CompTIA Certification

Security+

CompTIA Security+ (SY0-701)

CompTIA | 5 domains · 61 modules | Start Today

This track is built to help you think like a security practitioner — the way CompTIA expects on the Security+ exam. Not memorization. Not buzzword matching. Applied knowledge across threats, architecture, operations, and governance.

Exam Details

Detail Security+ (SY0-701)
Format Up to 90 questions (multiple-choice and performance-based)
Time 90 minutes
Cost $404 USD
Passing Score 750 out of 900
Experience 2 years in IT administration with security focus (recommended, not required)
Renewal 50 CEUs over 3 years, annual fee $75/year

What You’ll Learn

  • Build a core security foundation beyond memorizing terms and acronyms
  • Understand how CompTIA frames questions — applied knowledge, not rote recall
  • Work through threat analysis, architecture, and operations scenarios
  • Develop structured self-assessment practices to know when you’re exam-ready
Let's Get Started →
Domain 1 — General Security Concepts (12%)

Security controls, CIA triad, AAA, zero trust, change management, and cryptographic solutions.

Section A — Security Foundations

  1. 1 Security Control Categories and Types
  2. 2 The CIA Triad and Fundamental Security Concepts
  3. 3 Authentication, Authorization, and Accounting (AAA)
  4. Section A Review: Security Foundations

Section B — Zero Trust and Cryptography

  1. 4 Zero Trust Architecture
  2. 5 Change Management and Security Impact
  3. 6 Cryptographic Concepts and Methods
  4. 7 Public Key Infrastructure (PKI)
  5. Section B Review: Zero Trust and Cryptography

Domain 1 Review

  1. Capstone Review: GENERAL SECURITY CONCEPTS
Domain 2 — Threats, Vulnerabilities, and Mitigations (22%)

Threat actors, attack surfaces, social engineering, vulnerability categories, malware, attacks, and mitigation techniques.

Section A — Threat Landscape

  1. 8 Threat Actor Types and Motivations
  2. 9 Threat Vectors and Attack Surfaces
  3. 10 Social Engineering Techniques
  4. Section A Review: Threat Landscape

Section B — Vulnerability Categories

  1. 11 Application and Software Vulnerabilities
  2. 12 Operating System and Hardware Vulnerabilities
  3. 13 Cloud and Virtualization Vulnerabilities
  4. 14 Web-Based and Mobile Device Vulnerabilities
  5. Section B Review: Vulnerability Categories

Section C — Malicious Activity and Mitigations

  1. 15 Malware Types and Indicators of Compromise
  2. 16 Network and Application Attacks
  3. 17 Cryptographic and Password Attacks
  4. 18 Mitigation Techniques and Controls
  5. Section C Review: Malicious Activity and Mitigations

Domain 2 Review

  1. Capstone Review: THREATS, VULNERABILITIES, AND MITIGATIONS
Domain 3 — Security Architecture (18%)

Cloud models, virtualization, IoT/ICS, infrastructure as code, design principles, data protection, and resilience.

Section A — Architecture Models

  1. 19 Cloud and Hybrid Security Models
  2. 20 Virtualization, Containerization, and Serverless
  3. 21 IoT, ICS/SCADA, and Embedded Systems
  4. 22 Infrastructure as Code and Automation
  5. Section A Review: Architecture Models

Section B — Data Protection and Resilience

  1. 23 Security Architecture Design Principles
  2. 24 Data Protection, Classification, and Privacy
  3. 25 High Availability and Site Resilience
  4. 26 Backup Strategies and Disaster Recovery
  5. Section B Review: Data Protection and Resilience

Domain 3 Review

  1. Capstone Review: SECURITY ARCHITECTURE
Domain 4 — Security Operations (28%)

Secure baselines, hardening, wireless, asset management, vulnerability management, monitoring, defense tools, identity, and incident response.

Section A — Secure Computing

  1. 27 Secure Baselines and Hardening
  2. 28 Wireless and Mobile Device Security
  3. 29 Asset Management and Configuration Control
  4. 30 Vulnerability Management Lifecycle
  5. Section A Review: Secure Computing

Section B — Monitoring and Defense

  1. 31 Security Monitoring and Log Analysis
  2. 32 Firewalls, IDS/IPS, and Network Security Tools
  3. 33 Endpoint Detection, Response, and DLP
  4. Section B Review: Monitoring and Defense

Section C — Identity and Response

  1. 34 Identity and Access Management
  2. 35 Authentication Methods and MFA
  3. 36 Automation and Orchestration
  4. 37 Incident Response and Digital Forensics
  5. Section C Review: Identity and Response

Domain 4 Review

  1. Capstone Review: SECURITY OPERATIONS
Domain 5 — Security Program Management and Oversight (20%)

Governance, policies, risk management, third-party risk, compliance, audits, and security awareness programs.

Section A — Governance and Risk

  1. 38 Security Governance and Policy Frameworks
  2. 39 Risk Identification and Assessment
  3. 40 Risk Analysis and Treatment Strategies
  4. 41 Third-Party and Supply Chain Risk
  5. Section A Review: Governance and Risk

Section B — Compliance and Awareness

  1. 42 Regulatory Compliance and Privacy
  2. 43 Audits, Assessments, and Penetration Testing
  3. 44 Security Awareness and Training Programs
  4. Section B Review: Compliance and Awareness

Domain 5 Review

  1. Capstone Review: SECURITY PROGRAM MANAGEMENT AND OVERSIGHT

Career Benefits

  • Average salary: $75,000–$110,000 (varies by region and experience)
  • DoD 8570.01-M / 8140 compliance for IAT Level II
  • Vendor-neutral baseline security certification recognized globally
  • Required or preferred for Security Analyst, Systems Administrator, SOC Analyst roles

How It Compares

Security+ is a foundational, vendor-neutral certification covering broad security concepts, while CISSP and CISM target experienced professionals in senior roles. If you're early in your security career or transitioning from IT, Security+ is the ideal starting point. For management-level credentials, consider CISM or CISSP after gaining experience. See the full comparison →

Head-to-head comparisons: Security+ vs CISM · Security+ vs CISSP · Security+ vs CRISC