Exam Overview
The CompTIA Security+ SY0-701 is a vendor-neutral certification validating foundational cybersecurity skills. It is globally recognized and approved by the U.S. Department of Defense (DoD 8570).
- Questions: 90 (multiple choice + performance-based questions)
- Duration: 90 minutes
- Passing score: 750 out of 900
- Prerequisites: None required (CompTIA Network+ and 2 years experience recommended)
Domain Breakdown
| Domain | Weight | Link |
|---|---|---|
| 1. General Security Concepts | 12% | Domain 1 |
| 2. Threats, Vulnerabilities & Mitigations | 22% | Domain 2 |
| 3. Security Architecture | 18% | Domain 3 |
| 4. Security Operations | 28% | Domain 4 |
| 5. Security Program Management & Oversight | 20% | Domain 5 |
Study Priority
Domain 4 (Security Operations) carries the most weight at 28% and should receive the most study time. Combined with Domain 2 (22%), these two domains account for half of the exam.
Quick Access — High-Weight Topics
- Identity & Access: authentication, mfa, sso, zero-trust
- Threats & Attacks: social-engineering, threat-actors, password-attacks, malware-types
- Architecture: encryption, firewalls, network-segmentation, cloud-security
- Operations: incident-response, siem, vulnerability-management, edr-xdr
- Governance: risk-management, compliance, security-awareness-training, disaster-recovery
Reference
- Glossary — Alphabetical listing of all security concepts
Study Tips
- Performance-Based Questions (PBQs) appear at the beginning of the exam — consider flagging them and returning after multiple choice questions
- Focus on understanding why a control exists, not just what it does
- Practice mapping scenarios to the correct domain and concept
- Know the difference between similar terms (e.g., authentication vs. authorization, IDS vs. IPS, RPO vs. RTO)
- Review acronyms thoroughly — the exam uses them extensively