CompTIA Security+ SY0-701 Exam Objectives Breakdown

The CompTIA Security+ (SY0-701) is the most widely held cybersecurity certification in the world. It's approved by the U.S. Department of Defense for IAT Level II positions and is often the minimum requirement for security-focused IT roles. Here's what the exam covers.

Domain 1: General Security Concepts (12%)

This domain covers the foundational security principles that everything else builds on:

• CIA triad — Confidentiality, integrity, and availability
• Authentication, authorization, and accounting (AAA) — How systems verify identity and track actions
• Zero trust architecture — Never trust, always verify
• Security controls — Technical, managerial, operational, and physical controls
• Gap analysis and security assessments
• Cryptography basics — Symmetric vs asymmetric, hashing, digital signatures, PKI

Domain 2: Threats, Vulnerabilities, and Mitigations (22%)

The second-largest domain focuses on understanding what you're defending against:

• Threat actors — Nation-states, hacktivists, insider threats, organized crime
• Attack types — Phishing, social engineering, malware, ransomware, DDoS, man-in-the-middle
• Vulnerability types — Software bugs, misconfigurations, zero-days, supply chain vulnerabilities
• Indicators of compromise (IoCs) — How to recognize that an attack has occurred
• Mitigation techniques — Patching, segmentation, hardening, access controls

Domain 3: Security Architecture (18%)

How to design and build secure systems:

• Network security architecture — Firewalls, IDS/IPS, proxies, load balancers, VPNs
• Cloud security — Shared responsibility model, CASB, cloud access security
• Secure infrastructure design — DMZ, segmentation, micro-segmentation
• Data protection — Encryption at rest and in transit, DLP, data classification
• Resilience and recovery — Backups, replication, high availability, disaster recovery

Domain 4: Security Operations (28%)

The largest domain — day-to-day security work:

• Security monitoring — SIEM, log analysis, alerting, and baseline establishment
• Incident response — Preparation, detection, containment, eradication, recovery, lessons learned
• Digital forensics — Evidence collection, chain of custody, order of volatility
• Vulnerability management — Scanning, assessment, remediation prioritization
• Identity and access management — MFA, SSO, RBAC, PAM, federation
• Automation and scripting — Using scripts to automate security tasks

Domain 5: Security Program Management and Oversight (20%)

Governance, risk, and compliance:

• Risk management — Risk identification, assessment, treatment (accept, mitigate, transfer, avoid)
• Compliance frameworks — GDPR, HIPAA, PCI-DSS, SOC 2, ISO 27001
• Security policies — Acceptable use, data handling, incident response plans
• Security awareness training — Phishing simulations, role-based training
• Auditing and assessment — Internal vs external audits, penetration testing

Study Priorities

Given the domain weights:

1. Security Operations (28%) — This is where you'll get the most questions. Focus heavily on incident response, SIEM concepts, and vulnerability management.
2. Threats & Vulnerabilities (22%) — Know your attack types cold. Be able to identify attack types from descriptions.
3. Security Program Management (20%) — Don't skip the governance material. Many candidates focus only on technical topics and miss easy compliance questions.

Exam Details

• Passing score: 750 out of 900
• Questions: Up to 90
• Time: 90 minutes
• Prerequisite: None required, but CompTIA recommends Network+ and 2 years of IT security experience

The Security+ has the highest passing threshold of the three foundational CompTIA exams. Consistent practice at the hard and advanced difficulty levels is essential.