Is the Security+ SY0-701 practice exam free?

Yes, all 12 Security+ SY0-701 practice exams on SecurityPlus Studio are completely free — no account, no credit card, no paywall. Access 1,080 questions instantly.

How many questions are on the CompTIA Security+ SY0-701 exam?

The CompTIA Security+ SY0-701 exam has a maximum of 90 questions including multiple-choice and performance-based questions (PBQs). The exam time limit is 90 minutes and the passing score is 750 out of 900.

What domains are covered in Security+ SY0-701?

Security+ SY0-701 covers 5 domains: General Security Concepts (12%), Threats, Vulnerabilities and Mitigations (22%), Security Architecture (18%), Security Operations (28%), and Security Program Management and Oversight (20%).

What is the passing score for Security+ SY0-701?

The passing score for CompTIA Security+ SY0-701 is 750 on a scale of 100-900. This is approximately 83%. You should target 80%+ on practice exams to ensure you pass the real exam.

How long should I study for Security+ SY0-701?

Most candidates need 4-12 weeks of study depending on their experience. IT professionals with networking background typically need 4-6 weeks. Beginners may need 8-12 weeks. Daily practice with our 12 full-length exams and domain study guides will maximize your score.

Security+ SY0-701 Study Guide - Complete 21-Day Exam Preparation Plan

1

General Security Concepts

12% of Exam

Security controls, CIA triad, cryptography, PKI, authentication, and zero trust.

Exam Objectives

1.1Compare and contrast various types of security controls
1.2Summarize fundamental security concepts
1.3Explain the importance of change management processes and the impact to security
1.4Explain the importance of using appropriate cryptographic solutions

1.1Security Controls

Types

Preventive — Stop incidents (firewalls, auth)
Deterrent — Discourage attackers (signs, cameras)
Detective — Identify incidents (IDS, audits)
Corrective — Restore after incident (IR plans, backups)
Compensating — Alternative when primary fails
Directive — Guidance on compliance (policies, training)

1.2Fundamental Security Concepts

The CIA Triad — Core Security Principles

🔒

Confidentiality

Data only accessible to authorized users. Tools: Encryption, access controls, data masking.

✅

Integrity

Data accuracy and completeness. Tools: Hashing, digital signatures, checksums.

🟢

Availability

Access when needed. Tools: Redundancy, fault tolerance, backups.

AAA Framework

Authentication — Verify identity (who you are)
Authorization — Grant access (what you can do)
Accounting — Track actions for audit

Protocols: RADIUS, TACACS+, Kerberos

Zero Trust Architecture

"Never trust, always verify" — No implicit trust regardless of location.

Control Plane: Policy Engine, Administrator, Enforcement Point
Data Plane: Implicit trust zones, subject/system access
Adaptive Identity: Context-based dynamic authentication

Physical Security

Bollards — Blocks vehicular access

Access Control Vestibule — Controlled building entry

Fencing — Perimeter barrier

Video Surveillance — CCTV monitoring

Sensors — Infrared, pressure, microwave, ultrasonic

Deception Technologies

Honeypot — Decoy system to attract attackers

Honeynet — Network of honeypots

Honeyfile — Fake file to detect unauthorized access

Honeytoken — Decoy credential or data item

Purpose: Detect, monitor, and analyze attacker behavior

1.3Change Management & Security

Change Management Process

1. Approval Process — Review and authorize changes
2. Ownership — Assign responsibility
3. Stakeholders — Identify affected parties
4. Impact Analysis — Assess security implications
5. Test Results — Validate before deployment
6. Backout Plan — Rollback if change fails
7. Maintenance Window — Scheduled time for changes

Technical Change Management

Allow/Deny Lists — Control application execution
Restricted Activities — Limit high-risk operations
Downtime — Planned outages for maintenance
Legacy Applications — Handle outdated systems
Dependencies — Track system interdependencies
Version Control — Track and manage changes

