CompTIA Security+

Comprehensive guide to CompTIA Security+ domains (2024)

Jeff Peters
November 13, 2024 by
Jeff Peters

The demand for skilled cybersecurity professionals continues to grow. According to CyberSeek, there are only 83 cybersecurity workers for every 100 U.S. cybersecurity jobs. For those looking to validate their entry-level skills in the field and land one of those jobs, CompTIA’s Security+ is by far the most popular certification option, with more than 700,000 professionals having earned the cert. 

This entry-level certification is globally recognized and demonstrates to employers that you have the knowledge and skills to identify, prevent and respond to cybersecurity threats in a real-world environment. Since its inception in 1999, the Security+ exam has undergone several revisions to keep pace with the changing cybersecurity landscape. The latest version, SY0-701, was released in November 2023 to address the latest cybersecurity threats and challenges and to focus on a more streamlined role. 

This article explores the Security+ domains in-depth across the following areas:

Understanding the Security+ domains

The Security+ exam covers five core domains, each an important part of a well-rounded cybersecurity professional's toolkit. Here is an overview of what is covered in each: 

  • 1.0 General security concepts: This domain establishes the fundamental principles and terminology that guide every subsequent step. It demystifies key security concepts like confidentiality, integrity and availability (CIA) the core pillars of information security. You'll also explore various types of security controls and gain a comprehensive understanding of security models.
  • 2.0 Threats, vulnerabilities & mitigations: This domain explores the diverse nature of cyberattacks, including social engineering, malware, fishing, denial-of-service (DoS) and zero-day attacks. You'll learn about vulnerability management techniques and develop the skills necessary to assess risk and implement mitigation strategies.
  • 3.0 Security architecture: In this domain, you'll learn about the intricate world of secure network design, exploring topics like network segmentation, demilitarized zones (DMZs) and secure routing protocols. Techniques for hardening systems and applications will be revealed, along with various access control mechanisms. 
  • 4.0 Security operations: This domain covers the daily practices of security monitoring and logging, allowing you to identify potential threats through careful analysis of log data. You'll explore the world of Security Automation and Orchestration (SAO), learning about tools and techniques that automate routine tests for increased efficiency.
  • 5.0 Security program management and oversight: The final domain addresses the strategic aspects of managing security programs and ensuring proper oversight. You'll gain a comprehensive understanding of relevant regulations and compliance requirements, ensuring your organization operates within legal boundaries. 

Exam evolution from SY0-601 to SY0-701 and beyond 

The Security+ certification has evolved from SY0-601 to SY0-701, reflecting the skills and knowledge required for today's cybersecurity roles. The SY0-701 exam focuses on core cybersecurity skills and prepares candidates to proactively prevent cyberattacks. 

Similarities between SY0-601 and SY0-701:

  • Skill level: Both exams identify early career cybersecurity skills at the two-year level. 
  • Exam domains: Both have the same number of exam domains, but some content has been rearranged. 
  • Job roles: The related job roles for both exams are similar, with a focus on security administration. However, the work of a Security Administrator has become more defined, and the skills performed are identified more accurately. 
  • Governance, risk and compliance (GRC): The emphasis has shifted from the minutiae of specific regulations to a broader focus on reporting and communication. 

Differences between SY0-601 and SY0-701:

  • Exam objectives: SY0-701 has fewer objectives (28) compared to SY0-601 (35) due to a more focused job role in a maturing industry. 
  • Exam content update: 20% of the exam objectives in SY0-701 were updated to include current trends and threats, attacks, vulnerabilities, automation, zero trust, risk, IoT, OT and cloud environments. 
  • Improved instructional design: Several exam domains and objectives have been reorganized and renamed to optimize the learning experience. 

The SY0-701 exam has a greater emphasis on practical skills, including assessing security posture, securing hybrid environments and operating with an awareness of regulations and policies. 

 

Choosing the right exam SY0-601 to SY0-701 

When CompTIA updates a certification exam like Security+, there is typically a six-month window where two versions of the exam are available: the old exam and the new exam. With the recent update: 

  • SY0-701 was released on November 7, 2023 

  • SY0-601 does not retire until July 31, 2024 

This window from November to June is to minimize disruption to those currently studying for the exam. If you're studying for your exam during these exam change windows, you have the option of taking either version of the exam. Just be aware that new exam versions usually differ by about 20% in the material they cover. 

After July 31, 2024, everyone must take the 701 version until the next update, which is expected to be released in Fall 2026 and be fully implemented by Summer 2027.

Deep dive into Security+topics and domains

Now that you understand the framework provided by the five Security+ domains, let's explore the specific topics covered within each domain and their practical applications in real-world cybersecurity scenarios. You can also view the full Security+ 701 exam outline for more details. 

