CompTIA Security+ (SY0-701) Study Guide [240 Minute Read]

A First-Principles Approach to Cybersecurity

Welcome to the CompTIA Security+ (SY0-701) Study Guide. This guide moves beyond surface-level memorization. It is designed to build a robust mental model of how cybersecurity works across enterprise environments — understanding the why behind every security decision, architecture choice, and incident response action.

Each topic is aligned with the official CompTIA Security+ Exam Objectives (SY0-701), targeting the specific cognitive skills required for success. Roughly half the exam questions are scenario-based, requiring you to apply concepts to real-world situations rather than simply recalling definitions. Performance-Based Questions (PBQs) test hands-on skills in simulated environments like configuring firewalls or analyzing logs.

Exam Details: Up to 90 questions (multiple-choice + PBQs) | 90 minutes | Passing score: 750/900 (~83%)

Prerequisites: CompTIA recommends Network+ certification and a minimum of 2 years of experience in IT administration with a focus on security. Familiarity with TCP/IP networking, operating systems (Windows and Linux), and basic IT infrastructure concepts is assumed.

Exam Domain Weights

Loading diagram...

Security Operations dominates at 28%, meaning nearly a third of your exam will cover topics like hardening, vulnerability management, monitoring, identity management, incident response, and automation. Combined with Threats/Vulnerabilities (22%), over half the exam tests your ability to detect, respond to, and prevent security incidents. Don't underestimate the 20% on Security Program Management — governance, risk, and compliance questions are heavily scenario-based and trip up candidates who focus only on technical topics.

(Table of Contents - For Reference)

