💼 Job Skills & Career
CompTIA Security+ (SY0-701)
Master the core security concepts, tools, and workflows required to pass the CompTIA Security+ (SY0-701) exam and perfor...
1137
Views
Sections
1. Security Foundations and Core Principles7 views
Establish essential terminology, frameworks, and principles that underpin all security decisions.
15 topics (15 versions)
1.1Course orientation and exam blueprint
5
1.2Security terminology and concepts
1.3Threats, vulnerabilities, and risks
1.4CIA triad fundamentals
1.5Non-repudiation principles
1.6AAA: authentication, authorization, accounting
1.7Control categories: administrative, technical, physical
1.8Control types: preventive, detective, corrective
1.9Security frameworks and baselines
1.10Zero Trust principles
1.11Gap analysis and remediation planning
1.12Security policies and governance linkage
1.13Defense in depth strategy
1.14Security awareness foundations
1.15Ethics and professional conduct
2. Threat Actors, Vectors, and Social Engineering2 views
Analyze adversaries, motivations, and techniques to anticipate and disrupt attacks.
15 topics (15 versions)
2.1Threat actor taxonomy
2
2.2Motivations and objectives
2.3Capabilities and attributes
2.4Unskilled attackers
2.5Hacktivists
2.6Organized crime groups
2.7Nation-state actors
2.8Insider threats
2.9Shadow IT risks
2.10Threat vectors and attack surfaces
2.11OSINT and reconnaissance
2.12Social engineering fundamentals
2.13Phishing variants
2.14Pretexting and impersonation
2.15Influence and disinformation campaigns
3. Physical Security and Facilities Protection2 views
Design and enforce physical controls to safeguard people, assets, and environments.
15 topics (15 versions)
3.1Facility perimeters and fencing
2
3.2Bollards and vehicle barriers
3.3Lighting and CPTED
3.4Surveillance cameras and CCTV
3.5Bypassing surveillance techniques
3.6Access control vestibules
3.7Door locks and key management
3.8Smart cards and badges
3.9Badge cloning and skimming
3.10Biometric access controls
3.11Tailgating and piggybacking
3.12Asset tamper detection
3.13Environmental controls
3.14Hardware security modules
3.15Physical intrusion detection
4. Malware and Malicious Activity1 views
Identify, analyze, and respond to malware and disruptive attack techniques.
15 topics (15 versions)
4.1Malware taxonomy
1
4.2Viruses and propagation
4.3Worms and self-replication
4.4Trojans and droppers
4.5Ransomware operations
4.6Botnets and zombies
4.7Rootkits and persistence
4.8Backdoors and logic bombs
4.9Keyloggers and screen scrapers
4.10Spyware and adware
4.11Malware delivery techniques
4.12Indicators of compromise
4.13DDoS fundamentals
4.14DNS-based attacks
4.15Session hijacking and on-path
5. Data Security and Cryptography2 views
Protect data through classification, governance, and cryptographic controls.
15 topics (15 versions)
5.1Data classifications
2
5.2Data ownership roles
5.3Data types and sensitivity
5.4Data states: at rest, in transit, in use
5.5Data sovereignty and residency
5.6Data minimization and retention
5.7Data loss prevention concepts
5.8DLP configuration basics
5.9Cryptography fundamentals
5.10Symmetric algorithms
5.11Asymmetric algorithms
5.12Hashing and integrity
5.13PKI and trust models
5.14Digital certificates
5.15Obfuscation and masking
6. Security Architecture and Infrastructure1 views
Architect secure platforms across on‑prem, cloud, and software-defined environments.
15 topics (15 versions)
6.1On-premises versus cloud models
1
6.2Cloud service models
6.3Cloud shared responsibility
6.4Virtualization fundamentals
6.5Containerization patterns
6.6Serverless architectures
6.7Microservices and APIs
6.8Network topology and segmentation
6.9Software-defined networking
6.10Infrastructure as Code
6.11Secure configuration management
6.12Firewalls and next-gen policies
6.13IDS and IPS deployment
6.14Network security appliances
6.15Secure network communications
7. Identity and Access Management1 views
Implement modern IAM with strong authentication, authorization, and governance.
