Professional Documents
Culture Documents
Certification Exam
Objectives
EXAM NUMBER: SY0-501
About the Exam
The CompTIA Security+ certification is a vendor-neutral credential. The CompTIA Security+
exam is an internationally recognized validation of foundation-level security skills and
knowledge, and is used by organizations and security professionals around the globe.
The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required
to install and configure systems to secure applications, networks, and devices; perform threat analysis
and respond with appropriate mitigation techniques; participate in risk mitigation activities; and
operate with an awareness of applicable policies, laws, and regulations. The successful candidate
will perform these tasks to support the principles of confidentiality, integrity, and availability.
The CompTIA Security+ certification is aimed at an IT security professional who has:
• A minimum of two years’ experience in IT administration with a focus on security
• Day-to-day technical information security experience
• Broad knowledge of security concerns and implementation, including the topics in the domain list
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all content in this examination.
EXAM ACCREDITATION
CompTIA Security+ is accredited by ANSI to show compliance with the ISO 17024 Standard
and, as such, the exam objectives undergo regular reviews and updates.
EXAM DEVELOPMENT
CompTIA exams result from subject matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an IT professional.
PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current and the security
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be valid.
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
TEST DETAILS
Required exam CompTIA Security+ SY0-501
Number of questions Maximum of 90
Types of questions Multiple choice and performance-based
Length of test 90 minutes
Recommended experience At least two years of experience
in IT administration with a focus on security
Passing score 750 (on a scale of 100–900)
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
1.0 Threats, Attacks and Vulnerabilities
1.1 Given a scenario, analyze indicators of compromise
and determine the type of malware.
• Viruses • Bots
• Crypto-malware • RAT
• Ransomware • Logic bomb
• Worm • Backdoor
• Trojan
• Rootkit
• Keylogger
• Adware
• Spyware
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
1.0 Threats, Attacks and Vulnerabilities
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
2.0 Technologies and Tools
2.1 Install and configure network components, both hardware-
and software-based, to support organizational security.
• Firewall • Router • SIEM
- ACL - ACLs - Aggregation
- Application-based vs. network-based - Antispoofing - Correlation
- Stateful vs. stateless • Switch - Automated alerting and triggers
- Implicit deny - Port security - Time synchronization
• VPN concentrator - Layer 2 vs. Layer 3 - Event deduplication
- Remote access vs. site-to-site - Loop prevention - Logs/WORM
- IPSec - Flood guard • DLP
- Tunnel mode • Proxy - USB blocking
- Transport mode - Forward and reverse proxy - Cloud-based
- AH - Transparent - Email
- ESP - Application/multipurpose • NAC
- Split tunnel vs. full tunnel • Load balancer - Dissolvable vs. permanent
- TLS - Scheduling - Host health checks
- Always-on VPN - Affinity - Agent vs. agentless
• NIPS/NIDS - Round-robin • Mail gateway
- Signature-based - Active-passive - Spam filter
- Heuristic/behavioral - Active-active - DLP
- Anomaly - Virtual IPs - Encryption
- Inline vs. passive • Access point • Bridge
- In-band vs. out-of-band - SSID • SSL/TLS accelerators
- Rules - MAC filtering • SSL decryptors
- Analytics - Signal strength • Media gateway
- False positive - Band selection/width • Hardware security module
- False negative - Antenna types and placement
- Fat vs. thin
- Controller-based vs. standalone
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
2.0 Technologies and Tools
2.4 Given a scenario, analyze and interpret output from security technologies.
• HIDS/HIPS • Application whitelisting • UTM
• Antivirus • Removable media control • DLP
• File integrity check • Advanced malware tools • Data execution prevention
• Host-based firewall • Patch management tools • Web application firewall
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
3.0 Architecture and Design
3.1 Explain use cases and purpose for frameworks, best
practices and secure configuration guides.
