Key facts
- Last update: November 2023
- Average U.S salary for Security+ certification holders as of 2024: $99,446
- Recommended experience: 2+ years
Start your journey to becoming a certified professional with Infosec.
Security+ exam overview
Security+ is the most popular entry-level cybersecurity certification available. Whether you're new to the field or looking to validate your cybersecurity knowledge, Security+ validates your skills to employers and equips you with the knowledge to confidently navigate today's complex security landscape. The Security+ 701 exam covers five different domains or topics:
Domain 1.0: General Security Concepts (12%)
- Compare and contrast various types of security controls.
- Summarize fundamental security concepts.
- Explain the importance of change management processes and the impact on security.
- Explain the importance of using appropriate cryptographic solutions.
Domain 2.0: Threats, Vulnerabilities and Mitigations (22%)
- Compare and contrast common threat actors and motivations.
- Explain common threat vectors and attack surfaces.
- Explain various types of vulnerabilities.
- Given a scenario, analyze indicators of malicious activity.
- Explain the purpose of mitigation techniques used to secure the enterprise.
Domain 3.0: Security Architecture (18%)
- Compare and contrast the security implications of different architectural models.
- Given a scenario, apply security principles to secure enterprise infrastructure.
- Compare and contrast concepts and strategies to protect data.
- Explain the importance of resilience and recovery and security architecture.
Domain 4.0: Security Operations (28%)
- Given a scenario, apply common security techniques to computing resources.
- Explain the security implications of proper hardware, software and data asset management.
- Explain the various activities associated with vulnerability management.
- Explain security alerting and monitoring concepts and tools.
- Given a scenario, modify enterprise capabilities to enhance security.
- Given a scenario, implement and maintain identity and access management.
- Explain the importance of automation and orchestration related to secure operations.
- Explain appropriate incident response activities.
- Given a scenario, use data sources to support an investigation.
Domain 5.0: Security Program Management and Oversight (20%)
- Summarize elements of effective security governance.
- Explain elements of the risk management process.
- Explain the processes associated with third-party risk assessment and management.
- Summarize elements of effective security compliance.
- Explain the types and purposes of audits and assessments.
- Given a scenario, implement security awareness practices.
Learn more about the Security+ domains.
Security+ exam details
The Security+ exam covers a broad range of cybersecurity topics essential for securing networks, systems and data. These include threats, attacks, vulnerabilities, security controls, architecture, cryptography and operational security.
Launch date: | 2002 | Last update: | November 2023 |
Number of questions: | 90 | Type of questions: | Multiple-choice and performance-based |
Length of test: | 90 minutes | Passing score: | 700 (out of 1000) |
Recommended experience: | Network+ and two years in IT admin | Languages: |
English, with Japanese, Portuguese and Spanish to follow |
Validity duration: | Three years | CPEs needed for renewal: | Multiple renewal options |
Security+ exam additional resources
Studying for the Security+ exam is the best way to prepare yourself to earn a passing grade. Luckily, there are tons of helpful Security+ resources to help. Before you scout out the best Security+ books, we recommend looking at the official exam outline since it will shed light on what topics you'll need to study.
Security+ study guides and Security+ books
Study guides and books are useful for doing a thorough analysis of each section of the test. You can find them at your local library or bookstore or online stores like Amazon, CompTIA and elsewhere:
- Official CompTIA Security+ SY0-701 Certification Study Guide
- CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide by Joe Shelley and Darril Gibson
- CompTIA Security+ SY0-701 Certification Guide - Third Edition by Ian Neil
Get your free ebook, CompTIA Security+ 701: How the world's most popular cert is changing in 2024, for a brief overview of the certification and the exam.
Security+ practice exams and simulations
Put your knowledge to the test by taking a Security+ practice exam or reviewing Security+ flashcards and Security+ cheat sheets. CompTIA has both free practice questions and paid Security+ simulation questions. Paid courses like the one in Infosec Skills also include both practice exam questions and hands-on Security+ labs.
You can also find previous exam takers who share notes and training resources in online forums, although using Security+ exam dumps with questions from the actual exam is considered cheating, warns CompTIA. Whichever study resources you end up choosing, we recommend taking a few Security+ free practice exams along the way to help pinpoint exactly which domains you should focus further studies on.
Other free Security+ training resources
There are a number of other free Security+ training materials being produced and shared by the community:
- Forums like TechExams and Reddit allow you to connect directly with others who are studying for or have already taken the Security+ exam.
- YouTube is another great place to connect with cybersecurity practitioners and learn about the Security+ exam. Although most Security+ courses cost money, there are many free Security+ videos available, including our Security+ exam webcast with CompTIA's Patrick Lane.
- Podcasts may not help you directly study for your Security+ exam, but those like the Cyber Work Podcast are a great way to learn about cybersecurity career options and your peers' career journeys.
Security+ jobs and careers
Security+ is a popular certification for people interested in careers in IT and cybersecurity. Whether you're looking for your first industry job or want to move up in the ranks, Security+ can pave the way to new opportunities and a higher salary.
Common Security+ job titles
- Systems administrator
- Security administrator
- Security specialist
- Security engineer
- Network administrator
- Junior IT auditor/penetration tester
- Security consultant
Download our Cybersecurity salary guide for more information on careers and salary potential.
Security+ certification training options
When it comes to preparing for the Security+ exam, we understand everyone has different career goals and existing commitments. That's why we offer flexible training options to choose how, when and where you learn.
Security+ comparisons and alternatives
While Security+ is a fantastic entry-level certification, it's not the only option. Here's a quick breakdown of how it compares to other popular cybersecurity credentials:
A+ vs. Security+
The CompTIA A+ certification focuses on general IT troubleshooting and hardware/software support skills. Security+ dives deeper, specifically providing you with the knowledge and skills to secure networks, systems and data. If your career goals lean towards IT support, A+ might be a good starting point. However, for a cybersecurity path, Security+ is the more relevant choice.
Network+ vs. Security+
CompTIA Network+ validates your expertise in installing, configuring and troubleshooting computer networks. Security+ builds upon those networking fundamentals by teaching you how to secure those networks from cyberattacks. Network+ is a great foundation, but Security+ provides the security-specific knowledge employers seek.
SSCP vs. Security+
Similar to Security+, the ISC2 SSCP validates your understanding of core security concepts. However, SSCP has a one-year experience requirement and leans more toward security administration tasks. Security+ is more popular and requested in job openings; however, SSCP can be a good choice for IT professionals transitioning to security roles.
CISSP vs. Security+
The CISSP is often considered the “gold standard” for experienced security professionals. It requires a minimum of 5 years of experience and covers a broader range of security domains compared to Security+. Security+ is often the entry point for cybersecurity professionals and the CISSP is the ultimate goal.