Part of the Cybersecurity Skills Guide — This article is one deep-dive in our complete skills and certifications series.
CompTIA Security+ Study Guide 2026
By HADESS Team | February 28, 2026 | Updated: February 28, 2026 | 10 min read
Table of Contents
- What Is CompTIA Security+?
- SY0-701 Exam Domains and Weights
- Who Should Take Security+?
- Prerequisites and Experience Level
- Domain 1: General Security Concepts (12%)
- Domain 2: Threats, Vulnerabilities, and Mitigations (22%)
- Domain 3: Security Architecture (18%)
- Domain 4: Security Operations (28%)
- Domain 5: Security Program Management and Oversight (20%)
- Study Plan: 8 Weeks to Exam Day
- Practice Labs and Hands-On Resources
- Exam Day Tips
- After You Pass: What Comes Next
- Frequently Asked Questions
What Is CompTIA Security+?
If you are looking for a CompTIA Security+ guide that cuts through the noise, you are in the right place. Security+ is the most widely recognized entry-level cybersecurity certification worldwide. It validates baseline skills needed to perform security functions and pursue a career in information security.
The certification is vendor-neutral, meaning it covers principles and practices that apply across platforms, tools, and organizations. The U.S. Department of Defense approves Security+ under DoD Directive 8570, making it a requirement for many government and military IT roles.
Security+ holders typically work as security analysts, systems administrators, help desk managers, and junior penetration testers. The certification serves as a gateway to more advanced credentials and higher-paying roles across the industry. For a broader perspective on how Security+ fits into the certification ecosystem, see our cybersecurity skills guide.
SY0-701 Exam Domains and Weights
The current exam version, SY0-701, launched in November 2023 and remains the active version through 2026. CompTIA restructured the domains to reflect how security work actually happens in modern environments.
Here is the breakdown:
| Domain | Weight |
|---|---|
| General Security Concepts | 12% |
| Threats, Vulnerabilities, and Mitigations | 22% |
| Security Architecture | 18% |
| Security Operations | 28% |
| Security Program Management and Oversight | 20% |
The exam contains a maximum of 90 questions. You will encounter multiple-choice and performance-based questions (PBQs). The passing score is 750 on a scale of 100-900, and you have 90 minutes to complete the test.
PBQs appear first on the exam. They simulate real tasks like configuring a firewall rule, analyzing log output, or matching attack types to mitigation strategies.
Who Should Take Security+?
Security+ targets three audiences:
Career changers moving into cybersecurity from IT support, networking, or software development. If you already hold CompTIA A+ or Network+, Security+ is the natural next step.
Recent graduates with degrees in computer science, information technology, or cybersecurity. The certification adds practical credibility alongside academic credentials.
IT professionals who handle security tasks as part of a broader role. Systems administrators, network engineers, and DevOps practitioners often earn Security+ to formalize their security knowledge.
If you are weighing Security+ against other certifications, our CEH vs OSCP comparison covers the differences between offensive security credentials, while the CISSP guide addresses the senior-level management certification path.
Prerequisites and Experience Level
CompTIA recommends at least two years of IT administration experience with a security focus before attempting the exam. There is no enforced prerequisite — anyone can register and sit for the test.
That said, you will struggle without foundational knowledge of:
- TCP/IP networking (ports, protocols, subnets)
- Operating system administration (Windows and Linux basics)
- Basic cryptography concepts (symmetric vs. asymmetric encryption)
- Common attack types (phishing, malware, SQL injection)
If you lack this background, spend four to six weeks on networking fundamentals before starting Security+ preparation. CompTIA Network+ material covers everything you need.
Domain 1: General Security Concepts
This domain covers 12% of the exam. It tests your understanding of security controls, the CIA triad (confidentiality, integrity, availability), authentication mechanisms, and the zero trust model.
Key topics include:
- Security control categories: Technical, managerial, operational, and physical controls. Know specific examples of each.
- The CIA triad: Understand how each element applies to real scenarios. Expect questions that describe a situation and ask which element is at risk.
- Authentication, Authorization, and Accounting (AAA): Understand RADIUS, TACACS+, and multifactor authentication types (something you know, have, are, somewhere you are).