• Industry-standard frameworks • Benchmarks/secure configuration guides • Defense-in-depth/layered security
and reference architectures - Platform/vendor-specific guides - Vendor diversity
- Regulatory - Web server - Control diversity
- Non-regulatory - Operating system - Administrative
- National vs. international - Application server - Technical
- Industry-specific frameworks - Network infrastructure devices - User training
- General purpose guides
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
3.0 Architecture and Design
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
4.0 Identity and Access Management
4.1 Compare and contrast identity and access management concepts
• Identification, authentication, - Something you have • Federation
authorization and accounting (AAA) - Something you know • Single sign-on
• Multifactor authentication - Somewhere you are • Transitive trust
- Something you are - Something you do
4.2 Given a scenario, install and configure identity and access services.
• LDAP • MSCHAP • Shibboleth
• Kerberos • RADIUS • Secure token
• TACACS+ • SAML • NTLM
• CHAP • OpenID Connect
• PAP • OAUTH
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
5.0 Risk Management
5.1 Explain the importance of policies, plans and
procedures related to organizational security.
• Standard operating procedure - Clean desk - NDA
• Agreement types - Background checks - Onboarding
- BPA - Exit interviews - Continuing education
- SLA - Role-based awareness training - Acceptable use policy/rules of behavior
- ISA - Data owner - Adverse actions
- MOU/MOA - System administrator • General security policies
• Personnel management - System owner - Social media networks/applications
- Mandatory vacations - User - Personal email
- Job rotation - Privileged user
- Separation of duties - Executive user
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
5.0 Risk Management
5.8 Given a scenario, carry out data security and privacy practices.
• Data destruction and media sanitization • Data sensitivity labeling and handling • Data roles
- Burning - Confidential - Owner
- Shredding - Private - Steward/custodian
- Pulping - Public - Privacy officer
- Pulverizing - Proprietary • Data retention
- Degaussing - PII • Legal and compliance
- Purging - PHI
- Wiping
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
6.0 Cryptography and PKI
6.1 Compare and contrast basic concepts of cryptography.
• Symmetric algorithms • Key strength • Common use cases
• Modes of operation • Session keys - Low power devices
• Asymmetric algorithms • Ephemeral key - Low latency
• Hashing • Secret algorithm - High resiliency
• Salt, IV, nonce • Data-in-transit - Supporting confidentiality
• Elliptic curve • Data-at-rest - Supporting integrity
• Weak/deprecated algorithms • Data-in-use - Supporting obfuscation
• Key exchange • Random/pseudo-random - Supporting authentication
• Digital signatures number generation - Supporting non-repudiation
• Diffusion • Key stretching - Resource vs. security constraints
• Confusion • Implementation vs. algorithm selection
• Collision - Crypto service provider
• Steganography - Crypto modules
• Obfuscation • Perfect forward secrecy
• Stream vs. block • Security through obscurity
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
6.0 Cryptography and PKI
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
CompTIA Security+ Acronyms
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
DMZ Demilitarized Zone ICMP Internet Control Message Protocol
DNAT Destination Network Address Transaction ICS Industrial Control Systems
DNS Domain Name Service (Server) ID Identification
DoS Denial of Service IDEA International Data Encryption Algorithm
DRP Disaster Recovery Plan IDF Intermediate Distribution Frame
DSA Digital Signature Algorithm IdP Identity Provider
DSL Digital Subscriber Line IDS Intrusion Detection System
DSU Data Service Unit IEEE Institute of Electrical and Electronic Engineers
EAP Extensible Authentication Protocol IIS Internet Information System
