CompTIA Security+ SY0-701: What's on the Exam and How to Prepare (2026)

SY0-701 Exam Overview

The Security+ SY0-701 launched in November 2023 and replaces the SY0-601. It reflects the current threat landscape including zero trust architecture, cloud security, IoT threats, and AI-driven attacks. CompTIA recommends at least two years of IT experience, but many people pass with focused self-study and no prior security role.

Exam details: - Questions: up to 90 (mix of multiple-choice and performance-based) - Duration: 90 minutes - Passing score: 750 out of 900 - Cost: $404 USD (discounts available through CompTIA bundles) - Validity: 3 years (renewable via continuing education)

The career payoff is substantial. According to CyberSeek and CompTIA salary data, Security+ holders earn a median salary of $90,000-110,000 USD in the United States. The certification is listed in more cybersecurity job postings than any other single credential. For DoD contractors, it is not optional -- it is mandatory under the 8570/8140 framework.

What Changed from SY0-601 to SY0-701

The SY0-701 consolidates the previous five domains into a tighter structure and increases emphasis on zero trust, cloud-native security, automation, and modern threat vectors. Cryptography is no longer a standalone domain but is woven throughout. Governance, risk, and compliance (GRC) received more weight.

The biggest shift is toward scenario-based questions. Expect fewer "what is the definition of X" questions and more "given this situation, what should you do" questions. Performance-based questions (PBQs) still appear early in the exam and may involve configuring firewalls, analysing logs, or identifying attack patterns.

Domain 1: General Security Concepts (12%)

This domain covers foundational security principles including the CIA triad (confidentiality, integrity, availability), authentication methods, authorisation models, and security control categories. You must understand the difference between technical, managerial, operational, and physical controls, and know when to apply each type.

Key topics to master: - Zero trust architecture and its core principles (never trust, always verify) - AAA framework (authentication, authorisation, accounting) - Gap analysis and security control assessments - Change management and its security implications - Defence in depth and layered security strategies

This domain is the most conceptual. If you have a solid grasp of how security controls are categorised and why zero trust matters, you will handle these questions comfortably.

Domain 2: Threats, Vulnerabilities, and Mitigations (22%)

The largest domain by weight. You need to identify threat actors (nation-state, hacktivist, insider, organised crime), understand common attack techniques, and know how to mitigate them. This domain tests your ability to connect threats to appropriate countermeasures.

Key topics to master: - Social engineering attacks: phishing, vishing, smishing, pretexting, watering hole - Malware types: ransomware, trojans, rootkits, fileless malware, living-off-the-land attacks - Application vulnerabilities: injection, XSS, CSRF, buffer overflows, race conditions - Network attacks: on-path (MITM), DNS poisoning, ARP spoofing, DDoS - Vulnerability management: scanning, assessment, prioritisation, remediation - Indicators of compromise (IOCs) and indicators of attack (IOAs)

Study tip: Do not just memorise attack names. For each attack type, understand the attack vector, what it exploits, how to detect it, and how to mitigate it. The exam tests applied knowledge, not definitions.

Domain 3: Security Architecture (18%)

This domain covers how to design and implement secure systems. You need to understand network segmentation, secure protocols, cloud security models, infrastructure concepts, and resilience strategies.

Key topics to master: - Network segmentation and microsegmentation - Secure protocols: TLS 1.3, IPSec, SSH, DNSSEC, S/MIME - Cloud security: shared responsibility model, CASB, SASE, cloud-native controls - Infrastructure concepts: SDN, IaC, serverless security, containerisation - Resilience: high availability, disaster recovery, backups (3-2-1 rule), RAID - Data security: classification, encryption at rest and in transit, DLP, tokenisation

The ReadRoost Security+ pack includes 511 practice questions across all five domains, with spaced repetition that focuses your review time on the areas where you score lowest. At $4.99 AUD it is one of the most affordable practice question sets available.

Domain 4: Security Operations (28%)

This is the highest-weighted domain and focuses on day-to-day security operations. Think SOC analyst tasks: monitoring, detection, incident response, forensics, and vulnerability management.

Key topics to master: - SIEM concepts: log aggregation, correlation, alerting, dashboards - Incident response process: preparation, detection, containment, eradication, recovery, lessons learned - Digital forensics: chain of custody, evidence preservation, order of volatility - Endpoint detection and response (EDR) and extended detection and response (XDR) - Automation and orchestration: SOAR, scripting for security tasks - Vulnerability management lifecycle: discovery, assessment, remediation, validation - Identity and access management: MFA, SSO, federation, privileged access management

This domain rewards hands-on thinking. If you have worked in a SOC or helpdesk environment, many of these concepts will feel familiar. If not, spend extra time on incident response procedures and SIEM concepts.

Domain 5: Security Program Management and Oversight (20%)

This domain covers governance, risk management, compliance, and security awareness. It is the most "business-oriented" domain and often surprises candidates who focus only on technical topics.