1.4Cryptographic Solutions

Encryption Types

Symmetric — Same key for encrypt/decrypt. Fast. Examples: AES, DES, 3DES
Asymmetric — Public/private key pair. Slower. Examples: RSA, ECC, Diffie-Hellman
Hashing — One-way transformation. Examples: SHA-256, MD5, bcrypt

Encryption Levels: Full-disk, Partition, File, Volume, Database, Record, Transport

PKI & Certificates

CA — Certificate Authority; issues/manages digital certificates
CRL — Certificate Revocation List of invalid certs
OCSP — Online Certificate Status Protocol (real-time)
CSR — Certificate Signing Request to a CA
Wildcard — Secures all subdomains of a domain
Root of Trust — Trusted anchor for all crypto operations

Hashing & Obfuscation

Hashing — Fixed-size output; non-reversible
Salting — Random data before hashing; prevents rainbow tables
Digital Signatures — Verify authenticity and integrity
Key Stretching — Increases effort to crack passwords (bcrypt, PBKDF2)
Steganography — Hiding data within other data
Tokenization — Replace sensitive data with tokens

Crypto Hardware & Blockchain

TPM — Trusted Platform Module; hardware key storage
HSM — Hardware Security Module; dedicated crypto hardware
Key Escrow — Keys stored by trusted third party
Secure Enclave — Isolated hardware for sensitive processing
Blockchain — Distributed decentralized ledger; transparent and immutable
Non-repudiation — Sender cannot deny sending (digital signatures)

2

Threats, Vulnerabilities & Mitigations

22% of Exam

Threat actors, attack vectors, malware types, social engineering, and mitigation techniques.

Exam Objectives

2.1Compare and contrast common threat actors and motivations
2.2Explain common threat vectors and attack surfaces
2.3Explain various types of vulnerabilities
2.4Given a scenario, analyze indicators of malicious activity
2.5Explain the purpose of mitigation techniques used to secure the enterprise

2.1Threat Actors & Motivations

Threat Actor Types

Nation-State — Government-sponsored; high sophistication, political/military goals
Hacktivist — Politically/socially motivated; public exposure
Organized Crime — Financial motivation; ransomware, fraud
Insider Threat — Current/former employees with privileged access
Unskilled Attacker — Script kiddies; limited technical knowledge
Shadow IT — Unauthorized IT systems within an organization

Motivations

Data Exfiltration — Stealing sensitive data
Financial Gain — Ransomware, fraud, cybercrime
Espionage — Intelligence gathering, IP theft
Service Disruption — DDoS, operational disruption
Blackmail — Threatening to expose sensitive info
Revenge — Retaliation against organizations
Philosophical/Political — Ideological agenda

2.2Threat Vectors & Attack Surfaces

Attack Vectors

Message-based — Email, SMS, instant messaging phishing
Image-based — Malware hidden in image files
File-based — Malicious attachments, documents
Voice Call — Vishing (voice phishing)
Removable Device — Infected USB drives
Supply Chain — Compromising trusted vendors/software

Social Engineering

Phishing — Fraudulent emails to steal credentials
Spear Phishing — Targeted phishing at specific individual
Whaling — Phishing targeting executives
Vishing — Voice phishing
Smishing — SMS phishing
Impersonation — Pretending to be someone trusted
Watering Hole — Compromising sites victims visit
Pretexting — Creating a fabricated scenario

2.3Vulnerability Types

Application Vulnerabilities

SQL Injection — Malicious SQL inserted into queries
XSS (Cross-site Scripting) — Malicious scripts in web pages
Buffer Overflow — Writing beyond allocated memory
Memory Injection — Injecting code into process memory
Race Condition — Exploiting timing between operations
Directory Traversal — Accessing files outside web root
Privilege Escalation — Gaining elevated permissions

