Exam Number: SY0-501
The CompTIA Security+ certification is a vendor-neutral credential. The CompTIA Security+ SY0-501 exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe.
The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to:
- Install and configure systems to secure applications, networks and devices
- Perform threat analysis and respond with appropriate mitigation techniques
- Participate in risk mitigation activities
- Operate with an awareness of applicable policies, laws and regulations
The successful candidate will perform these tasks to support the principles of confidentiality, integrity, and availability.
The CompTIA Security+ certification is aimed at an IT security professional who has:
- A minimum of two years’ experience in IT administration with a focus on security
- Day-to-day technical information security experience
- Broad knowledge of security concerns and implementation, including the topics in the domain list
These content examples are meant to clarify the test objectives and should not be construed as a comprehensive listing of all content in this examination.
1.0 Threats, Attacks and Vulnerabilities
-Compare and contrast types of attacks.
-Explain threat actor types and attributes.
-Explain penetration testing concepts.
-Explain vulnerability scanning concepts.
-Explain the impact associated with types of vulnerabilities.
-Install and configure network components, both hardware- and software-based, to support organizational security.
-Given a scenario, use appropriate software tools to assess the security posture of an organization.
2.0 Technologies and Tools
-Given a scenario, troubleshoot common security issues.
-Given a scenario, analyze and interpret output from security technologies.
-Given a scenario, deploy mobile devices securely.
-Given a scenario, implement secure protocols.
3.0 Architecture and Design
-Explain use cases and purpose for frameworks, best practices and secure configuration guides.
-Given a scenario, implement secure network architecture concepts.
-Given a scenario, implement secure systems design.
-Explain the importance of secure staging deployment concepts.
-Explain the security implications of embedded systems.
-Summarize secure application development and deployment concepts.
-Summarize cloud and virtualization concepts.
-Explain how resiliency and automation strategies reduce risk.
-Explain the importance of physical security controls.
4.0 Identity and Access Management
-Compare and contrast identity and access management concepts
-Given a scenario, install and configure identity and access services.
-Given a scenario, implement identity and access management controls.
-Given a scenario, differentiate common account management practices.
-Explain the importance of policies, plans and procedures related to organizational security.
-Summarize business impact analysis concepts.
-Explain risk management processes and concepts.
5.0 Risk Management
-Given a scenario, follow incident response procedures.
-Summarize basic concepts of forensics.
-Explain disaster recovery and continuity of operations concepts.
-Compare and contrast various types of controls.
-Given a scenario, carry out data security and privacy practices.
-Compare and contrast basic concepts of cryptography.
-Explain cryptography algorithms and their basic characteristics.
6.0 Cryptography and PKI
-Given a scenario, install and configure wireless security settings.
-Given a scenario, implement public key infrastructure.