Security+ domain 1

The new exam topics (Security+ SY0-701) for domain 1 gather the general security concepts previously spread across multiple domains. Patrick Lane, Director of Certification Product Management at CompTIA, joined Infosec for a webinar on the Security+ update and explained that this domain covers all the foundational concepts every cybersecurity professional should know. 

Here are the objectives for Security+ domain 1: 

  • 1.1 Compare and contrast various types of security controls: This objective builds on the material in the old exam's objective 5.1 and covers all the things that enforce the CIA (Confidentiality, Integrity, Availability) triad of information security. 
  • 1.2 Summarize fundamental security concepts: This subdomain incorporates elements from various sections of the old exam, including core security concepts from objective 2.1 and the importance of physical security from objective 2.7. Here, you'll learn the essential security vocabulary and gain a solid understanding of how to apply it. 
  • 1.3 Explain the importance of change management processes and the impact to security: This objective combines information about organizational policies from the old exam's objective 5.3 with new material on implementing secure change management practices. 
  • 1.4 Explain the importance of using appropriate cryptographic solutions: This subdomain expands on the cryptographic basics covered in objective 2.8 of the previous exam. In this objective, you'll learn why encryption is vital and how to choose the right solutions. 

 Now let’s explore each objective in detail. 

1.1: Security controls 

The objective "compare and contrast various types of security controls" is essential to understanding how organizations protect their assets from security risks. Security controls are safeguards or countermeasures that aim to preserve the confidentiality, integrity and availability (CIA) of information and are "one of the most foundational concepts in cybersecurity," according to Lane. These controls can be categorized into technical, managerial, operational and physical types. 

Technical controls include firewalls and antivirus software, which protects systems from unauthorized access and malware. Managerial controls involve policies and procedures that govern security practices, such as risk management frameworks like NIST's RMF. Operational controls focus on the day-to-day protection of assets. Physical controls involve measures like locks and access control systems to secure physical locations. 

Security controls can also be classified by their function. Preventative controls aim to stop security incidents before they occur. Deterrent controls discourage malicious activities. Detective controls identify and alert about security breaches. Corrective controls address and fix issues after they occur. Compensating controls provide alternative measures when primary controls fail. Directive controls enforce compliance with security policies. 

This objective builds your essential security vocabulary, ensuring you can confidently discuss and implement the controls that keep your organization safe. 

1.2: Fundamental security concepts 

This objective challenges you to "summarize fundamental security concepts." From the classic CIA triad (Confidentiality, Integrity and Availability) to the Zero Trust model, you'll need to wrap your head around various concepts. 

Lane emphasizes the importance of understanding these foundational elements, as they form the backbone of effective security strategies. Take the AAA framework (Authentication, Authorization and Accounting), for instance. It's not only about keeping bad actors out; it's also about ensuring the right people have the right access at the right time. 

This subdomain doesn't stop at the digital realm. Physical security concepts, from bollards to infrared sensors, are also covered. You also learn about deception technologies like honeypots because, sometimes, the best defense is a good offense. 

These concepts are important because cybersecurity is more than just firewalls and antivirus software. It's about understanding how all these concepts work together to create a robust defense. Once you master these concepts, you'll have the foundation to tackle any security challenge that comes your way. 

1.3: Change management processes 

This objective asks you to "explain the importance of change management processes and the impact to security," which, according to Lane, is no small feat. "Change management is one of the most complex, difficult things to do in it," he stresses. Why? Because in today's interconnected systems, one change can trigger a domino effect across the entire network. 

Think of change management as a high-stakes game of Jenga. Every move you make could potentially topple the whole structure. That's why understanding the business processes, technical implications and documentation requirements is essential. 

From approval processes and impact analysis to allow lists and service restarts, each element plays a vital role in maintaining security while implementing changes. Making the change itself could be the simplest part. Anticipating its ripple effects, having a solid backup plan and ensuring everything is properly documented and version-controlled are where it gets complex. 

In cybersecurity, uncontrolled changes are like leaving your front door wide open. Becoming an expert at change management helps you keep that door locked tight. It's a delicate balance but one that's essential for maintaining robust security in a changing IT landscape. 

1.4: Cryptographic solutions 

In this subdomain, you'll learn to "explain the importance of using appropriate cryptographic solutions." "We have to encrypt our data," says Lane, "because if that's not done, it can be immediately used by a bad actor." This objective is your crash course and keeping information under lock and key in the digital world. 

From public key infrastructure (PKI) to blockchain, the range of cryptographic solutions can seem overwhelming. But each solution is just another tool in your cybersecurity toolbox and this objective will teach you which cryptographic tool to use if it's each security scenario. 

