Professional Documents
Culture Documents
Draft Comptia Security Sy0 701 Exam Objectives (2 0)
Draft Comptia Security Sy0 701 Exam Objectives (2 0)
CompTIA Security+
Certification Exam
AF
Objectives
EXAM NUMBER: SY0-701
R
D
• Assess the security posture of an enterprise environment and recommend and implement
appropriate security solutions.
• Monitor and secure hybrid environments, including cloud, mobile, and Internet of Things (IoT).
T
• Operate with an awareness of applicable regulations and policies, including principles of
governance, risk, and compliance.
• Identify, analyze, and respond to security events and incidents.
EXAM DEVELOPMENT
AF
CompTIA exams result from subject matter expert workshops and industry-wide survey results
regarding the skills and knowledge required of an IT professional.
PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes, or tasks pertaining to each objective may also be included on the exam,
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current, and the security
D
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be valid.
T
EXAM OBJECTIVES (DOMAINS)
The table below lists the domains measured by this examination
and the extent to which they are represented.
DOMAIN PERCENTAGE OF EXAMINATION
1.0
2.0
3.0
4.0
5.0
AF
General Security Concepts
Threats, Vulnerabilities, and Mitigations
Security Architecture
Security Operations
Security Program Management and Oversight
12%
22%
18%
28%
20%
Total 100%
R
D
T
- Managerial - Deterrent
- Operational - Detective
- Physical - Corrective
- Compensating
- Directive
1.2
Availability (CIA)
• Non-repudiation
AF
Summarize fundamental security concepts.
• Confidentiality, Integrity, and
o
Subject/system
Policy Engine
Policy Administrator
o
o
Pressure
Microwave
Ultrasonic
• Deception and disruption
Accounting (AAA) o
Policy enforcement point technology
- Authenticating people • Physical security - Honeypot
- Authenticating systems - Bollards - Honeynet
- Authorization models - Access control vestibule - Honeyfile
• Gap analysis - Fencing - Honeytoken
R
• Zero trust - Video surveillance
- Control plane - Security guard
o
Adaptive identity - Access badge
o
Threat scope reduction - Lighting
o
Policy-driven access control - Sensors
o
Secured zones o
Infrared
D
T
- Test results - Legacy applications
- Backout plan - Dependencies
- Maintenance window
- Standard operating procedure
1.4
solutions.
- Public key
- Private key
AF
Explain the importance of using appropriate cryptographic
o
Volume o Data masking - Wildcard
o
Database • Hashing
o
Record • Salting
- Transport/communication • Digital signatures
- Asymmetric • Key stretching
- Symmetric • Blockchain
- Key exchange • Open public ledger
D
- Algorithms • Certificates
- Key length - Certificate authorities
T
- Unskilled attacker - Espionage
- Hacktivist - Service disruption
- Insider threat - Blackmail
- Organized crime - Financial gain
- Shadow IT - Philosophical/political beliefs
• Attributes of actors - Ethical
2.2
- Internal/external
- Resources/funding
• Message-based
AF
- Level of sophistication/capability
- Revenge
- Disruption/chaos
- War
T
• Operating system (OS)-based • Supply chain
• Web-based - Service provider
- Structured Query Language - Hardware provider
injection (SQLi) - Software provider
- Cross-site scripting (XSS) • Cryptographic
2.4
• Malware attacks
- Ransomware
- Trojan
- Worm
- Spyware
AF
Given a scenario, analyze indicators of malicious activity.
Amplified
o
Reflected
o
T
concepts -Centralized vs. decentralized - Responsiveness
- Cloud -Containerization - Scalability
o
Responsibility matrix -Virtualization - Ease of deployment
o
Hybrid considerations -IoT - Risk transference
o
Third-party vendors -Industrial control systems (ICS)/ - Ease of recovery
- Infrastructure as code (IaC) supervisory control and data - Patch availability
- Serverless
- Microservices
o
AF
- Network infrastructure
Physical isolation
° Air-gapped
Logical segmentation
Software-defined
networking (SDN)
acquisition (SCADA)
- Real-time operating system
(RTOS)
- Embedded systems
- High availability
• Considerations
- Availability
- Resilience
-
-
-
Inability to patch
Power
Compute
o o
o
Fail-closed (WAF)
- Device attribute o
Unified threat management
o
Active vs. passive (UTM)
o
Inline vs. tap/monitor o
Next-generation firewall
- Network appliances (NGFW)
o
Jump server o
Layer 4/Layer 7
o
Proxy server • Secure communication/access
o
Intrusion prevention system - Virtual private network (VPN)
(IPS)/intrusion detection system - Remote access
(IDS) - Tunneling
o
Load balancer o
Transport Layer Security (TLS)
T
• Data classifications o Data in use - Permission restrictions
- Sensitive - Data sovereignty
- Confidential - Geolocation
3.4
architecture.
