CompTIA Security+ (SY0-701) Practice Tests

1.0 General Security Concepts (12 % of the exam)

• Compare and contrast various types of security controls.
• Summarize fundamental security concepts.
• Explain the importance of change management processes and the impact to security.
• Explain the importance of using appropriate cryptographic solutions.

2.0 Threats, Vulnerabilities, and Mitigations (22% of the exam)

• Compare and contrast common threat actors and motivations.
• Explain common threat vectors and attack surfaces.
• Explain various types of vulnerabilities.
• Given a scenario, analyze indicators of malicious activity.
• Explain the purpose of mitigation techniques used to secure the enterprise.

3.0 Security Architecture (18% of the exam)

• Compare and contrast security implications of different architecture models.
• Given a scenario, apply security principles to secure enterprise infrastructure.
• Compare and contrast concepts and strategies to protect data.
• Explain the importance of resilience and recovery in security architecture.

4.0 Security Operations (28% of the exam)

• Given a scenario, apply common security techniques to computing resources.
• Explain the security implications of proper hardware, software, and data asset management.
• Explain various activities associated with vulnerability management.
• Explain security alerting and monitoring concepts and tools.
• Given a scenario, modify enterprise capabilities to enhance security.
• Given a scenario, implement and maintain identity and access management.
• Explain the importance of automation and orchestration related to secure operations.
• Explain appropriate incident response activities.
• Given a scenario, use data sources to support an investigation.

5.0 Security Program Management and Oversight (20% of the exam)

• Summarize elements of effective security governance.
• Explain elements of the risk management process.
• Explain the processes associated with third-party risk assessment and management.
• Summarize elements of effective security compliance.
• Explain types and purposes of audits and assessments.
• Given a scenario, implement security awareness practices.