Comprehensive guide to CompTIA Security+ domains (2024)

When CompTIA updates a certification exam like Security+, there is typically a six-month window where two versions of the exam are available: the old exam and the new exam. With the recent update: 

This window from November to June is to minimize disruption to those currently studying for the exam. If you're studying for your exam during these exam change windows, you have the option of taking either version of the exam. Just be aware that new exam versions usually differ by about 20% in the material they cover. 

After July 31, 2024, everyone must take the 701 version until the next update, which is expected to be released in Fall 2026 and be fully implemented by Summer 2027.

Deep dive into Security+topics and domains

Now that you understand the framework provided by the five Security+ domains, let's explore the specific topics covered within each domain and their practical applications in real-world cybersecurity scenarios. You can also view the full Security+ 701 exam outline for more details. 

Security+ domain 1

The new exam topics (Security+ SY0-701) for domain 1 gather the general security concepts previously spread across multiple domains. Patrick Lane, Director of Certification Product Management at CompTIA, joined Infosec for a webinar on the Security+ update and explained that this domain covers all the foundational concepts every cybersecurity professional should know. 

Here are the objectives for Security+ domain 1: 

• 1.1 Compare and contrast various types of security controls: This objective builds on the material in the old exam's objective 5.1 and covers all the things that enforce the CIA (Confidentiality, Integrity, Availability) triad of information security. 
• 1.2 Summarize fundamental security concepts: This subdomain incorporates elements from various sections of the old exam, including core security concepts from objective 2.1 and the importance of physical security from objective 2.7. Here, you'll learn the essential security vocabulary and gain a solid understanding of how to apply it. 
• 1.3 Explain the importance of change management processes and the impact to security: This objective combines information about organizational policies from the old exam's objective 5.3 with new material on implementing secure change management practices. 
• 1.4 Explain the importance of using appropriate cryptographic solutions: This subdomain expands on the cryptographic basics covered in objective 2.8 of the previous exam. In this objective, you'll learn why encryption is vital and how to choose the right solutions. 

 Now let’s explore each objective in detail. 

1.1: Security controls 

The objective "compare and contrast various types of security controls" is essential to understanding how organizations protect their assets from security risks. Security controls are safeguards or countermeasures that aim to preserve the confidentiality, integrity and availability (CIA) of information and are "one of the most foundational concepts in cybersecurity," according to Lane. These controls can be categorized into technical, managerial, operational and physical types. 

Technical controls include firewalls and antivirus software, which protects systems from unauthorized access and malware. Managerial controls involve policies and procedures that govern security practices, such as risk management frameworks like NIST's RMF. Operational controls focus on the day-to-day protection of assets. Physical controls involve measures like locks and access control systems to secure physical locations. 

Security controls can also be classified by their function. Preventative controls aim to stop security incidents before they occur. Deterrent controls discourage malicious activities. Detective controls identify and alert about security breaches. Corrective controls address and fix issues after they occur. Compensating controls provide alternative measures when primary controls fail. Directive controls enforce compliance with security policies. 

This objective builds your essential security vocabulary, ensuring you can confidently discuss and implement the controls that keep your organization safe. 

1.2: Fundamental security concepts 

This objective challenges you to "summarize fundamental security concepts." From the classic CIA triad (Confidentiality, Integrity and Availability) to the Zero Trust model, you'll need to wrap your head around various concepts. 

Lane emphasizes the importance of understanding these foundational elements, as they form the backbone of effective security strategies. Take the AAA framework (Authentication, Authorization and Accounting), for instance. It's not only about keeping bad actors out; it's also about ensuring the right people have the right access at the right time. 

This subdomain doesn't stop at the digital realm. Physical security concepts, from bollards to infrared sensors, are also covered. You also learn about deception technologies like honeypots because, sometimes, the best defense is a good offense. 

These concepts are important because cybersecurity is more than just firewalls and antivirus software. It's about understanding how all these concepts work together to create a robust defense. Once you master these concepts, you'll have the foundation to tackle any security challenge that comes your way. 

