Skip to main content

V7

Security+

CompTIA Security+ is the premier global certification that establishes the essential skills required for core security functions and a career in IT security. It showcases professionals' capabilities in securing networks, applications, and devices, ensuring data integrity, confidentiality, and availability. CompTIA Security+ focuses on practical, hands-on skills to tackle real-world challenges. As the most widely recognized credential, it is invaluable for advancing in the dynamic field of cybersecurity.

Plus Security+ Certification

Skills you'll learn

Build skills with CompTIA learning and validate them with Security+ certification.

  • Identify various types of threats, attacks, and vulnerabilities, including malware, social engineering, and application attacks.

  • Utilize security technologies and tools, such as firewalls, intrusion detection systems, and endpoint security, to protect systems.

  • Design secure network architectures, implement secure systems, and apply secure protocols for architecture and design.

  • Manage identity and access concepts, including authentication, authorization, and accounting, to ensure secure access control.

  • Assess and manage risk through risk analysis, mitigation strategies, and business continuity planning.

  • Apply cryptography concepts, including encryption algorithms, public key infrastructure (PKI), and digital signatures, to secure data.

  • Implement compliance and operational security measures, including security policies, procedures, and best practices.

 

Exam details

  • Exam version: V7

  • Exam series code: SY0-701

  • Launch date: November 7, 2023

  • Number of questions: maximum of 90, a mix of multiple-choice and performance-based questions

  • Retirement: usually three years after launch (estimated 2026)

  • Duration: 90 minutes

  • Passing score: 750 (on a scale of 100-900)

  • Languages: English, Japanese, Portuguese, Spanish, and Thai

  • Recommended experience: CompTIA Network+ and two years of experience working in a security/ systems administrator job role

  • DoD 8140 work roles: cyber defense analyst, incident responder, vulnerability analyst, security control assessor, system administrator, network specialist, systems planner, IT project manager, information security manager, secure software assessor, and many more

Pick the right learning and practice solutions for your skill-building and exam preparation needs

No matter where you are in your journey, CompTIA’s CertMaster products deliver flexible learning and practice experiences to help you build skills, boost confidence and achieve Security+ exam readiness.

Shop Security+ Learn and Practice products

 

  Learn+Labs Learn Practice Labs
Best for:

Best for those looking to build skills, learn concepts, and gain hands-on experience. No prior related job role experience needed.

Best for those building foundational knowledge and skills. No prior related job role experience needed.

Best for those having experience with the skills and concepts.

Best for those looking to gain hands-on experience applying skills.

Primary purpose:

Comprehensive learning with robust set of lab activities in real and simulated environments to practice skills and job readiness.

Comprehensive learning with lab activities to practice skills.

Confirm exam readiness and close gaps.

Apply skills in real-world scenarios.
Contains:

Instructional content, video, interactives, labs (simulated and live virtual machines), assessments, practice tests

Instructional content, video, interactives, labs (simulated), assessments, practice tests

Timed practice exams, objective quizzes, exam objective mastery scores

Live virtual lab environment with guided tasks and real world-scenarios
Estimated duration:

30–60 hours

25–40 hours

1020 hours

1525 hours
 

Learn more about CertMaster Learn+Labs

Learn more about CertMaster Learn

Learn more about CertMaster Practice

Learn more about CertMaster Labs


Save with popular Security+ product bundles

Bundle our popular CertMaster products with an Exam Voucher plus Retake Assurance and save!

Shop all Security+ product bundles

  • Validate your skills and reduce exam risk

    Security+ Practice and Exam Bundle with Retake

    Know you're ready before you test. Validate your skills and reduce exam-day risk with Practice, plus a built-in exam retake for peace of mind. Bundle includes: CertMaster Practice and a Voucher with Retake Assurance.

    Buy now
  • Everything you need from learning to certification

    Security+ Complete Bundle with Retake

    Everything you need to go from learning to exam-day confidence. Build skills, practice, and gain hands-on experience with an exam retake for peace of mind. Bundle includes: CertMaster Learn, Labs, Practice, and a Voucher with Retake Assurance.

    Buy now

Security+ (V7) exam objectives summary

General security concepts (12%)

  • Security controls: comparing technical, preventive, managerial, deterrent, operational, detective, physical, corrective, compensating, and directive controls.
  • Fundamental concepts: summarizing confidentiality, integrity, and availability (CIA); non-repudiation; authentication, authorization, and accounting (AAA); zero trust; and deception/disruption technology.
  • Change management: explaining business processes, technical implications, documentation, and version control.
  • Cryptographic solutions: using public key infrastructure (PKI), encryption, obfuscation, hashing, digital signatures, and blockchain.

Advance your career—Buy Security+ certification exam or training today.

Threats, vulnerabilities, and mitigations (22%)

  • Threat actors and motivations: comparing nation-states, unskilled attackers, hacktivists, insider threats, organized crime, shadow IT, and motivations like data exfiltration, espionage, and financial gain.
  • Threat vectors and attack surfaces: explaining message-based, unsecure networks, social engineering, file-based, voice call, supply chain, and vulnerable software vectors.
  • Vulnerabilities: explaining application, hardware, mobile device, virtualization, operating system (OS)-based, cloud-specific, web-based, and supply chain vulnerabilities.
  • Malicious activity: analyzing malware attacks, password attacks, application attacks, physical attacks, network attacks, and cryptographic attacks.
  • Mitigation techniques: using segmentation, access control, configuration enforcement, hardening, isolation, and patching.

Security architecture (18%)

  • Architecture models: comparing on-premises, cloud, virtualization, Internet of Things (IoT), industrial control systems (ICS), and infrastructure as code (IaC).
  • Enterprise infrastructure: applying security principles to infrastructure considerations, control selection, and secure communication/access.
  • Data protection: comparing data types, securing methods, general considerations, and classifications.
  • Resilience and recovery: explaining high availability, site considerations, testing, power, platform diversity, backups, and continuity of operations

Security operations (28%)

  • Computing resources: applying secure baselines, mobile solutions, hardening, wireless security, application security, sandboxing, and monitoring.
  • Asset management: explaining acquisition, disposal, assignment, and monitoring/tracking of hardware, software, and data assets.
  • Vulnerability management: identifying, analyzing, remediating, validating, and reporting vulnerabilities.
  • Alerting and monitoring: explaining monitoring tools and computing resource activities.
  • Enterprise security: modifying firewalls, IDS/IPS, DNS filtering, DLP (data loss prevention), NAC (network access control), and EDR/XDR (endpoint/extended detection and response).
  • Identity and access management: implementing provisioning, SSO (single sign-on), MFA (multifactor authentication), and privileged access tools.
  • Automation and orchestration: explaining automation use cases, scripting benefits, and considerations.
  • Incident response: implementing processes, training, testing, root cause analysis, threat hunting, and digital forensics.
  • Data sources: using log data and other sources to support investigations.

Get exam-ready—Find your training and explore bundles.

Security program management and oversight (20%)

  • Security governance: summarizing guidelines, policies, standards, procedures, external considerations, monitoring, governance structures, and roles/responsibilities.
  • Risk management: explaining risk identification, assessment, analysis, register, tolerance, appetite, strategies, reporting, and business impact analysis (BIA).
  • Third-party risk: managing vendor assessment, selection, agreements, monitoring, questionnaires, and rules of engagement.
  • Security compliance: summarizing compliance reporting, consequences of non-compliance, monitoring, and privacy.
  • Audits and assessments: explaining attestation, internal/external audits, and penetration testing.
  • Security awareness: implementing phishing training, anomalous behavior recognition, user guidance, reporting, and monitoring.