📱 New iOS App — CertFlash: CompTIA flashcards built for exam day. Get it on the App Store ↗
CompTIA Security+ SY0-701

CompTIA Security+ Study Guide

CompTIA Security+ (exam SY0-701) is the most widely recognized entry-level cybersecurity certification — it satisfies DoD 8140 IAT Level II requirements and tests five domains: General Security Concepts, Threats & Vulnerabilities, Security Architecture, Security Operations, and Security Program Management. This study guide breaks down each domain with weightings, links every domain to its primary topic guides, and walks through a realistic 10-week study plan.

SY0-701
Exam code
90
Max questions
750/900
Passing score
90 min
Time limit
SF
Sean Fogarty CompTIA A+ Certified · Network+ in progress
Quick Answer
The CompTIA Security+ (SY0-701) is the most widely recognized entry-level cybersecurity certification — it satisfies DoD 8140 IAT Level II requirements and is required or preferred for many federal and defense contractor security roles. The exam is up to 90 questions in 90 minutes with a passing score of 750/900. It tests five domains: General Security Concepts (12%), Threats Vulnerabilities & Mitigations (22%), Security Architecture (18%), Security Operations (28%), and Security Program Management & Oversight (20%). Realistic study time at 1–2 hours per day is 8–12 weeks with a Network+ foundation. The three highest-ROI study topics: incident response (PICERL), cryptography, and scenario-reading technique.

Who should take CompTIA Security+?

Security+ is the entry-level cybersecurity certification recognized by the US DoD (Directive 8140) and most enterprise security teams. It proves you can identify threats, implement security controls, and respond to incidents — not just define terms. The SY0-701 version emphasizes scenario-based application over memorisation; you need to understand what to do in a situation, not just what something is called.

Security+ is the logical next step after Network+. Roughly 30% of its content builds directly on networking knowledge — firewalls, VPNs, network attacks, wireless security. If you've taken Network+ recently, you already know a significant chunk of Domain 4.

SY0-701 vs SY0-601 — What Changed

The SY0-701 (current) consolidated from 6 domains to 5 and significantly expanded coverage of cloud security, zero trust architecture, and automation/scripting. The threats domain now includes more advanced attack techniques (living-off-the-land, supply chain attacks). If you're using older SY0-601 materials, supplement them — the cloud and automation content is substantially different.

SY0-601 expires Q4 2024 — if you haven't passed it yet, you need SY0-701 materials.

What are the Security+ exam domain weightings?

1. General Security Concepts
12%
12%
2. Threats, Vulnerabilities & Mitigations
22%
22%
3. Security Architecture
18%
18%
4. Security Operations
28%
28%
5. Security Program Management & Oversight
20%
20%

Which study resources cover each Security+ domain?

Domain 1
General Security Concepts
12%

Foundational vocabulary — security controls (technical, administrative, physical), cryptography principles, authentication types, and public key infrastructure. Smaller domain, but the concepts underpin everything else. Get these definitions sharp — they set up the vocabulary for all other domains.

Cryptography FundamentalsSymmetric vs asymmetric, hashing, digital signatures, TLS handshake Encryption Types ExplainedAES, RSA, ECC, 3DES — algorithms, key lengths, use cases PKI & Digital CertificatesCA hierarchy, certificate types, HTTPS, CRL, OCSP, pinning Identity & Access ManagementMFA, SSO, LDAP, PAM, access control models (RBAC, MAC, DAC) Ports & Protocols ReferenceSecure vs insecure protocol pairs — SSH/Telnet, HTTPS/HTTP, LDAPS/LDAP Physical Security ControlsBollards, mantrap, badge access, CCTV, environmental controls
Domain 2
Threats, Vulnerabilities & Mitigations
22%

The largest threat-focused domain — malware types, social engineering, network attacks, application vulnerabilities, and vulnerability scanning. This is the most scenario-heavy domain: given a description of an attack, identify it and select the correct mitigation.

Malware Types ExplainedVirus, worm, trojan, ransomware, RAT, rootkit, keylogger, spyware — with mitigations Social Engineering AttacksPhishing, spear phishing, vishing, smishing, pretexting, tailgating Network AttacksDDoS, MITM, ARP poisoning, DNS spoofing, session hijacking, replay attacks Wireless Security ProtocolsWEP weaknesses, WPA2, WPA3, evil twin, deauth attacks, 802.1X Zero Trust ArchitectureNever trust always verify, microsegmentation, least privilege, ZTNA
Domain 3
Security Architecture
18%

How secure networks and infrastructure are designed — cloud security models, network segmentation, virtualisation security, secure network design (DMZ, screened subnet), and resilience. Cloud security is heavily weighted in SY0-701 and was significantly expanded from SY0-601.

