CyberPathBlogCompTIA Security+ Exam Domains Explained (SY0-701)

Study Guide

Security+ Exam Domains Explained: What's on the SY0-701 and How to Study Each One

The SY0-701 exam is organized into 5 domains. Each domain covers specific objectives and has a different weight on the exam. Understanding the domain breakdown helps you focus your study time efficiently.

CyberPath Team·2026-06-29·10 min

Domain 1: General Security Concepts (25%)

Weight: 25% — the second-largest domain. Covers fundamental security concepts like the CIA Triad, AAA framework, Zero Trust, change management, and cryptographic solutions. Study tip: Focus on understanding the CIA Triad principles with real-world examples. Know the difference between preventive, detective, corrective, and deterrent controls. Zero Trust is a hot topic on the SY0-701 — understand microsegmentation and the control/data plane separation.

Domain 2: Threats, Vulnerabilities, and Mitigations (24%)

Weight: 24%. Covers threat actors, social engineering, attack types, malware, vulnerability scanning, and mitigation techniques. Study tip: This domain is very scenario-heavy. Practice identifying attack types from descriptions. Know the difference between phishing, spear phishing, and whaling. Understand malware types (virus vs worm vs trojan vs ransomware). Memorize mitigation techniques for each attack type.

Domain 3: Security Architecture (21%)

Weight: 21%. Covers security architecture models, network security devices, data protection, and disaster recovery. Study tip: Know the firewall types (packet filter, stateful, NGFW, WAF). Understand IDS vs IPS. Cloud security is heavily tested — know IaaS/PaaS/SaaS and shared responsibility. For disaster recovery, memorize RTO (time to restore) vs RPO (acceptable data loss).

Domain 4: Security Operations (25%)

Weight: 25% — the largest domain, tied with Domain 1. Covers hardening, asset management, vulnerability management, SIEM/SOAR, IAM, incident response, and forensics. Study tip: Allocate 30% of your study time here. Focus on the incident response lifecycle (NIST 800-61 phases). Understand SIEM (detection) vs SOAR (response). Know IAM concepts: SSO, federation, SAML vs OAuth, RBAC vs ABAC. Chain of custody is a common exam topic.

Domain 5: Security Program Management (5%)

Weight: 5% — the smallest domain, but don't skip it. Covers governance, risk management, compliance, third-party risk, and security awareness. Study tip: Focus on key compliance frameworks (GDPR, HIPAA, PCI DSS). Understand qualitative vs quantitative risk analysis — know the formulas: SLE = AV × EF, ALE = SLE × ARO. Know the four risk responses: mitigate, transfer, accept, avoid. Memorize the NIST CSF functions: Identify, Protect, Detect, Respond, Recover.

How to Allocate Your Study Time

Recommended study time allocation based on domain weight and difficulty: Domain 4 (Security Operations) — 30% of study time (largest domain, most complex). Domain 1 (General Security Concepts) — 25%. Domain 2 (Threats & Vulnerabilities) — 20%. Domain 3 (Security Architecture) — 15%. Domain 5 (Security Program Management) — 10% (smallest but don't ignore). Total study time for the exam: 60-120 hours depending on your background.