Loading…
Security+ is the most sought-after entry-level security certification globally. This structured study plan covers every domain of SY0-701 with what actually shows up on the exam.
CompTIA Security+ (SY0-701) is vendor-neutral, DoD 8570 approved, and accepted by virtually every employer as proof of foundational security knowledge. It's the entry point for cybersecurity roles — SOC analyst, security engineer, pentester, and GRC analyst positions all list it. The exam has five domains and 90 questions (multiple choice + performance-based). Pass mark is 750/900.
Start with domain 2 (Threats) because it's high-weighted and conceptually accessible. Know the attack types cold: phishing, spear phishing, smishing, vishing, whaling. Social engineering indicators: urgency, authority, pretexting, tailgating. Malware categories: ransomware (encrypts files, demands payment), fileless malware (runs in memory, no disk footprint), rootkits (hides at OS/firmware level), logic bombs (triggers on an event), keyloggers, spyware, RATs (Remote Access Trojans), worms (self-replicating without user action), viruses (require host file).
Vulnerability management: CVE/CVSS scoring (CVSS v3 — Base, Temporal, Environmental scores), patch management lifecycle, false positives vs false negatives in vulnerability scanning, credentialed vs non-credentialed scans.
Security Operations (28%) is the exam's biggest domain. Incident response — the NIST lifecycle: Prepare → Identify → Contain → Eradicate → Recover → Lessons Learned. Know each phase's activities. Digital forensics: order of volatility (CPU registers → RAM → swap → disk → remote logs), chain of custody, legal hold, write blockers.
Identity and access management: MFA factors (something you know/have/are/somewhere you are), SSO, SAML vs OAuth vs OpenID Connect (know which does what — SAML for enterprise SSO, OAuth for authorisation, OIDC for authentication on top of OAuth). PAM (Privileged Access Management), zero trust principles.
Security Architecture: network segmentation, DMZ design, zero trust, microsegmentation. Cloud shared responsibility model. Cryptography: symmetric (AES, 3DES) vs asymmetric (RSA, ECC), hashing (SHA-256, MD5 — why MD5 is deprecated), PKI, certificates, TLS handshake.
Security Program Management covers governance frameworks (NIST CSF, ISO 27001, SOC 2), risk management (risk = likelihood × impact), risk treatment (accept, avoid, transfer, mitigate), data classification (public, internal, confidential, restricted), and privacy regulations (GDPR, CCPA, HIPAA at a conceptual level).
Performance-based questions (PBQs) appear first in the exam and can be skipped and returned to later. They often ask you to configure a firewall rule, analyse a log for signs of attack, or identify vulnerabilities in a network diagram. Practice these with hands-on labs — Professor Messer's free labs are good, as is the InterviUni CompTIA Security+ course.
Skip PBQs on first pass — they can take 10–15 minutes each. Answer all multiple choice first, then return with remaining time. For network diagram PBQs, look for: unencrypted protocols (Telnet instead of SSH, HTTP instead of HTTPS), missing firewall rules between zones, overly permissive ACLs. For log analysis PBQs, look for: repeated failed logins (brute force), logins from unusual geolocations, privilege escalation events, large data transfers at unusual hours.
Practice AI mock interviews, check your ATS score, or start a cert course — free.