Infrastructure Vulnerabilities

Zero-Day — Unknown vulnerability with no patch
OS Vulnerabilities — Unpatched OS flaws
Hardware Vulnerabilities — Firmware exploits (Spectre, Meltdown)
Cloud Vulnerabilities — Misconfigured cloud resources
Virtualization — VM escape, hypervisor attacks
Mobile Device — Sideloading, rooting/jailbreaking
Misconfiguration — Default credentials, open ports

2.4Malware Types & Attack Indicators

Malware Types

Virus — Attaches to host files; spreads when executed
Worm — Self-replicates without host file
Trojan — Disguised as legitimate software
Ransomware — Encrypts files; demands payment
Rootkit — Hides malware in OS/firmware
Spyware — Collects user data secretly
Keylogger — Records keystrokes
RAT — Remote Access Trojan

Network Attacks

DDoS — Distributed Denial of Service
On-Path (MitM) — Intercepts network traffic
Replay — Resends captured auth tokens
DNS Poisoning — Corrupts DNS cache
ARP Spoofing — Maps attacker MAC to target IP
Amplified/Reflected — Amplifies DDoS traffic

Crypto & Password Attacks

Brute Force — Try all password combinations
Dictionary — Use word list for passwords
Spraying — Few passwords against many accounts
Rainbow Table — Precomputed hash lookup
Downgrade — Force weaker crypto protocol
Birthday — Hash collision attack
Credential Stuffing — Reuse breached credentials

Indicators of Compromise (IoCs)

Account lockout · Concurrent session usage

Impossible travel · Resource consumption

Out-of-cycle logging · Missing logs

2.5Mitigation Techniques

Access Control Mitigations

Segmentation — Divide networks to limit breach scope
ACL — Define what traffic/access is permitted
Application Allow List — Only approved apps can run
Isolation — Separate critical systems
Patching — Apply security updates promptly

Hardening Techniques

Encryption — Protect data in transit and at rest
MFA — Require multiple authentication factors
Least Privilege — Grant only necessary permissions
Disable Unused Services — Reduce attack surface
Security Awareness Training — Educate employees
Endpoint Detection & Response (EDR)

3

Security Architecture

18% of Exam

Cloud security, network segmentation, secure design, data protection, and resilience planning.

Exam Objectives

3.1Compare and contrast security implications of different architecture models
3.2Given a scenario, implement secure network architecture concepts
3.3Given a scenario, implement secure system design
3.4Explain the importance of resilience and recovery in security architecture

3.1Architecture Models

Cloud Architecture

Responsibility Matrix — Defines who manages what (provider vs. customer)
IaaS — Infrastructure as a Service; provider manages hardware
PaaS — Platform as a Service; provider manages OS + runtime
SaaS — Software as a Service; provider manages everything
Infrastructure as Code (IaC) — Manage infra through config files
Serverless — Provider handles infrastructure; auto-scaling
Microservices — Loosely coupled services communicating via APIs

Network Infrastructure

Physical Isolation — Air-gapped networks; complete hardware separation
Logical Segmentation — VLANs, SDN to limit access and attack surface
SDN — Software-Defined Networking; centralized control
Containerization — Docker, Kubernetes; isolated application environments
IoT — Significant security risk due to limited built-in security
ICS/SCADA — Industrial control systems; legacy security challenges
RTOS — Real-Time Operating Systems for embedded devices

3.2Secure Network Architecture

Network Appliances

Firewall — Packet filtering, stateful inspection
NGFW — Next-Gen Firewall with deep packet inspection
IDS — Intrusion Detection System; alerts only
IPS — Intrusion Prevention System; blocks threats
WAF — Web Application Firewall; layer 7 protection
Proxy — Intermediary for web traffic filtering
Load Balancer — Distributes traffic across servers

Secure Communications

VPN — Encrypted tunnel over public network
TLS/SSL — Transport Layer Security for web traffic
IPSec — IP Security for network-layer encryption
SSH — Secure Shell for remote administration
SFTP — Secure File Transfer Protocol
SASE — Secure Access Service Edge; cloud-based security