• High availability
AF
Explain the importance of resilience and recovery in security
T
- Establish o
Site surveys - Wi-Fi Protected Access 3
- Deploy o
Heat maps (WPA3)
- Maintain • Mobile solutions - AAA/Remote Authentication
• Hardening targets - Mobile device management Dial-In User Service (RADIUS)
- Mobile devices (MDM) - Cryptographic protocols
- Workstations - Deployment models - Authentication protocols
- Switches Bring your own device (BYOD) • Application security
- Routers
- ICS/SCADA
- Embedded systems
- RTOS
- IoT devices
AF
- Cloud infrastructure
- Servers
o
o
Corporate-owned, personally
enabled (COPE)
o
Choose your own device
(CYOD)
- Connections methods
o
o
Cellular
Wi-Fi
- Input validation
- Secure cookies
- Static code analysis
- Code signing
• Sandboxing
• Monitoring
• Wireless devices o
Bluetooth
T
o Open-source intelligence Enumeration (CVE)
(OSINT) - Vulnerability classification
o Proprietary/third-party - Exposure factor
o Information-sharing - Environmental variables
organization - Industry/organizational impact
o Dark web - Risk tolerance
4.4
AF
- Penetration testing
- Responsible disclosure program
o Bug bounty program
- System/process audit
• Analysis
• Vulnerability response and
remediation
- Patching
- Insurance
- Segmentation
T
- Signatures - Transport method • User behavior analytics
• Web filter • DNS filtering
- Agent-based • Email security
- Centralized proxy - Domain-based Message
- Universal Resource Locator Authentication Reporting and
(URL) scanning Conformance (DMARC)
4.6
- Block rules
- Reputation
AF
- Content categorization - DomainKeys Identified Mail
(DKIM)
- Sender Policy Framework (SPF)
T
- Ticket creation - Employee retention
- Escalation - Reaction time
- Enabling/disabling services - Workforce multiplier
and access
- Continuous integration and testing
- Integrations and Application
4.8
• Process
- Preparation
- Detection
AF
programming interfaces (APIs)
T
• Guidelines - Physical security • Monitoring and revision
• Policies - Encryption • Types of governance structures
- Acceptable use policy (AUP) • Procedures - Boards
- Information security policies - Change management - Committees
- Business continuity - Onboarding/offboarding - Government entities
- Disaster recovery - Playbooks - Centralized/decentralized
- Incident response
- Change management
• Standards
- Password
- Access control
AF
- Software development lifecycle
(SDLC)
• External considerations
- Regulatory
- Legal
- Industry
- Local/regional
- National
- Global
• Roles and responsibilities for
systems and data
- Owners
- Controllers
- Processors
- Custodians/stewards
T
• Vendor selection - Master service agreement (MSA) • Rules of engagement
- Due diligence - Work order (WO)/statement of
- Conflict of interest work (SOW)
- Internal
- External
- Fines
- Sanctions
AF
• Compliance reporting
• Consequences of non-compliance
- Reputational damage
• Compliance monitoring
- Due diligence/care
- Attestation and
acknowledgement
- Internal and external
- Automation
• Privacy
-
-
-
-
-
o
o
National
Global
Data subject
Controller vs. processor
Ownership
Data inventory and retention
Right to be forgotten
- Loss of license - Legal implications
- Contractual impacts o
Local/regional
R
5.5 Explain types and purposes of audits and
assessments.