1.3: Change management processes 

This objective asks you to "explain the importance of change management processes and the impact to security," which, according to Lane, is no small feat. "Change management is one of the most complex, difficult things to do in it," he stresses. Why? Because in today's interconnected systems, one change can trigger a domino effect across the entire network. 

Think of change management as a high-stakes game of Jenga. Every move you make could potentially topple the whole structure. That's why understanding the business processes, technical implications and documentation requirements is essential. 

From approval processes and impact analysis to allow lists and service restarts, each element plays a vital role in maintaining security while implementing changes. Making the change itself could be the simplest part. Anticipating its ripple effects, having a solid backup plan and ensuring everything is properly documented and version-controlled are where it gets complex. 

In cybersecurity, uncontrolled changes are like leaving your front door wide open. Becoming an expert at change management helps you keep that door locked tight. It's a delicate balance but one that's essential for maintaining robust security in a changing IT landscape. 

1.4: Cryptographic solutions 

In this subdomain, you'll learn to "explain the importance of using appropriate cryptographic solutions." "We have to encrypt our data," says Lane, "because if that's not done, it can be immediately used by a bad actor." This objective is your crash course and keeping information under lock and key in the digital world. 

From public key infrastructure (PKI) to blockchain, the range of cryptographic solutions can seem overwhelming. But each solution is just another tool in your cybersecurity toolbox and this objective will teach you which cryptographic tool to use if it's each security scenario. 

Understanding the differences between symmetric and asymmetric encryption, the various levels of encryption (from full-disk to record-level) and the role of digital signatures might seem like academic knowledge. But it helps you determine how to protect data, whether at rest, in transit or in use. 

In an age where data breaches make headlines almost daily, strong cryptography is often the last line of defense. Learning the concepts in this objective prepares you to be a guardian of digital information in the real world. In cybersecurity, what you don't know can hurt you and your organization. 

Security+ domain 2

Domain 2 has undergone a significant transformation. Exam SY0-601 covered architecture and design, but that has changed. "Domain two, threats, vulnerabilities and mitigations, is essentially learning about the different threats, vulnerabilities and mitigations you'll be up against,” said Lane. “There's a lot of new ones, and you've got to be familiar with them,"  

Here's a breakdown of these changes and how this domain stacks up against the old exam: 

• 2.1 Compare and contrast common threat actors and motivations: This objective dives into understanding the "who" and "why" behind cyberattacks. This overlaps with the old 1.5 objective but focuses on recognizing specific threat actors and their motivations. 
• 2.2 Explain common threat vectors and attack surfaces: This objective tackles how attackers get in — the tricks they use and the weak spots they exploit. This new objective also takes from the older 1.5 objective but focuses on the tactics attackers use. 
• 2.3 Explain various types of vulnerabilities: This objective explores the weaknesses that attackers can leverage. It builds upon objective 1.6 from the 601 exam by going beyond just recognizing vulnerabilities to understanding the different types. 
• 2.4 Given a scenario, analyze indicators of malicious activity: Here you learn about identifying the digital footprints that malicious actors leave behind. This new objective merges elements from the old objectives 1.2 (analyzing potential indicators), 1.3 (applications attacks) and 1.4 (network attacks) but with a stronger focus on analyzing scenarios. 
• 2.5 Explain the purpose of mitigation techniques used to secure the enterprise: This objective equips you with the different strategies you can use to defend against threats. It incorporates elements from the old objectives 4.4 (applying mitigation techniques), 3.1 (secure protocols), 3.2 (host/application security), 3.3 (secure network design), 3.4 (wireless security) and 3.5 (mobile security) but with a shift in focus towards understanding the purpose of these techniques rather than just implementing them. 

Now let’s explore each objective in detail. 

2.1: Threat actors and motivations 

The ability to "compare and contrast common threat actors and motivations" is a very important part of effective cybersecurity. As Lane points out in the webinar, knowing "who threat actors are, who are the people that are attacking you" is crucial for developing robust defense strategies. 