Port Security

802.1X — Port-based network access control

MAC Filtering — Control access by hardware address

VLAN Segmentation — Isolate network segments

DMZ — Demilitarized zone for public-facing services

Jump Server — Secure access point for admin tasks

NAT — Network Address Translation; hides internal IPs

3.3Data Protection & Classification

Data Classification

Public — Freely available to everyone
Private/Internal — Limited to organization employees
Sensitive — Restricted access; business-sensitive
Confidential — Highly restricted, legal/financial data
Top Secret — Critical; national security level

States of Data: Data at rest, in transit, in use

Data Protection Methods

DLP — Data Loss Prevention tools
Encryption — At rest and in transit
Rights Management — IRM/DRM controls on files
Tokenization — Replace sensitive data with tokens
Segmentation — Limit breach impact scope

Roles: Owner, Controller, Processor, Custodian/Steward

3.4Resilience & Recovery

Site Recovery

Hot Site — Fully operational backup facility
Warm Site — Partially equipped; hours to restore
Cold Site — Basic facility; days to set up
Geographic Dispersion — Resources in multiple locations

Backup Types

Full — Complete copy of all data
Incremental — Changes since last backup
Differential — Changes since last full backup
Snapshot — Point-in-time image
Replication — Real-time data copies

HA & Power

Load Balancing — Distributes traffic; redundancy
Clustering — Multiple nodes for fault tolerance
UPS — Short-term backup power
Generator — Long-term backup power
Journaling — Recording changes for rollback

Recovery Testing: Tabletop exercises · Failover testing · Simulation · Parallel processing

4

Security Operations

28% of Exam — Largest Domain

Security monitoring, SIEM, incident response, forensics, vulnerability management, and identity management.

Exam Objectives

4.1Given a scenario, apply common security techniques to computing resources
4.2Explain the security implications of proper hardware, software, and data asset management
4.3Explain various activities associated with vulnerability management
4.4Explain security alerting and monitoring concepts and tools
4.5Given a scenario, modify enterprise capabilities to enhance security
4.6Given a scenario, implement and maintain identity and access management
4.7Explain the importance of automation and orchestration related to secure operations
4.8Explain appropriate incident response activities
4.9Given a scenario, use data sources to support an investigation

4.4Security Alerting & Monitoring

Monitoring Tools

SIEM — Security Information & Event Management; central log analysis and threat detection
SOAR — Security Orchestration, Automation & Response
EDR — Endpoint Detection & Response
DLP — Data Loss Prevention monitoring
NetFlow — Network traffic pattern analysis
SNMP Traps — Network device event notifications
Vulnerability Scanners — Identify system weaknesses

Monitoring Activities

Log Aggregation — Centralize logs from all systems
Alerting — Detect anomalies and security events
Scanning — Regularly scan for vulnerabilities
Alert Tuning — Reduce false positives
Quarantine — Isolate compromised systems
Archiving — Retain logs for compliance/forensics

4.5Enterprise Security Enhancements

Firewall & IDS/IPS

Firewall Rules — Define traffic policies
ACL — Allow/deny by IP, port, protocol
Screened Subnets — Layered defense zones
IDS Signatures — Detect known threats
Anomaly-based — Detect unusual behavior

Email & Web Security

DMARC — Prevent email spoofing
DKIM — Email signing to verify authenticity
SPF — Specify authorized mail servers
Web Filter — Block malicious/inappropriate sites
DNS Filtering — Block at DNS level

OS & Endpoint Security

Group Policy — Enforce settings on Windows systems
SELinux — Mandatory access control on Linux
Antivirus/EDR — Endpoint protection
Host Firewall — Per-device traffic control
Patch Management — Keep systems updated

4.6Identity & Access Management

Access Control Models

DAC — Discretionary Access Control; owner grants access
MAC — Mandatory Access Control; OS enforces policy
RBAC — Role-Based; permissions by job function
ABAC — Attribute-Based; policies on user attributes
Least Privilege — Only permissions needed for the job
Separation of Duties — No single person controls critical process