Understanding the differences between symmetric and asymmetric encryption, the various levels of encryption (from full-disk to record-level) and the role of digital signatures might seem like academic knowledge. But it helps you determine how to protect data, whether at rest, in transit or in use. 

In an age where data breaches make headlines almost daily, strong cryptography is often the last line of defense. Learning the concepts in this objective prepares you to be a guardian of digital information in the real world. In cybersecurity, what you don't know can hurt you and your organization. 

Security+ domain 2

Domain 2 has undergone a significant transformation. Exam SY0-601 covered architecture and design, but that has changed. "Domain two, threats, vulnerabilities and mitigations, is essentially learning about the different threats, vulnerabilities and mitigations you'll be up against,” said Lane. “There's a lot of new ones, and you've got to be familiar with them,"  

Here's a breakdown of these changes and how this domain stacks up against the old exam: 

  • 2.1 Compare and contrast common threat actors and motivations: This objective dives into understanding the "who" and "why" behind cyberattacks. This overlaps with the old 1.5 objective but focuses on recognizing specific threat actors and their motivations. 
  • 2.2 Explain common threat vectors and attack surfaces: This objective tackles how attackers get in — the tricks they use and the weak spots they exploit. This new objective also takes from the older 1.5 objective but focuses on the tactics attackers use. 
  • 2.3 Explain various types of vulnerabilities: This objective explores the weaknesses that attackers can leverage. It builds upon objective 1.6 from the 601 exam by going beyond just recognizing vulnerabilities to understanding the different types. 
  • 2.4 Given a scenario, analyze indicators of malicious activity: Here you learn about identifying the digital footprints that malicious actors leave behind. This new objective merges elements from the old objectives 1.2 (analyzing potential indicators), 1.3 (applications attacks) and 1.4 (network attacks) but with a stronger focus on analyzing scenarios. 
  • 2.5 Explain the purpose of mitigation techniques used to secure the enterprise: This objective equips you with the different strategies you can use to defend against threats. It incorporates elements from the old objectives 4.4 (applying mitigation techniques), 3.1 (secure protocols), 3.2 (host/application security), 3.3 (secure network design), 3.4 (wireless security) and 3.5 (mobile security) but with a shift in focus towards understanding the purpose of these techniques rather than just implementing them. 

Now let’s explore each objective in detail. 

2.1: Threat actors and motivations 

The ability to "compare and contrast common threat actors and motivations" is a very important part of effective cybersecurity. As Lane points out in the webinar, knowing "who threat actors are, who are the people that are attacking you" is crucial for developing robust defense strategies. 

This objective goes deeper than simply identifying different types of attackers. It challenges you to understand the nuances between various threat actors, from nation-states with vast resources to unskilled attackers looking for easy targets. You'll need to grasp how an inside threat differs from an organized crime, or how hacktivists operate compared to shadow IT. 

You'll also explore the diverse motivations driving these actors. Whether it's financial gain, espionage or simply causing chaos, understanding these motivations helps predict attack patterns and prioritize defenses. This knowledge allows professionals to anticipate threats and tailor their strategies accordingly. In cybersecurity, knowing your enemy is often the key to staying one step ahead. 

2.2: Threat vectors and attack surfaces 

The objective “explain common threat vectors and attack surfaces" is the focus of this subdomain. As Lane emphasized in the webinar, you need to be familiar with how attackers can target your systems, including "a lot of new ones." 

This objective covers a wide range of potential entry points, from message-based threats like phishing emails and SMS attacks to vulnerabilities in your supply chain. Knowing their names and definitions is not enough. You must understand how these vectors interconnect and evolve. For instance, a simple phishing email could lead to a complex business email compromise. 

Security professionals need this knowledge to build comprehensive defense strategies. By understanding the full spectrum of threat vectors, from unsecured networks to social engineering tactics like pretexting, you can better anticipate and mitigate potential attacks. This objective prepares you to think holistically about security, considering both technical vulnerabilities and human factors. Your defense is only as strong as your understanding of potential attack routes. 

2.3: Types of vulnerabilities 

Not all vulnerabilities are the same, and this objective, "explain various types of vulnerabilities," digs into the different types of weaknesses in a system that attackers can exploit. As Lane noted, new vulnerabilities and new ways to exploit them are a given in cybersecurity and you must be ready to handle them as a security professional. 

This objective covers a broad spectrum of vulnerabilities, from application-level issues like buffer overflows and SQL injections to hardware vulnerabilities and cloud-specific risks. Here, you'll not only learn the names of these vulnerabilities but how they can be exploited and more importantly how they relate to each other. 

For example, a seemingly minor misconfiguration could lead to a major breach if combined with a zero-day exploit. This type of comprehensive understanding allows security professionals to effectively prioritize threats and allocate resources. When you master this objective, you'll be able to identify potential weak points in your systems, understand the implications of emerging threats and develop more robust security strategies.