This objective goes deeper than simply identifying different types of attackers. It challenges you to understand the nuances between various threat actors, from nation-states with vast resources to unskilled attackers looking for easy targets. You'll need to grasp how an inside threat differs from an organized crime, or how hacktivists operate compared to shadow IT. 

You'll also explore the diverse motivations driving these actors. Whether it's financial gain, espionage or simply causing chaos, understanding these motivations helps predict attack patterns and prioritize defenses. This knowledge allows professionals to anticipate threats and tailor their strategies accordingly. In cybersecurity, knowing your enemy is often the key to staying one step ahead. 

2.2: Threat vectors and attack surfaces 

The objective “explain common threat vectors and attack surfaces" is the focus of this subdomain. As Lane emphasized in the webinar, you need to be familiar with how attackers can target your systems, including "a lot of new ones." 

This objective covers a wide range of potential entry points, from message-based threats like phishing emails and SMS attacks to vulnerabilities in your supply chain. Knowing their names and definitions is not enough. You must understand how these vectors interconnect and evolve. For instance, a simple phishing email could lead to a complex business email compromise. 

Security professionals need this knowledge to build comprehensive defense strategies. By understanding the full spectrum of threat vectors, from unsecured networks to social engineering tactics like pretexting, you can better anticipate and mitigate potential attacks. This objective prepares you to think holistically about security, considering both technical vulnerabilities and human factors. Your defense is only as strong as your understanding of potential attack routes. 

2.3: Types of vulnerabilities 

Not all vulnerabilities are the same, and this objective, "explain various types of vulnerabilities," digs into the different types of weaknesses in a system that attackers can exploit. As Lane noted, new vulnerabilities and new ways to exploit them are a given in cybersecurity and you must be ready to handle them as a security professional. 

This objective covers a broad spectrum of vulnerabilities, from application-level issues like buffer overflows and SQL injections to hardware vulnerabilities and cloud-specific risks. Here, you'll not only learn the names of these vulnerabilities but how they can be exploited and more importantly how they relate to each other. 

For example, a seemingly minor misconfiguration could lead to a major breach if combined with a zero-day exploit. This type of comprehensive understanding allows security professionals to effectively prioritize threats and allocate resources. When you master this objective, you'll be able to identify potential weak points in your systems, understand the implications of emerging threats and develop more robust security strategies.

2.4: Analyze indicators of malicious activity 

This objective, "given a scenario, analyze indicators of malicious activity," dives into practical skills you need to detect suspicious activity on a system. Understanding "how bad actors are going to attack" is a top skill for any cybersecurity professional, according to Lane, because it enables them to identify and respond to potential threats before they cause harm. 

This objective will teach you to understand the tactics, techniques and procedures (TTPs) used by threat actors, as well as the indicators of compromise (IOCs) that can help you detect and prevent attacks. You'll become familiar with a wide range of threats, including malware attacks, ransomware, Trojans and rootkits. You'll also learn about physical attacks, such as brute force and RFID cloning, as well as network attacks like DDoS. 

Understanding the indicators of these attacks allows you to implement proactive measures, as Lane suggests when he mentions using playbooks to "protect yourself before you've even been attacked." Studying for this objective will enhance your ability to interpret security data, recognize attack patterns and make informed decisions in high-pressure situations. 

2.5: Mitigation techniques 

Knowing how to defend your systems is just as critical as understanding the threats. The last objective covers how to identify malicious activity and this one will have you "explain the purpose of mitigation techniques used to secure the enterprise." 

This objective focuses on the tools and strategies you can use to counter cyberattacks. You'll learn how access controls, like permissions and whitelisting, and restrict unauthorized access while encryption scrambles data to make it unreadable in case of a breach. The key here is not only knowing how to implement specific security measures (applying a patch) but also understanding the purpose behind these measures (patching fixes vulnerabilities). 

