Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›SY0-701›Study Plan

Structured study plan

SY0-701 90-Day Study Plan

Pass Security+ in 90 days with 1 hour of daily study. This plan follows the official blueprint weights so you spend the most time where the exam spends the most marks. 1,152 practice questions available.

30 Days60 Days90 Days

90

Total days

3

Study weeks

1

Hours/day

1,152

Practice questions

Domain Allocation

Days assigned by official exam weight

  • General Security Concepts12% of exam
    11 days~15 Q/dayPractice →
  • Threats, Vulnerabilities, and Mitigations22% of exam
    18 days~14 Q/dayPractice →
  • Security Architecture18% of exam
    16 days~14 Q/dayPractice →
  • Security Operations28% of exam
    18 days~12 Q/dayPractice →
  • Security Program Management and Oversight
    18 days~12 Q/dayPractice →

Week-by-Week Schedule

Week 11— General Security Concepts · Threats, Vulnerabilities, and Mitigations · Security Architecture · Security Operations · Security Program Management and Oversight

25 days
  • General Security Concepts

    General Security Concepts is the foundational domain of the CompTIA Security+ SY0-701 exam, covering the core principles that underpin all of cybersecurity. In plain English, this domain teaches you the 'why' behind security—why we need confidentiality, integrity, and availability (the CIA triad), how to manage risk, and what controls (like firewalls, encryption, or policies) actually do. It’s like learning the rules of the road before driving: you’ll understand threats, vulnerabilities, and the mindset to protect data and systems. This domain is critical for real-world IT, security, and cloud work because every security decision—from configuring a cloud bucket to responding to a breach—starts with these concepts. For example, when you set up AWS S3 permissions, you’re applying the principle of least privilege. When you patch a server, you’re reducing risk. Understanding these fundamentals helps you communicate with stakeholders, justify security spending, and avoid common mistakes that lead to data leaks. Employers expect you to think like a security professional, not just a technician. On the SY0-701 exam, this domain tests your ability to define and apply security concepts across scenarios. You’ll be asked to identify which control (deterrent, preventive, detective, corrective, compensating, directive) fits a given situation—like a security guard (deterrent) vs. an IDS (detective). You’ll also need to understand risk management terms (likelihood, impact, RPO, RTO), types of threats (malware, social engineering, supply chain), and the difference between vulnerability and threat. Expect multiple-choice questions that give a short scenario and ask for the best control or concept. To study this domain effectively, focus on memorizing the definitions and then applying them to practice questions. Start with the CIA triad and non-repudiation. Then learn the control types by creating mnemonics (e.g., 'Prevent, Detect, Correct'). Use flashcards for terms like 'vulnerability' vs. 'threat' vs. 'risk'. Finally, practice with scenario-based questions from CompTIA’s official study materials or a reputable test bank. Don’t just read—quiz yourself daily. This domain is 12% of the exam, so you need to master it, but it’s also the easiest to score high on if you practice.

    📅 5 days🎯 ~15 questions/day⚖ 12% of exam
    Study →
    • ✓Define and apply the CIA triad (confidentiality, integrity, availability) to scenarios like encrypting data at rest (confidentiality) or hashing files (integrity).
    • ✓Identify and differentiate security control types: deterrent (e.g., warning signs), preventive (e.g., firewalls), detective (e.g., IDS), corrective (e.g., backups), compensating (e.g., alternative controls), and directive (e.g., policies).
    • ✓Understand risk management concepts: risk = likelihood x impact, and terms like RPO (Recovery Point Objective) and RTO (Recovery Time Objective) in disaster recovery.
  • Threats, Vulnerabilities, and Mitigations

