CompTIA Security+ (SY0-701) Exam Objectives
General Security Concepts (12%)
Threats, Vulnerabilities, and Mitigations (22%)
Security Program Management & Oversight (20%)
Security Controls: Compare and contrast technical, preventive, managerial, deterrent, operational, detective, physical, corrective, compensating, and directive controls.
Core Principles: Understand confidentiality, integrity, and availability (CIA); non-repudiation; AAA (authentication, authorization, and accounting); zero trust; and deception/disruption technologies.
Change Management: Explain change processes, technical impact, documentation requirements, and version control.
Cryptography Fundamentals: Apply PKI, encryption, obfuscation, hashing, digital signatures, and blockchain technologies.
Security Program Management & Oversight (20%)
Threats, Vulnerabilities, and Mitigations (22%)
Security Program Management & Oversight (20%)
Governance: Define policies, standards, procedures, and roles; account for external frameworks and compliance requirements.
Risk Management: Identify, assess, analyze, and report on risks; understand tolerance, appetite, and mitigation strategies, including business impact analysis (BIA).
Third-Party Risk: Evaluate vendors, manage contracts, perform monitoring, and enforce engagement rules.
Security Compliance: Address reporting requirements, monitor compliance, and understand the consequences of non-compliance.
Audits & Assessments: Conduct internal/external audits, attestations, and penetration tests.
Security Awareness: Train users on phishing recognition, anomaly detection, proper reporting, and responsible behavior.
Threats, Vulnerabilities, and Mitigations (22%)
Threats, Vulnerabilities, and Mitigations (22%)
Threats, Vulnerabilities, and Mitigations (22%)
Threat Actors & Motivations: Distinguish between nation-states, script kiddies, hacktivists, insiders, organized crime, shadow IT, and motivations such as espionage, data theft, and financial gain.
Attack Vectors & Surfaces: Identify vectors like phishing, unsecure networks, social engineering, malicious files, voice phishing, supply chain risks, and software vulnerabilities.
Vulnerabilities: Understand weaknesses in applications, hardware, mobile devices, virtual environments, OSs, cloud systems, web platforms, and supply chains.
Malicious Activities: Analyze various attack types: malware, password cracking, application exploits, physical intrusions, network threats, and cryptographic attacks.
Mitigation Strategies: Use segmentation, access controls, configuration baselines, system hardening, isolation, and patch management to reduce risk.
Security Architecture (18%)
Security Architecture (18%)
Threats, Vulnerabilities, and Mitigations (22%)
Architecture Types: Compare on-premises, cloud, virtual environments, IoT, ICS, and infrastructure as code (IaC) models.
Enterprise Infrastructure: Apply security best practices to systems, access control, and secure communications.
Data Protection: Differentiate data types and apply appropriate protection methods and classifications.
Resiliency & Recovery: Understand high availability, disaster recovery, power systems, platform diversity, backups, and continuity planning.
Security Operations (28%)
Security Architecture (18%)
Security Operations (28%)
Computing Environments: Secure endpoints using baselines, mobile security, system hardening, wireless protocols, sandboxing, and application protection.
Asset Management: Track acquisition, disposal, assignment, and lifecycle of hardware, software, and data assets.
Vulnerability Management: Conduct vulnerability identification, analysis, remediation, validation, and reporting.
Monitoring & Alerting: Use monitoring tools to observe systems and detect anomalies.
Enterprise Security Tools: Implement and manage firewalls, IDS/IPS, DNS filtering, DLP, NAC, and endpoint detection tools (EDR/XDR).
Identity & Access Management (IAM): Deploy provisioning, MFA, SSO, and privilege access tools.
Automation & Orchestration: Understand use cases, benefits of scripting, and automation in security operations.
Incident Response: Apply incident handling procedures, conduct training and testing, analyze root causes, perform threat hunting, and carry out forensic investigations.
Data Sources for Investigations: Leverage logs and other data sources to support incident response.