This subdomain will give you a deeper understanding of mitigation techniques. You'll be able to choose the most appropriate techniques for different situations and create a layered defense against known and emerging cyber threats. 

Security+ domain 3

The most obvious change is that Security+ domain 3 was named implementation in the 601 exam and is now named security architecture in the 701 exam. This change reflects how the domain now places a strong emphasis on how different architectures impact security posture. 

"We need to understand different architectures, even different cloud architectures," said Lane. "You won't be doing a lot of design, but you will be doing a lot where you're actually given a scenario, and then you need to apply the security principles to secure that infrastructure." 

Here's a breakdown of the new objective and how they compare to the old exam: 

• 3.1 Compare and contrast security implications of different architecture models: This builds on knowledge from the old domain 2 but dives deeper. You'll need to understand the security strengths and weaknesses of on-premises, cloud and zero-trust architectures. 
• 3.2 Given a scenario, apply security principles to secure enterprise infrastructure: This expands on the old domain 2 objective of explaining security concepts. You'll be given real-world situations and apply best practices to secure infrastructure. 
• 3.3 Compare and contrast concepts and strategies to protect data: This includes elements from the old domain 5 (Governance, Risk and Compliance). You'll need to understand data security strategies and how they differ based on data type and storage location. 
• 3.4 Explain the importance of resilience and recovery in security architecture: This builds on two objectives from the old domain 2. Here, the focus is on understanding how architecture choices impact an organization's ability to bounce back after cyberattacks. 

Now we’ll explore each objective in more detail. 

3.1: Architecture model security 

The objective "compare and contrast security implications of different architecture models" dives deep into the foundation of modern cybersecurity. As Lane mentioned in the webinar, understanding various architectures like on-premises, cloud and zero-trust models allows you to proactively secure your systems. 

The type of architecture you choose shapes your security posture. This objective enables you to assess the strengths and weaknesses of different models. You'll learn about cloud considerations, where responsibility for security lies between you and the cloud provider. You also explore hybrid environments, where on-premises and cloud elements coexist and how to secure them effectively. 

But you'll need to know no more than just the big picture. This objective also covers fundamental infrastructure concepts like virtualization, containerization and network segmentation. These technologies offer flexibility and efficiency, but they also introduced new security considerations. By understanding these concepts, you'll be able to identify potential vulnerabilities and implement safeguards to reduce them. 

3.2: Apply security principles to enterprise infrastructure 

As a security professional in the real world, you might be presented with a scenario where an organization's infrastructure needs security hardening. That's the essence of the objective "Given a scenario, apply security principles to secure enterprise infrastructure." Here, memorizing a list of tools won't be enough. 

Understanding underlying security principles before applying them is a concept that Lane emphasized in the webinar. This objective covers how to implement those print symbols using firewalls, intrusion detection systems, secure network configurations and other controls. You'll learn about essential concepts like attack surface management, where to place devices strategically for optimal security and how to choose the right tools for the job. 

This objective translates theory into practice. You'll gain the practical skills to select appropriate security controls and secure enterprise infrastructure. 

3.3: Strategies to protect data 

Data is the lifeblood of any organization, and this objective, which asks you to "compare and contrast concepts and strategies to protect data," equips you to safeguard it. You'll go beyond just knowing the names of different data types and examine their classifications, from highly sensitive financial information to public data. Understanding these classifications is crucial for applying the right security measures. 

The objective explores various data states: at rest, in transit and use. Each state requires different protection methods. You'll learn about encryption, a cornerstone of data security, along with other techniques like hashing and tokenization. 

But security is more than just about technology. This objective also emphasizes understanding data sovereignty and geolocation laws. Knowing where your data resides and the regulations that govern it enables you to implement effective geographic restrictions if needed. 

When you complete this objective, you'll have a comprehensive data security arsenal. You'll be able to choose the appropriate controls for different data types and ensure your organization's valuable information remains confidential and secure. 