• Attestation • Penetration testing
• Internal - Physical
- Compliance - Offensive
D
T
- Unexpected • Reporting and monitoring
- Unintentional - Initial
• User guidance and training - Recurring
- Policy/handbooks • Development
- Situational awareness • Execution
AF
R
D
T
Acronym Spelled Out Acronym Spelled Out
AAA Authentication, Authorization, and CHAP Challenge Handshake Authentication
Accounting Protocol
ACL Access Control List CIA Confidentiality, Integrity, Availability
AES Advanced Encryption Standard CIO Chief Information Officer
AH
AI
AIS
ALE
AP
API
APT
AF
AES-256 Advanced Encryption Standards 256-bit
Authentication Header
Artificial Intelligence
Automated Indicator Sharing
Annualized Loss Expectancy
Access Point
Application Programming Interface
Advanced Persistent Threat
CIRT
CMS
COOP
COPE
CP
CRC
CRL
CSO
Computer Incident Response Team
Content Management System
Continuity of Operation Planning
Corporate Owned, Personally Enabled
Contingency Planning
Cyclical Redundancy Check
Certificate Revocation List
Chief Security Officer
ARO Annualized Rate of Occurrence CSP Cloud Service Provider
ARP Address Resolution Protocol CSR Certificate Signing Request
ASLR Address Space Layout Randomization CSRF Cross-site Request Forgery
ATT&CK Adversarial Tactics, Techniques, and CSU Channel Service Unit
Common Knowledge CTM Counter Mode
R
AUP Acceptable Use Policy CTO Chief Technology Officer
AV Antivirus CVE Common Vulnerability Enumeration
BASH Bourne Again Shell CVSS Common Vulnerability Scoring System
BCP Business Continuity Planning CYOD Choose Your Own Device
BGP Border Gateway Protocol DAC Discretionary Access Control
BIA Business Impact Analysis DBA Database Administrator
BIOS Basic Input/Output System DDoS Distributed Denial of Service
D
T
EFS Encrypted File System IPSec Internet Protocol Security
ERP Enterprise Resource Planning IR Incident Response
ESN Electronic Serial Number IRC Internet Relay Chat
ESP Encapsulated Security Payload IRP Incident Response Plan
FACL File System Access Control List ISO International Standards Organization
FDE Full Disk Encryption ISP Internet Service Provider
FIM
FPGA
FRR
FTP
FTPS
GCM
GDPR
GPG
AF
File Integrity Management
Field Programmable Gate Array
False Rejection Rate
File Transfer Protocol
Secured File Transfer Protocol
Galois Counter Mode
General Data Protection Regulation
Gnu Privacy Guard
ISSO
IV
KDC
KEK
L2TP
LAN
LDAP
LEAP
Information Systems Security Officer
Initialization Vector
Key Distribution Center
Key Encryption Key
Layer 2 Tunneling Protocol
Local Area Network
Lightweight Directory Access Protocol
Lightweight Extensible Authentication
GPO Group Policy Object Protocol
GPS Global Positioning System MaaS Monitoring as a Service
GPU Graphics Processing Unit MAC Mandatory Access Control
GRE Generic Routing Encapsulation MAC Media Access Control
HA High Availability MAC Message Authentication Code
R
HDD Hard Disk Drive MAN Metropolitan Area Network
HIDS Host-based Intrusion Detection System MBR Master Boot Record
HIPS Host-based Intrusion Prevention System MD5 Message Digest 5
HMAC Hashed Message Authentication Code MDF Main Distribution Frame
HOTP HMAC-based One-time Password MDM Mobile Device Management
HSM Hardware Security Module MFA Multifactor Authentication
HTML Hypertext Markup Language MFD Multifunction Device
HTTP Hypertext Transfer Protocol MFP Multifunction Printer
D
T
NIST National Institute of Standards & Technology RA Registration Authority
NTFS New Technology File System RACE Research and Development in Advanced
NTLM New Technology LAN Manager Communications Technologies in Europe
NTP Network Time Protocol RAD Rapid Application Development
OAUTH Open Authorization RADIUS Remote Authentication Dial-in User Service
OCSP Online Certificate Status Protocol RAID Redundant Array of Inexpensive Disks
OID
OS
OSINT
OSPF
OT
OTA
OVAL
P12
AF
Object Identifier
Operating System
Open-source Intelligence
