CompTIA SY0-701 cheat sheet for Security+ traps, controls, attacks, operations, and final review.
On this page
Use this for last-mile review, not first exposure. Security+ questions usually become easier when you classify the real problem first: is it identity, data, network path, active attack handling, or governance? The strongest answer is usually the one that fits the risk and the workflow at the same time.
IAM: Identity and access management, including authentication, authorization, privilege control, and account lifecycle.
Zero Trust: Security model built around explicit verification, least privilege, and the assumption that breach is possible.
GRC: Governance, risk, and compliance work that ties policy, risk handling, and evidence together.
Fast lane picker
If the question is really about…
Focus first on…
Strongest first move
access, credentials, or admin rights
IAM, MFA, least privilege, PAM/PIM
remove standing trust and narrow access
attack style or exposure path
threat vector, vulnerability, mitigation family
decide whether the problem is prevention, detection, or containment
architecture or trust boundary
segmentation, zero trust, data protection, resilience
place the control at the right boundary
evidence, logs, or incident handling
IR phase, chain of custody, telemetry, containment order
choose the control that is supportable and auditable
Security+ decision flow
flowchart LR
A["Read the operational constraint"] --> B["Classify the problem family"]
B --> C["Choose the control or workflow family"]
C --> D["Check least privilege, evidence, and business fit"]
D --> E["Eliminate answers that are broad, vague, or operationally unrealistic"]
SY0-701 answer sequence
Use this when the stem mixes an asset, a risk, a control, or an incident-response step.
flowchart TD
S["Scenario"] --> A["Name the asset and risk"]
A --> C["Choose the control family"]
C --> I["Check identity, boundary, or evidence"]
I --> R["Follow the correct response sequence"]
R --> V["Verify business fit and recovery"]
What to notice:
the strongest answer usually fits both security theory and real operations
“more security everywhere” is often weaker than a narrower control that actually matches the scenario
if the scenario includes audit, legal, or recovery language, those constraints matter as much as the technical control
Control-family chooser
Requirement
Strongest first fit
Why
stop or reduce the chance of an event
preventive control
blocks or limits the problem early
notice suspicious behavior
detective control
improves visibility and response
fix the environment after an event
corrective control
restores safe state
replace an ideal control with a workable alternative
compensating control
keeps risk acceptable when the preferred control is not feasible
discourage bad behavior
deterrent control
changes behavior through warning or visibility
IAM and access chooser
Requirement
Strongest first fit
Why
stronger user authentication
MFA
independent factors improve assurance
reduce admin exposure
PAM/PIM plus least privilege
shortens privileged access duration
app or service authorization at scale
RBAC or ABAC depending context
role- or attribute-based control stays manageable
federated sign-in
SAML or OIDC style federation
centralizes identity and lifecycle
onboarding and offboarding discipline
joiner-mover-leaver process
stale access is a recurring exam trap
Pair
Keep this distinction clear
authentication vs authorization
prove identity vs decide permitted action
RBAC vs ABAC
role assignment vs policy from attributes and context
password spraying vs credential stuffing
one password across many accounts vs reused breached credentials
PAM/PIM vs MFA
privileged-session control vs authentication strength