CompTIA Security+

Certification Exam
Objectives
EXAM NUMBER: SY0-601
About the Exam
Candidates are encouraged to use this document to help prepare for the CompTIA
Security+ (SY0-601) certification exam. The CompTIA Security+ certification exam will
verify the successful candidate has the knowledge and skills required to:
• Assess the security posture of an enterprise environment and recommend
and implement appropriate security solutions
• Monitor and secure hybrid environments, including cloud, mobile, and IoT
• Operate with an awareness of applicable laws and policies, including
principles of governance, risk, and compliance
• Identify, analyze, and respond to security events and incidents
This is equivalent to two years of hands-on experience working in a security/systems administrator job role.
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all the content of this examination.

EXAM DEVELOPMENT
CompTIA exams result from subject matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an IT professional.

CompTIA AUTHORIZED MATERIALS USE POLICY

CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka “brain dumps”), he/she should contact CompTIA at [email protected] to confirm.

PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes, or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current, and the security
of the questions is protected. When necessary, we will publish updated exams based on testing
exam objectives. Please know that all related exam preparation materials will still be valid.

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
TEST DETAILS
Required exam SY0-601
Number of questions Maximum of 90
Types of questions Multiple choice and performance-based
Length of test 90 minutes
Recommended experience • At least 2 years of work experience
in IT systems administration with
a focus on security
• Hands-on technical information security experience
• Broad knowledge of security concepts
Passing score 750 (on a scale of 100–900)

EXAM OBJECTIVES (DOMAINS)

The table below lists the domains measured by this examination
and the extent to which they are represented:

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Attacks, Threats, and Vulnerabilities 24%

2.0 Architecture and Design 21%
3.0 Implementation 25%
4.0 Operations and Incident Response 16%
5.0 Governance, Risk, and Compliance 14%
Total 100%

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 1.0 Threats, Attacks and Vulnerabilities
1.1 Compare and contrast different types of social engineering techniques.
• Phishing • Whaling • Influence campaigns
• Smishing • Prepending - Hybrid warfare
• Vishing • Identity fraud - Social media
• Spam • Invoice scams • Principles (reasons for effectiveness)
• Spam over Internet messaging (SPIM) • Credential harvesting - Authority
• Spear phishing • Reconnaissance - Intimidation
• Dumpster diving • Hoax - Consensus
• Shoulder surfing • Impersonation - Scarcity
• Pharming • Watering hole attack - Familiarity
• Tailgating • Typo squatting - Trust
• Eliciting information - Urgency

1.2 Given a scenario, analyze potential indicators

to determine the type of attack.
• Malware • Password attacks • Adversarial artificial intelligence (AI)
- Ransomware - Spraying - Tainted training data for
- Trojans - Dictionary machine learning (ML)
- Worms - Brute force - Security of machine
- Potentially unwanted programs (PUPs) - Offline learning algorithms
- Fileless virus - Online • Supply-chain attacks
- Command and control - Rainbow tables • Cloud-based vs. on-premises attacks
- Bots - Plaintext/unencrypted • Cryptographic attacks
- Crypto malware • Physical attacks - Birthday
- Logic bombs - Malicious universal - Collision
- Spyware serial bus (USB) cable - Downgrade
- Keyloggers - Malicious flash drive
- Remote access Trojan (RAT) - Card cloning
- Rootkit - Skimming
- Backdoor

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 1.0 Attacks, Threats, and Vulnerabilities

1.3 Given a scenario, analyze potential indicators

associated with application attacks.
• Privilege escalation • Race conditions • Application programming
• Cross-site scripting - Time of check/time of use interface (API) attacks
• Injections • Error handling • Resource exhaustion
- Structured query language (SQL) • Improper input handling • Memory leak
- Dynamic link library (DLL) • Replay attack • Secure sockets layer (SSL) stripping
- Lightweight directory - Session replays • Driver manipulation
access protocol (LDAP) • Integer overflow - Shimming
- Extensible markup language (XML) • Request forgeries - Refactoring
• Pointer/object dereference - Server-side • Pass the hash
• Directory traversal - Client-side
• Buffer overflows - Cross-site

1.4 Given a scenario, analyze potential indicators

associated with network attacks.
• Wireless • Man in the browser - Domain reputation
- Evil twin • Layer 2 attacks • Distributed denial of service (DDoS)
- Rogue access point - Address resolution - Network
- Bluesnarfing protocol (ARP) poisoning - Application
- Bluejacking - Media access control (MAC) flooding - Operational technology (OT)
- Disassociation - MAC cloning • Malicious code or script execution
- Jamming • Domain name system (DNS) - PowerShell
- Radio frequency identifier (RFID) - Domain hijacking - Python
- Near field communication (NFC) - DNS poisoning - Bash
- Initialization vector (IV) - Universal resource - Macros
• Man in the middle locator (URL) redirection - Virtual Basic for Applications (VBA)

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 1.0 Attacks, Threats, and Vulnerabilities