2.4: Analyze indicators of malicious activity 

This objective, "given a scenario, analyze indicators of malicious activity," dives into practical skills you need to detect suspicious activity on a system. Understanding "how bad actors are going to attack" is a top skill for any cybersecurity professional, according to Lane, because it enables them to identify and respond to potential threats before they cause harm. 

This objective will teach you to understand the tactics, techniques and procedures (TTPs) used by threat actors, as well as the indicators of compromise (IOCs) that can help you detect and prevent attacks. You'll become familiar with a wide range of threats, including malware attacks, ransomware, Trojans and rootkits. You'll also learn about physical attacks, such as brute force and RFID cloning, as well as network attacks like DDoS. 

Understanding the indicators of these attacks allows you to implement proactive measures, as Lane suggests when he mentions using playbooks to "protect yourself before you've even been attacked." Studying for this objective will enhance your ability to interpret security data, recognize attack patterns and make informed decisions in high-pressure situations. 

2.5: Mitigation techniques 

Knowing how to defend your systems is just as critical as understanding the threats. The last objective covers how to identify malicious activity and this one will have you "explain the purpose of mitigation techniques used to secure the enterprise." 

This objective focuses on the tools and strategies you can use to counter cyberattacks. You'll learn how access controls, like permissions and whitelisting, and restrict unauthorized access while encryption scrambles data to make it unreadable in case of a breach. The key here is not only knowing how to implement specific security measures (applying a patch) but also understanding the purpose behind these measures (patching fixes vulnerabilities). 

This subdomain will give you a deeper understanding of mitigation techniques. You'll be able to choose the most appropriate techniques for different situations and create a layered defense against known and emerging cyber threats. 

Security+ domain 3

The most obvious change is that Security+ domain 3 was named implementation in the 601 exam and is now named security architecture in the 701 exam. This change reflects how the domain now places a strong emphasis on how different architectures impact security posture. 

"We need to understand different architectures, even different cloud architectures," said Lane. "You won't be doing a lot of design, but you will be doing a lot where you're actually given a scenario, and then you need to apply the security principles to secure that infrastructure." 

Here's a breakdown of the new objective and how they compare to the old exam: 

  • 3.1 Compare and contrast security implications of different architecture models: This builds on knowledge from the old domain 2 but dives deeper. You'll need to understand the security strengths and weaknesses of on-premises, cloud and zero-trust architectures. 
  • 3.2 Given a scenario, apply security principles to secure enterprise infrastructure: This expands on the old domain 2 objective of explaining security concepts. You'll be given real-world situations and apply best practices to secure infrastructure. 
  • 3.3 Compare and contrast concepts and strategies to protect data: This includes elements from the old domain 5 (Governance, Risk and Compliance). You'll need to understand data security strategies and how they differ based on data type and storage location. 
  • 3.4 Explain the importance of resilience and recovery in security architecture: This builds on two objectives from the old domain 2. Here, the focus is on understanding how architecture choices impact an organization's ability to bounce back after cyberattacks. 

Now we’ll explore each objective in more detail. 

3.1: Architecture model security 

The objective "compare and contrast security implications of different architecture models" dives deep into the foundation of modern cybersecurity. As Lane mentioned in the webinar, understanding various architectures like on-premises, cloud and zero-trust models allows you to proactively secure your systems. 

The type of architecture you choose shapes your security posture. This objective enables you to assess the strengths and weaknesses of different models. You'll learn about cloud considerations, where responsibility for security lies between you and the cloud provider. You also explore hybrid environments, where on-premises and cloud elements coexist and how to secure them effectively. 

But you'll need to know no more than just the big picture. This objective also covers fundamental infrastructure concepts like virtualization, containerization and network segmentation. These technologies offer flexibility and efficiency, but they also introduced new security considerations. By understanding these concepts, you'll be able to identify potential vulnerabilities and implement safeguards to reduce them. 

3.2: Apply security principles to enterprise infrastructure 

As a security professional in the real world, you might be presented with a scenario where an organization's infrastructure needs security hardening. That's the essence of the objective "Given a scenario, apply security principles to secure enterprise infrastructure." Here, memorizing a list of tools won't be enough. 

Understanding underlying security principles before applying them is a concept that Lane emphasized in the webinar. This objective covers how to implement those print symbols using firewalls, intrusion detection systems, secure network configurations and other controls. You'll learn about essential concepts like attack surface management, where to place devices strategically for optimal security and how to choose the right tools for the job. 

This objective translates theory into practice. You'll gain the practical skills to select appropriate security controls and secure enterprise infrastructure. 