    The Threats, Vulnerabilities & Mitigations domain of the SY0-701 exam is all about understanding the bad things that can happen to an organization's systems and data, and how to stop them. Think of it as the defensive playbook for cybersecurity. You'll learn about different types of attacks—like phishing, ransomware, and denial-of-service—and the weaknesses (vulnerabilities) they exploit, such as unpatched software or weak passwords. But it's not just about knowing the threats; you also need to know how to fix them. That's where mitigations come in—things like firewalls, encryption, access controls, and security policies. For example, if a company has a vulnerability in its web application, a mitigation might be to apply a patch or use a web application firewall. This domain is the core of what security professionals do every day: identify risks, protect assets, and respond to incidents. Why is this domain so important in real-world IT and security work? Because threats are everywhere. In a typical day, a security analyst might deal with phishing emails, scan for unpatched systems, or configure a VPN to secure remote access. Cloud environments add complexity—misconfigured S3 buckets can expose sensitive data, and compromised API keys can lead to breaches. Understanding these threats and how to mitigate them is critical for roles like security analyst, network administrator, and cloud engineer. Even if you're not in a dedicated security role, knowing these concepts helps you protect your organization from costly incidents. For instance, a simple social engineering attack could trick an employee into revealing credentials, leading to a data breach that costs millions. The SY0-701 exam ensures you have the foundational knowledge to prevent such scenarios. On the exam itself, this domain tests your ability to identify, analyze, and respond to security threats and vulnerabilities. You'll see questions about attack types (e.g., spear phishing vs. whaling), vulnerability scanning tools (like Nessus or OpenVAS), and mitigation techniques (e.g., patch management, network segmentation). You'll also need to understand indicators of compromise (IoCs) and how to interpret them. For example, a question might describe a sudden spike in outbound traffic and ask you to identify the likely attack (data exfiltration) and suggest a mitigation (egress filtering). The exam also covers emerging threats like supply chain attacks and AI-powered malware. You'll need to know not just the definitions, but how to apply them in scenarios—like choosing the best control to prevent a SQL injection attack (parameterized queries) or detecting a man-in-the-middle attack (certificate validation). To study this domain effectively, start by understanding the threat landscape. Make flashcards for common attack types (phishing, ransomware, DDoS, etc.) and their characteristics. Then, focus on vulnerabilities—learn about CVEs, the Common Vulnerability Scoring System (CVSS), and how to prioritize patches. For mitigations, group them into categories: administrative (policies, training), technical (firewalls, IDS/IPS, encryption), and physical (locks, biometrics). Practice with scenario-based questions—many resources offer practice exams that mimic the SY0-701 style. Use the acronym STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to categorize threats, and remember the CIA triad (Confidentiality, Integrity, Availability) as a framework for mitigations. Finally, stay current—follow security news to see real-world examples of attacks and how they were mitigated. This domain is heavy, but with consistent study and hands-on practice (like using a home lab or online sandboxes), you can master it.

    📅 5 days🎯 ~14 questions/day⚖ 22% of exam
    Study →
    • ✓Identifying and differentiating between types of social engineering attacks (e.g., spear phishing, vishing, tailgating)
    • ✓Understanding vulnerability scanning tools and interpreting scan results (e.g., Nessus, OpenVAS)
    • ✓Applying mitigation techniques for common network attacks (e.g., DDoS mitigation using rate limiting or anycast)
  • Security Architecture

