Everything you need to know before sitting the Security+ exam: how the test is structured, what the five domains actually cover, an 8-week study plan that works around a full-time job, and how to survive the performance-based questions.
Security+ is CompTIA's entry-level security certification and one of the most
requested baseline certs in IT job postings. The current version is SY0-701,
which replaced SY0-601 and shifted the focus toward zero trust, cloud security, and
automation. It is approved for DoD 8140 compliance, which is why it shows up in
so many government and contractor job requirements.
| Attribute | Detail |
|---|---|
| Exam code | SY0-701 (launched November 2023) |
| Questions | Maximum of 90: multiple choice plus performance-based questions (PBQs) |
| Duration | 90 minutes |
| Passing score | 750 on a scale of 100-900 |
| Recommended experience | CompTIA Network+ plus about 2 years in a security or sysadmin role. Not required, just recommended. |
| Validity | 3 years, renewable through CompTIA's Continuing Education (CE) program |
| Delivery | Pearson VUE test centers or online proctored from home |
SY0-701 is organized into five domains. The weightings tell you where to spend your study time: Security Operations alone is 28% of the exam, and combined with Threats and Vulnerabilities it covers half the test.
| Domain | Weight | What it actually covers |
|---|---|---|
| 1. General Security Concepts | 12% | CIA triad, AAA, zero trust, physical security, deception technology, change management, cryptography fundamentals. |
| 2. Threats, Vulnerabilities & Mitigations | 22% | Threat actors and motivations, attack surfaces, malware types, social engineering, application and network attacks, mitigation techniques. |
| 3. Security Architecture | 18% | Cloud vs on-prem models, virtualization, IoT/OT/SCADA, network appliances, segmentation, data protection, resilience and recovery. |
| 4. Security Operations | 28% | Hardening, asset and vulnerability management, monitoring and SIEM, firewalls and IDS/IPS, IAM, automation, incident response, digital forensics. |
| 5. Security Program Management & Oversight | 20% | Governance, risk management, third-party risk, compliance, audits and assessments, security awareness practices. |
This plan assumes roughly one hour on weekdays and two on weekends, which fits around a full-time IT job. It follows a simple rhythm: learn the material once, then spend the back half of the schedule testing yourself relentlessly.
| Weeks | Focus | Goal |
|---|---|---|
| 1-2 | Domains 1 and 2 (video course + exam objectives PDF) | Understand every term on the objectives list for these domains. Flag anything unfamiliar. |
| 3-4 | Domains 3 and 4 | The heaviest stretch. Take notes on ports, protocols, appliance placement, and IR phases; these become flashcards. |
| 5 | Domain 5 + first full practice exam | Score honestly, closed book. Anything under 80% marks the domains that get your remaining time. |
| 6-7 | Weak-area review + 2-3 more practice exams | Drill flashcards daily (acronyms, ports, attack types). Review every wrong answer until you can explain why. |
| 8 | Final review and rest | Light review only. Book the exam for the end of this week while the material is fresh. |
Security+ is famously acronym-dense. The exam will happily use an acronym in the question and its expansion in the answers, so you need instant recall both ways. These come up constantly:
| Acronym | Meaning |
|---|---|
| CIA | Confidentiality, Integrity, Availability: the triad behind nearly every "what is the goal here" question. |
| AAA | Authentication, Authorization, Accounting. |
| IAM / PAM | Identity and Access Management / Privileged Access Management. |
| SIEM / SOAR | Security Information and Event Management / Security Orchestration, Automation, and Response. |
| EDR / XDR | Endpoint Detection and Response / Extended Detection and Response. |
| ZTNA | Zero Trust Network Access, heavily emphasized in SY0-701. |
| PKI | Public Key Infrastructure: certificates, CAs, CRLs, and OCSP. |
| MFA | Multi-Factor Authentication: something you know, have, and are. |
| RTO / RPO | Recovery Time Objective / Recovery Point Objective: how fast you recover vs how much data you can lose. |
| MTTR / MTBF | Mean Time To Repair / Mean Time Between Failures. |
| DLP | Data Loss Prevention. |
| CVE / CVSS | Common Vulnerabilities and Exposures / Common Vulnerability Scoring System. |
Performance-based questions are interactive scenarios that open the exam: drag-and-drop matching, firewall rule ordering, log analysis, or configuring a simulated interface. You will typically see 3-5 of them, always at the beginning, and they are worth more than standard questions.
The strategy that works:
| Tactic | Why |
|---|---|
| Flag and skip early | If a PBQ is not obvious within 2-3 minutes, flag it and move on. Burning 15 minutes up front is how people run out of time on 60 easy multiple-choice questions. |
| Return with the clock in mind | Finish all multiple choice first, then come back. Partial credit is awarded on most PBQs, so always attempt every part. |
| Practice the common formats | Firewall rules (order matters, implicit deny last), matching attack types to descriptions, and reading log excerpts cover most PBQs in the wild. |
| Item | Detail |
|---|---|
| Valid photo ID | Government-issued, and the name must match your Pearson VUE registration exactly. |
| Arrive 30 minutes early | Test centers require check-in, photo, and locker storage. Online proctoring needs a room scan and a clean desk. |
| Online testers: check your setup the day before | Run the Pearson VUE system test, confirm your webcam and mic, and have a phone nearby (but out of reach) for check-in. |
| Brain dump at the start | The moment the timer starts, jot the acronyms, port numbers, and formulas you always confuse onto the provided whiteboard. |
The official sources plus the community favorites that consistently get people through this exam.