15 topics (15 versions)
7.1IAM concepts and lifecycle
1
7.2Identity proofing
7.3Authentication factors
7.4Multifactor authentication
7.5Password security practices
7.6Password attack methods
7.7Single sign-on
7.8Federation standards
7.9OAuth, OIDC, and SAML
7.10Certificate-based authentication
7.11Biometrics and risks
7.12Privileged access management
7.13Access control models
7.14Role and attribute assignment
7.15Provisioning and deprovisioning
8. Vulnerabilities and Attacks1 views
Recognize common weaknesses and exploit paths across platforms and apps.
15 topics (15 versions)
8.1Vulnerability categories
1
8.2Hardware and firmware flaws
8.3Bluetooth and mobile risks
8.4Operating system weaknesses
8.5Zero-day exposure
8.6SQL injection techniques
8.7XML and XPath injection
8.8Cross-site scripting
8.9Cross-site request forgery
8.10Buffer overflows
8.11Race conditions
8.12Directory traversal
8.13Privilege escalation
8.14Attack chaining and pivoting
8.15Cloud and SaaS attacks
9. Hardening and Secure Configuration1 views
Reduce attack surface with baselines, patches, and layered endpoint and network controls.
15 topics (15 versions)
9.1Secure baselines
1
9.2Changing default settings
9.3Least functionality
9.4Application allowlisting
9.5Service and daemon hardening
9.6Patch management process
9.7Update strategies
9.8Group Policy configuration
9.9SELinux and AppArmor
9.10Disk and data encryption levels
9.11Secure imaging and templates
9.12Wireless infrastructure security
9.13Wireless security settings
9.14Network Access Control
9.15Web and DNS filtering
10. Vulnerability Management and Security Monitoring1 views
Establish a continuous lifecycle for discovery, analysis, remediation, and detection.
15 topics (15 versions)
10.1Vulnerability management program
1
10.2Identifying vulnerabilities
10.3Threat intelligence feeds
10.4Responsible disclosure
10.5Vulnerability scanning types
10.6Scan configuration and scope
10.7Assessing scan results
10.8Remediation planning
10.9Validation and verification
10.10Vulnerability reporting
10.11Monitoring resources and metrics
10.12SIEM fundamentals
10.13SCAP and SOAR
10.14NetFlow and flow analysis
10.15SNMP monitoring
11. Incident Response, Forensics, and Investigation1 views
Execute a complete IR workflow and apply forensic techniques to support cases.
15 topics (15 versions)
11.1Incident response lifecycle
1
11.2Preparation and playbooks
11.3Detection and analysis
11.4Containment strategies
11.5Eradication and recovery
11.6Post-incident lessons learned
11.7Threat hunting methods
11.8Root cause analysis
11.9Forensic principles
11.10Evidence collection and handling
11.11Data acquisition procedures
11.12Disk imaging and analysis
11.13Packet capture techniques
11.14Firewall logs analysis
11.15Application and endpoint logs
12. Resilience, Risk, Governance, and Operations2 views
Build resilient services, manage risk, and meet governance, compliance, and vendor obligations.
15 topics (15 versions)
12.1High availability design
2
12.2Data redundancy strategies
12.3RAID configurations
12.4Capacity and scalability planning
12.5Backup types and rotation
12.6Continuity of operations planning
12.7Redundant sites and failover
12.8Resilience and recovery testing
12.9Risk management framework
12.10Risk assessment and register
12.11Risk treatment strategies
12.12Third-party and supply chain risk
12.13Vendor selection and oversight
12.14Contracts and legal agreements
12.15Governance structures and policy