- Gap analysis: How organizations identify differences between their current security posture and desired state.
Study tip: Create flashcards mapping each security concept to a practical example. The exam tests application, not just recall.
Domain 2: Threats, Vulnerabilities, and Mitigations
At 22%, this is the second-heaviest domain. It requires you to identify threat actors, attack vectors, vulnerability types, and appropriate countermeasures.
Threat actors you need to know: nation-states, organized crime, hacktivists, insider threats (intentional and unintentional), and shadow IT.
Attack types tested heavily:
- Social engineering: phishing, vishing, smishing, pretexting, watering hole attacks
- Malware: ransomware, trojans, rootkits, fileless malware, logic bombs
- Application attacks: injection (SQL, LDAP, XML), cross-site scripting, cross-site request forgery
- Network attacks: on-path (man-in-the-middle), DNS poisoning, ARP spoofing, deauthentication attacks
- Cryptographic attacks: birthday attacks, downgrade attacks, collision attacks
For each attack type, know the corresponding mitigation. The exam frequently presents a scenario and asks you to select the best defense.
Vulnerability management covers scanning, assessment, and remediation workflows. Understand the difference between vulnerability scans and penetration tests, and know how CVSS scoring works.
Domain 3: Security Architecture
This 18% domain covers how to design and implement secure systems. It spans on-premises, cloud, and hybrid environments.
Key areas:
- Secure network architecture: Segmentation, DMZs, micro-segmentation, software-defined networking
- Cloud models: IaaS, PaaS, SaaS security responsibilities. Know the shared responsibility model.
- Secure infrastructure design: Load balancers, reverse proxies, jump servers, and hardware security modules (HSMs)
- Data protection: Classification, encryption at rest and in transit, data loss prevention (DLP), tokenization
- Resilience and recovery: High availability, fault tolerance, backup strategies (3-2-1 rule), disaster recovery planning
The network security fundamentals guide covers many of these architectural concepts in greater depth.
Domain 4: Security Operations
This is the largest domain at 28%. It tests your ability to monitor, detect, and respond to security events.
Security monitoring and alerting:
- Log analysis (syslog, Windows Event Logs, application logs)
- SIEM configuration and alert tuning
- Endpoint detection and response (EDR)
- Network traffic analysis and packet capture
Incident response: Know the phases — preparation, detection, analysis, containment, eradication, recovery, and lessons learned. Expect PBQs that walk you through an incident scenario.
Digital forensics basics: Order of volatility, chain of custody, evidence preservation, imaging drives.
Automation and orchestration: SOAR platforms, scripting for security tasks, playbook development.
This domain rewards hands-on experience. If you have not worked with a SIEM, spin up a free instance of Elastic Security or Splunk Free and practice writing queries against sample data.
Domain 5: Security Program Management and Oversight
At 20%, this domain covers governance, risk management, compliance, and security awareness.
Governance frameworks: Know NIST Cybersecurity Framework, ISO 27001, SOC 2, and CIS Controls at a conceptual level. You do not need deep expertise, but you must recognize what each framework addresses.
Risk management: Risk identification, risk assessment (qualitative and quantitative), risk register, risk appetite vs. risk tolerance. Understand the four risk treatment options: accept, avoid, transfer, mitigate.
Compliance: PCI DSS, HIPAA, GDPR, SOX. Know which industries and data types each regulation covers.
Security awareness training: Phishing simulations, acceptable use policies, incident reporting procedures.
Third-party risk: Vendor assessments, supply chain security, service level agreements (SLAs), right-to-audit clauses.
Study Plan: 8 Weeks to Exam Day
Here is a week-by-week breakdown assuming 10-15 hours of study per week:
Weeks 1-2: Domain 1 (General Security Concepts) and Domain 5 (Security Program Management). These are the most conceptual domains and provide a foundation for everything else.
Weeks 3-4: Domain 2 (Threats, Vulnerabilities, and Mitigations). This is content-heavy. Create a threat-mitigation matrix and review it daily.
Weeks 5-6: Domain 3 (Security Architecture) and Domain 4 (Security Operations). Set up a home lab during these weeks. Install a virtual firewall, configure log forwarding, and practice with a SIEM.
