Home > Articles > CompTIA > Security+

  • Print
  • + Share This
Like this article? We recommend

Exam Objectives

You can retrieve a full listing of the all the objectives for the SY0-401 Security+ exam here. The following list provides an overview of the topics that are covered in each of the domains.

Network Security

  • Implement security configuration parameters on network devices and other technologies
  • Given a scenario, use secure network administration principles
  • Explain network design elements and compounds
  • Given a scenario, implement common protocols and services
  • Given a scenario, troubleshoot security issues related to wireless networking

Compliance and Operational Security

  • Explain the importance of risk related concepts
  • Summarize the security implications of integrating systems and data with third parties
  • Given a scenario, implement appropriate risk mitigation strategies
  • Given a scenario, implement basic forensic procedures
  • Summarize common incident response procedures
  • Explain the importance of security related awareness and training
  • Compare and contrast physical security and environmental controls
  • Summarize risk management best practices
  • Given a scenario, select the appropriate control to meet the goals of security

Threats and Vulnerabilities

  • Explain types of malware
  • Summarize various types of attacks
  • Summarize social engineering attacks and the associated effectiveness with each attack
  • Explain types of wireless attacks
  • Explain types of application attacks
  • Analyze a scenario and select the appropriate type of mitigation and deterrent techniques
  • Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities
  • Explain the proper use of penetration testing versus vulnerability scanning

Application, Data and Host Security

  • Explain the importance of application security controls and techniques
  • Summarize mobile security concepts and technologies
  • Given a scenario, select the appropriate procedures to establish host security
  • Implement the appropriate controls to ensure data security
  • Compare and contrast alternative methods to mitigate security risks in static environments

Access Control and Identity Management

  • Compare and contrast the function and purpose of authentication services
  • Given a scenario, select the appropriate authentication, authorization or access control
  • Install and configure security controls when performing account management, based on best practices


  • Given a scenario, utilize general cryptography concepts
  • Given a scenario, use appropriate cryptographic methods
  • Given a scenario, use appropriate PKI, certificate management and associated components

Where to Go From Here

Decide if you want to take the SY0-301 or SY0-401 exam. If you can finish your studying within a couple of months, and it’s not November 2014 yet, go for the SY0-301 exam. Locate a good book on Security+ (check Amazon.com) and start studying. Good luck!

  • + Share This
  • 🔖 Save To Your Account