1.5 Explain different threat actors, vectors, and intelligence sources.

• Actors and threats • Vectors - Automated indicator sharing (AIS)
- Advanced persistent threat (APT) - Direct access - Structured threat information
- Insider threats - Wireless exchange (STIX)/Trusted
- State actors - Email automated exchange of
- Hacktivists - Supply chain indicator information (TAXII)
- Script kiddies - Social media - Predictive analysis
- Criminal syndicates - Removable media - Threat maps
- Hackers - Cloud - File/code repositories
- White hat • Threat intelligence sources • Research sources
- Black hat - Open source intelligence (OSINT) - Vendor websites
- Gray hat - Closed/proprietary - Vulnerability feeds
- Shadow IT - Vulnerability databases - Conferences
- Competitors - Public/private information - Academic journals
• Attributes of actors sharing centers - Request for comments (RFC)
- Internal/external - Dark web - Local industry groups
- Level of sophistication/capability - Indicators of compromise - Social media
- Resources/funding - Threat feeds
- Intent/motivation -Adversary tactics, techniques,
and procedures (TTP)

1.6 Explain the security concerns associated with

various types of vulnerabilities.
• Cloud-based vs. on-premises • Third-party risks • Legacy platforms
vulnerabilities - Vendor management • Impacts
• Zero-day - System integration - Data loss
• Weak configurations - Lack of vendor support - Data breaches
- Open permissions - Supply chain - Data exfiltration
- Unsecured root accounts - Outsourced code development - Identity theft
- Errors - Data storage - Financial
- Weak encryption • Improper or weak patch management - Reputation
- Unsecure protocols - Firmware - Availability loss
- Default settings - Operating system (OS)
- Open ports and services - Applications

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 1.0 Attacks, Threats, and Vulnerabilities

1.7 Summarize the techniques used in security assessments.

• Threat hunting • Syslog/Security information and
- Intelligence fusion event management (SIEM)
- Threat feeds - Review reports
- Advisories and bulletins - Packet capture
- Maneuver - Data inputs
• Vulnerability scans - User behavior analysis
- False positives - Sentiment analysis
- False negatives - Security monitoring
- Log reviews - Log aggregation
- Credentialed vs. non-credentialed - Log collectors
- Intrusive vs. non-intrusive • Security orchestration,
- Application automation, response (SOAR)
- Web application
- Network
- Common Vulnerabilities and
Exposures (CVE)/Common
Vulnerability Scoring System (CVSS)
- Configuration review

1.8 Explain the techniques used in penetration testing.

• Penetration testing • Passive and active reconnaissance
- White box - Drones/unmanned aerial vehicle (UAV)
- Black box - War flying
- Gray box - War driving
- Rules of engagement - Footprinting
- Lateral movement - OSINT
- Privilege escalation • Exercise types
- Persistence - Red team
- Cleanup - Blue team
- Bug bounty - White team
- Pivoting - Purple team

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 2.0 Architecture and Design
2.1 Explain the importance of security concepts
in an enterprise environment.
• Configuration management • Hardware security module (HSM) • Deception and disruption
- Diagrams • Geographical considerations - Honeypots
- Baseline configuration • Cloud access security broker (CASB) - Honeyfiles
- Standard naming conventions • Response and recovery controls - Honeynets
- Internet protocol (IP) schema • Secure Sockets Layer (SSL)/Transport - Fake telemetry
• Data sovereignty Layer Security (TLS) inspection - DNS sinkhole
• Data protection • Hashing
- Data loss prevention (DLP) • API considerations
- Masking • Site resiliency
- Encryption - Hot site
- At rest - Cold site
- In transit/motion - Warm site
- In processing
- Tokenization
- Rights management

2.2 Summarize virtualization and cloud computing concepts.

• Cloud models • Managed service provider (MSP)/ • Infrastructure as code
- Infrastructure as a service (IaaS) Managed security service - Software-defined networking (SDN)
- Platform as a service (PaaS) provider (MSSP) - Software-defined visibility (SDV)
- Software as a service (SaaS) • On-premises vs. off-premises • Serverless architecture
- Anything as a service (XaaS) • Fog computing • Services integration
- Public • Edge computing • Resource policies
- Community • Thin client • Transit gateway
- Private • Containers • Virtualization
- Hybrid • Micro-services/API - Virtual machine (VM)
• Cloud service providers sprawl avoidance
- VM escape protection

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 2.0 Architecture and Design

2.3 Summarize secure application development,

deployment, and automation concepts.
• Environment - Code reuse/dead code • Automation/scripting
- Development - Server-side vs. client-side - Automated courses of action
- Test execution and validation - Continuous monitoring
- Staging - Memory management - Continuous validation
- Production - Use of third-party libraries and - Continuous integration
- Quality assurance (QA) software development kits (SDKs) - Continuous delivery
• Provisioning and deprovisioning - Data exposure - Continuous deployment
• Integrity measurement • Open Web Application • Elasticity
• Secure coding techniques Security Project (OWASP) • Scalability
- Normalization • Software diversity • Version control
- Stored procedures - Compiler
- Obfuscation/camouflage - Binary

2.4 Summarize authentication and authorization design concepts.

• Authentication methods • Biometrics • Multifactor authentication
- Directory services - Fingerprint (MFA) factors and attributes
- Federation - Retina - Factors
- Attestation - Iris - Something you know
- Technologies - Facial - Something you have
- Time-based one- - Voice - Something you are
time password (TOTP) - Vein - Attributes
- HMAC-based one-time - Gait analysis - Somewhere you are
password (HOTP) - Efficacy rates - Something you can do
- Short message service (SMS) - False acceptance - Something you exhibit
- Token key - False rejection - Someone you know
- Static codes - Crossover error rate • Authentication, authorization,
- Authentication applications and accounting (AAA)
- Push notifications • Cloud vs. on-premises requirements
- Phone call
- Smart card authentication