Key topics to master: - Risk management: risk assessment, risk register, risk appetite, risk tolerance - Compliance frameworks: GDPR, HIPAA, PCI DSS, SOC 2, ISO 27001, NIST CSF - Security policies: acceptable use, data handling, incident response, change management - Security awareness training: phishing simulations, role-based training, metrics - Third-party risk: vendor assessment, supply chain security, SLAs, right-to-audit - Auditing and assessment types: internal, external, penetration testing, bug bounty

Many candidates underestimate this domain. Allocate at least 20% of your study time to GRC topics. Knowing the difference between a policy, a standard, a guideline, and a procedure is essential.

Recommended Study Timeline

Most successful candidates study for 4-8 weeks. Here is a structured approach: Weeks 1-2: Cover Domains 1 and 2 using video courses and reading materials. Start daily flashcard practice. Weeks 3-4: Cover Domains 3 and 4. Begin taking practice quizzes by domain. Weeks 5-6: Cover Domain 5. Start taking full-length practice exams. Weeks 7-8: Review weak areas identified by practice scores. Take 2-3 timed full exams. Target 85%+ consistently before booking your exam.

Adjust this timeline based on your background. IT professionals with networking or helpdesk experience can often compress to 3-4 weeks. Career changers with no IT background should plan for 8-12 weeks.

Best Study Resources for Security+ in 2026

Free resources: - Professor Messer SY0-701 video course on YouTube (free, comprehensive) - CompTIA Security+ exam objectives document (free PDF from CompTIA) - NIST Cybersecurity Framework documentation (free, helpful for Domain 5) - TryHackMe and Hack The Box free tiers (hands-on labs for Domains 2-4)

Paid resources: - ReadRoost Security+ Pack: 511 practice questions, 405 flashcards, spaced repetition, progress tracking -- $4.99 AUD at readroo.st/marketplace/comptia-security-plus-sy0-701 - CompTIA CertMaster Practice: official practice questions from CompTIA - Jason Dion Udemy course: popular structured video course with practice exams - "CompTIA Security+ Get Certified Get Ahead" by Darril Gibson: widely recommended study book

The most effective study method combines a structured video course for initial learning, daily flashcard review for retention, and progressively harder practice questions for exam readiness. ReadRoost handles the last two with adaptive spaced repetition.

Performance-Based Questions (PBQs)

PBQs are simulation-style questions that test hands-on skills. You might be asked to configure a firewall rule set, match attack types to log entries, drag-and-drop security controls onto a network diagram, or analyse a packet capture.

Tips for PBQs: - Skip them initially and come back after completing the multiple-choice section. They are time-consuming and appear first. - Read the instructions carefully. Partial credit is awarded on many PBQs. - Practice with labs (TryHackMe, CompTIA CertMaster Labs) so the interface format is not a surprise. - Focus on firewall rules, ACLs, log analysis, and network diagrams -- these are the most common PBQ formats.

Exam Day Tips

1. Skip PBQs on the first pass. Answer all multiple-choice questions first, then return to PBQs. 2. Eliminate obviously wrong answers first. Most questions have at least one distractor you can rule out immediately. 3. Read every word. CompTIA loves "BEST" and "MOST" qualifiers. Two answers may be correct, but one is more correct. 4. Manage your time. 90 minutes for up to 90 questions means about 1 minute per question. PBQs take 3-5 minutes each. 5. Trust your preparation. If you are consistently scoring 85%+ on practice exams, you are ready.

Security+ vs Other Entry-Level Security Certs

How does Security+ compare to alternatives? Security+ vs ISC2 CC (Certified in Cybersecurity): The ISC2 CC is free for ISC2 members and easier to pass, but it carries less weight with employers. Security+ is more widely recognised and meets DoD requirements. Get Security+ first, then consider ISC2 CC as a bonus credential. Security+ vs CySA+ (CS0-003): CySA+ is one level above Security+ and focuses on security analytics. Do not skip Security+ and go straight to CySA+ -- the foundational knowledge matters. Security+ vs CISSP: CISSP requires five years of professional experience and is a management-level certification. Security+ is the correct starting point; CISSP comes years later.

For most people starting a cybersecurity career in 2026, Security+ SY0-701 is the right first certification. It has the broadest employer recognition, meets government requirements, and provides the foundation for every advanced security cert.

Start Practising Today

The Security+ SY0-701 is a career-defining certification. It opens doors to SOC analyst, security engineer, incident responder, and IT auditor roles. The exam is challenging but very achievable with structured preparation.

The ReadRoost Security+ SY0-701 study pack includes 511 exam-style practice questions, 405 flashcards, domain-by-domain progress tracking, and spaced repetition that adapts to your weak areas. Get started at readroo.st/marketplace/comptia-security-plus-sy0-701 for $4.99 AUD.