Certification ยท CompTIA

CompTIA Security+
SY0-701: Complete Exam Guide

Everything you need to know before sitting the Security+ exam: how the test is structured, what the five domains actually cover, an 8-week study plan that works around a full-time job, and how to survive the performance-based questions.

๐Ÿ“… 02 July 2026 By Richard Gamarra โฑ ~12 min read ๐Ÿ›ก Cybersecurity ยท Certification
90
Max Questions
90 min
Time Limit
750
Passing Score (of 900)
5
Exam Domains
01
Section 1

Exam Overview

Security+ is CompTIA's entry-level security certification and one of the most requested baseline certs in IT job postings. The current version is SY0-701, which replaced SY0-601 and shifted the focus toward zero trust, cloud security, and automation. It is approved for DoD 8140 compliance, which is why it shows up in so many government and contractor job requirements.

Attribute Detail
Exam code SY0-701 (launched November 2023)
Questions Maximum of 90: multiple choice plus performance-based questions (PBQs)
Duration 90 minutes
Passing score 750 on a scale of 100-900
Recommended experience CompTIA Network+ plus about 2 years in a security or sysadmin role. Not required, just recommended.
Validity 3 years, renewable through CompTIA's Continuing Education (CE) program
Delivery Pearson VUE test centers or online proctored from home
๐Ÿ’ก
Check the current price before booking Exam vouchers run around $400 USD and prices change periodically by region. Bundles with a retake voucher are often worth it: one bad PBQ section can sink a first attempt even for well-prepared candidates.
02
Section 2

The Five Domains

SY0-701 is organized into five domains. The weightings tell you where to spend your study time: Security Operations alone is 28% of the exam, and combined with Threats and Vulnerabilities it covers half the test.

Domain Weight What it actually covers
1. General Security Concepts 12% CIA triad, AAA, zero trust, physical security, deception technology, change management, cryptography fundamentals.
2. Threats, Vulnerabilities & Mitigations 22% Threat actors and motivations, attack surfaces, malware types, social engineering, application and network attacks, mitigation techniques.
3. Security Architecture 18% Cloud vs on-prem models, virtualization, IoT/OT/SCADA, network appliances, segmentation, data protection, resilience and recovery.
4. Security Operations 28% Hardening, asset and vulnerability management, monitoring and SIEM, firewalls and IDS/IPS, IAM, automation, incident response, digital forensics.
5. Security Program Management & Oversight 20% Governance, risk management, third-party risk, compliance, audits and assessments, security awareness practices.
โš ๏ธ
Do not skim Domain 5 Working sysadmins consistently underestimate governance and risk questions because they feel like paperwork. At 20% of the exam, weak GRC knowledge is one of the most common reasons technical people fail Security+.
03
Section 3

The 8-Week Study Plan

This plan assumes roughly one hour on weekdays and two on weekends, which fits around a full-time IT job. It follows a simple rhythm: learn the material once, then spend the back half of the schedule testing yourself relentlessly.

Weeks Focus Goal
1-2 Domains 1 and 2 (video course + exam objectives PDF) Understand every term on the objectives list for these domains. Flag anything unfamiliar.
3-4 Domains 3 and 4 The heaviest stretch. Take notes on ports, protocols, appliance placement, and IR phases; these become flashcards.
5 Domain 5 + first full practice exam Score honestly, closed book. Anything under 80% marks the domains that get your remaining time.
6-7 Weak-area review + 2-3 more practice exams Drill flashcards daily (acronyms, ports, attack types). Review every wrong answer until you can explain why.
8 Final review and rest Light review only. Book the exam for the end of this week while the material is fresh.
โœ…
The 85% rule When you consistently score 85% or higher on reputable practice exams you have not seen before, you are ready. Booking the real exam creates the deadline that makes the last two weeks of studying actually happen.
04
Section 4

Acronyms You Must Know Cold

Security+ is famously acronym-dense. The exam will happily use an acronym in the question and its expansion in the answers, so you need instant recall both ways. These come up constantly:

Acronym Meaning
CIAConfidentiality, Integrity, Availability: the triad behind nearly every "what is the goal here" question.
AAAAuthentication, Authorization, Accounting.
IAM / PAMIdentity and Access Management / Privileged Access Management.
SIEM / SOARSecurity Information and Event Management / Security Orchestration, Automation, and Response.
EDR / XDREndpoint Detection and Response / Extended Detection and Response.
ZTNAZero Trust Network Access, heavily emphasized in SY0-701.
PKIPublic Key Infrastructure: certificates, CAs, CRLs, and OCSP.
MFAMulti-Factor Authentication: something you know, have, and are.
RTO / RPORecovery Time Objective / Recovery Point Objective: how fast you recover vs how much data you can lose.
MTTR / MTBFMean Time To Repair / Mean Time Between Failures.
DLPData Loss Prevention.
CVE / CVSSCommon Vulnerabilities and Exposures / Common Vulnerability Scoring System.
๐Ÿ’ก
Make the flashcards yourself CompTIA publishes the full acronym list inside the exam objectives PDF. Building your own flashcard deck from it is studying; downloading someone else's is skimming.
05
Section 5

Surviving the PBQs

Performance-based questions are interactive scenarios that open the exam: drag-and-drop matching, firewall rule ordering, log analysis, or configuring a simulated interface. You will typically see 3-5 of them, always at the beginning, and they are worth more than standard questions.

The strategy that works:

Tactic Why
Flag and skip early If a PBQ is not obvious within 2-3 minutes, flag it and move on. Burning 15 minutes up front is how people run out of time on 60 easy multiple-choice questions.
Return with the clock in mind Finish all multiple choice first, then come back. Partial credit is awarded on most PBQs, so always attempt every part.
Practice the common formats Firewall rules (order matters, implicit deny last), matching attack types to descriptions, and reading log excerpts cover most PBQs in the wild.
๐ŸŽฏ
Checklist

Exam-Day Checklist

Item Detail
Valid photo ID Government-issued, and the name must match your Pearson VUE registration exactly.
Arrive 30 minutes early Test centers require check-in, photo, and locker storage. Online proctoring needs a room scan and a clean desk.
Online testers: check your setup the day before Run the Pearson VUE system test, confirm your webcam and mic, and have a phone nearby (but out of reach) for check-in.
Brain dump at the start The moment the timer starts, jot the acronyms, port numbers, and formulas you always confuse onto the provided whiteboard.
โœ…
You get your result immediately The provisional pass/fail appears on screen when you submit. Score reports and the certificate follow through CompTIA within a few days.
๐Ÿ“š
Reference

References & External Resources

The official sources plus the community favorites that consistently get people through this exam.