ECB Electronic Code Book IKE Internet Key Exchange
ECC Elliptic Curve Cryptography IM Instant Messaging
ECDHE Elliptic Curve Diffie-Hellman Ephemeral IMAP4 Internet Message Access Protocol v4
ECDSA Elliptic Curve Digital Signature Algorithm IoT Internet of Things
EF Exposure Factor IP Internet Protocol
EFS Encrypted File System IPSec Internet Protocol Security
EMI Electromagnetic Interference IR Incident Response
EMP Electro Magnetic Pulse IR Infrared
EOL End of Life IRC Internet Relay Chat
ERP Enterprise Resource Planning IRP Incident Response Plan
ESN Electronic Serial Number ISA Interconnection Security Agreement
ESP Encapsulated Security Payload ISP Internet Service Provider
EULA End User License Agreement ISSO Information Systems Security Officer
FACL File System Access Control List ITCP IT Contingency Plan
FAR False Acceptance Rate IV Initialization Vector
FDE Full Disk Encryption KDC Key Distribution Center
FRR False Rejection Rate KEK Key Encryption Key
FTP File Transfer Protocol L2TP Layer 2 Tunneling Protocol
FTPS Secured File Transfer Protocol LAN Local Area Network
GCM Galois Counter Mode LDAP Lightweight Directory Access Protocol
GPG Gnu Privacy Guard LEAP Lightweight Extensible Authentication Protocol
GPO Group Policy Object MaaS Monitoring as a Service
GPS Global Positioning System MAC Mandatory Access Control
GPU Graphic Processing Unit MAC Media Access Control
GRE Generic Routing Encapsulation MAC Message Authentication Code
HA High Availability MAN Metropolitan Area Network
HDD Hard Disk Drive MBR Master Boot Record
HIDS Host-based Intrusion Detection System MD5 Message Digest 5
HIPS Host-based Intrusion Prevention System MDF Main Distribution Frame
HMAC Hashed Message Authentication Code MDM Mobile Device Management
HOTP HMAC-based One-Time Password MFA Multi-Factor Authentication
HSM Hardware Security Module MFD Multi-function Device
HTML Hypertext Markup Language MIME Multipurpose Internet Mail Exchange
HTTP Hypertext Transfer Protocol MITM Man-in-the-Middle
HTTPS Hypertext Transfer Protocol over SSL/TLS MMS Multimedia Message Service
HVAC Heating, Ventilation and Air Conditioning MOA Memorandum of Agreement
IaaS Infrastructure as a Service MOTD Message of the Day
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
MOU Memorandum of Understanding POODLE Padding Oracle on Downgrade Legacy Encryption
MPLS Multi-protocol Label Switching POP Post Office Protocol
MSCHAP Microsoft Challenge Handshake POTS Plain Old Telephone Service
Authentication Protocol PPP Point-to-Point Protocol
MSP Managed Service Provider PPTP Point-to-Point Tunneling Protocol
MTBF Mean Time Between Failures PSK Pre-shared Key
MTTF Mean Time to Failure PTZ Pan-Tilt-Zoom
MTTR Mean Time to Recover or Mean Time to Repair RA Recovery Agent
MTU Maximum Transmission Unit RA Registration Authority
NAC Network Access Control RAD Rapid Application Development
NAT Network Address Translation RADIUS Remote Authentication Dial-in User Server
NDA Non-disclosure Agreement RAID Redundant Array of Inexpensive Disks
NFC Near Field Communication RAS Remote Access Server
NGAC Next Generation Access Control RAT Remote Access Trojan
NIDS Network-based Intrusion Detection System RBAC Role-based Access Control
NIPS Network-based Intrusion Prevention System RBAC Rule-based Access Control
NIST National Institute of Standards & Technology RC4 Rivest Cipher version 4
NTFS New Technology File System RDP Remote Desktop Protocol
NTLM New Technology LAN Manager REST Representational State Transfer
NTP Network Time Protocol RFID Radio Frequency Identifier
OAUTH Open Authorization RIPEMD RACE Integrity Primitives
OCSP Online Certificate Status Protocol Evaluation Message Digest
OID Object Identifier ROI Return on Investment
OS Operating System RMF Risk Management Framework
OTA Over The Air RPO Recovery Point Objective
OVAL Open Vulnerability Assessment Language RSA Rivest, Shamir, & Adleman
P12 PKCS #12 RTBH Remotely Triggered Black Hole
P2P Peer to Peer RTO Recovery Time Objective
