Domain Weighting and an 8-12 Week Study Plan
Key Takeaways
- SY0-701 domain weights are 12%, 22%, 18%, 28%, and 20% across the five official domains.
- Security Operations is the largest domain at 28%, so monitoring, hardening, incident response, and vulnerability management need sustained practice.
- An 8-week plan works for candidates with stronger networking and operations experience; a 12-week plan gives more time for fundamentals and PBQs.
- Study time should follow both domain weight and personal weakness, not domain weight alone.
- Practice should become more scenario-heavy in the final third of the plan, with full timed mocks only in the last 1-2 weeks.
Official SY0-701 Domain Weighting
The SY0-701 exam objectives organize content into five domains. The percentages below are the official weights published by CompTIA and they should anchor how you split your study time.
| Domain | Name | Exam weight |
|---|---|---|
| 1.0 | General Security Concepts | 12% |
| 2.0 | Threats, Vulnerabilities, and Mitigations | 22% |
| 3.0 | Security Architecture | 18% |
| 4.0 | Security Operations | 28% |
| 5.0 | Security Program Management and Oversight | 20% |
The weighting tells you where points concentrate, but it does not make the smaller domains optional. Domain 1 terms (the CIA triad, the AAA model, control categories, PKI basics, and the six control types) appear inside incident, architecture, identity, and risk questions. Weak vocabulary makes high-weight scenario questions harder, because a Domain 4 incident question may hinge on whether you can tell a detective control from a corrective one. Note that compared to SY0-601, the 701 objectives consolidated governance and risk into a single Domain 5 worth 20% and grew Security Operations to the top weight.
8-Week Study Plan
Use this pace if you already understand basic networking, operating systems, cloud terminology, and IT operations.
| Week | Primary focus | Output |
|---|---|---|
| 1 | Domain 1: CIA, AAA, control types, identity terms, cryptography basics | One-page concept map and control-classification drills |
| 2 | Domain 2 threats: malware, social engineering, application and cloud weaknesses | Threat-indicator notebook |
| 3 | Domain 2 mitigations and vulnerability management | Remediation-priority drills |
| 4 | Domain 3 architecture: segmentation, resilience, secure design, data protection | Network and cloud design comparison table |
| 5 | Domain 4 operations: logging, monitoring, hardening, IAM operations | Log-interpretation practice set |
| 6 | Domain 4 incident response, automation, endpoint and network operations | Incident-timeline exercises |
| 7 | Domain 5 governance, risk, compliance, third parties, privacy | Risk register and audit-evidence drills |
| 8 | Mixed review, PBQs, timed sets, missed-question repair | Two timed mixed sessions and a final weak-area list |
12-Week Study Plan
Use this pace if Security+ is your first security exam or if networking and command-line operations are still new.
| Weeks | Primary focus | What to slow down and practice |
|---|---|---|
| 1-2 | Domain 1 foundations | Terms, control categories, IAM vocabulary, basic cryptography |
| 3-4 | Domain 2 threats and mitigations | Attack clues, vulnerability-scan findings, patch and segmentation choices |
| 5-6 | Domain 3 architecture | Secure network, cloud, identity, resilience, and data designs |
| 7-9 | Domain 4 operations | Logs, alerts, hardening, incident response, account management |
| 10 | Domain 5 governance and risk | Policies, risk response, compliance evidence, vendor oversight |
| 11 | Mixed scenario review | Compare close answer choices and repair weak domains |
| 12 | Timed readiness | PBQ practice, pacing, sleep schedule, final-day review |
Time Allocation by Weight
If you have 60 total study hours, start with the weight-proportional split below and adjust after each diagnostic. The hours track the official percentages so your effort matches where the points are.
| Domain | Weight | Approximate hours |
|---|---|---|
| General Security Concepts | 12% | 7 |
| Threats, Vulnerabilities, and Mitigations | 22% | 13 |
| Security Architecture | 18% | 11 |
| Security Operations | 28% | 17 |
| Security Program Management and Oversight | 20% | 12 |
Given 90 minutes for up to 90 items, your pacing target is roughly one minute per question. Plan to spend extra time on the handful of PBQs at the start, then bank time on faster multiple-choice items. If a single multiple-choice item runs past 90 seconds, flag it and move on; returning later with a fresh read often resolves the close call.
Scenario: Adjusting the Plan
A candidate scores well on definitions but misses log questions, vulnerability-remediation order, and business-impact questions. That candidate should not reread the glossary for another week. A better plan is:
| Weakness | Adjustment |
|---|---|
| Log questions | Daily short sets using authentication, firewall, endpoint, and web-server events |
| Remediation order | Rank by exploitability, exposure, asset value, and compensating controls |
| Business impact | Review change management, BIA, RTO, RPO, downtime, and exception workflows |
The goal is not to finish pages. The goal is to reduce repeatable mistakes. Re-run a domain diagnostic after each adjustment; if a weak domain climbs above roughly 80% on fresh questions, redistribute those hours to the next weakest area rather than over-studying a domain you have already secured.
Sequencing the Domains Deliberately
The order of the plans above is not arbitrary. Domain 1 comes first because its vocabulary (control types, the CIA triad, AAA, zero trust, cryptography primitives) is the substrate every later domain reuses. If you start with Domain 4 operations before you can distinguish a detective from a corrective control, you will memorize answers without understanding them and they will not transfer. Domain 2 (threats) follows because you cannot reason about a mitigation until you can recognize the attack: a question describing a watering-hole or a privilege-escalation chain is unanswerable if the attack name means nothing to you.
Domain 3 (architecture) and Domain 4 (operations) are the heaviest applied blocks and sit in the middle-to-late plan when your stamina for scenarios is highest. Save Domain 5 (governance, risk, program management) for late because it is the most stable and least technical material, and it cross-references the controls you have already learned. Cramming risk frameworks, RTO/RPO, and vendor-assessment language in week 7 or week 10 sticks better than learning it cold in week 1.
A Note on Diagnostics and Honesty
A diagnostic is only useful if it is honest. Take the first one before studying, untimed, and grade yourself ruthlessly by domain. A common self-deception is averaging: a 78% overall can hide a 95% in General Security Concepts and a 55% in Security Operations, which is the 28%-weight domain you most need. Always break scores out by the five domains and steer hours toward the lowest weighted-impact gap, which is the product of the domain weight and your error rate. A 55% in a 28% domain costs far more scaled points than a 70% in a 12% domain, so it gets the next block of hours.
Repeat this measure-adjust loop weekly, and reserve full 90-question timed mocks for only the final one to two weeks once your per-domain accuracy is already trending toward passing.
Which SY0-701 domain has the highest official exam weight?
A candidate has 12 weeks and limited networking experience. Which study approach is most appropriate?
With 90 minutes for up to 90 questions, what pacing habit best fits SY0-701?
Match each SY0-701 domain to its official weight.
Match each item on the left with the correct item on the right