Authentication Methods

MFA — Multi-Factor Authentication (something you know/have/are)
Biometrics — Fingerprint, facial, iris recognition
Smart Card/Token — Physical device with cert/OTP
SSO — Single Sign-On across applications
Federation — Trust relationship between organizations
PAM — Privileged Access Management for admin accounts

4.8Incident Response Process

1

Preparation

Develop policies, plans, tools

2

Detection

IDS, SIEM, user reports

3

Analysis

Scope and root cause investigation

4

Containment

Isolate affected systems

5

Eradication

Remove the root cause

6

Recovery

Restore to normal operation

+ Lessons Learned — Review incident to improve future response. Document timeline, root cause, and remediation steps.

Digital Forensics

Legal Hold — Preserve potential evidence
Chain of Custody — Document chronological evidence history
Acquisition — Gather digital evidence forensically
Preservation — Maintain evidence integrity
E-discovery — Collect electronically stored information for legal

Data Sources for Investigation

Firewall Logs — Network traffic records
IPS/IDS Logs — Detected threats and alerts
Application Logs — App activities and errors
Packet Captures — Full network traffic analysis
Vulnerability Scans — Known weakness reports

4.7Automation & Orchestration

Benefits of Automation

Speed — Faster response to threats than manual processes
Consistency — Same response every time; no human error
Scalability — Handle more events without more staff
Compliance — Automated enforcement of policies

Considerations

Complexity — Requires proper planning and expertise
Single Point of Failure — Need for redundancy
Technical Debt — Poorly designed automation causes issues
Cost — Initial investment in automation tools

5

Security Program Management

20% of Exam

Risk management, compliance, governance, security policies, privacy regulations, audits, and awareness.

Exam Objectives

5.1Summarize elements of effective security governance
5.2Explain elements of the risk management process
5.3Explain the processes associated with third-party risk assessment and management
5.4Summarize elements of effective security compliance
5.5Explain types and purposes of audits and assessments
5.6Given a scenario, implement security awareness practices

5.1Security Governance

Security Policies

AUP — Acceptable Use Policy; defines acceptable IT resource use
Information Security Policy — Protecting organizational data
Business Continuity — Operations during disruptions
Disaster Recovery — Recovery of IT systems after catastrophe
Incident Response Policy — Detecting and recovering from incidents
SDLC Policy — Secure software development lifecycle
Change Management — Requesting, approving, implementing changes

Standards & Procedures

Password Standards — Guidelines for creating and managing passwords
Encryption Standards — Required algorithms, protocols, key management
Access Control — Protocols for managing user access
Playbooks — Step-by-step incident response guides
Onboarding/Offboarding — User provisioning procedures

Governance roles: Owners, Controllers, Processors, Custodians/Stewards

5.2Risk Management

Key Risk Formulas & Concepts

SLE

Single Loss Expectancy

Asset Value × Exposure Factor

ARO

Annualized Rate of Occurrence

Expected times/year threat occurs

ALE

Annualized Loss Expectancy

SLE × ARO

Risk

Overall Risk

Threat × Vulnerability × Impact

Risk Analysis Types

Qualitative — Subjective; uses scales (High/Med/Low)
Quantitative — Objective; uses numbers (SLE, ALE, ARO)
Ad Hoc — Occasional; in response to events
Continuous — Ongoing real-time monitoring
Recurring — Regularly scheduled assessments

Risk Response Strategies

Accept — Acknowledge risk, no further action
Transfer — Shift risk (cyber insurance, outsourcing)
Avoid — Eliminate the risk-causing activity
Mitigate — Reduce probability or impact
Residual Risk — Risk remaining after controls applied

5.3Third-Party Risk & Agreements

Agreement Types

SLA — Service Level Agreement; uptime and performance
MOU — Memorandum of Understanding; intent to cooperate
MSA — Master Service Agreement; overall terms
NDA — Non-Disclosure Agreement; confidentiality
ISA — Interconnection Security Agreement
BPA — Business Partnership Agreement