Open Shortest Path First
Operational Technology
Over the Air
Open Vulnerability Assessment Language
PKCS #12
RAS
RAT
RBAC
RBAC
RC4
RDP
RFID
RIPEMD
Remote Access Server
Remote Access Trojan
Role-based Access Control
Rule-based Access Control
Rivest Cipher version 4
Remote Desktop Protocol
Radio Frequency Identifier
RACE Integrity Primitives Evaluation
P2P Peer to Peer Message Digest
PaaS Platform as a Service ROI Return on Investment
PAC Proxy Auto Configuration RPO Recovery Point Objective
PAM Privileged Access Management RSA Rivest, Shamir, & Adleman
PAM Pluggable Authentication Modules RTBH Remotely Triggered Black Hole
R
PAP Password Authentication Protocol RTO Recovery Time Objective
PAT Port Address Translation RTOS Real-time Operating System
PBKDF2 Password-based Key Derivation Function 2 RTP Real-time Transport Protocol
PBX Private Branch Exchange S/MIME Secure/Multipurpose Internet Mail
PCAP Packet Capture Extensions
PCI DSS Payment Card Industry Data Security SaaS Software as a Service
Standard SAE Simultaneous Authentication of Equals
PDU Power Distribution Unit SAML Security Assertions Markup Language
D
T
SLA Service-level Agreement UEFI Unified Extensible Firmware Interface
SLE Single Loss Expectancy UEM Unified Endpoint Management
SMS Short Message Service UPS Uninterruptable Power Supply
SMTP Simple Mail Transfer Protocol URI Uniform Resource Identifier
SMTPS Simple Mail Transfer Protocol Secure URL Universal Resource Locator
SNMP Simple Network Management Protocol USB Universal Serial Bus
SOAP
SOAR
SoC
SOC
SOW
SPF
SPIM
Response
AF
Simple Object Access Protocol
Security Orchestration, Automation,
System on Chip
Security Operations Center
Statement of Work
Sender Policy Framework
Spam over Internet Messaging
USB OTG
UTM
UTP
VBA
VDE
VDI
VLAN
VLSM
USB On the Go
Unified Threat Management
Unshielded Twisted Pair
Visual Basic
Virtual Desktop Environment
Virtual Desktop Infrastructure
Virtual Local Area Network
Variable Length Subnet Masking
SQL Structured Query Language VM Virtual Machine
SQLi SQL Injection VoIP Voice over IP
SRTP Secure Real-Time Protocol VPC Virtual Private Cloud
SSD Solid State Drive VPN Virtual Private Network
SSH Secure Shell VTC Video Teleconferencing
R
SSL Secure Sockets Layer WAF Web Application Firewall
SSO Single Sign-on WAP Wireless Access Point
STIX Structured Threat Information eXchange WEP Wired Equivalent Privacy
SWG Secure Web Gateway WIDS Wireless Intrusion Detection System
TACACS+ Terminal Access Controller Access Control WIPS Wireless Intrusion Prevention System
System WO Work Order
TAXII Trusted Automated eXchange of Indicator WPA Wi-Fi Protected Access
Information WPS Wi-Fi Protected Setup
D
T
lab component for their training offering. The bulleted lists below each
topic are sample lists and are not exhaustive.
Equipment Software
• Tablet • Windows OS
• Laptop
• Web server
• Firewall
• Router
• Switch
• IDS
• IPS
AF • Linux OS
• Kali Linux
• Packet capture software
• Pen testing software
• Static and dynamic analysis tools
• Vulnerability scanner
• Network emulators
• Wireless access point • Sample code
• Virtual machines • Code editor
• Email system • SIEM
• Internet access • Keyloggers
• DNS server • MDM software
• IoT devices • VPN
R
• Hardware tokens • DHCP service
• Smartphone • DNS service
• SFPs
• Managed Switch
• Wireless access point
• UPS
Tools
• Wi-Fi analyzer
• Network mapper
• NetFlow analyzer
© 2023 CompTIA, Inc., used under license by CompTIA, Inc. All rights reserved. All certification programs and education related to such
programs are operated exclusively by CompTIA, Inc. CompTIA is a registered trademark of CompTIA, Inc. in the U.S. and internationally.
Other brands and company names mentioned herein may be trademarks or service marks of CompTIA, Inc. or of their respective owners.
Reproduction or dissemination prohibited without the written consent of CompTIA, Inc. Printed in the U.S. 10179-Jan2023