    Security Architecture is the domain of the SY0-701 exam that focuses on how to design and implement secure networks, systems, and applications. Think of it as the blueprint for an organization's security posture—deciding where to place firewalls, how to segment a network, what encryption to use, and how to manage access controls. In plain English, it's about making sure that the right people have the right access to the right resources, while keeping bad actors out. For example, a security architect might design a multi-tier web application where the database server is isolated in a separate subnet, accessible only from the application server, and all communication is encrypted with TLS. This domain covers both the theory and practical implementation of such designs. Why is this important for real-world IT and cloud work? Because every company, from startups to global enterprises, relies on secure architectures to protect sensitive data and maintain operations. A misconfigured cloud environment can lead to data breaches costing millions, as seen in incidents like the Capital One breach where a misconfigured web application firewall allowed access to S3 buckets. Understanding Security Architecture helps you prevent such disasters by applying principles like defense in depth, least privilege, and secure segmentation. In cloud environments (AWS, Azure, GCP), you need to know how to set up virtual private clouds, security groups, identity and access management (IAM) roles, and encryption keys. This domain is critical for roles like security analyst, network administrator, cloud engineer, and of course, security architect. On the SY0-701 exam, Security Architecture tests your ability to apply security principles to design and implement secure systems. You'll be asked about secure network architectures (e.g., DMZ, VLANs, VPNs), secure system design (e.g., trusted computing base, hardware security modules), and secure application development (e.g., secure coding practices, application firewalls). The exam also covers cloud and virtualization security, including shared responsibility models, hypervisor security, and container security. You'll need to know how to select and configure security controls like firewalls, intrusion prevention systems, and data loss prevention solutions. Expect scenario-based questions where you must choose the best architecture to meet security requirements—for instance, which network segmentation strategy prevents lateral movement in case of a breach. To study effectively, start by understanding the core principles: defense in depth, least privilege, separation of duties, and secure defaults. Then, map these to concrete technologies: VLANs for segmentation, VPNs for remote access, TLS for encryption, and IAM for access control. Use diagrams to visualize network architectures—draw a typical enterprise network with a DMZ, internal network, and management network. Practice with labs: set up a simple AWS VPC with public and private subnets, configure security groups, and test connectivity. Review common exam traps like confusing encryption in transit vs. at rest, or thinking that a firewall alone provides sufficient security. Focus on the CompTIA Security+ objectives for this domain, and use practice questions to identify weak areas. Remember, the exam is about applying concepts, not just memorizing definitions. Good luck!

    📅 5 days🎯 ~14 questions/day⚖ 18% of exam
    Study →
    • ✓Secure network architecture design (e.g., DMZ, VLANs, VPNs)
    • ✓Secure system design (e.g., trusted platform module, secure boot)
    • ✓Cloud and virtualization security (e.g., shared responsibility, hypervisor security)
  • Security Operations

    Security Operations is the single largest domain on the SY0-701 exam at 28% — and the one most grounded in real-world analyst work. This domain covers what a security team does every day: detecting threats through SIEM and IDS/IPS, running the incident response playbook, scanning and patching vulnerabilities, protecting data, and keeping change management locked down. Exam questions are almost entirely scenario-based. You will be handed a situation — ransomware hits a file server, a SIEM alert fires at 2am, a critical CVE drops for a system you own — and asked what to do next, in what order, and with which tool. The NIST SP 800-61 incident response lifecycle (Preparation → Detection and Analysis → Containment → Eradication and Recovery → Post-Incident Activity) appears on nearly every exam version. Treat it as a required memorisation.

    📅 5 days🎯 ~12 questions/day⚖ 28% of exam
    Study →
    • ✓Incident response lifecycle — Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident Activity (NIST SP 800-61). Know the exact order cold.
    • ✓Vulnerability management — scan types, CVSS severity scoring, patch prioritisation, and the critical difference between a vulnerability scan and a penetration test.
    • ✓Security monitoring — SIEM log correlation, IDS vs IPS placement and behaviour, alert triage, and separating true positives from false positives.
  • Security Program Management and Oversight

