1
Security+ SYO-701 Information
Domains Percentage
1. General Security Concepts 12%
2. Threats, Vulnerabilities, and Mitigation 22%
3. Security Architecture 18%
4. Security Operations 28%
5. Security Program Management and Oversight 20%
Professor Messer Security+ SYO-701 Course
Andrew R. CompTIA Security+ 50 Practice Questions
Professor Messer Security+ Study Groups
ExamCompass Practice Exams
Tips to pass this exam (Must follow to
guarantee passing)
● Typing help or /help on a command line (CLI) lab.
● Regular exercise, water, and sleep during the duration of your studying,
increasing blood flow to the brain.
● Attempt active recall on things you have already studied.
● Chew some mint gum during your exam and studying.
● Try not to eat sugary stuff within 24 hours before your exam. This would
increase nervousness if you did eat sugary foods.
,2
● Have some water near you during your exam
● Always read the question twice if you are not sure.
○ The answer will usually be at the beginning or the end of the
question
■ “Which of the following is the least/most/first step/last
step/etc…”
● Read the last-minute cram guide (posted above) before entering the
exam room, ensuring you have a complete understanding of most, if not
all, subjects and objectives.
● Take lots of practice questions when studying, personally I would do 3-7
practice exams where I would attempt to score above 80s or 90s.
● Reddit, Youtube, and other social media platforms are a great way to see
how others completed and passed the exam.
○ You use social media daily, why not use it to pass Sec+.
1.0 - General Security Concepts
[1.1] - Compare and contrast various types of security
controls.
● Categories
○ Technical - Sometimes called “logical,” is used by computers to
manage user/system activity, for example firewalls, IPS, User
Access Control, etc.
○ Managerial - Sometimes called “administrative,” are things that
are on-paper, such as policies, laws, and training. These are written
rules.
,3
○ Operational - Day-to-day operations carried out by people, like
malware removal, security guard and change management process.
These are the act of following the rules and doing the job.
○ Physical - Protects the actual physical hardware, systems, and
workplace overall. These can be door locks, access control
vestibules, fences, bollards, etc.
● Control Types
○ Preventative - Stops a threat before it happens, like IPS’s, security
guards.
○ Deterrent - Deter a threat from happening, like CCTV, warning
signs, lighting.
○ Detective - Detect a threat happening or inbound to occur, like
logging, monitoring, IDS, AVs.
○ Corrective - Mitigating damage after an incident has been
identified, like backups, UPS, patching, system restore.
○ Compensative - Alternative solutions to an incident if a primary
one cannot be established, like extra monitoring if MFA can’t be
implemented.
○ Directive - Provides directions on how to use systems and
equipment, like SOPs, TOSs, employee handbook, etc.
● Defense-in-Depth - A strategic usage of security controls and types to
protect assets and data, layered security.
[1.2] - Summarize fundamental security concepts.
● CIA Triad - a fundamental model to protect data in transit, at rest, or in
use, as well as systems and hardware.
○ Confidentiality - The process or action to keep data confident.
, 4
○ Integrity - Keep data intact, reliable, and trustworthy for both the
sender and receiver.
○ Availability - Keep data disclosed to only authorized individuals.
● DAD Triad - the opposite of the CIA triad, largely for malicious use.
○ Disclosure - Sensitive information becomes disclosed to the
general public.
○ Alteration - Sensitive information becomes altered to input
malicious code or send false info.
○ Denial - Sensitive information becomes unavailable to certain or all
individuals (DDoS).
● Non-Repudiation - A third-party cannot deny a digital action, such as a
digital certificate, needs to provide proof of origin, integrity, etc.
● AAA
○ Authentication - The action to authenticate or verify a user into
accessing data.
○ Authorization - The action to authorize or give users certain rights
for accessing that data
Security+ SYO-701 Information
Domains Percentage
1. General Security Concepts 12%
2. Threats, Vulnerabilities, and Mitigation 22%
3. Security Architecture 18%
4. Security Operations 28%
5. Security Program Management and Oversight 20%
Professor Messer Security+ SYO-701 Course
Andrew R. CompTIA Security+ 50 Practice Questions
Professor Messer Security+ Study Groups
ExamCompass Practice Exams
Tips to pass this exam (Must follow to
guarantee passing)
● Typing help or /help on a command line (CLI) lab.
● Regular exercise, water, and sleep during the duration of your studying,
increasing blood flow to the brain.
● Attempt active recall on things you have already studied.
● Chew some mint gum during your exam and studying.
● Try not to eat sugary stuff within 24 hours before your exam. This would
increase nervousness if you did eat sugary foods.
,2
● Have some water near you during your exam
● Always read the question twice if you are not sure.
○ The answer will usually be at the beginning or the end of the
question
■ “Which of the following is the least/most/first step/last
step/etc…”
● Read the last-minute cram guide (posted above) before entering the
exam room, ensuring you have a complete understanding of most, if not
all, subjects and objectives.
● Take lots of practice questions when studying, personally I would do 3-7
practice exams where I would attempt to score above 80s or 90s.
● Reddit, Youtube, and other social media platforms are a great way to see
how others completed and passed the exam.
○ You use social media daily, why not use it to pass Sec+.
1.0 - General Security Concepts
[1.1] - Compare and contrast various types of security
controls.
● Categories
○ Technical - Sometimes called “logical,” is used by computers to
manage user/system activity, for example firewalls, IPS, User
Access Control, etc.
○ Managerial - Sometimes called “administrative,” are things that
are on-paper, such as policies, laws, and training. These are written
rules.
,3
○ Operational - Day-to-day operations carried out by people, like
malware removal, security guard and change management process.
These are the act of following the rules and doing the job.
○ Physical - Protects the actual physical hardware, systems, and
workplace overall. These can be door locks, access control
vestibules, fences, bollards, etc.
● Control Types
○ Preventative - Stops a threat before it happens, like IPS’s, security
guards.
○ Deterrent - Deter a threat from happening, like CCTV, warning
signs, lighting.
○ Detective - Detect a threat happening or inbound to occur, like
logging, monitoring, IDS, AVs.
○ Corrective - Mitigating damage after an incident has been
identified, like backups, UPS, patching, system restore.
○ Compensative - Alternative solutions to an incident if a primary
one cannot be established, like extra monitoring if MFA can’t be
implemented.
○ Directive - Provides directions on how to use systems and
equipment, like SOPs, TOSs, employee handbook, etc.
● Defense-in-Depth - A strategic usage of security controls and types to
protect assets and data, layered security.
[1.2] - Summarize fundamental security concepts.
● CIA Triad - a fundamental model to protect data in transit, at rest, or in
use, as well as systems and hardware.
○ Confidentiality - The process or action to keep data confident.
, 4
○ Integrity - Keep data intact, reliable, and trustworthy for both the
sender and receiver.
○ Availability - Keep data disclosed to only authorized individuals.
● DAD Triad - the opposite of the CIA triad, largely for malicious use.
○ Disclosure - Sensitive information becomes disclosed to the
general public.
○ Alteration - Sensitive information becomes altered to input
malicious code or send false info.
○ Denial - Sensitive information becomes unavailable to certain or all
individuals (DDoS).
● Non-Repudiation - A third-party cannot deny a digital action, such as a
digital certificate, needs to provide proof of origin, integrity, etc.
● AAA
○ Authentication - The action to authenticate or verify a user into
accessing data.
○ Authorization - The action to authorize or give users certain rights
for accessing that data
