This post has info on the Security+ SY0-401 exam. This is an entry level IT certification.
Table of Contents
Exam Structure
- Number of Questions: 90 questions
- Duration: 90 minute duration, not including survey time, about 1 minute per question
- Score Range: 100-900
- Passing Score: 750 (roughly 83%, not including experimental questions)
- Types of Questions:
- Multiple Choice – can have more than one answer
- Performance Based – perform the requested action
- Matching – match items from 2 lists
- Drag and Drop – visual matching
- Data Entry – fill in the blank
Exam Domains
- Network Security 20%
- Compliance and Operational Security 18%
- Threats and Vulnerabilities 20%
- Application, Data and Host Security 15%
- Access Control and Identity Management 15%
- Cryptography 12%
Exam History
- SY0-601: November 12, 2020, current
- SY0-501: October ​4, 2017, retiring July 31, 2021
- SY0-401: May 1, 2014, retired July 31, 2018 (US date, all others December 15, 2018)
- SY0-301: 2011, retired December 31, 2014
- SY0-201: 2008, retired December 31, 2011
- SY0-101: 2002, retired July 31, 2009
Update: Added the new SY0-601 exam to the list.
Update: Added the new SY0-501 exam to the list.
Study Notes
A current overview of CompTIA Security+ certification exam SY0-401. In same order as Darril Gibson’s book, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
- Security Basics
- Network Security
- Advanced Network Security
- Securing Hosts and Data
- Malware and Social Engineering
- Identifying Advanced Attacks
- Managing Risk
- Preparing for Business Continuity
- Understanding Cryptography
- Exploring Security Policies
- Review Those Ports
After the Exam
- Requires 50 Continuing Education credits after passing exam.
- CompTIA Security+ Page
- Update: CompTIA Security+ SY0-601 Exam Objectives
- Update: CompTIA Security+ SY0-501 Exam Objectives
- CompTIA Security+ SY0-401 Exam Objectives
- Update: 6 Skills You’ll Learn with CompTIA Security+
Likely Jobs
- Security Administrator / Specialist / Consultant / Engineer / Architect
- Systems Administrator
- Helpdesk Manager / Analyst
- Network / Cloud Engineer / Administrator
- Security Engineer / Analyst
- DevOps / Software Developer
- IT Auditors
- IT Project Manager
- Information Assurance Technician
The U.S. Department of Defense requires CompTIA Security+ certification for military personnel or military contractors.
Security+ Acronym Addendum
Be prepared to know what these are or in the very least, what they reference to.
| Acronym | Meaning |
|---|---|
| 3DES | Triple Digital Encryption Standard |
| 802.1x | Port-based authentication protocol |
| AAA | Authentication, Authorization, and Accounting |
| ACE | Access Control Entity |
| ACK | Acknowledge |
| ACL | Access Control List |
| AES | Advanced Encryption Standard |
| AES-256 | Advanced Encryption Standards 256-bit |
| AH | Authentication Header |
| ALE | Annualized Loss Expectancy |
| AP | Access Point |
| API | Application Programming Interface |
| APT | Advanced Persistent Threat |
| ARO | Annualized Rate of Occurrence |
| ARP | Address Resolution Protocol |
| ASCII | American Standard Code for Information Interchange |
| ASP | Application Service Provider |
| AUP | Acceptable Use Policy |
| BAC | Business Availability Center |
| BCP | Business Continuity Planning |
| BIA | Business Impact Analysis |
| BIND | Berkeley Internet Name Domain |
| BIOS | Basic Input / Output System |
| BPA | Business Partners Agreement |
| BPDU | Bridge Protocol Data Unit |
| BYOD | Bring Your Own Device |
| CA | Certificate Authority |
| CAC | Common Access Card |
