This page explains what CompTIA Security+ (SY0-701) actually tests, domain by domain, in plain English. It is a summary to help you plan your study, not a copy of the official document. Always confirm against CompTIA’s official exam objectives PDF.
Domain 1 — General Security Concepts (12%)
The foundations and vocabulary.
- Security controls: classify any control by category (technical, managerial, operational, physical) and by type (preventive, deterrent, detective, corrective, compensating, directive).
- Core concepts: the CIA triad, non-repudiation, AAA, gap analysis.
- Zero trust: the control plane and data plane, adaptive identity, and policy enforcement points.
- Physical security and deception: fencing, locks, sensors; honeypots, honeyfiles and honeytokens.
- Change management: why process and documentation matter to security.
- Cryptography basics: symmetric vs asymmetric, hashing, salting, digital signatures, key stretching, PKI, certificates, TPM and HSM.
Domain 2 — Threats, Vulnerabilities and Mitigations (22%)
The biggest knowledge domain.
- Threat actors: nation-state, organised crime, hacktivist, insider, unskilled attacker, plus motivations.
- Attack surfaces and vectors: email, messaging, removable media, supply chain, social engineering.
- Vulnerabilities: application, web, operating system, hardware, cloud, supply chain, mobile, zero-day.
- Malicious activity: malware families, network and application attacks, indicators of compromise.
- Mitigation: segmentation, hardening, isolation, patching, least privilege, monitoring.
Domain 3 — Security Architecture (18%)
Designing systems that fail safely.
- Architecture models: on-premises, cloud, serverless, microservices, IoT, ICS/SCADA, and their trade-offs.
- Secure principles: segmentation, secure protocols, fail-open vs fail-closed.
- Data protection: classification, encryption at rest and in transit, tokenisation, masking, DLP.
- Resilience and recovery: high availability, backups (3-2-1), and recovery sites (hot, warm, cold).
Domain 4 — Security Operations (28%)
The largest, most hands-on domain.
- Hardening and asset management across the device lifecycle.
- Identity and access management: provisioning, MFA, SSO, federation, privileged access management.
- Vulnerability and monitoring: scanning, SIEM, alerting, log sources.
- Automation and orchestration (SOAR) and their benefits.
- Incident response: preparation, detection, analysis, containment, eradication, recovery, lessons learned; plus basic digital forensics.
Domain 5 — Security Program Management and Oversight (20%)
The governance domain.
- Governance: policies, standards, procedures, guidelines, and roles.
- Risk management: identification, assessment, response, registers, appetite and tolerance.
- Third-party risk: vendor assessment, contracts, supply chain.
- Compliance and audits: regulations, privacy, attestation, internal and external audits.
- Security awareness: training and building a security culture.