The Security+ certification guide

The CompTIA Security+ certification is an essential credential for IT professionals seeking to establish a strong foundation in cybersecurity. Recognized globally, it validates the baseline skills necessary to perform core security functions and pursue an IT security career. 

  • Master fundamental cybersecurity concepts and best practices 
  • Prove your hands-on skills in assessing, monitoring and securing hybrid environments 
  • Open doors to in-demand jobs and hire earning potential in the cybersecurity field 

Key facts

  • Last update: November 2023 
  • Average U.S salary for Security+ certification holders as of 2024: $99,446 
  • Recommended experience: 2+ years 

Start your journey to becoming a certified professional with Infosec. 

Security+ exam overview

Security+ is the most popular entry-level cybersecurity certification available. Whether you're new to the field or looking to validate your cybersecurity knowledge, Security+ validates your skills to employers and equips you with the knowledge to confidently navigate today's complex security landscape. The Security+ 701 exam covers five different domains or topics: 

Domain 1.0: General Security Concepts (12%)
  • Compare and contrast various types of security controls. 
  • Summarize fundamental security concepts. 
  • Explain the importance of change management processes and the impact on security. 
  • Explain the importance of using appropriate cryptographic solutions. 
Domain 2.0: Threats, Vulnerabilities and Mitigations (22%)
  • Compare and contrast common threat actors and motivations. 
  • Explain common threat vectors and attack surfaces. 
  • Explain various types of vulnerabilities. 
  • Given a scenario, analyze indicators of malicious activity. 
  • Explain the purpose of mitigation techniques used to secure the enterprise. 
Domain 3.0: Security Architecture (18%)
  • Compare and contrast the security implications of different architectural models. 
  • Given a scenario, apply security principles to secure enterprise infrastructure. 
  • Compare and contrast concepts and strategies to protect data. 
  • Explain the importance of resilience and recovery and security architecture. 
Domain 4.0: Security Operations (28%)
  • Given a scenario, apply common security techniques to computing resources. 
  • Explain the security implications of proper hardware, software and data asset management. 
  • Explain the various activities associated with vulnerability management. 
  • Explain security alerting and monitoring concepts and tools. 
  • Given a scenario, modify enterprise capabilities to enhance security. 
  • Given a scenario, implement and maintain identity and access management. 
  • Explain the importance of automation and orchestration related to secure operations. 
  • Explain appropriate incident response activities. 
  • Given a scenario, use data sources to support an investigation. 
Domain 5.0: Security Program Management and Oversight (20%)
  • Summarize elements of effective security governance. 
  • Explain elements of the risk management process. 
  • Explain the processes associated with third-party risk assessment and management. 
  • Summarize elements of effective security compliance. 
  • Explain the types and purposes of audits and assessments. 
  • Given a scenario, implement security awareness practices. 

Learn more about the Security+ domains.

Security+ exam details

The Security+ exam covers a broad range of cybersecurity topics essential for securing networks, systems and data. These include threats, attacks, vulnerabilities, security controls, architecture, cryptography and operational security. 

Launch date: 2002 Last update: November 2023
Number of questions: 90 Type of questions: Multiple-choice and performance-based
Length of test: 90 minutes Passing score: 700 (out of 1000)
Recommended experience: Network+ and two years in IT admin Languages:

English, with Japanese, Portuguese and Spanish to follow

Validity duration:  Three years CPEs needed for renewal:  Multiple renewal options

Security+ exam additional resources

Studying for the Security+ exam is the best way to prepare yourself to earn a passing grade. Luckily, there are tons of helpful Security+ resources to help. Before you scout out the best Security+ books, we recommend looking at the official exam outline since it will shed light on what topics you'll need to study. 

Security+ study guides and Security+ books

Study guides and books are useful for doing a thorough analysis of each section of the test. You can find them at your local library or bookstore or online stores like Amazon, CompTIA and elsewhere: 

  • Official CompTIA Security+ SY0-701 Certification Study Guide 
  • CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide by Joe Shelley and Darril Gibson 
  • CompTIA Security+ SY0-701 Certification Guide - Third Edition by Ian Neil 

Get your free ebook, CompTIA Security+ 701: How the world's most popular cert is changing in 2024, for a brief overview of the certification and the exam. 

Security+ practice exams and simulations

Put your knowledge to the test by taking a Security+ practice exam or reviewing Security+ flashcards and Security+ cheat sheets. CompTIA has both free practice questions and paid Security+ simulation questions. Paid courses like the one in Infosec Skills also include both practice exam questions and hands-on Security+ labs. 

You can also find previous exam takers who share notes and training resources in online forums, although using Security+ exam dumps with questions from the actual exam is considered cheating, warns CompTIA. Whichever study resources you end up choosing, we recommend taking a few Security+ free practice exams along the way to help pinpoint exactly which domains you should focus further studies on. 

Other free Security+ training resources

There are a number of other free Security+ training materials being produced and shared by the community:

  • Forums like TechExams and Reddit allow you to connect directly with others who are studying for or have already taken the Security+ exam. 
  • YouTube is another great place to connect with cybersecurity practitioners and learn about the Security+ exam. Although most Security+ courses cost money, there are many free Security+ videos available, including our Security+ exam webcast with CompTIA's Patrick Lane. 
  • Podcasts may not help you directly study for your Security+ exam, but those like the Cyber Work Podcast are a great way to learn about cybersecurity career options and your peers' career journeys. 

Security+ jobs and careers

Security+ is a popular certification for people interested in careers in IT and cybersecurity. Whether you're looking for your first industry job or want to move up in the ranks, Security+ can pave the way to new opportunities and a higher salary. 

 

Common Security+ job titles 

  • Systems administrator 
  • Security administrator 
  • Security specialist 
  • Security engineer 
  • Network administrator 
  • Junior IT auditor/penetration tester 
  • Security consultant 

Download our Cybersecurity salary guide for more information on careers and salary potential.

Security+ comparisons and alternatives

While Security+ is a fantastic entry-level certification, it's not the only option. Here's a quick breakdown of how it compares to other popular cybersecurity credentials: 

A+ vs. Security+

The CompTIA A+ certification focuses on general IT troubleshooting and hardware/software support skills. Security+ dives deeper, specifically providing you with the knowledge and skills to secure networks, systems and data. If your career goals lean towards IT support, A+ might be a good starting point. However, for a cybersecurity path, Security+ is the more relevant choice. 

Network+ vs. Security+

CompTIA Network+ validates your expertise in installing, configuring and troubleshooting computer networks. Security+ builds upon those networking fundamentals by teaching you how to secure those networks from cyberattacks. Network+ is a great foundation, but Security+ provides the security-specific knowledge employers seek. 

SSCP vs. Security+

Similar to Security+, the ISC2 SSCP validates your understanding of core security concepts. However, SSCP has a one-year experience requirement and leans more toward security administration tasks. Security+ is more popular and requested in job openings; however, SSCP can be a good choice for IT professionals transitioning to security roles. 

CISSP vs. Security+

The CISSP is often considered the “gold standard for experienced security professionals. It requires a minimum of 5 years of experience and covers a broader range of security domains compared to Security+. Security+ is often the entry point for cybersecurity professionals and the CISSP is the ultimate goal.