3.3: Strategies to protect data 

Data is the lifeblood of any organization, and this objective, which asks you to "compare and contrast concepts and strategies to protect data," equips you to safeguard it. You'll go beyond just knowing the names of different data types and examine their classifications, from highly sensitive financial information to public data. Understanding these classifications is crucial for applying the right security measures. 

The objective explores various data states: at rest, in transit and use. Each state requires different protection methods. You'll learn about encryption, a cornerstone of data security, along with other techniques like hashing and tokenization. 

But security is more than just about technology. This objective also emphasizes understanding data sovereignty and geolocation laws. Knowing where your data resides and the regulations that govern it enables you to implement effective geographic restrictions if needed. 

When you complete this objective, you'll have a comprehensive data security arsenal. You'll be able to choose the appropriate controls for different data types and ensure your organization's valuable information remains confidential and secure. 

3.4: Importance of resiliency and recovery 

In the real world, a cyberattack can still disrupt your operations even if you've implemented robust security measures. That's where this objective, "Explain the importance of resilience and recovery and security architecture," comes in. As Lane highlighted, building a resilient security architecture allows you "to protect yourself before you've even been attacked." 

This objective emphasizes building resilience: the ability of your systems to bounce back from disruptions. Even the most secure systems can face outages due to power failures, natural disasters or human error. By understanding concepts like high availability and redundancy, you'll know which type of systems can withstand these challenges. 

This objective also covers disaster recovery strategies like backups, replication and failover procedures. Mastering these ensures you have a plan to restore critical systems and data quickly, minimizing downtime and keeping your organization operational. 

This objective prepares you to build a security posture that's not only strong but adaptable. You'll learn to anticipate potential disruptions and implement safeguards to ensure your organization remains resilient. 

Security+ domain 4 

Security+ domain 4 received several updates on the new exam. The most visible change is that the name of this domain used to be "operations and incident response," but now it is "security operations." 

As Lane mentions in the webinar, this domain covers "the day-to-day operations. This is where we see continuous security monitoring. This is where you will be applying updates, doing security alerting, monitoring and finding anomalies that indicate bad behavior." 

Here's a breakdown of the new subdomains within security operations and how they compare to the old exam: 

  • 4.1 Given a scenario, apply common security techniques to computing resources: This section emphasizes the practical application of security measures across various computing environments, integrating elements from the old exam's domain 2 and 3. 
  • 4.2 Explain the security implications of proper hardware, software and data asset management: This subdomain emphasizes the importance of keeping an accurate inventory of your hardware, software and data. This completely new subdomain integrated parts of domain 2 and 5 of the old exam. 
  • 4.3 Explain the various activities associated with vulnerability management: The objective in this subdomain continues to highlight the crucial role of identifying and patching vulnerabilities. Sections of the old exam's domain 1 and domain 3 have been moved to this subdomain. 
  • 4.4 Explain security alerting and monitoring concepts and tools: This revamped subdomain focuses on understanding how to use various security tools and technologies to monitor your systems for suspicious activity continually. It integrates the older exam's subdomain 4.1 and 4.3. 
  • 4.5 Given a scenario, modify enterprise capabilities to enhance security: This objective brings a more holistic view to security operations and emphasizes how different security controls and processes work together to create a strong security posture. It contains much of the material from the older exam's 4.5 objective, along with its 3.2 objective on implementing host and application security solutions. 
  • 4.6 Given a scenario, implement and maintain identity and access management: This is a new objective in domain 4 that pulls from the old exam's 2.4 objective, "Summarize authentication and authorization design concepts." 
  • 4.7 Explain the importance of automation and orchestration related to secure operations: This new objective in domain 4 explores automating routine tasks and workflows, pulling material from objective 2.3 in the older exam. 
  • 4.8 Explain appropriate incident response activities: This new subdomain covers the fundamentals of how to identify, contain, eradicate and recover from security incidents. This material used to be in objective 4.2. 
  • 4.9 Given a scenario, use data sources to support an investigation: New for the 701 exam, this objective recognizes the importance of digital forensics and incident response. These topics were covered in subdomain 4.5 of the older exam. 

Now we’ll explore each objective in more detail. 

4.1: Apply security to computing resources 

The objective in this subdomain is "given a scenario, apply common security techniques to computing resources," and Lane emphasized that it's all about putting your security knowledge into action. 

Imagine you're on the front lines, protecting various systems, from mobile devices and workstations to cloud infrastructure and industrial control systems (ICS/SCADA). In all of these scenarios, you'll need to choose the right security controls to harden these targets and keep them safe from threats. 

The key is understanding the different controls available, like secure baselines, encryption and authentication protocols. Also, consider how these controls are implemented across various deployment models, whether it's BYOD (bring your own devices) or corporate-owned devices. By the end of this objective, you'll be well-equipped to make informed decisions about securing your organization's computing resources, no matter the environment. 

