SY0-701 cheat sheet
A one-page reference for the CompTIA Security+ (SY0-701) exam: the format, how the domains are weighted, and the glossary terms for this exam.
Exam at a glance
Vendor
CompTIA
Level
Intermediate
Questions
90
Time
90 min
Mock pass mark
70%
Domains
5
Practice Qs
150
Code
SY0-701
Domain weightings
How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.
Key terms
- Encryption
- Encryption is the process of converting plaintext data into ciphertext using cryptographic algorithms and keys to protect information confidentiality. Only authorized parties with the correct decryption key can convert ciphertext back to readable plaintext, ensuring data remains secure during storage and transmission.
- Multi-Factor Authentication
- Multi-Factor Authentication (MFA) is a security mechanism requiring users to provide two or more verification factors to gain access to resources. MFA combines something you know (password), something you have (token or phone), and something you are (biometric) to significantly reduce unauthorized access risk.
- Firewall
- A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Firewalls establish a barrier between trusted internal networks and untrusted external networks like the internet, blocking malicious traffic while permitting legitimate communications.
- Phishing
- Phishing is a social engineering attack where attackers impersonate legitimate organizations or individuals to trick victims into revealing sensitive information like passwords or credit card numbers. Phishing typically occurs through deceptive emails, messages, or websites designed to appear authentic.
- Vulnerability
- A vulnerability is a weakness or flaw in a system, application, or network that can be exploited by threats to gain unauthorized access or cause harm. Vulnerabilities may result from coding errors, misconfigurations, or design flaws and require patching or mitigation to reduce security risk.
- IDS
- An Intrusion Detection System (IDS) is a security technology that monitors network or system activities for malicious behavior or policy violations. IDS analyzes traffic patterns and signatures to identify potential security incidents and generates alerts for security administrators without actively blocking threats.
- PKI
- Public Key Infrastructure (PKI) is a framework managing digital certificates and public-key encryption to secure communications and verify identities. PKI includes certificate authorities (CAs), registration authorities, certificates, and key management processes enabling secure data exchange and authentication across networks.
- DLP
- Data Loss Prevention (DLP) is a set of tools and processes designed to ensure sensitive data is not lost, misused, or accessed by unauthorized users. DLP solutions monitor, detect, and block sensitive data while in use, in motion, or at rest through content inspection and contextual analysis.
- Zero Trust
- Zero Trust is a security framework requiring strict identity verification for every person and device attempting to access resources regardless of network location. The model assumes no implicit trust and enforces least-privilege access, continuous monitoring, and verification for all users and systems.
- SIEM
- Security Information and Event Management (SIEM) is a security solution providing real-time analysis of security alerts generated by applications and network hardware. SIEM systems collect and aggregate log data, identify anomalies, trigger alerts, and support incident response and forensic investigations.