Cloud Computing ConceptsIaaS/PaaS/SaaS, shared responsibility model, public/private/hybrid cloud Cloud Security — CASB, CSPM & MisconfigurationsCloud access security broker, posture management, container and serverless security Network SegmentationVLANs, DMZ, screened subnet, microsegmentation, air gaps, jump servers Virtualisation ExplainedType 1/Type 2 hypervisors, VM escape, container security, snapshots Firewall TypesStateful, NGFW, WAF, IDS vs IPS, ACLs, DMZ architecture VPNs ExplainedIPSec, TLS VPN, site-to-site, remote access, split tunneling
Domain 4
Security Operations
28%

The largest domain at 28% — incident response, digital forensics, identity and access management, endpoint security, and monitoring. This is where the most scenario-based questions live. Know the PICERL phases cold and be able to select the correct IR action for a given scenario.

Incident Response Overview (PICERL)6 phases, IoCs, containment strategies, digital forensics, escalation IR PlaybooksRansomware, data breach, DDoS, phishing — step-by-step response procedures Identity & Access ManagementMFA, PAM, SSO, role-based access control, least privilege Active Directory BasicsDomain, OU, GPO, Kerberos, LDAP — how AD authentication works Group Policy (GPOs)LSDOU, password policies, AppLocker, BitLocker enforcement via GPO Linux CommandsEssential commands for security analysts — grep, find, chmod, netstat, ps Windows Command Lineipconfig, netstat, tasklist, reg, sfc — commands tested in Security+ scenarios
Domain 5
Security Program Management & Oversight
20%

Governance, risk, compliance, and data privacy — the business side of security. Risk assessment types (qualitative vs quantitative), frameworks (NIST, ISO 27001), regulations (GDPR, HIPAA, PCI-DSS), and security policies. Often underestimated — 20% means roughly 18 questions. Don't skip GRC.

PKI & Certificate ManagementCertificate lifecycle, revocation, trust chains — relevant to compliance frameworks Zero Trust ArchitectureNIST 800-207 framework, policy engine, control plane vs data plane Physical Security ControlsSite surveys, environmental monitoring, hardware security (HSM, TPM) Cloud Shared ResponsibilityWho owns security in IaaS vs PaaS vs SaaS — key compliance concept

What is a realistic 10-week Security+ study plan?

Security+ requires more study time than A+ or Network+ because of the breadth and the scenario-based question format. Most candidates need 8–12 weeks. This plan assumes 1–2 hours per day. With this much terminology to retain, spaced-repetition flashcards help — it's worth knowing the best flashcard apps for CompTIA before you pick one.

Week 1
Foundations & Cryptography
Security control types · CIA triad · symmetric vs asymmetric · hashing · PKI · TLS handshake · certificate types · ports for secure protocols
Week 2
Authentication & Access Control
MFA factors · SSO · LDAP/Kerberos · RADIUS/802.1X · PAM · RBAC/MAC/DAC · least privilege · zero trust principles
Week 3
Threats & Malware
All malware types · social engineering techniques · phishing variants · insider threats · supply chain attacks · living-off-the-land · indicators of compromise
Week 4
Network Attacks & Mitigations
DDoS types · MITM techniques · ARP/DNS attacks · wireless attacks (evil twin, deauth) · injection attacks · firewall and IDS/IPS mitigations
Week 5
Security Architecture
Cloud models and shared responsibility · network segmentation · DMZ/screened subnet · virtualisation security · VPN types · zero trust architecture
Week 6
Incident Response
PICERL phases · IR playbooks (ransomware, breach, DDoS) · order of volatility · digital forensics · chain of custody · SIEM and log analysis
Week 7
Governance, Risk & Compliance
Risk types (qualitative vs quantitative) · BIA · BCP/DRP · NIST framework · GDPR/HIPAA/PCI-DSS requirements · data classification · security policies
Week 8
Vulnerability Management
Vulnerability scanning vs pen testing · CVSS scoring · patch management · hardening (CIS benchmarks) · secure baselines
Week 9
Practice Exams — First Pass
Full-length practice exam · review every wrong answer by domain · identify weak areas · return to study materials for bottom 2 domains
Week 10
Practice Exams & PBQs
2–3 full practice exams · focus on PBQ format · timed exam simulation · final review of IR phases and cryptography · schedule and sit
🎯 The Three Highest-ROI Security+ Study Topics

Incident Response (PICERL) — Domain 4 is 28% of the exam and IR scenarios appear constantly. Know the six phases in order, know which action belongs in which phase (containment before eradication, legal counsel before public notification), and know the order of volatility for forensics.

Cryptography — Symmetric vs asymmetric, when to use each, which algorithms (AES, RSA, ECC, SHA), and how TLS uses both (asymmetric for key exchange, symmetric for data). Questions appear across all domains — a secure protocol question is really a cryptography question.

Scenario reading — Security+ questions are long. Practice reading scenario questions efficiently: identify what the question is actually asking (often in the last sentence), eliminate obviously wrong answers, then apply your knowledge. Time management on PBQs is the #1 reason candidates run out of time.

What are Security+ performance-based questions (PBQs)?

Security+ PBQs on SY0-701 commonly include: network diagram analysis (identify the security flaw in a given topology), log file interpretation (identify the attack type from firewall or SIEM logs), access control configuration (assign the correct permissions given a scenario), and incident response ordering (drag the response steps into the correct PICERL sequence).