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 2.0 Architecture and Design

2.5 Given a scenario, implement cybersecurity resilience.

• Redundancy • Replication - Offsite storage
- Geographic dispersal - Storage area network (SAN) - Distance considerations
- Disk - VM • Non-persistence
- Redundant array of • On-premises vs. cloud - Revert to known state
inexpensive disks (RAID) levels • Backup types - Last known good configuration
- Multipath - Full - Live boot media
- Network - Incremental • High availability
- Load balancers - Snapshot - Scalability
- Network interface - Differential • Restoration order
card (NIC) teaming - Tape • Diversity
- Power - Disk - Technologies
- Uninterruptible - Copy - Vendors
power supply (UPS) - Network attached storage (NAS) - Crypto
- Generator - SAN - Controls
- Dual supply - Cloud
- Managed power - Image
distribution units (PDUs) - Online vs. offline

2.6 Explain the security implications of embedded and specialized systems.

• Embedded systems • Specialized - Subscriber identity module (SIM) cards
- Raspberry Pi - Medical systems - Zigbee
- Field programmable gate array (FPGA) - Vehicles • Constraints
- Arduino - Aircraft - Power
• System control and data acquisition - Smart meters - Compute
(SCADA)/industrial control system (ICS) • Voice over IP (VoIP) - Network
- Facilities • Heating, ventilation, air - Crypto
- Industrial conditioning (HVAC) - Inability to patch
- Manufacturing • Drones/AVs - Authentication
- Energy • Multifunction printer (MFP) - Range
- Logistics • Real-time operating system (RTOS) - Cost
• Internet of Things (IoT) • Surveillance systems - Implied trust
- Sensors • System on chip (SoC)
- Smart devices • Communication considerations
- Wearables - 5G
- Facility automation - Narrow-band
- Weak defaults - Baseband radio

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 2.0 Architecture and Design

2.7 Explain the importance of physical security controls.

• Bollards/barricades - Electronic • Air gap
• Mantraps - Physical • Demilitarized zone (DMZ)
• Badges - Cable locks • Protected cable distribution
• Alarms • USB data blocker • Secure areas
• Signage • Lighting - Air gap
• Cameras • Fencing - Vault
- Motion recognition • Fire suppression - Safe
- Object detection • Sensors - Hot aisle
• Closed-circuit television (CCTV) - Motion detection - Cold aisle
• Industrial camouflage - Noise detection • Secure data destruction
• Personnel - Proximity reader - Burning
- Guards - Moisture detection - Shredding
- Robot sentries - Cards - Pulping
- Reception - Temperature - Pulverizing
- Two-person integrity/control • Drones/UAV - Degaussing
• Locks • Visitor logs - Third-party solutions
- Biometrics • Faraday cages

2.8 Summarize the basics of cryptographic concepts.

• Digital signatures • Blockchain - Supporting integrity
• Key length - Public ledgers - Supporting obfuscation
• Key stretching • Cipher suites - Supporting authentication
• Salting - Stream - Supporting non-repudiation
• Hashing - Block - Resource vs. security constraints
• Key exchange • Symmetric vs. asymmetric • Limitations
• Elliptical curve cryptography • Lightweight cryptography - Speed
• Perfect forward secrecy • Steganography - Size
• Quantum - Audio - Weak keys
- Communications - Video - Time
- Computing - Image - Longevity
• Post-quantum • Homomorphic encryption - Predictability
• Ephemeral • Common use cases - Reuse
• Modes of operation - Low power devices - Entropy
- Authenticated - Low latency - Computational overheads
- Unauthenticated - High resiliency - Resource vs. security constraints
- Counter - Supporting confidentiality

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 3.0 Implementation
3.1 Given a scenario, implement secure protocols.
• Protocols - Hypertext transfer protocol - Email and web
- Domain Name System over SSL/TLS (HTTPS) - File transfer
Security Extension (DNSSEC) - IPSec - Directory services
- SSH - Authentication header (AH)/ - Remote access
- Secure/multipurpose Internet Encapsulated security - Domain name resolution
mail exchanger (S/MIME) payload (ESP) - Routing and switching
- Secure real-time protocol (SRTP) - Tunnel/transport - Network address allocation
- LDAPS - Secure post office protocol (POP)/ - Subscription services
- File transfer protocol, secure (FTPS) Internet message access protocol (IMAP)
- Secured file transfer protocol (SFTP) • Use cases
- Simple Network Management - Voice and video
Protocol, version 3 (SNMPv3) - Time synchronization

3.2 Given a scenario, implement host or application security solutions.

• Endpoint protection - Boot attestation - Dynamic code analysis
- Antivirus • Database - Fuzzing
- Anti-malware - Tokenization • Hardening
- Endpoint detection - Salting - Open ports and services
and response (EDR) - Hashing - Registry
- DLP • Application security - Disk encryption
- Next-generation firewall - Input validations - OS
- Host intrusion prevention - Secure cookies - Patch management
system (HIPS) - Hypertext Transfer - Third-party updates
- Host intrusion detection Protocol (HTTP) headers - Auto-update
system (HIDS) - Code signing • Self-encrypting drive (SED)/
- Host-based firewall - Whitelisting full disk encryption (FDE)
• Boot integrity - Blacklisting - Opal
- Boot security/Unified Extensible - Secure coding practices • Hardware root of trust
Firmware Interface (UEFI) - Static code analysis • Trusted Platform Module (TPM)
- Measured boot - Manual code review • Sandboxing