| CAN | Controller Area Network |
| CAPTCHA | Completely Automated Public Turing Test to Tell Computers and Humans Apart |
| CAR | Corrective Action Report |
| CCMP | Counter-Mode / CBC-Mac Protocol |
| CCTV | Closed-Circuit Television |
| CERT | Computer Emergency Response Team |
| CFB | Cipher Feedback |
| CHAP | Challenge Handshake Authentication Protocol |
| CIA | Confidentiality, Integrity, and Availability |
| CIO | Chief Information Officer |
| CIRT | Computer Incident Response Team |
| CMS | Content Management System |
| COOP | Continuity of Operation Planning |
| CP | Contingency Planning |
| CRC | Cyclical Redundancy Check |
| CRL | Certificate Revocation List |
| CSP | Cloud Service Provider |
| CSR | Certificate Signing Request |
| CSR | Control Status Register |
| CSRF | Cross-Site Request Forgery |
| CSU | Channel Service Unit |
| CTO | Chief Technology Officer |
| CVE | Common Vulnerabilities and Exposures |
| DAC | Discretionary Access Control |
| DACL | Discretionary Access Control List |
| DBA | Database Administrator |
| dBd | Decibels-dipole |
| dBi | Decibels-isotropic |
| dBm | Decibels-milliwatt |
| DDOS | Distributed Denial of Service |
| DEP | Data Execution Prevention |
| DES | Digital Encryption Standard |
| DHCP | Dynamic Host Configuration Protocol |
| DHE | Data-Handling Electronics |
| DHE | Diffie-Hellman Ephemeral |
| DLL | Dynamic Link Library |
| DLP | Data Loss Prevention |
| DMZ | Demilitarized Zone |
| DNAT | Destination Network Address Transaction |
| DNAT | Dynamic Network Address Translation |
| DNS | Domain Name Service (Server) |
| DNSSEC | Domain Name System Security Extensions |
| DOS | Denial of Service |
| DRP | Disaster Recovery Plan |
| DSA | Digital Signature Algorithm |
| DSL | Digital Subscriber line |
| DSU | Data Service Unit |
| EAP | Extensible Authentication Protocol |
| EAP-TLS | Extensible Authentication Protocol – Transport Layer Security |
| EAP-TTLS | Extensible Authentication Protocol – Tunneled Transport Layer Security |
| ECC | Elliptic Curve Cryptography |
| ECDHE | Elliptic Curve Diffie-Hellman Exchange |
| ECDSA | Elliptic Curve Digital Signature Algorithm |
| EFS | Encrypted File System |
| EMI | Electromagnetic Interference |
| ESD | Electrostatic Discharge |
| ESN | Electronic Serial Number |
| ESP | Encapsulated Security Payload |
| FACL | File System Access Control List |
| FCoE | Fibre Channel over Ethernet |
| FDE | Full Disk Encryption |
| FTP | File Transfer Protocol |
| FTPS | File Transfer Protocol Secured (over SSL) |
| GCM | Galois Counter Mode |
| GPG | Gnu Privacy Guard |
| GPO | Group Policy Object |
| GPS | Global Positioning System |
| GPU | Graphic Processing Unit |
| GRE | Generic Routing Encapsulation |
| GUI | Graphical User Interface |
| HDD | Hard Disk Drive |
| HIDS | Host Based Intrusion Detection System |
| HIPS | Host Based Intrusion Prevention System |
| HMAC | Hashed Message Authentication Code |
| HOTP | HMAC based One Time Password |
| HSM | Hardware Security Module |
| HTML | HyperText Markup Language |
| HTTP | Hypertext Transfer Protocol |
| HTTPS | Hypertext Transfer Protocol Secure (over SSL) |
| HVAC | Heating, Ventilation Air Conditioning |
| IaaS | Infrastructure as a Service |
| ICMP | Internet Control Message Protocol |
| ICS | Industrial Control Systems |
| ID | Identification |
| IDF | Intermediate Distribution Frame |
| IdP | Identity Provider |
| IDS | Intrusion Detection System |
| IEEE | Institute of Electrical and Electronics Engineers |
| IGMP | Internet Group Management Protocol |
| IIS | Internet Information Services |