PBQs appear at the start of the exam and cannot be skipped (you must at least submit an answer before moving on). A common strategy: spend no more than 5 minutes per PBQ, make your best attempt, flag it, then return after finishing the multiple-choice questions if time allows.

📱 A free flashcard tool for the Security+ path

CertFlash: CompTIA Study Cards is a free iOS app for focused flashcard study with built-in spaced repetition. The Security+ deck is part of the one-time $5.99 unlock, which also includes Network+, CySA+, Linux+, Cloud+, and PenTest+ — useful as you continue past Security+ toward CySA+. The A+ deck is free if you want to try the app before unlocking. It's not a course or practice exam — it's a flashcard app with spaced repetition that sits on top of whatever primary resource you're using. Get CertFlash on the App Store →

Ready to start studying?

Security+ flashcards on iOS via CertFlash (one-time $5.99 unlock includes Security+, Network+, CySA+, Linux+, Cloud+, and PenTest+) — or compare the best paid courses, practice exams, and books for SY0-701.

Get CertFlash (Includes Security+ Deck) → Or compare paid Security+ resources →

Also On IT Study Hub

Security+ Domain BreakdownDetailed breakdown of all 5 SY0-701 domains with study priorities Security+ Cheat SheetQuick reference for exam day — attacks, protocols, IR phases, acronyms How to Pass Security+Study strategy, recommended resources, and exam-day tips Network+ vs Security+Should you take Network+ before Security+? What overlaps? CompTIA Certifications RoadmapFull pathway from A+ through Security+ and beyond Network+ Study GuideIf you're taking Network+ before Security+, start here
SF
Written by
Sean Fogarty
CompTIA A+ Certified · Network+ in progress

I built IT Study Hub while studying for the CompTIA A+, because most free resources either gave you bullet points with no context or were clearly written to rank on Google rather than to help anyone actually learn. Every article here is written to answer the question a studying candidate actually has — not just “what is this term?” but “how does this work, when does it matter, and how will it show up on the exam?”

More about this site →

What should you expect on the Security+ exam?

SY0-701 is 90 questions in 90 minutes with a passing score of 750 out of 900. Like Network+, PBQs appear at the start of the exam. Security+ PBQ formats include log file analysis (identify an attack type from a SIEM or firewall log excerpt), network diagram analysis (identify the security flaw in a described topology), incident response ordering (sequence the correct PICERL steps), and access control configuration (select the correct policy for a described user scenario).

Security+ scenario questions are longer and more complex than A+ or Network+ questions. A question might describe a company's entire security posture across three paragraphs before asking which single control would most effectively address the described risk. Practicing reading and extracting the key question from long scenarios is a skill that must be developed through practice, not just content study.

The most commonly cited exam day surprise from candidates: Domain 5 (Security Program Management) questions are more frequent and more detailed than expected. Risk calculations (SLE × ARO = ALE), data roles (data owner vs data custodian vs data processor), and regulatory frameworks (GDPR 72-hour notification, HIPAA, PCI-DSS scope) appear in scenario form. Know these — they're not background knowledge, they're exam questions.

How can you prepare for Security+ in 8 weeks?

Candidates with Network+ spend roughly 8 weeks preparing for Security+ at 1–2 hours per day. A practical 4-phase approach: Weeks 1–2 — cover Domain 1 (cryptography, security controls taxonomy, authentication concepts) and Domain 2 (all malware types, social engineering attacks, vulnerability types). These form the vocabulary for the rest of the exam. Weeks 3–4 — cover Domain 3 (cloud security, Zero Trust, network security architecture, secure design) and Domain 4 Part 1 (incident response PICERL, digital forensics, identity and access management). Weeks 5–6 — cover Domain 4 Part 2 (endpoint security, SIEM/SOAR, monitoring) and Domain 5 (risk management, compliance frameworks, data governance, security awareness). Weeks 7–8 — full practice exams (Dion Training), domain-level analysis of weak areas, PBQ-specific drilling, and scenario question reading practice.

Three things to do differently from most candidates: First, study GRC (Domain 5) as seriously as the technical domains. Second, practice identifying attack types from descriptions rather than names — the exam describes the behavior, you supply the term. Third, track your performance by domain on every practice exam and weight your review time to both domain weight and your personal weakness.

What jobs does Security+ qualify you for?

Security+ is the baseline credential for most entry to mid-level cybersecurity roles. It satisfies the US Department of Defense Directive 8140 IAT Level II requirement, making it a mandatory or preferred credential for many federal government and defense contractor positions. In the private sector, security analyst, SOC analyst, information security specialist, and junior penetration tester roles commonly list Security+ as a preferred or required certification.

Beyond the job requirement signal, Security+ teaches the conceptual foundation for understanding security operations, incident response, risk management, and secure architecture. The knowledge has long-term value because the fundamental principles — defense in depth, least privilege, zero trust, the CIA triad — don't change even as specific technologies do. Security+ is worth studying thoroughly, not just passing.