• Phase 1: First Principles of Cybersecurity
  • 1.1. The Security Mindset: What Are We Protecting and Why?
    • 1.1.1. The CIA Triad as a Decision Framework
    • 1.1.2. Risk-Based Thinking: Probability Meets Impact
  • 1.2. Defense in Depth: Layers of Security
    • 1.2.1. Control Categories and Types
    • 1.2.2. Prevention, Detection, and Response
  • 1.3. Trust and Identity in Digital Systems
    • 1.3.1. Authentication vs. Authorization
    • 1.3.2. The Zero Trust Mindset
  • 1.4. Cryptography: The Language of Secrets
    • 1.4.1. Symmetric vs. Asymmetric Encryption
    • 1.4.2. Hashing and Integrity
  • 1.5. Reflection Checkpoint
• Phase 2: General Security Concepts (12%)
  • 2.1. Security Controls
    • 2.1.1. Control Categories: Technical, Managerial, Operational, Physical
    • 2.1.2. Control Types: Preventive Through Directive
  • 2.2. Fundamental Security Concepts
    • 2.2.1. CIA Triad and Non-Repudiation
    • 2.2.2. Authentication, Authorization, and Accounting (AAA)
    • 2.2.3. Gap Analysis
    • 2.2.4. Zero Trust Architecture
    • 2.2.5. Physical Security Controls
    • 2.2.6. Deception and Disruption Technology
  • 2.3. Change Management and Security
    • 2.3.1. Business Processes Impacting Security Operations
    • 2.3.2. Technical Implications of Changes
    • 2.3.3. Documentation and Version Control
  • 2.4. Cryptographic Solutions
    • 2.4.1. Public Key Infrastructure (PKI)
    • 2.4.2. Encryption Methods and Algorithms
    • 2.4.3. Cryptographic Tools
    • 2.4.4. Obfuscation Techniques
    • 2.4.5. Hashing, Salting, and Digital Signatures
    • 2.4.6. Certificates and Certificate Management
  • 2.5. Reflection Checkpoint
• Phase 3: Threats, Vulnerabilities, and Mitigations (22%)
  • 3.1. Threat Actors and Motivations
    • 3.1.1. Types of Threat Actors
    • 3.1.2. Attributes and Motivations
  • 3.2. Threat Vectors and Attack Surfaces
    • 3.2.1. Message-Based, Image-Based, and File-Based Vectors
    • 3.2.2. Network and System Vectors
    • 3.2.3. Supply Chain Vectors
    • 3.2.4. Human Vectors and Social Engineering
  • 3.3. Types of Vulnerabilities
    • 3.3.1. Application and Web Vulnerabilities
    • 3.3.2. Hardware, OS, and Misconfiguration Vulnerabilities
    • 3.3.3. Cloud, Virtualization, and Supply Chain Vulnerabilities
    • 3.3.4. Cryptographic, Mobile, and Zero-Day Vulnerabilities
  • 3.4. Indicators of Malicious Activity
    • 3.4.1. Malware Attacks
    • 3.4.2. Physical and Network Attacks
    • 3.4.3. Application and Cryptographic Attacks
    • 3.4.4. Password Attacks and Behavioral Indicators
  • 3.5. Mitigation Techniques
    • 3.5.1. Segmentation, Access Control, and Isolation
    • 3.5.2. Patching, Monitoring, and Configuration Enforcement
    • 3.5.3. Hardening Techniques
  • 3.6. Reflection Checkpoint
• Phase 4: Security Architecture (18%)
  • 4.1. Security Architecture Models
    • 4.1.1. Cloud and Infrastructure Concepts
    • 4.1.2. Network Infrastructure and Segmentation
    • 4.1.3. Specialized Systems: IoT, ICS/SCADA, and Embedded
    • 4.1.4. Architecture Considerations
  • 4.2. Securing Enterprise Infrastructure
    • 4.2.1. Infrastructure Considerations and Device Placement
    • 4.2.2. Network Appliances and Firewalls
    • 4.2.3. Secure Communication and Access
  • 4.3. Data Protection Concepts and Strategies
    • 4.3.1. Data Types and Classifications
    • 4.3.2. Data States and Sovereignty
    • 4.3.3. Methods to Secure Data
  • 4.4. Resilience and Recovery in Security Architecture
    • 4.4.1. High Availability and Site Considerations
    • 4.4.2. Continuity of Operations and Capacity Planning
    • 4.4.3. Testing and Backups
    • 4.4.4. Power Systems
  • 4.5. Reflection Checkpoint
• Phase 5: Security Operations (28%)
  • 5.1. Common Security Techniques for Computing Resources
    • 5.1.1. Secure Baselines
    • 5.1.2. Hardening Targets
    • 5.1.3. Wireless and Mobile Security
    • 5.1.4. Application Security and Sandboxing
  • 5.2. Hardware, Software, and Data Asset Management
    • 5.2.1. Acquisition and Assignment
    • 5.2.2. Monitoring and Disposal
  • 5.3. Vulnerability Management
    • 5.3.1. Identification Methods
    • 5.3.2. Analysis and Prioritization
    • 5.3.3. Response, Remediation, and Validation
  • 5.4. Security Alerting and Monitoring
    • 5.4.1. Monitoring Computing Resources
    • 5.4.2. Monitoring Activities
    • 5.4.3. Security Monitoring Tools
  • 5.5. Enterprise Security Capabilities
    • 5.5.1. Firewalls, IDS/IPS, and Web Filters
    • 5.5.2. OS Security and Secure Protocols
    • 5.5.3. Email Security and DNS Filtering
    • 5.5.4. DLP, NAC, EDR/XDR, and User Behavior Analytics
  • 5.6. Identity and Access Management
    • 5.6.1. User Account Management and Identity Proofing
    • 5.6.2. Federation and Single Sign-On (SSO)
    • 5.6.3. Access Control Models
    • 5.6.4. Multifactor Authentication (MFA)
    • 5.6.5. Password Concepts and Privileged Access Management
  • 5.7. Automation and Orchestration
    • 5.7.1. Use Cases for Automation and Scripting
    • 5.7.2. Benefits and Considerations
  • 5.8. Incident Response
    • 5.8.1. The Incident Response Process
    • 5.8.2. Training, Testing, and Digital Forensics
  • 5.9. Data Sources for Investigations
    • 5.9.1. Log Data Sources
    • 5.9.2. Other Data Sources
  • 5.10. Reflection Checkpoint
• Phase 6: Security Program Management and Oversight (20%)
  • 6.1. Security Governance
    • 6.1.1. Policies, Standards, and Procedures
    • 6.1.2. External Considerations
    • 6.1.3. Governance Structures and Roles
  • 6.2. Risk Management
    • 6.2.1. Risk Identification and Assessment
    • 6.2.2. Risk Analysis: Qualitative and Quantitative
    • 6.2.3. Risk Register and Tolerance
    • 6.2.4. Risk Management Strategies
    • 6.2.5. Business Impact Analysis
  • 6.3. Third-Party Risk Management
    • 6.3.1. Vendor Assessment and Selection
    • 6.3.2. Agreement Types
    • 6.3.3. Vendor Monitoring
  • 6.4. Security Compliance
    • 6.4.1. Compliance Reporting and Consequences
    • 6.4.2. Compliance Monitoring
    • 6.4.3. Privacy Considerations
  • 6.5. Audits and Assessments
    • 6.5.1. Internal and External Audits
    • 6.5.2. Penetration Testing
  • 6.6. Security Awareness Practices
    • 6.6.1. Phishing Awareness
    • 6.6.2. Anomalous Behavior Recognition
    • 6.6.3. User Guidance and Training
  • 6.7. Reflection Checkpoint
• Phase 7: Exam Readiness
  • 7.1. Exam Strategy
  • 7.2. Quick Reference
  • 7.3. Practice Questions
• Phase 8: Glossary
• Phase 9: Conclusion