| IKE | Internet Key Exchange |
| IM | Instant Messaging |
| IMAP4 | Internet Message Access Protocol v4 |
| IP | Internet Protocol |
| IPS | Intrusion Prevention System |
| IPSEC | Internet Protocol Security |
| IPv4 | Internet Protocol version 4 |
| IPv6 | Internet Protocol version 6 |
| IR | Incident Response |
| IRC | Internet Relay Chat |
| IRP | Incident Response Procedure |
| IRT | Incident Response Team |
| ISA | Interconnection Security Agreement |
| iSCSI | Internet Small Computer System Interface |
| ISP | Internet Service Provider |
| ISSO | Information Systems Security Officer |
| ITCP | IT Contingency Plan |
| IV | Initialization Vector |
| JBOD | Just a Bunch of Disks |
| KDC | Key Distribution Center |
| KEK | Key Encryption Key |
| L2TP | Layer 2 Tunneling Protocol |
| LAN | Local Area Network |
| LDAP | Lightweight Directory Access Protocol |
| LEAP | Lightweight Extensible Authentication Protocol |
| LSO | Local Shared Objects |
| MaaS | Monitoring as a Service |
| MAC | Mandatory Access Control |
| MAC | Media Access Control |
| MAC | Message Authentication Code |
| MAN | Metropolitan Area Network |
| MBR | Master Boot Record |
| MD5 | Message Digest 5 |
| MDF | Main Distribution Frame |
| MITM | Man-in-the-Middle |
| MOU | Memorandum of Understanding |
| MPLS | Multi-Protocol Layer Switch |
| MSCHAP | Microsoft Challenge Handshake Authentication Protocol |
| MTBF | Mean Time Between Failures |
| MTTF | Mean Time to Failure |
| MTTR | Mean Time to Recover |
| MTU | Maximum Transmission Unit |
| NAC | Network Access Control |
| NAT | Network Address Translation |
| NDA | Non-Disclosure Agreement |
| NDP | Network Discovery Protocol |
| NFC | Near Field Communication |
| NIC | Network Interface Card |
| NIDS | Network Based Intrusion Detection System |
| NIPS | Network Based Intrusion Prevention System |
| NIST | National Institute of Standards & Technology |
| NOP | No operation |
| NOS | Network Operating System |
| NoSQL | Not only Structured Query Language |
| NTFS | New Technology File System |
| NTLM | New Technology LANMAN |
| NTP | Network Time Protocol |
| OAUTH | Open Authorization |
| OCSP | Online Certificate Status Protocol |
| OLA | Open License Agreement |
| OS | Operating System |
| OSI | Open Systems Interconnection |
| OVAL | Open Vulnerability Assessment Language |
| P2P | Peer to Peer |
| PaaS | Platform as a Service |
| PAC | Proxy Auto Configuration |
| PAM | Pluggable Authentication Modules |
| PAN | Personal Area Network |
| PAP | Password Authentication Protocol |
| PAT | Port Address Translation |
| PBKDF2 | Password Based Key Derivation Function 2 |
| PBX | Private Branch Exchange |
| PCAP | Packet Capture |
| PEAP | Protected Extensible Authentication Protocol |
| PED | Personal Electronic Device |
| PFS | Perfect Forward Secrecy |
| PGP | Pretty Good Privacy |
| PII | Personally Identifiable Information |
| PIV | Personal Identity Verification |
| PKI | Public Key Infrastructure |
| POP3 | Post Office protocol version 3 |
| POTS | Plain Old Telephone Service |
| PPP | Point-to-point Protocol |
| PPTP | Point to Point Tunneling Protocol |
| PSK | Pre-Shared Key |
| PTZ | Pan-Tilt-Zoom |
| RA | Recovery Agent |
| RA | Registration Authrity |
| RAD | Rapid Application Development |
| RADIUS | Remote Authentication Dial-in User Server |
| RAID | Redundant Array of Inexpensive Disks |
| RAID-0 | Disk striping |
| RAID-1 | Disk mirroring |
| RAID-5 | Disk striping with parity, 3 or more disks |
| RAID-6 | Disk striping with parity, 4 or more disks |
| RAM | Random Access Memory |
