Table of Contents

CompTIA Security+ (SY0-701) is the industry-standard entry-level cybersecurity certification trusted by employers worldwide. It validates your ability to assess security postures, implement security solutions, monitor hybrid environments, and respond to incidents. This course covers all five exam domains so you build the skills needed to pass the exam and work in a security role.

DomainTitleExam Weight
1General Security Concepts12%
2Threats, Vulnerabilities, and Mitigations22%
3Security Architecture18%
4Security Operations28%
5Security Program Management and Oversight20%

Resources


Domain 1: General Security Concepts

General Security Concepts

  • Compare and contrast various types of security controls: technical, managerial, operational, and physical
  • Summarize fundamental security concepts: CIA triad, non-repudiation, authentication, authorization, and accounting
  • Explain the importance of change management processes and their impact on security
  • Explain the importance of using appropriate cryptographic solutions: encryption, hashing, digital signatures, and certificates
  • Implement public key infrastructure (PKI): certificate authorities, certificate types, and certificate management
  • Summarize authentication and authorization mechanisms: MFA, SSO, federation, PAP, CHAP, and passwordless
  • Explain identity and access management (IAM) concepts: provisioning, deprovisioning, permission assignments, and privilege access management
  • Identify common security assessment techniques: vulnerability scans, penetration testing, and security audits
  • Explain the purpose and use of security awareness practices: phishing simulations, user training, and policy acknowledgment

Domain 2: Threats, Vulnerabilities, and Mitigations

Threats, Vulnerabilities, and Mitigations

  • Compare and contrast common threat actors: nation-states, hacktivists, insider threats, and organized crime
  • Explain common attack vectors: phishing, vishing, smishing, business email compromise, and supply chain attacks
  • Explain various types of vulnerabilities: application, OS, hardware, firmware, and zero-day
  • Analyze indicators of malicious activity: malware types, network-based attacks, and application-based attacks
  • Summarize techniques used in social engineering attacks: pretexting, watering hole attacks, and impersonation
  • Explain mitigation techniques used to secure the enterprise: patching, encryption, monitoring, and least privilege
  • Identify indicators of compromise (IoCs) and their relationship to threat intelligence
  • Describe cross-site scripting (XSS), SQL injection, buffer overflow, and other common application attacks
  • Explain denial-of-service (DoS) and distributed denial-of-service (DDoS) attack concepts and mitigations

Domain 3: Security Architecture

Security Architecture

  • Compare and contrast security implications of different architecture models: on-premises, cloud, hybrid, and edge
  • Apply infrastructure security best practices: segmentation, VLANs, DMZ, and zero trust architecture
  • Compare and contrast concepts and strategies for protecting data: data at rest, data in transit, and data in use
  • Explain the importance of resilience and recovery: redundancy, replication, backups, and high availability
  • Summarize cloud security concepts: shared responsibility model, CASB, SASE, and cloud-native controls
  • Explain network infrastructure security: firewalls, IDS/IPS, secure DNS, and network access control
  • Explain the security implications of virtualization and containerization technologies
  • Implement secure network architecture concepts: load balancing, proxy servers, and content delivery networks
  • Explain the purpose of security baselines and secure configuration guides for operating systems and applications

Domain 4: Security Operations

Security Operations

  • Apply identity and access management (IAM) techniques: account provisioning, RBAC, ABAC, and MAC
  • Implement and maintain endpoint security: EDR, XDR, antivirus, DLP, and host-based firewalls
  • Explain key management concepts and practices: key escrow, key rotation, and hardware security modules
  • Interpret and analyze security alerts and monitoring data from SIEM, IDS/IPS, and log aggregation tools
  • Apply the incident response process: preparation, identification, containment, eradication, recovery, and lessons learned
  • Use digital forensics techniques to investigate security incidents: chain of custody, evidence collection, and analysis
  • Explain data loss prevention (DLP) concepts and strategies for protecting sensitive data
  • Implement secure protocols and communication standards: TLS, S/MIME, SFTP, DNSSEC, and LDAPS
  • Use automation and orchestration to support security operations: SOAR, scripting, and playbooks
  • Explain vulnerability management processes: scanning, prioritization, remediation, and verification

Domain 5: Security Program Management and Oversight

Security Program Management and Oversight

  • Summarize elements of effective security governance: policies, standards, procedures, and guidelines
  • Explain risk management processes: risk identification, assessment, analysis, and treatment
  • Explain the processes associated with third-party risk management: vendor assessments, supply chain security, and contracts
  • Summarize elements of compliance: regulatory requirements, privacy laws, audits, and reporting obligations
  • Explain types and purposes of audits and assessments: internal audits, external audits, and penetration tests
  • Implement security awareness programs: training content, phishing campaigns, and program metrics
  • Explain data privacy concepts: data sovereignty, data classification, data retention, and legal holds
  • Identify key frameworks and standards: NIST CSF, ISO 27001, SOC 2, PCI DSS, and HIPAA
  • Summarize business continuity and disaster recovery planning concepts: BIA, RTO, RPO, and tabletop exercises

Ready to test your knowledge? Visit the CompTIA Security+ Practice Test to gauge your exam readiness. Browse all available courses and study guides at Courses and Playbooks .