ports, and supply chains.
Vectors: Email (Phishing), Web (XSS, SQLi), Wireless, Removable Media, Supply Chain.
Attack Surface: The sum of all possible points where an unauthorized user can try to enter data to or extract data from an environment. -
2.3 – Explain various types of vulnerabilities.
Examines software flaws, weak configurations, and emerging zero-day threats.
- Zero-Day: Unknown to vendor, no patch exists.
- Misconfiguration: Default passwords, open ports.
- Web Vulns: XSS, SQL Injection, CSRF.
-
2.4 – Given a scenario, analyze indicators of malicious activity.
Demonstrates use of logs, alerts, and behavioral anomalies to identify threats.
IoC (Indicators of Compromise): Hash values, IP addresses, Domain names. Abnormal traffic patterns, increased privilege usage, and unexpected patching/reboots.
-
2.5 – Explain the purpose of mitigation techniques used to secure the enterprise.
Outlines practices like patching, segmentation, and encryption for minimizing exposure.
Techniques include: Network Segmentation (VLANs, Air gapping), Application Allowlisting, Patch Management, and hardening endpoints.
Security Architecture
18% of Exam Content
-
3.1 – Compare and contrast security implications of different architecture models.
Addresses cloud, hybrid, and OT systems like ICS or SCADA.
- Cloud Models: SaaS (Software), PaaS (Platform), IaaS (Infrastructure).
- On-premise vs. Hybrid: Control vs. Scalability.
- SCADA/ICS: Industrial control systems, often legacy and air-gapped but increasingly connected.
-
3.2 – Given a scenario, apply security principles to secure enterprise infrastructure.
Focuses on zoning, segmentation, and access control practices.
Strategies: DMZ (Demilitarized Zone) for public facing services, VPNs for remote access, SDN (Software Defined Networking) for agility.
-
3.3 – Compare and contrast concepts and strategies to protect data.
Covers encryption, tokenization, and data classification across data states.
- Data States: At Rest (Storage), In Transit (Network), In Use (Memory).
- DLP (Data Loss Prevention): Tools to prevent unauthorized exfiltration.
- Classification: Public, Internal, Confidential, Restricted.
-
3.4 – Explain the importance of resilience and recovery in security architecture.
Explores HA, backups, and disaster recovery to ensure business continuity.
- High Availability (HA): Load balancing, clustering, Redundancy.
- Backups: Full, Incremental, Differential. 3-2-1 Rule.
- RAID: Redundant Array of Independent Disks for disk fault tolerance.
Security Operations
28% of Exam Content
-
4.1 – Security Techniques
Given a scenario, apply common security techniques to computing resources. System hardening, patch management, and endpoint protection are key techniques.
Techniques to reduce attack surface:
- Hardening: Disabling unnecessary services/ports.
- Endpoint Protection: EDR/XDR, Antivirus, Host-based Firewalls.
-
4.2 – Asset Management
Explain the security implications of proper hardware, software, and data asset management. Asset inventory and tracking support risk mitigation and compliance.
"You can't protect what you don't know." Involves Lifecycle management (Procurement to Disposal), Media sanitization, and Software licensing compliance.
-
4.3 – Vulnerability Management
Explain various activities associated with vulnerability management. Includes scanning, prioritizing, remediating, and validating vulnerabilities.
Key phases: Scanning (intrusive vs non-intrusive), Reporting (CVSS scores), Remediation (Patching, Compensating controls).
-
4.4 – Monitoring Tools
Explain security alerting and monitoring concepts and tools. SIEMs, IDS/IPS, and endpoint monitoring help detect and respond to threats.
- SIEM: Aggregates and correlates logs.
- IDS/IPS: Intrusion Detection (Passive) vs Prevention (Active).
- SNMP: Monitoring network device health.
-
4.5 – IAM
Given a scenario, implement and maintain identity and access management. MFA, SSO, and RBAC reduce unauthorized access risks.
- MFA: Something you know, have, are, or are located.
- RBAC: Access based on job role.
- SSO: Single Sign-On (SAML, OIDC).
-
4.6 – Security Enhancements
Given a scenario, modify enterprise capabilities to enhance security. Security upgrades must be integrated into business processes and tools.
Includes implementing secure protocols (DNSSEC, SSH instead of Telnet), email security (SPF, DKIM, DMARC), and file integrity monitoring.
-
4.7 – Automation
Explain the importance of automation and orchestration related to secure operations. Automated processes reduce errors and improve response times.
SOAR: Security Orchestration, Automation, and Response. Automating repetitive tasks (ticket creation, IP blocking) to free up analysts.
-
4.8 – Incident Response
Explain appropriate incident response activities. Activities include detection, containment, eradication, recovery, and lessons learned.
- Preparation.
- Detection & Analysis.
- Containment, Eradication, Recovery.
- Post-Incident Activity (Lessons Learned).
-
4.9 – Data Sources
Given a scenario, use data sources to support an investigation. Logs, alerts, and forensic data reveal indicators of compromise.
Sources: Firewall logs, Syslog, NetFlow (metadata), Packet Captures (full payload).
Program Management and Oversight
20% of Exam Content
-
5.1 – Governance
Summarize elements of effective security governance. Defines security roles, responsibilities, and policies that align with business goals.
Involves Standards, Procedures, Policies, and Guidelines. Executive management defines the Risk Appetite.
-
5.2 – Risk Management
Explain elements of the risk management process. Risk identification, analysis, and mitigation help prioritize defense strategies.
- Risk Assessment: SLE, ALE, ARO (Quantitative).
- Treatment: Avoid, Transfer (Insurance), Mitigate, Accept.
- BIA: Business Impact Analysis (RTO, RPO, MTBF).
-
5.3 – Third-Party Risk
Explain the processes associated with third-party risk assessment and management. Includes vendor evaluations, SLAs, and due diligence procedures.
Managing Supply Chain Risk via SLA (Service Level Agreement), MOU (Memorandum of Understanding), and NDA (Non-Disclosure Agreement).
-
5.4 – Compliance
Summarize elements of effective security compliance. Involves understanding and adhering to standards and regulations like GDPR or HIPAA.
Regulations: GDPR (EU Privacy), HIPAA (Health), PCI-DSS (Credit Cards).
-
5.5 – Audits
Explain types and purposes of audits and assessments. Audits verify control effectiveness; assessments identify gaps or misalignments.
Internal vs External audits. Independent verification of controls helps maintain accreditation and trust.
-
5.6 – Awareness
Given a scenario, implement security awareness practices. Training programs build a security-minded workforce and reduce human error.
Methods: Phishing Simulations, Computer Based Training (CBT), Tabletop exercises.
Ready to Start Your Security+ Journey?
Now that you understand the exam objectives, it's time to dive deeper. Check out our comprehensive study guides and exam tips to fast-track your certification.