3.4: Importance of resiliency and recovery 

In the real world, a cyberattack can still disrupt your operations even if you've implemented robust security measures. That's where this objective, "Explain the importance of resilience and recovery and security architecture," comes in. As Lane highlighted, building a resilient security architecture allows you "to protect yourself before you've even been attacked." 

This objective emphasizes building resilience: the ability of your systems to bounce back from disruptions. Even the most secure systems can face outages due to power failures, natural disasters or human error. By understanding concepts like high availability and redundancy, you'll know which type of systems can withstand these challenges. 

This objective also covers disaster recovery strategies like backups, replication and failover procedures. Mastering these ensures you have a plan to restore critical systems and data quickly, minimizing downtime and keeping your organization operational. 

This objective prepares you to build a security posture that's not only strong but adaptable. You'll learn to anticipate potential disruptions and implement safeguards to ensure your organization remains resilient. 

Security+ domain 4 

Security+ domain 4 received several updates on the new exam. The most visible change is that the name of this domain used to be "operations and incident response," but now it is "security operations." 

As Lane mentions in the webinar, this domain covers "the day-to-day operations. This is where we see continuous security monitoring. This is where you will be applying updates, doing security alerting, monitoring and finding anomalies that indicate bad behavior." 

Here's a breakdown of the new subdomains within security operations and how they compare to the old exam: 

• 4.1 Given a scenario, apply common security techniques to computing resources: This section emphasizes the practical application of security measures across various computing environments, integrating elements from the old exam's domain 2 and 3. 
• 4.2 Explain the security implications of proper hardware, software and data asset management: This subdomain emphasizes the importance of keeping an accurate inventory of your hardware, software and data. This completely new subdomain integrated parts of domain 2 and 5 of the old exam. 
• 4.3 Explain the various activities associated with vulnerability management: The objective in this subdomain continues to highlight the crucial role of identifying and patching vulnerabilities. Sections of the old exam's domain 1 and domain 3 have been moved to this subdomain. 
• 4.4 Explain security alerting and monitoring concepts and tools: This revamped subdomain focuses on understanding how to use various security tools and technologies to monitor your systems for suspicious activity continually. It integrates the older exam's subdomain 4.1 and 4.3. 
• 4.5 Given a scenario, modify enterprise capabilities to enhance security: This objective brings a more holistic view to security operations and emphasizes how different security controls and processes work together to create a strong security posture. It contains much of the material from the older exam's 4.5 objective, along with its 3.2 objective on implementing host and application security solutions. 
• 4.6 Given a scenario, implement and maintain identity and access management: This is a new objective in domain 4 that pulls from the old exam's 2.4 objective, "Summarize authentication and authorization design concepts." 
• 4.7 Explain the importance of automation and orchestration related to secure operations: This new objective in domain 4 explores automating routine tasks and workflows, pulling material from objective 2.3 in the older exam. 
• 4.8 Explain appropriate incident response activities: This new subdomain covers the fundamentals of how to identify, contain, eradicate and recover from security incidents. This material used to be in objective 4.2. 
• 4.9 Given a scenario, use data sources to support an investigation: New for the 701 exam, this objective recognizes the importance of digital forensics and incident response. These topics were covered in subdomain 4.5 of the older exam. 

Now we’ll explore each objective in more detail. 

4.1: Apply security to computing resources 

The objective in this subdomain is "given a scenario, apply common security techniques to computing resources," and Lane emphasized that it's all about putting your security knowledge into action. 

Imagine you're on the front lines, protecting various systems, from mobile devices and workstations to cloud infrastructure and industrial control systems (ICS/SCADA). In all of these scenarios, you'll need to choose the right security controls to harden these targets and keep them safe from threats. 

The key is understanding the different controls available, like secure baselines, encryption and authentication protocols. Also, consider how these controls are implemented across various deployment models, whether it's BYOD (bring your own devices) or corporate-owned devices. By the end of this objective, you'll be well-equipped to make informed decisions about securing your organization's computing resources, no matter the environment. 