4.2: Hardware, software and data asset management 

Ever heard the saying, "You can't secure what you don't have"? That perfectly captures the importance of this objective: Explain the security implications of proper hardware, software and data asset management. If you don't have a complete inventory of your devices, software and data, you're leaving the door wide open for security vulnerabilities. 

This objective covers the security implications of keeping a meticulous inventory of your IT assets. This includes everything from laptops on your employee's desk to the data stored in the cloud. By tracking these assets through their life cycle, from acquisition to disposal, you can identify vulnerabilities, prevent unauthorized access and ensure proper data retention. 

4.3: Vulnerability management 

In this objective, you learn to "explain various activities associated with vulnerability management." This objective focuses on identifying and patching vulnerabilities in your systems before attackers can exploit them. It's all about not waiting for the downpour to patch a leaky roof. 

Here, you'll explore various methods for spotting these weaknesses, from vulnerability scans to penetration testing. You'll also learn how to prioritize risks using tools like the Common Vulnerability Scoring System (CVSS) and develop a sound strategy for patching and remediation. A proactive approach to vulnerabilities is the best defense. 

4.4: Alert and monitoring concepts and tools 

This objective aims to "explain security alerting and monitoring concepts and tools," which all cybersecurity professionals should be able to do, because without monitoring and alerts, it is hard to tell when systems are under attack. 

It covers how to leverage log aggregation and SIEM (Security Information and Event Management) tools to collect data from various sources, like systems applications and network devices. But monitoring is just half of what you'll learn. You'll also explore how to configure alerts to notify you of potential security incidents and implement response procedures to investigate and resolve them. 

4.5: Enhance enterprise security 

Security isn't a one-time fix; it's a continuous process of adaptation and improvement. That's where the objective "given a scenario, modify enterprise capabilities to enhance security" comes in. Here, you'll develop your critical thinking skills to analyze security scenarios and identify areas where you can strengthen your organization's defenses. 

This objective covers a vast toolkit of security controls, from firewalls and intrusion detection systems (IDS/IPS) to email security protocols and endpoint detection and response (EDR) solutions. By understanding how these controls work together, you can make informed decisions about where to invest resources and plug security gaps in any given scenario. 

4.6: Identity and access management 

Data security hinges on who has access to what. That is the point of this objective: "Given a scenario, implement and maintain identity and access management." Here, you'll become an expert at granting users appropriate access to systems and data, ensuring they have what they need to do their jobs without compromising security. 

You'll learn about multi-factor authentication (MFA), a powerful security measure that requires users to provide additional verification beyond just a password. You'll also explore role-based access control, a system that grants permissions based on a user-specific job function. By mastering these IAM concepts, you'll ensure that only authorized users have access to sensitive information, keeping your data safe and secure. 

4.7: Automation and orchestration 

In the fast-paced world of cybersecurity, the power to automate repetitive tasks and orchestrate complex workflows isn't a superpower but a necessity. Once you complete this submodule, you can "explain the importance of automation and orchestration related to secure operations." 

Security automation is more than just saving time though. It also helps enforce security baselines and ensure consistent configurations across your infrastructure. This objective will equip you to identify the best use cases for automation, weighing the benefits like faster response times against potential drawbacks like complexity and cost. 

4.8: Incident response 

Security is about prevention and having a plan for when things go wrong. This is where the objective "explain appropriate incident response activities" comes in. Here, you'll examine the essential steps of a security incident response process. 

You'll learn how to handle a security incident from start to finish: from initial detection and containment to eradication, recovery and learning from the experience. This objective also covers digital forensics and evidence collection, which are crucial for legal and investigative purposes. 

4.9: Support investigations with data 

This objective, "given a scenario, use data sources to support an investigation," will teach you to be a digital detective. Here, you'll sharpen your skills and use log data and other forensic tools to track down the source of security incidents. 

This objective covers a variety of data sources you might encounter, from firewall logs to vulnerability scans. By learning how to analyze this data effectively, you can identify attack patterns, understand the scope of the incident and possibly help bring the attackers to justice or at least get them off your network. 

Security+ domain 5

As Lane says, Security+ domain 5 covers "security program management and oversight where you have to understand effective security governance and what that entails." It plays a central role in ensuring an organization's overall security posture. 