| RAS | Remote Access Server |
| RAT | Remote Access Tool |
| RBAC | Role Based Access Control |
| RBAC | Rule Based Access Control |
| RC4 | Rivest Cipher 4 (Ron’s Code) |
| RDP | Remote Desktop Protocol |
| RFI | Radio Frequency Interference |
| RFID | Radio Frequency Identification |
| RIPEMD | RACE Integrity Primitives Evaluation Message Digest |
| ROI | Return of Investment |
| RPO | Recovery Point Objective |
| RSA | Rivest, Shamir, & Adleman |
| RTO | Recovery Time Objective |
| RTP | Real-Time Transport Protocol |
| S/MIME | Secure / Multipurpose Internet Mail Extensions |
| SaaS | Software as a Service |
| SAML | Security Assertions Markup Language |
| SAN | Storage Area Network |
| SCADA | System Control and Data Acquisition |
| SCAP | Security Content Automation Protocol |
| SCEP | Simple Certificate Enrollment Protocol |
| SCSI | Small Computer System Interface |
| SDLC | Software Development Life Cycle |
| SDLM | Software Development Life Cycle Methodology |
| SEH | Structured Exception Handler |
| SELinux | Security Enhanced Linux |
| SHA | Secure Hashing Algorithm |
| SFTP | Secure File Transfer Protocol |
| SHTTP | Secure Hypertext Transfer Protocol |
| SID | Security Identifier |
| SIEM | Security Information and Event Management |
| SIM | Subscriber Identity Module |
| SIRT | Security Incident Response Team |
| SLA | Service Level Agreement |
| SLE | Single Loss Expectancy |
| SMS | Short Message Service |
| SMTP | Simple Mail Transfer Protocol |
| SMTPS | Simple Mail Transfer Protocol Secure |
| SNMP | Simple Network Management Protocol |
| SOAP | Simple Object Access Protocol |
| SONET | Synchronous Optical Network Technologies |
| SPIM | Spam over Internet Messaging |
| SPOF | Single Point of Failure |
| SQL | Structured Query Language |
| SSD | Solid State Drive |
| SSH | Secure Shell |
| SSID | Service Set Identifier |
| SSL | Secure Sockets Layer |
| SSO | Single Sign On |
| SSTP | Secure Socket Tunneling Protocol |
| STP | Shielded Twisted Pair |
| STP | Spanning Tree Protocol |
| SYN | Synchronize |
| TACACS+ | Terminal Access Controller Access Control System |
| TCO | Total Cost of Ownership |
| TCP/IP | Transmission Control Protocol / Internet Protocol |
| TFTP | Trivial File Transfer Protocol |
| TGT | Ticket Granting Ticket |
| TKIP | Temporal Key Integrity Protocol |
| TLS | Transport Layer Security |
| TOTP | Time-Based One-Time Password |
| TPM | Trusted Platform Module |
| TSIG | Transaction Signature |
| UAT | User Acceptance Testing |
| UEFI | Unified Extensible Firmware Interface |
| UDP | User Datagram Protocol |
| UPS | Uninterruptable Power Supply |
| URI | Uniform Resource Identifier |
| URL | Universal Resource Locator |
| USB | Universal Serial Bus |
| UTM | Unified Threat Management |
| UTP | Unshielded Twisted Pair |
| VDI | Virtualization Desktop Infrastructure |
| VLAN | Virtual Local Area Network |
| VLSM | Variable Length Subnet Masking |
| VM | Virtual Machine |
| VoIP | Voice over IP |
| VPN | Virtual Private Network |
| VSAN | Virtual Storage Area Network |
| VTC | Video Teleconferencing |
| WAF | Web Application Firewall |
| WAP | Wireless Access Point |
| WEP | Wired Equivalent Privacy |
| WIDS | Wireless Intrusion Detection System |
| WIPS | Wireless Intrusion Prevention System |
| WPA | Wireless Protected Access |
| WPA2 | WiFi Protected Access 2 |
| WPS | WiFi Protected Setup |
| WTLS | Wireless TLS |
| XML | Extensible Markup Language |
| XSRF | Cross-Site Request Forgery |
| XSS | Cross-Site Scripting |
| XTACACS | Extended Terminal Access Controller Access-Control System |