PaaS Platform as a Service RTOS Real-time Operating System
PAC Proxy Auto Configuration RTP Real-time Transport Protocol
PAM Pluggable Authentication Modules S/MIME Secure/Multipurpose Internet Mail Extensions
PAP Password Authentication Protocol SaaS Software as a Service
PAT Port Address Translation SAML Security Assertions Markup Language
PBKDF2 Password-based Key Derivation Function 2 SAN Storage Area Network
PBX Private Branch Exchange SAN Subject Alternative Name
PCAP Packet Capture SCADA System Control and Data Acquisition
PEAP Protected Extensible Authentication Protocol SCAP Security Content Automation Protocol
PED Personal Electronic Device SCEP Simple Certificate Enrollment Protocol
PEM Privacy-enhanced Electronic Mail SCP Secure Copy
PFS Perfect Forward Secrecy SCSI Small Computer System Interface
PFX Personal Exchange Format SDK Software Development Kit
PGP Pretty Good Privacy SDLC Software Development Life Cycle
PHI Personal Health Information SDLM Software Development Life Cycle Methodology
PII Personally Identifiable Information SDN Software Defined Network
PIV Personal Identity Verification SED Self-encrypting Drive
PKI Public Key Infrastructure SEH Structured Exception Handler
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
SFTP Secured File Transfer Protocol USB OTG USB On The Go
SHA Secure Hashing Algorithm UTM Unified Threat Management
SHTTP Secure Hypertext Transfer Protocol UTP Unshielded Twisted Pair
SIEM Security Information and Event Management VDE Virtual Desktop Environment
SIM Subscriber Identity Module VDI Virtual Desktop Infrastructure
SIP Session Initiation Protocol VLAN Virtual Local Area Network
SIPS Session Initiation Protocol Secure VLSM Variable Length Subnet Masking
SLA Service Level Agreement VM Virtual Machine
SLE Single Loss Expectancy VoIP Voice over IP
SMB Server Message Block VPN Virtual Private Network
SMS Short Message Service VTC Video Teleconferencing
SMTP Simple Mail Transfer Protocol WAF Web Application Firewall
SMTPS Simple Mail Transfer Protocol Secure WAP Wireless Access Point
SNMP Simple Network Management Protocol WEP Wired Equivalent Privacy
SOAP Simple Object Access Protocol WIDS Wireless Intrusion Detection System
SoC System on Chip WIPS Wireless Intrusion Prevention System
SPF Sender Policy Framework WORM Write Once Read Many
SPIM Spam over Internet Messaging WPA WiFi Protected Access
SPoF Single Point of Failure WPA2 WiFi Protected Access 2
SQL Structured Query Language WPS WiFi Protected Setup
SRTP Secure Real-Time Protocol WTLS Wireless TLS
SSD Solid State Drive XML Extensible Markup Language
SSH Secure Shell XOR Exclusive Or
SSID Service Set Identifier XSRF Cross-site Request Forgery
SSL Secure Sockets Layer XSS Cross-site Scripting
SSO Single Sign-on
SSP System Security Plan
STP Shielded Twisted Pair
TACACS+ Terminal Access Controller Access
Control System Plus
TCO Total Cost of Ownership
TCP/IP Transmission Control Protocol/Internet Protocol
TGT Ticket Granting Ticket
TKIP Temporal Key Integrity Protocol
TLS Transport Layer Security
TOTP Time-based One-time Password
TPM Trusted Platform Module
TSIG Transaction Signature
UAT User Acceptance Testing
UAV Unmanned Aerial Vehicle
UDP User Datagram Protocol
UEFI Unified Extensible Firmware Interface
UPS Uninterruptable Power Supply
URI Uniform Resource Identifier
URL Universal Resource Locator
USB Universal Serial Bus
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-501)
Security+ Proposed Hardware and Software List
CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the Security+ exam. This list may also be helpful
for training companies who wish to create a lab component to their training
offering. The bulleted lists below each topic are a sample list and not exhaustive.
© 2017 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such
programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally.
Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduc-
tion or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 03626-Mar2017