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 3.0 Implementation

3.3 Given a scenario, implement secure network designs.

• Load balancing • Out-of-band management - Collectors
- Active/active • Port security - Aggregators
- Active/passive - Broadcast storm prevention - Firewalls
- Scheduling - Bridge Protocol Data - Web application firewall (WAF)
- Virtual IP Unit (BPDU) guard  - Next-generation firewall
- Persistence - Loop prevention - Stateful
• Network segmentation - Dynamic Host Configuration - Stateless
- Virtual local area network (VLAN) Protocol (DHCP) snooping - Unified threat management (UTM)
- DMZ - Media access - Network address
- East-west traffic control (MAC) filtering translation (NAT) gateway
- Extranet • Network appliances - Content/URL filter
- Intranet - Jump servers - Open-source vs. proprietary
- Zero trust - Proxy servers - Hardware vs. software
• Virtual private network (VPN) - Forward - Appliance vs. host-based vs. virtual
- Always on - Reverse • Access control list (ACL)
- Split tunnel vs. full tunnel - Network-based intrusion detection • Route security
- Remote access vs. site-to-site system (NIDS)/network-based • Quality of service (QoS)
- IPSec intrusion prevention system (NIPS) • Implications of IPv6
- SSL/TLS - Signature based • Port spanning/port mirroring
- HTML5 - Heuristic/behavior - Port taps
- Layer 2 tunneling protocol (L2TP) - Anomaly • Monitoring services
• DNS - Inline vs. passive • File integrity monitors
• Network access control (NAC) - HSM
- Agent and agentless - Sensors

3.4 Given a scenario, install and configure wireless security settings.

• Cryptographic protocols - IEEE 802.1X - Controller and access point security
- WiFi protected access II (WPA2) - Remote Authentication Dial-in
- WiFi protected access III (WPA3) User Server (RADIUS) Federation
- Counter-mode/CBC-MAC • Methods
protocol (CCMP) - Pre-shared key (PSK) vs.
- Simultaneous Authentication Enterprise vs. Open
of Equals (SAE) - WiFi Protected Setup (WPS)
• Authentication protocols - Captive portals
- Extensible Authentication • Installation considerations
Protocol (EAP) - Site surveys
- Protected Extensible - Heat maps
Application Protocol (PEAP) - WiFi analyzers
- EAP-FAST - Channel overlays
- EAP-TLS - Wireless access point
- EAP-TTLS (WAP) placement

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 3.0 Implementation

3.5 Given a scenario, implement secure mobile solutions.

• Connection methods and receivers - Biometrics - SMS/multimedia message service
- Cellular - Context-aware authentication (MMS)/Rich communication
- WiFi - Containerization services (RCS)
- Bluetooth - Storage segmentation - External media
- NFC - Full device encryption - USB on the go (OTG)
- Infrared • Mobile devices - Recording microphone
- USB - MicroSD HSM - GPS tagging
- Point to point - MDM/Unified endpoint - WiFi direct/ad hoc
- Point to multipoint management (UEM) - Tethering
- Global Positioning System (GPS) - Mobile application - Hotspot
- RFID management (MAM) - Payment methods
• Mobile device management (MDM) - SEAndroid • Deployment models
- Application management • Enforcement and monitoring of: - Bring your own device (BYOD)
- Content management - Third-party app stores - Corporate-owned
- Remote wipe - Rooting/jailbreaking personally enabled (COPE)
- Geofencing - Sideloading - Choose your own device (CYOD)
- Geolocation - Custom firmware - Corporate-owned
- Screen locks - Carrier unlocking - Virtual desktop infrastructure (VDI)
- Push notifications - Firmware over-the-air (OTA) updates
- Passwords and pins - Camera use

3.6 Given a scenario, apply cybersecurity solutions to the cloud.

• Cloud security controls • Solutions
- High availability across zones - CASB
- Resource policies - Application security
- Secrets management - Next-generation secure
- Integration and auditing web gateway (SWG)
- Storage - Firewall considerations
- Permissions in a cloud environment
- Encryption - Cost
- Replication - Need for segmentation
- High availability - Open Systems
- Network Interconnection (OSI) layers
- Virtual networks • Cloud native controls vs.
- Public and private subnets third-party solutions
- Segmentation
- API inspection and integration
- Compute
- Security groups
- Dynamic resource allocation
- Instance awareness
- Virtual private
cloud (VPC) endpoint
- Container security

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 3.0 Architecture and Design

3.7 Given a scenario, implement identity and

account management controls.
• Identity - Guest accounts - Time-based logins
- Identity provider (IdP) - Service accounts - Access policies
- Attributes • Account policies - Account permissions
- Certificates - Password complexity - Account audits
- Tokens - Password history - Impossible travel time/risky login
- SSH keys - Password reuse - Lockout
- Smart cards - Time of day - Disablement
• Account types - Network location
- User account - Geofencing
- Shared and generic - Geotagging
accounts/credentials - Geolocation

