CompTIA Security+ SY0-701: The Complete Study Guide (2025)
Everything you need to pass CompTIA Security+ SY0-701: domain breakdown, high-priority topics, 6-week study plan, and how to handle performance-based questions on exam day.
CompTIA Certification Guide
CompTIA Security+: The Complete Study Guide for SY0-701 (2025)
The CompTIA Security+ (SY0-701) is the most recognized entry-level cybersecurity certification in the industry. It's vendor-neutral, DoD-approved (8570/8140 compliant), and consistently ranks as one of the most valuable certifications for those starting or pivoting into security roles.
The SY0-701 version launched in November 2023 with an updated focus on modern threats, hybrid environments, automation, and zero trust. This guide covers everything you need to pass it.
Exam Overview
- Exam code: SY0-701
- Questions: Up to 90 (multiple choice + performance-based)
- Duration: 90 minutes
- Passing score: 750 / 900
- Cost: $404 USD
- Validity: 3 years (renew via CE or retake)
- DoD Approved: Yes — DoD 8570/8140 IAT Level II and IAM Level I
Domain Breakdown (SY0-701)
| Domain | Weight |
|---|---|
| 1.0 General Security Concepts | 12% |
| 2.0 Threats, Vulnerabilities, and Mitigations | 22% |
| 3.0 Security Architecture | 18% |
| 4.0 Security Operations | 28% |
| 5.0 Security Program Management and Oversight | 20% |
Security Operations (28%) is the heaviest domain — incident response, digital forensics, endpoint security, SIEM, log analysis, and identity/access management. Don't underallocate your study time here.
What's New in SY0-701
The 701 update reflects real shifts in the security landscape:
- Zero Trust Architecture — more coverage of ZTA principles, microsegmentation, identity-centric security
- Cloud and Hybrid environments — security for IaaS, PaaS, SaaS, and on-premises hybrid setups
- Automation and scripting — basic security automation, SOAR concepts
- AI/ML threats — adversarial AI, deepfakes, prompt injection as threat vectors
- Supply chain security — software bill of materials (SBOM), firmware security
High-Priority Topics by Domain
Domain 2: Threats, Vulnerabilities, and Mitigations
- Attack types: Phishing, spear phishing, vishing, smishing, whaling — know the differences
- Malware types: Ransomware, rootkits, keyloggers, trojans, worms, spyware, adware, fileless malware
- Application attacks: SQL injection, XSS, CSRF, buffer overflow, race conditions, privilege escalation
- Social engineering: Pretexting, baiting, tailgating, watering hole attacks
- Vulnerability scanning: Active vs passive, authenticated vs unauthenticated, CVE/CVSS scoring
Domain 3: Security Architecture
- Network segmentation: VLANs, DMZ, jump servers, air gaps, microsegmentation
- Zero Trust: Never trust, always verify — policy enforcement points, identity as the new perimeter
- Cloud security: Shared responsibility model (know what the CSP owns vs. what you own), CASB, CSPM
- PKI and certificates: CA hierarchy, certificate types, CRL vs OCSP, pinning
- Cryptography: Symmetric (AES) vs asymmetric (RSA, ECC), hashing (SHA-256), digital signatures
Domain 4: Security Operations (Most Tested)
- Incident response phases: Preparation → Identification → Containment → Eradication → Recovery → Lessons Learned
- SIEM: Log aggregation, correlation rules, alerts, dashboards — know what SIEMs do and don't do
- Endpoint security: EDR vs AV vs MDM — know when to use each
- IAM: MFA types, SSO, federation, PAM, directory services (LDAP, Active Directory)
- Digital forensics: Chain of custody, order of volatility (registers → RAM → disk → cloud)
Domain 5: Security Program Management
- Risk management: Risk = Likelihood × Impact, risk appetite, risk register, risk treatments (accept, avoid, transfer, mitigate)
- Compliance frameworks: NIST CSF, ISO 27001, SOC 2, PCI-DSS, HIPAA, GDPR — know their purpose and scope
- Security policies: AUP, data classification, data retention, NDA, change management
- Privacy: PII vs PHI, data sovereignty, privacy impact assessment
6-Week Study Plan
Weeks 1–2: Foundations
- Read through the CompTIA SY0-701 objectives document (free on comptia.org)
- Study Domains 1 and 2: security concepts and threat landscape
- Build a glossary of terms — Security+ has a large vocabulary to memorize
- Take 20–30 practice questions per day to assess your starting baseline
Weeks 3–4: Architecture and Operations
- Study Domains 3 and 4 — the heaviest exam content
- Spend extra time on cryptography (always confusing, always tested)
- Learn the incident response lifecycle until you can recite it from memory
- Practice performance-based questions (drag-and-drop, simulations) — these appear on the real exam
Weeks 5–6: Program Management and Practice Exams
- Study Domain 5: risk management, compliance frameworks, governance
- Take 2–3 full-length 90-question practice exams
- Target 85%+ on practice exams — the real exam uses scenario-based questions that feel harder
- Review wrong answers thoroughly — the "why" matters more than the correct answer
Performance-Based Questions (PBQs): The Surprise Factor
The SY0-701 includes PBQs — interactive simulations where you configure firewalls, analyze logs, identify attack patterns in network diagrams, or prioritize incident response steps. These appear at the beginning of the exam and often take 5–10 minutes each.
Strategy: skip PBQs on first pass. Answer all the standard multiple-choice questions first to secure those points, then return to PBQs with remaining time. Never spend 15 minutes stuck on a PBQ at the expense of 20 standard questions.
"Security+ is the best investment for someone breaking into cybersecurity. It proves foundational competence across every security domain — and DoD compliance means government and defense contractor roles are open to you."
Security+ and the CompTIA Core Skills Path
Security+ is part of CompTIA's certification ladder. The natural progression is:
- CompTIA A+ → hardware and OS fundamentals (optional for experienced IT pros)
- CompTIA Network+ → networking fundamentals (recommended before Security+)
- CompTIA Security+ SY0-701 → foundational cybersecurity ✅
- CompTIA CySA+ → cybersecurity analyst (threat detection, SIEM, SOC)
- CompTIA CASP+ → advanced security practitioner (non-management expert track)
CertLand covers the full CompTIA Core Skills path — start with Security+ practice exams and build from there.