Week 7: Full-length practice exams. Take at least three timed practice tests. Analyze every wrong answer and identify weak domains.
Week 8: Targeted review of weak areas. Focus on PBQ practice. Review your notes one final time 48 hours before the exam. Rest the day before.
Recommended resources:
- Professor Messer’s free video course (YouTube)
- CompTIA CertMaster Practice (official practice tests)
- Jason Dion’s practice exams (Udemy)
- A physical or digital study guide (Darril Gibson or Mike Chapple)
Practice Labs and Hands-On Resources
The SY0-701 exam includes performance-based questions that require hands-on skills. Build these through lab work:
- TryHackMe: Free and paid rooms covering Security+ objectives
- Hack The Box Academy: Structured modules aligned with certification domains
- Home lab: Use VirtualBox or VMware with Kali Linux, Windows Server, and pfSense to practice firewall rules, log analysis, and vulnerability scanning
Focus lab time on: 1. Configuring firewall rules and ACLs 2. Analyzing packet captures in Wireshark 3. Running vulnerability scans with OpenVAS or Nessus Essentials 4. Reviewing Windows Event Logs and Linux syslog output 5. Setting up and querying a SIEM (Elastic or Splunk Free)
Exam Day Tips
Before the exam:
- Arrive 15 minutes early (testing center) or log in 30 minutes early (online proctored)
- Bring two forms of valid ID for in-person testing
- Skip the PBQs on your first pass. Answer all multiple-choice questions first, then return to PBQs with remaining time
During the exam:
- Read every question twice. Look for keywords like “BEST,” “MOST,” “FIRST,” and “LEAST”
- Eliminate obviously wrong answers before selecting your choice
- Flag uncertain questions and revisit them
- Manage your time: 90 questions in 90 minutes means roughly one minute per question
After the exam:
- You will receive a pass/fail result immediately
- A detailed score report breaks down your performance by domain
- Your digital certificate and badge appear in your CompTIA account within five business days
After You Pass: What Comes Next
Security+ is valid for three years. You can renew through continuing education units (CEUs) or by passing a higher-level CompTIA certification.
Career paths after Security+:
- SOC Analyst: Monitor security alerts and investigate incidents. Median salary $75,000-$95,000.
- Systems Administrator (Security): Harden servers, manage patching, and enforce security policies.
- Junior Penetration Tester: Pursue CEH or OSCP as your next certification.
- GRC Analyst: Move toward CISSP and focus on governance, risk, and compliance.
Use our certificate roadmap tool to map out your certification path based on your target role and experience level. You can also explore the top cybersecurity skills employers want to identify which technical abilities to develop alongside your certifications.
Related Guides in This Series
- CEH vs OSCP: Which Certification First?
- CISSP Certification: Complete Requirements Guide
- Top 10 Cybersecurity Skills Employers Want
Take the Next Step
Map your certification path — Use our Certificate Roadmap to build a personalized plan from Security+ to your target role.
Assess your readiness — Take a skills assessment to identify gaps before you start studying.
Frequently Asked Questions
How hard is CompTIA Security+ for beginners?
Security+ is challenging but achievable for beginners with IT fundamentals. If you understand basic networking and operating systems, eight weeks of focused study (10-15 hours per week) is typically enough to pass. Those without any IT background should first study networking basics for four to six weeks before starting Security+ preparation.
How much does the CompTIA Security+ exam cost?
The exam voucher costs $404 USD as of 2026. CompTIA occasionally offers bundles that include the voucher, a retake voucher, and CertMaster Practice at a discount. Academic pricing is available for enrolled students. Check the CompTIA store for current pricing.
Is Security+ enough to get a cybersecurity job?
Security+ alone qualifies you for entry-level positions, especially in government and defense contracting where it satisfies DoD 8570 requirements. For private sector roles, employers typically want Security+ combined with practical skills demonstrated through labs, projects, or prior IT experience. The certification opens doors, but hands-on ability closes the deal.
— HADESS Team consists of cybersecurity practitioners, hiring managers, and career strategists who have collectively spent 50+ years in the field.
