General Concepts
12%of exam
Threats + Mitigations
22%of exam
Security Architecture
18%of exam
Security Operations
28%of exam
Program Oversight
20%of exam
Quick Facts
- Exam
- SY0-701
- Questions
- Max 90
- Time
- 90 min
- Pass
- 750/900
- Level
- Core security
- Format
- MCQ + PBQ
- Skill
- Pick control
CIA + AAA
CIA protects data | AAA controls users
C: secrecyI: accuracyA: uptimeAAA: access
Authentication vs Authorization
Authentication
- Who you are
- Login
- MFA
Authorization
- What you do
- Permissions
- Roles
Identity vs access
Security Basics
- CIA
- Confidentiality integrity availability
- AAA
- Authn authz accounting
- Zero Trust
- Verify every request
- Least privilege
- Minimum access
- Defense depth
- Layered controls
- Nonrepudiation
- Cannot deny action
Controls
- Preventive
- Stop event
- Detective
- Find event
- Corrective
- Fix event
- Deterrent
- Discourage action
- Compensating
- Alternate control
- Directive
- Require behavior
Identity
- MFA
- Multiple factors
- SSO
- One login
- Federation
- Trusted IdPs
- SAML
- Enterprise assertions
- OIDC
- Identity layer
- PAM
- Privileged access
Risk vs Vulnerability
Risk
- Likelihood x impact
- Business loss
- Prioritized
Vulnerability
- Weakness
- Exploit path
- Patchable
Loss vs weakness
Threat Actors
- Insider
- Trusted access
- Nation-state
- Advanced resources
- Script kiddie
- Low skill
- Hacktivist
- Ideology motive
- Organized crime
- Financial motive
- APT
- Persistent campaign
Attacks
- Phishing
- Broad lure
- Spear phishing
- Targeted lure
- Whaling
- Executive target
- SQLi
- Database injection
- XSS
- Browser script
- DDoS
- Availability attack
- MitM
- Intercept traffic
- Ransomware
- Encrypts data
Hash vs Encryption
Hash
- One-way
- Integrity
- Passwords
Encryption
- Reversible
- Confidentiality
- Data secrecy
Verify vs hide
Crypto Picker
- Need speed→Symmetric
- Need exchange→Asymmetric
- Need integrity→Hash
- Need identity→Signature
- Store password→Salted hash
- Protect keys→HSM
Architecture
- DMZ
- Public buffer
- Segmentation
- Limit blast
- Microsegmentation
- Workload isolation
- SASE
- Cloud security edge
- CASB
- Cloud app broker
- WAF
- Web app filter
- NAC
- Endpoint admission
- HSM
- Key protection
IDS vs IPS
IDS
- Detects
- Alerts
- Passive
IPS
- Blocks
- Inline
- Active
Alert vs block
Crypto
- Hash
- Integrity digest
- Salt
- Unique randomness
- Symmetric
- One key
- Asymmetric
- Key pair
- Signature
- Integrity + identity
- PKI
- Certificate trust
IR Order
Prep -> Detect -> Contain -> Eradicate
Recover followsLessons lastContain firstPreserve evidence
Control Picker
- Stop attack→Preventive
- Find attack→Detective
- Fix impact→Corrective
- Scare actor→Deterrent
- Replace gap→Compensating
- Force behavior→Directive
Operations
- EDR
- Endpoint detection
- SIEM
- Log correlation
- SOAR
- Automated playbooks
- DLP
- Data loss prevention
- MDM
- Mobile management
- Patching
- Fix vulnerability
- Baseline
- Approved config
- Hardening
- Reduce attack surface
IR Picker
- Before incident→Preparation
- Alert fires→Detection
- Stop spread→Containment
- Remove malware→Eradication
- Restore systems→Recovery
- After action→Lessons
Incident Response
- Prepare
- Plans + tools
- Detect
- Identify incident
- Contain
- Limit spread
- Eradicate
- Remove cause
- Recover
- Restore service
- Lessons
- Improve process
Risk Formula
Risk = likelihood x impact
Asset valueThreat sourceVulnerabilityControl gap
BCP vs DR
BCP
- Keep operating
- Business process
- Continuity
DR
- Restore IT
- Systems recovery
- Backups
Business vs systems
Governance
- Policy
- Management intent
- Standard
- Mandatory rule
- Procedure
- Step sequence
- Baseline
- Minimum config
- Risk register
- Tracked risks
- BIA
- Impact analysis
- SLA
- Service target
- MOU
- Shared understanding
Common Traps
Auth mixup
Authn proves identity ≠ Authz grants access
Hash confusion
Hash verifies ≠ Encryption hides
IDS confusion
IDS alerts ≠ IPS blocks
BCP confusion
BCP keeps business ≠ DR restores systems
Risk confusion
Risk is loss ≠ Vulnerability is weakness
Last Minute
- 1.Weights: 12 / 22 / 18 / 28 / 20
- 2.CIA = data goals
- 3.AAA = access flow
- 4.Hash = integrity
- 5.Encryption = confidentiality
- 6.IDS alerts; IPS blocks
- 7.BCP = business continuity
- 8.DR = system recovery
- 9.Risk = likelihood x impact
- 10.IR: contain before eradicate
Buy on Amazon
Take courses on Udemy
Learning path on PluralsightSame family resources
Explore More CompTIA Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
More From This Family
Videos and articles for deeper review.
VideoFREE Cisco CCST Cybersecurity (100-160) Exam Guide 2026: Pass First TryThis examVideoSecurity+ SY0-701 Domain Weights & Percentages (2026)This examVideoBest Cable Testers for Network Technicians in 2026: Klein VDV526-200 vs Fluke vs TRENDnetVideoCompTIA A+ Core 1 vs Core 2: Which Is Harder? (2026)ArticleFREE Cisco CCST Cybersecurity (100-160) Exam Guide 2026: Pass First Try20 min readArticleFREE Fortinet NSE 4 Exam Guide 2026: FortiOS 7.6, FCP Rebrand, Pass First Try22 min readArticleSecurity+ SY0-701 Domain Weights & Percentages (2026)13 min readArticleBest Cable Testers for Network Technicians in 2026: Klein VDV526-200 vs Fluke vs TRENDnet14 min read