Browse CompTIA Certification Guides

CompTIA SY0-701 Guide: Security+

CompTIA SY0-701 exam guide covering identity, risk, cryptography, and incident response decisions.

This guide is for readers preparing for CompTIA Security+ SY0-701 and for IT professionals who need a stronger baseline in modern security operations. Security+ is broad on purpose. It tests whether you can choose the control that actually fits the scenario, explain why one option reduces risk better than another, and avoid answers that sound secure but break least privilege, evidence handling, availability, or business practicality.

PBQ: Performance-based question, a hands-on exam item that asks you to apply the concept instead of only recognizing the right definition.

Least privilege: Giving identities and systems only the access they need to perform the task and nothing broader.

Current exam snapshot

As of March 28, 2026, CompTIA’s Security+ certification page identifies SY0-701 as the active exam series and lists:

Item Current CompTIA signal
Version V7
Launch date November 7, 2023
Question count Maximum of 90
Exam style Multiple-choice and performance-based questions
Duration 90 minutes
Passing score 750 on a 100-900 scale
Languages English, Japanese, Portuguese, Spanish, and Thai
Retirement model Usually three years after launch

Because CompTIA usually retires an exam about three years after launch, this guide is deliberately modular. Each official domain has its own chapter page, and each major objective group has its own section page so the guide is easier to refresh when CompTIA revises the blueprint.

How to use this guide well

    flowchart LR
	  S["Study Plan"] --> D["Domain chapters"]
	  D --> L["Objective-group lessons"]
	  L --> C["Cheat Sheet and Glossary"]
	  C --> M["Mixed practice and miss-log review"]
	  M --> R["Resources for final scope check"]

What to notice:

  • the chapter pages route you into the right domain quickly
  • the section pages are the main learning units
  • the appendix pages support review, but they should not replace the lesson pages

If you are building from scratch, start with the study plan. If you already know the basics but keep missing mixed scenario questions, go directly into the five domain chapters and keep the cheat sheet open beside your practice set. If you are close to exam day, use the faq, glossary, and resources pages to tighten scope and eliminate avoidable misses.

Best entry path by background

Security+ is broad enough that your weak spots usually depend on where you are starting.

Starting point Protect these domains first Why
help desk, desktop, or support 2. Threats, Vulnerabilities & Mitigations, 4. Security Operations, then 5. Program Management & Oversight support-heavy readers often know endpoints and tickets already, but they underweight attacker logic, monitoring workflows, and governance vocabulary
cloud, infrastructure, or systems admin 3. Security Architecture, 4. Security Operations, then 5. Program Management & Oversight admin-heavy readers usually move too fast past privacy, risk, vendor, and evidence constraints
early security, SOC, or compliance 1. General Security Concepts, 3. Security Architecture, then 2. Threats, Vulnerabilities & Mitigations security-heavy readers often know alerts and frameworks, but miss infrastructure fit, cryptography details, or architecture tradeoffs

Coverage map against the current exam objectives summary

CompTIA’s current Security+ page breaks the exam into five weighted domains. This guide follows those domains directly.

Domain Weight What to master in this guide
1. General Security Concepts 12% 1.1 Security Controls, 1.2 Security Principles & Zero Trust, 1.3 Change Management, 1.4 Cryptographic Solutions
2. Threats, Vulnerabilities & Mitigations 22% 2.1 Threat Actors & Motivations, 2.2 Threat Vectors & Attack Surfaces, 2.3 Vulnerabilities, 2.4 Malicious Activity, 2.5 Mitigation Techniques
3. Security Architecture 18% 3.1 Architecture Models, 3.2 Enterprise Infrastructure Security, 3.3 Data Protection & Classification, 3.4 Resilience & Recovery
4. Security Operations 28% 4.1 Secure Baselines & Hardening, 4.2 Asset Management, 4.3 Vulnerability Management, 4.4 Alerting, Monitoring & Telemetry, 4.5 Enterprise Security Controls, 4.6 Identity & Access Operations, 4.7 Automation & Orchestration, 4.8 Incident Response & Forensics, 4.9 Data Sources & Investigations
5. Security Program Management & Oversight 20% 5.1 Security Governance, 5.2 Risk Management, 5.3 Third-Party Risk, 5.4 Security Compliance & Privacy, 5.5 Audits & Assessments, 5.6 Security Awareness & Training

The cross-domain patterns you should expect repeatedly

Security+ keeps reusing the same design ideas in different wording:

  • least privilege beats convenience when access choices are close
  • detection alone is not enough if the scenario is really asking for prevention, containment, or recovery
  • confidentiality, integrity, and availability trade off differently depending on the system and business goal
  • identity and segmentation often matter more than a bigger perimeter appliance
  • evidence handling and documentation matter whenever incident response, change management, or audits appear

What CompTIA keeps mixing together on purpose

Many wrong answers come from treating the domains like isolated silos. Security+ usually blends them:

  • threat questions often become mitigation or operations questions after the first sentence
  • architecture questions often become recovery, privacy, or data-handling questions by the end
  • governance and compliance questions still expect you to choose technically realistic controls

If you are under time pressure, protect 4. Security Operations first, then 2. Threats, Vulnerabilities & Mitigations, then the domain where your professional background is weakest.

Use the appendix pages as support layers rather than substitutes for the main guide:

In this section

Revised on Sunday, May 10, 2026
PK0-005