3.8 Given a scenario, implement authentication

and authorization solutions.
• Authentication management - 802.1X - Role-based access control
- Password keys - RADIUS - Rule-based access control
- Password vaults - Single sign-on (SSO) - MAC
- TPM - Security Assertions - Discretionary access control (DAC)
- HSM Markup Language (SAML) - Conditional access
- Knowledge-based authentication - Terminal Access Controller - Privilege access management
• Authentication Access Control System Plus (TACACS+) - Filesystem permissions
- EAP - OAuth
- Challenge Handshake - OpenID
Authentication Protocol (CHAP) - Kerberos
- Password Authentication • Access control schemes
Protocol (PAP) - Attribute-based access control (ABAC)

3.9 Given a scenario, implement public key infrastructure.

• Public key infrastructure (PKI) • Types of certificates - Privacy enhanced mail (PEM)
- Key management - Wildcard - Personal information exchange (PFX)
- Certificate authority (CA) - SAN - .cer
- Intermediate CA - Code signing - P12
- Registration authority (RA) - Self-signed - P7B
- Certificate revocation list (CRL) - Machine/computer • Concepts
- Certificate attributes - Email - Online vs. offline CA
- Online Certificate Status - User - Stapling
Protocol (OCSP) - Root - Pinning
- Certificate signing request (CSR) - Domain validation - Trust model
- CN - Extended validation - Key escrow
- SAN • Certificate formats - Certificate chaining
- Expiration - Distinguished encoding rules (DER)

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 4.0 Operations and Incident Response
4.1 Given a scenario, use the appropriate tool to
assess organizational security.
• Network reconnaissance and discovery - scanless - OpenSSL
- tracert/traceroute - dnsenum • Packet capture and replay
- nslookup/dig - Nessus - Tcpreplay
- ipconfig/ifconfig - Cuckoo - Tcpdump
- nmap • File manipulation - Wireshark
- ping/pathping - head • Forensics
- hping - tail - dd
- netstat - cat - Memdump
- netcat - grep - WinHex
- IP scanners - chmod - FTK imager
- arp - logger - Autopsy
- route • Shell and script environments • Exploitation frameworks
- curl - SSH • Password crackers
- the harvester - PowerShell • Data sanitization
- sn1per - Python

4.2 Summarize the importance of policies, processes,

and procedures for incident response.
• Incident response plans • Exercises • Stakeholder management
• Incident response process - Tabletop • Communication plan
- Preparation - Walkthroughs • Disaster recovery plan
- Identification - Simulations • Business continuity plan
- Containment • Attack frameworks • Continuity of operation planning (COOP)
- Eradication - MITRE ATT&CK • Incident response team
- Recovery - The Diamond Model of • Retention policies
- Lessons learned Intrusion Analysis
- Cyber Kill Chain

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 4.0 Operations and Incident Response

4.3 Given an incident, utilize appropriate data

sources to support an investigation.
• Vulnerability scan output - Security • Bandwidth monitors
• SIEM dashboards - Web • Metadata
- Sensor - DNS - Email
- Sensitivity - Authentication - Mobile
- Trends - Dump files - Web
- Alerts - VoIP and call managers - File
- Correlation - Session Initiation Protocol (SIP) traffic • Netflow/sflow
• Log files • syslog/rsyslog/syslog-ng - Echo
- Network • journalctl - IPfix
- System • nxlog • Protocol analyzer output
- Application • Retention

4.4 Given an incident, apply mitigation techniques

or controls to secure an environment.
• Reconfigure endpoint security solutions • Isolation
- Application whitelisting • Containment
- Application blacklisting • Segmentation
- Quarantine • Secure Orchestration, Automation,
• Configuration changes and Response (SOAR)
- Firewall rules - Runbooks
- MDM - Playbooks
- DLP
- Content filter/URL filter
- Update or revoke certificates

4.5 Explain the key aspects of digital forensics.

• Documentation/evidence • Acquisition • On-premises vs. cloud
- Legal hold - Order of volatility - Right to audit clauses
- Video - Disk - Regulatory/jurisdiction
- Admissibility - Random-access memory (RAM) - Data breach notification laws
- Chain of custody - Swap/pagefile • Integrity
- Timelines of sequence of events - OS - Hashing
- Time stamps - Device - Checksums
- Time offset - Firmware - Provenance
- Tags - Snapshot • Preservation
- Reports - Cache • E-discovery
- Event logs - Network • Data recovery
- Interviews - Artifacts • Non-repudiation
• Strategic intelligence/
counterintelligence

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 5.0 Governance, Risk, and Compliance
5.1 Compare and contrast various types of controls.
• Category • Control type - Deterrent
- Managerial - Preventative - Compensating
- Operational - Detective - Physical
- Technical - Corrective

5.2 Explain the importance of applicable regulations, standards, or

frameworks that impact organizational security posture.
• Regulations, standards, and legislation - National Institute of Standards - Reference architecture
- General Data Protection and Technology (NIST) RMF/CSF • Benchmarks /secure
Regulation (GDPR) - International Organization configuration guides
- National, territory, or state laws for Standardization (ISO) - Platform/vendor-specific guides
- Payment Card Industry Data 27001/27002/27701/31000 - Web server
Security Standard (PCI DSS) - SSAE SOC 2 Type II/III - OS
• Key frameworks - Cloud security alliance - Application server
- Center for Internet Security (CIS) - Cloud control matrix - Network infrastructure devices

