SY0-701 Exam Blueprint — At a Glance
| # | Domain | Weight | Questions | Practice |
|---|---|---|---|---|
| 1.0 | General Security Concepts General Security Concepts covers the foundational principles of cybersecurity, including the CIA triad, risk management, security controls, and threat types, which are tested through scenario-based questions on the SY0-701 exam. | 12% | 164 | Practice → |
| 2.0 | Threats, Vulnerabilities, and Mitigations Threats, Vulnerabilities & Mitigations covers the identification of various attack types (e.g., phishing, ransomware), the weaknesses they exploit (vulnerabilities like unpatched software), and the controls (mitigations) to prevent or reduce damage, such as firewalls, encryption, and security policies. | 22% | 265 | Practice → |
| 3.0 | Security Architecture Security Architecture on the SY0-701 exam covers how to design and implement secure networks, systems, and applications using principles like defense in depth, segmentation, and least privilege. | 18% | 221 | Practice → |
| 4.0 | Security Operations Security Operations tests your ability to detect, respond to, and recover from real-world security incidents. On the SY0-701 exam it covers incident response (NIST SP 800-61), vulnerability management, SIEM log analysis, data protection, and change management. It is worth 28% of your score — the highest-weighted domain. | 28% | 291 | Practice → |
| 5.0 | Security Program Management and Oversight Security Program Management & Oversight covers the governance, risk management, compliance, and business continuity aspects of cybersecurity—how to plan, implement, and improve an organization's security program. | — | 211 | Practice → |
| Total | 80% | 1,152 | ||