Vendor Assessment

Due Diligence — Investigate vendor security practices
Questionnaires — Assess vendor security controls
Right to Audit — Contractual audit rights
Supply Chain Risk — Assess vendor's vendors
Penetration Testing — Test vendor-facing surfaces

5.4Compliance & Privacy Regulations

GDPR

EU data privacy regulation; data subject rights, breach notification

HIPAA

US healthcare data protection and privacy

PCI-DSS

Payment card industry data security standard

SOX

Sarbanes-Oxley; financial data integrity

NIST CSF

Cybersecurity Framework; identify, protect, detect, respond, recover

ISO 27001

International information security management standard

5.5Audits, Assessments & Penetration Testing

Audit Types

Internal Audit — Self-assessment by internal teams
External Audit — By independent third party
Regulatory Exam — By regulatory authority
Compliance Audit — Verify adherence to standards

Penetration Testing

Black Box — Unknown environment; no prior knowledge
White Box — Known environment; full access to info
Gray Box — Partially known environment
Passive Recon — Gather info without direct interaction
Active Recon — Direct interaction with target systems

5.6Security Awareness & Training

Training Topics

Phishing Simulation — Fake campaigns to test awareness
Anomalous Behavior Recognition — Spot unusual activity
Password Management — Strong passwords and MFA
Social Engineering — Recognize manipulation tactics
Removable Media — Secure use policies for USB drives
Insider Threat Awareness — Recognize risk from within

BIA — Business Impact Analysis

RTO — Recovery Time Objective; target time to restore
RPO — Recovery Point Objective; maximum data loss tolerance
MTTR — Mean Time to Recover from a failure
MTBF — Mean Time Between Failures
Critical Functions — Prioritize recovery of business-critical processes

Complete!

Start Practice Labs

Security+ SY0-701 Study Guide

General Security Concepts

Exam Objectives

1.1Security Controls

Categories

Types

1.2Fundamental Security Concepts

The CIA Triad — Core Security Principles

AAA Framework

Zero Trust Architecture

Physical Security

Deception Technologies

1.3Change Management & Security

Change Management Process

Technical Change Management

1.4Cryptographic Solutions

Encryption Types

PKI & Certificates

Hashing & Obfuscation

Crypto Hardware & Blockchain

Threats, Vulnerabilities & Mitigations

Exam Objectives

2.1Threat Actors & Motivations

Threat Actor Types

Motivations

2.2Threat Vectors & Attack Surfaces

Attack Vectors

Social Engineering

2.3Vulnerability Types

Application Vulnerabilities

Infrastructure Vulnerabilities

2.4Malware Types & Attack Indicators

Malware Types

Network Attacks

Crypto & Password Attacks

Indicators of Compromise (IoCs)

2.5Mitigation Techniques

Access Control Mitigations

Hardening Techniques

Security Architecture

Exam Objectives

3.1Architecture Models

Cloud Architecture

Network Infrastructure

3.2Secure Network Architecture

Network Appliances

Secure Communications

Port Security

3.3Data Protection & Classification

Data Classification

Data Protection Methods

3.4Resilience & Recovery

Site Recovery

Backup Types

HA & Power

Security Operations

Exam Objectives

4.4Security Alerting & Monitoring

Monitoring Tools

Monitoring Activities

4.5Enterprise Security Enhancements

Firewall & IDS/IPS

Email & Web Security

OS & Endpoint Security

4.6Identity & Access Management

Access Control Models

Authentication Methods

4.8Incident Response Process

Digital Forensics

Data Sources for Investigation

4.7Automation & Orchestration

Benefits of Automation

Considerations

Security Program Management

Exam Objectives

5.1Security Governance

Security Policies

Standards & Procedures

5.2Risk Management

Key Risk Formulas & Concepts