5.3 Explain the importance of policies to organizational security.

• Personnel - Computer-based training (CBT) • Data
- Acceptable use policy - Role-based training - Classification
- Job rotation • Diversity of training techniques - Governance
- Mandatory vacation • Third-party risk management - Retention
- Separation of duties - Vendors • Credential policies
- Least privilege - Supply chain - Personnel
- Clean desk space - Business partners - Third party
- Background checks - Service level agreement (SLA) - Devices
- Non-disclosure agreement (NDA) - Memorandum of - Service accounts
- Social media analysis understanding (MOU) - Administrator/root accounts
- Onboarding - Measurement systems analysis (MSA) • Organizational policies
- Offboarding - Business partnership agreement (BPA) - Change management
- User training - End of life (EOL) - Change control
- Gamification - End of service (EOS) - Asset management
- Capture the flag - NDA
- Phishing campaigns
- Phishing simulations

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
 5.0 Governance, Risk, and Compliance

5.4 Summarize risk management processes and concepts.

• Risk types - Risk control self-assessment • Disasters
- External - Risk awareness - Environmental
- Internal - Inherent risk - Man-made
- Legacy systems - Residual risk - Internal vs. external
- Multiparty - Control risk • Business impact analysis
- IP theft - Risk appetite - Recovery time objective (RTO)
- Software compliance/licensing - Regulations that affect risk posture - Recovery point objective (RPO)
• Risk management strategies - Risk assessment types - Mean time to repair (MTTR)
- Acceptance - Qualitative - Mean time between failures (MTBF)
- Avoidance - Quantitative - Functional recovery plans
- Transference - Likelihood of occurrence - Single point of failure
- Cybersecurity insurance - Impact - Disaster recovery plan (DRP)
- Mitigation - Asset value - Mission essential functions
• Risk analysis - Single loss expectancy (SLE) - Identification of critical systems
- Risk register - Annualized loss expectancy (ALE) - Site risk assessment
- Risk matrix/heat map - Annualized rate of occurrence (ARO)
- Risk control assessment

5.5 Explain privacy and sensitive data concepts in relation to security.

• Organizational consequences - Personally identifiable • Information life cycle
of privacy breaches information (PII) • Impact assessment
- Reputation damage - Health information • Terms of agreement
- Identity theft - Financial information • Privacy notice
- Fines - Government data
- IP theft - Customer data
• Notifications of breaches • Privacy enhancing technologies
- Escalation - Data minimization
- Public notifications and disclosures - Data masking
• Data types - Tokenization
- Classifications - Anonymization
- Public - Pseudo-anonymization
- Private • Roles and responsibilities
- Sensitive - Data owners
- Confidential - Data controller
- Critical - Data processor
- Proprietary - Data custodian/steward
- Data privacy officer (DPO)

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
Security+ (SY0-601) Acronym List

The following is a list of acronyms that appear on the CompTIA

Security+ exam. Candidates are encouraged to review the complete
list and attain a working knowledge of all listed acronyms as
part of a comprehensive exam preparation program.
ACRONYM DEFINITION CBC Cipher Block Chaining
3DES Triple Digital Encryption Standard CBT Computer-based Training
AAA Authentication, Authorization, and Accounting CCMP Counter-Mode/CBC-Mac Protocol
ABAC Attribute-based Access Control CCTV Closed-Circuit Television
ACL Access Control List CERT Computer Emergency Response Team
AES Advanced Encryption Standard CFB Cipher Feedback
AES256 Advanced Encryption Standards 256bit CHAP Challenge Handshake Authentication Protocol
AH Authentication Header CIO Chief Information Officer
AI Artificial Intelligence CIRT Computer Incident Response Team
AIS Automated Indicator Sharing CIS Center for Internet Security
ALE Annualized Loss Expectancy CMS Content Management System
AP Access Point COOP Continuity of Operation Planning
API Application Programming Interface COPE Corporate Owned Personal Enabled
APT Advanced Persistent Threat CP Contingency Planning
ARO Annualized Rate of Occurrence CRC Cyclical Redundancy Check
ARP Address Resolution Protocol CRL Certificate Revocation List
ASLR Address Space Layout Randomization CSO Chief Security Officer
ASP Active Server Page CSP Cloud Service Provider
ATT&CK Adversarial Tactics, Techniques, CSR Certificate Signing Request
and Common Knowledge CSRF Cross-Site Request Forgery
AUP Acceptable Use Policy CSU Channel Service Unit
AV Antivirus CTM Counter-Mode
BASH Bourne Again Shell CTO Chief Technology Officer
BCP Business Continuity Planning CVE Common Vulnerabilities and Exposures
BGP Border Gateway Protocol CVSS Common Vulnerability Scoring System
BIA Business Impact Analysis CYOD Choose Your Own Device
BIOS Basic Input/Output System DAC Discretionary Access Control
BPA Business Partnership Agreement DBA Database Administrator
BPDU Bridge Protocol Data Unit DDoS Distributed Denial of Service
BYOD Bring Your Own Device DEP Data Execution Prevention
CA Certificate Authority DER Distinguished Encoding Rules
CAC Common Access Card DES Digital Encryption Standard
CAPTCHA Completely Automated Public Turing DHCP Dynamic Host Configuration Protocol
Test to Tell Computers and Humans Apart DHE Diffie-Hellman Ephemeral
CAR Corrective Action Report DKIM Domain Keys Identified Mail
CASB Cloud Access Security Broker DLL Dynamic Link Library