The new domain groups related concepts together, making it easier to grasp the bigger picture. Here's a breakdown of its subdomains and how they compare to the older SY0-601 exam: 

  • 5.1: Summarize elements of effective security governance: This combines aspects of security policies and procedures, previously in domain 4 of the older exam, with the concept of aligning security practices with a chosen framework, which was subdomain 5.4 in the 601 exam. 
  • 5.2: Explain elements of the risk management process: This objective remains relatively the same but moved from subdomain 5.4 in the older exam. 
  • 5.3: Explain the processes associated with third-party risk assessment and management: This objective explains the importance of policies to organizational security from the older SY0-601 exam and adds material on summarizing risk management processes and concepts from objective 5.4 in the older exam. 
  • 5.4: Summarize elements of effective security compliance: This subdomain merges "explain the importance of applicable regulations, standards or frameworks that impact organizational security posture" and "explain privacy and sensitive data concepts in relation to security," which were separate objectives in module 5 of the older 601 exam. 
  • 5.5: Explain types and purposes of audits and assessments: Material from objective 1.8, "explain the techniques used in penetration testing," and objective 5.2, "explain the importance of applicable regulations, standards or frameworks that impact organizational security posture," in exam SY0-601 were combined to create this subdomain. 
  • 5.6: Given a scenario, implement security awareness practices: This subdomain combines new material with the 5.3 objective in exam 601, "explain the importance of policies to organizational security." 

Now let’s explore each of these objectives in detail. 

5.1: Effective security governance 

The first objective, "summarize elements of effective security governance," lays the foundation for this entire domain. As Lane mentioned, it's about understanding how to establish and maintain strong security practices. This involves aligning your organization's security efforts with a chosen framework or regulation. It also means creating and enforcing policies, procedures and standards that address critical areas like password management, access control and incident response. 

Effective security governance ensures everyone in the organization understands their roles and responsibilities when it comes to protecting data and systems. This includes not only internal policies but also external considerations like relevant laws and industry best practices. By establishing a clear governance structure, you can ensure your security program is continuously monitored, reviewed and improved. Understanding these core elements is essential for anyone involved in designing, implementing or overseeing an organization's security posture. 

5.2: Risk management process 

This objective, "explains elements of the risk management process," dives into a critical security function. It's all about identifying potential security threats lurking in your organization's IT infrastructure. But that's not all it covers. You also learn how to assess these risks, gauge their likelihood and determine their potential impact. This allows you to prioritize them and develop effective strategies to lessen their severity. 

As Lane explained, "A big part of risk management is reporting the risks that you find in the network because that will help determine how secure your network is." Clearly communicate identified risks, and you can inform decisions about security controls and resource allocation. Mastering risk management enables you to make informed choices about how to best safeguard your organization's valuable assets. 

5.3: Third-party risk assessment and management 

The objective "explain the processes associated with third-party risk assessment and management" addresses a growing concern in today's interconnected digital landscape. Many organizations rely on vendors and partners for critical services, but these third parties can unknowingly introduce security vulnerabilities. This objective explores how to assess these potential risks. 

You'll learn about selecting vendors with a focus on their security posture, conducting thorough due diligence processes and leveraging tools like penetration testing to uncover hidden weaknesses. The key here is continuous monitoring. By regularly evaluating your vendors' security practices through questionnaires, audits and enforcing clear rules of engagement, you can ensure they align with your organization's security standards. Effectively managing third-party risk extends your security beyond your own walls, creating a more robust security posture. 

5.4: Effective security compliance 

Don't get caught up in just checking boxes! This objective, "summarize elements of effective security compliance," emphasizes understanding the regulations and standards that impact your organization's security. It's about aligning your security controls with these frameworks and then demonstrating your follow-through. 

"You have to understand security compliance," said Lane. "What does it mean to comply? If you've implemented the security controls and you can prove that you've implemented them, you are showing compliance to a particular control." This objective covers various compliance aspects, including reporting requirements, the potential consequences of non-compliance, and how automation can streamline monitoring efforts. When you master effective security compliance, you can navigate the legal and regulatory landscape with competence and protect your organization's data and reputation. 

5.5: Audits and assessments 

The objective "explain types and purposes of audits and assessments" equips you to understand the role of independent evaluations in security. Regular audits and assessments are crucial for identifying weaknesses in your security posture. Lane highlighted that audits act as a kind of verification tool in that they help confirm that your implemented controls are working effectively. 

This objective explores different types of audits, including internal compliance Audits and external regulatory examinations. You'll also learn about penetration testing, a simulated attack that helps uncover vulnerabilities before malicious actors can exploit them. Understanding the various types and purposes of audits and assessments will help your organization proactively identify and address security risks. 

5.6: Security awareness practices 

This objective, "given a scenario, implement security awareness practices," goes beyond memorizing security policies. It focuses on your ability to apply those policies in real-world situations. 

This section of the module examines how to identify and respond to phishing attempts, a common tactic cybercriminals use to steal data or gain access to systems. You also learn about recognizing other risky user behaviors and how to create a culture of security awareness within your organization. This includes employee training programs, clear policies on password management and removable media and promoting situational awareness to identify potential social engineering attacks. 

In today's hybrid and remote work environments, these practices are more important than ever. By effectively implementing security awareness practices, you can enable employees to become your first line of defense against cyber threats. 