4.2: Hardware, software and data asset management 

Ever heard the saying, "You can't secure what you don't have"? That perfectly captures the importance of this objective: Explain the security implications of proper hardware, software and data asset management. If you don't have a complete inventory of your devices, software and data, you're leaving the door wide open for security vulnerabilities. 

This objective covers the security implications of keeping a meticulous inventory of your IT assets. This includes everything from laptops on your employee's desk to the data stored in the cloud. By tracking these assets through their life cycle, from acquisition to disposal, you can identify vulnerabilities, prevent unauthorized access and ensure proper data retention. 

4.3: Vulnerability management 

In this objective, you learn to "explain various activities associated with vulnerability management." This objective focuses on identifying and patching vulnerabilities in your systems before attackers can exploit them. It's all about not waiting for the downpour to patch a leaky roof. 

Here, you'll explore various methods for spotting these weaknesses, from vulnerability scans to penetration testing. You'll also learn how to prioritize risks using tools like the Common Vulnerability Scoring System (CVSS) and develop a sound strategy for patching and remediation. A proactive approach to vulnerabilities is the best defense. 

4.4: Alert and monitoring concepts and tools 

This objective aims to "explain security alerting and monitoring concepts and tools," which all cybersecurity professionals should be able to do, because without monitoring and alerts, it is hard to tell when systems are under attack. 

It covers how to leverage log aggregation and SIEM (Security Information and Event Management) tools to collect data from various sources, like systems applications and network devices. But monitoring is just half of what you'll learn. You'll also explore how to configure alerts to notify you of potential security incidents and implement response procedures to investigate and resolve them. 

4.5: Enhance enterprise security 

Security isn't a one-time fix; it's a continuous process of adaptation and improvement. That's where the objective "given a scenario, modify enterprise capabilities to enhance security" comes in. Here, you'll develop your critical thinking skills to analyze security scenarios and identify areas where you can strengthen your organization's defenses. 

This objective covers a vast toolkit of security controls, from firewalls and intrusion detection systems (IDS/IPS) to email security protocols and endpoint detection and response (EDR) solutions. By understanding how these controls work together, you can make informed decisions about where to invest resources and plug security gaps in any given scenario. 

4.6: Identity and access management 

Data security hinges on who has access to what. That is the point of this objective: "Given a scenario, implement and maintain identity and access management." Here, you'll become an expert at granting users appropriate access to systems and data, ensuring they have what they need to do their jobs without compromising security. 

You'll learn about multi-factor authentication (MFA), a powerful security measure that requires users to provide additional verification beyond just a password. You'll also explore role-based access control, a system that grants permissions based on a user-specific job function. By mastering these IAM concepts, you'll ensure that only authorized users have access to sensitive information, keeping your data safe and secure. 

4.7: Automation and orchestration 

In the fast-paced world of cybersecurity, the power to automate repetitive tasks and orchestrate complex workflows isn't a superpower but a necessity. Once you complete this submodule, you can "explain the importance of automation and orchestration related to secure operations." 

Security automation is more than just saving time though. It also helps enforce security baselines and ensure consistent configurations across your infrastructure. This objective will equip you to identify the best use cases for automation, weighing the benefits like faster response times against potential drawbacks like complexity and cost. 

4.8: Incident response 

Security is about prevention and having a plan for when things go wrong. This is where the objective "explain appropriate incident response activities" comes in. Here, you'll examine the essential steps of a security incident response process. 

You'll learn how to handle a security incident from start to finish: from initial detection and containment to eradication, recovery and learning from the experience. This objective also covers digital forensics and evidence collection, which are crucial for legal and investigative purposes. 

4.9: Support investigations with data 

This objective, "given a scenario, use data sources to support an investigation," will teach you to be a digital detective. Here, you'll sharpen your skills and use log data and other forensic tools to track down the source of security incidents. 

This objective covers a variety of data sources you might encounter, from firewall logs to vulnerability scans. By learning how to analyze this data effectively, you can identify attack patterns, understand the scope of the incident and possibly help bring the attackers to justice or at least get them off your network.