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
ACRONYM DEFINITION
DLP Data Loss Prevention HVAC Heating, Ventilation, Air Conditioning
DMARC Domain Message Authentication IaaS Infrastructure as a Service
Reporting and Conformance ICMP Internet Control Message Protocol
DMZ Demilitarized Zone ICS Industrial Control Systems
DNAT Destination Network Address Transaction IDEA International Data Encryption Algorithm
DNS Domain Name Service (Server) IDF Intermediate Distribution Frame
DNSSEC Domain Name System Security Extensions IdP Identity Provider
DoS Denial of Service IDS Intrusion Detection System
DPO Data Privacy Officer IEEE Institute of Electrical and Electronics Engineers
DRP Disaster Recovery Plan IKE Internet Key Exchange
DSA Digital Signature Algorithm IM Instant Messaging
DSL Digital Subscriber Line IMAP4 Internet Message Access Protocol v4
EAP Extensible Authentication Protocol IoC Indicators of Compromise
ECB Electronic Code Book IoT Internet of Things
ECC Elliptic Curve Cryptography IP Internet Protocol
ECDHE Elliptic Curve Diffie-Hellman Ephemeral IPSec Internet Protocol Security
ECDSA Elliptic Curve Digital Signature Algorithm IR Incident Response
EDR Endpoint Detection and Response IRC Internet Relay Chat
EFS Encrypted File System IRP Incident Response Plan
EOL End of Life ISO International Organization for Standardization
EOS End of Service ISP Internet Service Provider
ERP Enterprise Resource Planning ISSO Information Systems Security Officer
ESN Electronic Serial Number ITCP IT Contingency Plan
ESP Encapsulated Security Payload IV Initialization Vector
FACL File System Access Control List KDC Key Distribution Center
FDE Full Disk Encryption KEK Key Encryption Key
FPGA Field Programmable Gate Array L2TP Layer 2 Tunneling Protocol
FRR False Rejection Rate LAN Local Area Network
FTP File Transfer Protocol LDAP Lightweight Directory Access Protocol
FTPS Secured File Transfer Protocol LEAP Lightweight Extensible Authentication Protocol
GCM Galois Counter Mode MaaS Monitoring as a Service
GDPR General Data Protection Regulation MAC Mandatory Access Control
GPG Gnu Privacy Guard MAC Media Access Control
GPO Group Policy Object MAC Message Authentication Code
GPS Global Positioning System MAM Mobile Application Management
GPU Graphics Processing Unit MAN Metropolitan Area Network
GRE Generic Routing Encapsulation MBR Master Boot Record
HA High Availability MD5 Message Digest 5
HDD Hard Disk Drive MDF Main Distribution Frame
HIDS Host-Based Intrusion Detection System MDM Mobile Device Management
HIPS Host-Based Intrusion Prevention System MFA Multifactor Authentication
HMAC Hashed Message Authentication Code MFD Multi-Function Device
HOTP HMAC based One Time Password MFP Multi-Function Printer
HSM Hardware Security Module MITM Man in the Middle
HTML HyperText Markup Language ML Machine Learning
HTTP Hypertext Transfer Protocol MMS Multimedia Message Service
HTTPS Hypertext Transfer Protocol over SSL/TLS MOA Memorandum of Agreement

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
ACRONYM DEFINITION
MOU Memorandum of Understanding PCI DSS Payment Card Industry Data Security Standard
MPLS Multi-Protocol Label Switching PDU Power Distribution Unit
MSA Measurement Systems Analysis PEAP Protected Extensible Authentication Protocol
MSCHAP Microsoft Challenge Handshake PED Personal Electronic Device
Authentication Protocol PEM Privacy Enhanced Mail
MSP Managed Service Provider PFS Perfect Forward Secrecy
MSSP Managed Security Service Provider PFX Personal Information Exchange
MTBF Mean Time Between Failures PGP Pretty Good Privacy
MTTF Mean Time to Failure PHI Personal Health Information
MTTR Mean Time to Recover PII Personally Identifiable Information
MTU Maximum Transmission Unit PIV Personal Identity Verification
NAC Network Access Control PKCS Public Key Cryptography Standards
NAS Network Attached Storage PKI Public Key Infrastructure
NAT Network Address Translation POP Post Office Protocol
NDA Non-Disclosure Agreement POTS Plain Old Telephone Service
NFC Near Field Communication PPP Point-to-Point Protocol
NFV Network Functions Virtualization PPTP Point-to-Point Tunneling Protocol
NIC Network Interface Card PSK Pre-Shared Key
NIDS Network Based Intrusion Detection System PTZ Pan-Tilt-Zoom
NIPS Network Based Intrusion Prevention System QA Quality Assurance
NIST National Institute of Standards & Technology QoS Quality of Service
NTFS New Technology File System PUP Potentially Unwanted Program
NTLM New Technology LAN Manager RA Recovery Agent
NTP Network Time Protocol RA Registration Authority
OAUTH Open Authorization RACE Research and Development in Advanced
OCSP Online Certificate Status Protocol Communications Technologies in Europe
OID Object Identifier RAD Rapid Application Development
OS Operating System RADIUS Remote Authentication Dial-in User Server
OSI Open Systems Interconnection RAID Redundant Array of Inexpensive Disks
OSINT Open Source Intelligence RAM Random Access Memory
OSPF Open Shortest Path First RAS Remote Access Server
OT Operational Technology RAT Remote Access Trojan
OTA Over The Air RC4 Rivest Cipher version 4
OTG On The Go RCS Rich Communication Services
OVAL Open Vulnerability Assessment Language RFC Request for Comments
OWASP Open Web Application Security Project RFID Radio Frequency Identifier
P12 PKCS #12 RIPEMD RACE Integrity Primitives
P2P Peer to Peer Evaluation Message Digest
PaaS Platform as a Service ROI Return on Investment
PAC Proxy Auto Configuration RPO Recovery Point Objective
PAM Privileged Access Management RSA Rivest, Shamir, & Adleman
PAM Pluggable Authentication Modules RTBH Remote Triggered Black Hole
PAP Password Authentication Protocol RTO Recovery Time Objective
PAT Port Address Translation RTOS Real-Time Operating System
PBKDF2 Password Based Key Derivation Function 2 RTOS Real-Time Operating System
PBX Private Branch Exchange RTP Real-Time Transport Protocol
PCAP Packet Capture S/MIME Secure/Multipurpose Internet Mail Extensions