The impact of Security+ on cybersecurity careers 

The CompTIA Security+ certification is more than just an exam; it's a passport to a rewarding and fulfilling career in cybersecurity. By showcasing your knowledge and competence, you unlock doors to a wide range of exciting opportunities. 

With this certification, you can position yourself as a top candidate for entry-level security positions. Security+ opens doors to roles like: 

  • Security Analyst: Identify vulnerabilities, analyze threats and implement security solutions. 

  • Network Security Administrator: Configure and manage network security devices and systems. 

  • Security Consultant: Assess security risks, develop security plans and recommend security controls. 

  • Security Engineer: Design, implement and maintain secure networks and systems. 

Security+ can serve as a springboard for career growth in cybersecurity. A Security+ certification can boost earning potential and is often listed as a requirement or preference in job postings. 

This CompTIA certification also serves as a stepping stone to other advanced certifications offered by CompTIA, like PenTest+, CySA+ and CASP+. By building upon the Security+ certification, you can expand your knowledge and qualifications and open the door to even higher-paying positions. 

Preparing for the Security+ exam 

The CompTIA Security+ exam requires dedication, focus and preparation. With the right approach and resources, you can equip yourself with the knowledge and confidence to ace the exam. Here are some tips that will help: 

  • Understand the exam objectives: This article will get you started, but thoroughly review the CompTIA Security+ exam objectives to understand the specific topics covered in the expected level of depth. 

  • Create a study plan: Develop a structured plan that provides sufficient time for each domain. 

  • Security+ study guides: Books like The Official CompTIA Security+ Self-Paced Study Guide will allow you to learn quickly and become a handy reference. 
  • Boot camps: Infosec's CompTIA Security+ Training Boot Camp will teach you all you need to know to pass the exam in five days and comes with an Exam Pass Guarantee. 

  • Take practice tests: Regularly test your knowledge with practice exams. These will help you identify areas you need to study further and help you get used to the exam format. Infosec's CompTIA Security+ Training Boot Camp gives you unlimited practice exam attempts. 

  • Practice the necessary skills: Don't just passively consume information. Actively engage with the material through hands-on labs and your own explorations. 

  • Relax and stay confident: As the exam day approaches, make sure to rest and maintain a positive mindset. Confidence can greatly impact your performance. No matter your experience level, allow sufficient study time for topics you find most difficult. With smart preparation using these tips and trusted resources, you will be ready to demonstrate your Security+ competencies. 

Security+ domains: Key takeaways 

The CompTIA Security+ certification empowers you with the foundational knowledge and practical skills needed to thrive in the ever-evolving world of cybersecurity. 

Here are some key takeaways: 

  • Security+ equips you with the essential knowledge to identify, prevent and respond to a wide range of cyber threats and vulnerabilities. 

  • The certification empowers you to work effectively in diverse environments, including cloud, mobile, IoT and OT ecosystems. 

  • Security+ opens doors to exciting and rewarding career opportunities in cybersecurity, allowing you to command higher salaries and secure leadership positions. 

The demand for skilled cybersecurity professionals is not going away, and Security+ is a proven tool for more than 700,000 cybersecurity professionals. 

Quick summary: FAQs 

What is the difference between SY0-701 and SY0-601? 

The main differences between SY0-701 and SY0-601 are: 

  • Focus: SY0-701 places more emphasis on cloud security, security automation and orchestration, cryptography, threat modeling and security assessment and testing compared to SY0-601 and focuses on a more streamlined job role within a maturing industry. 

  • Domain structure: While both versions have five domains, they are organized differently. This was done to improve the instructional design of the exam. 

  • Number of objectives: SY0-701 has fewer objectives (28) than SY0-601 (35). 

What's new in the Security+ domains for 2024? 

Around 20% of the exam objectives were updated for 2024 to reflect the changing landscape of cybersecurity. These updates focus on current cybersecurity trends, including: 

How long is SY0-701 valid for? 

The SY0-701 certification is valid for a period of three years. This three-year window starts from the date you pass the exam. After this window, you must renew your certification to maintain its active status. 

When is the next Security+ exam update? 

CompTIA typically updates its Security+ exams every three years to align with the latest industry standards, and we can expect the next update to be in late 2026. 

Jeff Peters
Jeff Peters

Jeff Peters is a communications professional with more than a decade of experience creating cybersecurity-related content. As the Director of Content and Brand Marketing at Infosec, he oversees the Infosec Resources website, the Cyber Work Podcast and Cyber Work Hacks series, and a variety of other content aimed at answering security awareness and technical cybersecurity training questions. His focus is on developing materials to help cybersecurity practitioners and leaders improve their skills, level up their careers and build stronger teams.