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
ACRONYM DEFINITION
SaaS Software as a Service of Indicator Information
SAE Simultaneous Authentication of Equals TCP/IP Transmission Control Protocol/Internet Protocol
SAML Security Assertions Markup Language TGT Ticket Granting Ticket
SAN Storage Area Network TKIP Temporal Key Integrity Protocol
SAN Subject Alternative Name TLS Transport Layer Security
SCADA System Control and Data Acquisition TOTP Time-based One Time Password
SCAP Security Content Automation Protocol TPM Trusted Platform Module
SCEP Simple Certificate Enrollment Protocol TSIG Transaction Signature
SDK Software Development Kit TTP Tactics, Techniques, and Procedures
SDLC Software Development Life Cycle UAT User Acceptance Testing
SDLM Software Development Life-cycle Methodology UAV Unmanned Aerial Vehicle
SDN Software Defined Networking UDP User Datagram Protocol
SDV Software Defined Visibility UEFI Unified Extensible Firmware Interface
SED Self-Encrypting Drives UEM Unified Endpoint Management
SEH Structured Exception Handler UPS Uninterruptable Power Supply
SFTP Secured File Transfer Protocol URI Uniform Resource Identifier
SHA Secure Hashing Algorithm URL Universal Resource Locator
SHTTP Secure Hypertext Transfer Protocol USB Universal Serial Bus
SIEM Security Information and Event Management USB OTG USB On The Go
SIM Subscriber Identity Module UTM Unified Threat Management
SIP Session Initiation Protocol UTP Unshielded Twisted Pair
SLA Service Level Agreement VBA Visual Basic
SLE Single Loss Expectancy VDE Virtual Desktop Environment
S/MIME Secure/Multipurpose Internet Mail Exchanger VDI Virtual Desktop Infrastructure
SMS Short Message Service VLAN Virtual Local Area Network
SMTP Simple Mail Transfer Protocol VLSM Variable Length Subnet Masking
SMTPS Simple Mail Transfer Protocol Secure VM Virtual Machine
SNMP Simple Network Management Protocol VoIP Voice over IP
SOAP Simple Object Access Protocol VPC Virtual Private Cloud
SOAR Security Orchestration, Automation, Response VPN Virtual Private Network
SoC System on Chip VTC Video Teleconferencing
SOC Security Operations Center WAF Web Application Firewall
SPF Sender Policy Framework WAP Wireless Access Point
SPIM Spam over Internet Messaging WEP Wired Equivalent Privacy
SQL Structured Query Language WIDS Wireless Intrusion Detection System
SQLi SQL Injection WIPS Wireless Intrusion Prevention System
SRTP Secure Real-Time Protocol WORM Write Once Read Many
SSD Solid State Drive WPA WiFi Protected Access
SSH Secure Shell WPS WiFi Protected Setup
SSL Secure Sockets Layer WTLS Wireless TLS
SSO Single Sign On XaaS Anything as a Service
STIX Structured Threat Information eXchange XML Extensible Markup Language
STP Shielded Twisted Pair XOR Exclusive Or
SWG Secure Web Gateway XSRF Cross-Site Request Forgery
TACACS+ Terminal Access Controller Access Control System XSS Cross-Site Scripting
TAXII Trusted Automated eXchange

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-601)
Security+ Proposed Hardware and Software List

CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the Security+ exam. This list may also be helpful for
training companies that wish to create a lab component to their training offering.
The bulleted lists below each topic are sample lists and are not exhaustive.

HARDWARE SOFTWARE OTHER

• Laptop with Internet access • Virtualization software • Access to a CSP
• Separate wireless NIC • Penetration testing OS/distributions
• WAP (e.g., Kali Linux, ParrotOS)
• Firewall • SIEM
• UTM • Wireshark
• Mobile device • Metasploit
• Server/cloud server • tcpdump
• IoT devices

© 2019 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such
programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally.
Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduction
or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 007330-Dec2019