    Security Program Management & Oversight is the domain of the SY0-701 exam that covers how organizations build, maintain, and improve their security programs. Think of it as the 'management layer' of cybersecurity—not the technical tools like firewalls or antivirus, but the policies, procedures, governance, and risk management that ensure those tools are used effectively. In plain English, this domain teaches you how to run a security department like a business: setting goals, measuring performance, managing budgets, complying with laws, and continuously improving. It’s about the 'big picture' decisions that keep an organization safe from cyber threats. Why is this important for real-world IT/security/cloud work? Because technical skills alone won't get you far. A security engineer who can configure a SIEM but doesn't understand incident response plans or compliance requirements (like GDPR or HIPAA) is a liability. In the real world, you’ll need to justify security spending to executives, write policies that balance security with usability, and ensure your cloud infrastructure meets regulatory standards. For example, if you work at a healthcare company, you must know how to implement a security program that protects patient data under HIPAA. This domain gives you the vocabulary and frameworks to communicate with managers, auditors, and legal teams. On the SY0-701 exam, this domain (worth 20% of the score) tests your knowledge of: security governance principles (e.g., policies, standards, procedures), risk management processes (identifying, assessing, and mitigating risks), compliance with laws and regulations (e.g., GDPR, PCI DSS), business continuity and disaster recovery concepts, and security awareness training. You’ll also see questions on third-party risk management, data classification, and security metrics (KPIs). The exam won’t ask you to write a policy, but you must understand the purpose of each document and when to use it. For instance, you should know the difference between a policy (high-level intent) and a procedure (step-by-step instructions). To approach studying this domain, start by memorizing the key documents and their hierarchy: policies → standards → procedures → guidelines. Then, focus on risk management: the steps of risk assessment (identification, analysis, evaluation, treatment) and common risk treatment options (avoid, transfer, mitigate, accept). Use real-world examples: imagine a company storing customer credit card data—what PCI DSS requirements apply? How would you create a business continuity plan for a ransomware attack? Practice with sample questions that ask you to identify the correct policy or control for a given scenario. Since this domain is conceptual, create flashcards for terms like 'due care' vs. 'due diligence,' 'RPO' vs. 'RTO,' and 'quantitative' vs. 'qualitative' risk assessment. Finally, connect the dots: security program management ties together all other domains—it’s the 'why' behind the technical controls you learn elsewhere.

    📅 5 days🎯 ~12 questions/day
    Study →
    • ✓Security governance principles: policies, standards, procedures, and guidelines
    • ✓Risk management process: identification, assessment, analysis, and treatment of risks
    • ✓Compliance with laws and regulations: GDPR, HIPAA, PCI DSS, SOX, etc.

Week 12— General Security Concepts · Threats, Vulnerabilities, and Mitigations · Security Architecture · Security Operations · Security Program Management and Oversight

34 days
  • (continued)General Security Concepts

    General Security Concepts is the foundational domain of the CompTIA Security+ SY0-701 exam, covering the core principles that underpin all of cybersecurity. In plain English, this domain teaches you the 'why' behind security—why we need confidentiality, integrity, and availability (the CIA triad), how to manage risk, and what controls (like firewalls, encryption, or policies) actually do. It’s like learning the rules of the road before driving: you’ll understand threats, vulnerabilities, and the mindset to protect data and systems. This domain is critical for real-world IT, security, and cloud work because every security decision—from configuring a cloud bucket to responding to a breach—starts with these concepts. For example, when you set up AWS S3 permissions, you’re applying the principle of least privilege. When you patch a server, you’re reducing risk. Understanding these fundamentals helps you communicate with stakeholders, justify security spending, and avoid common mistakes that lead to data leaks. Employers expect you to think like a security professional, not just a technician. On the SY0-701 exam, this domain tests your ability to define and apply security concepts across scenarios. You’ll be asked to identify which control (deterrent, preventive, detective, corrective, compensating, directive) fits a given situation—like a security guard (deterrent) vs. an IDS (detective). You’ll also need to understand risk management terms (likelihood, impact, RPO, RTO), types of threats (malware, social engineering, supply chain), and the difference between vulnerability and threat. Expect multiple-choice questions that give a short scenario and ask for the best control or concept. To study this domain effectively, focus on memorizing the definitions and then applying them to practice questions. Start with the CIA triad and non-repudiation. Then learn the control types by creating mnemonics (e.g., 'Prevent, Detect, Correct'). Use flashcards for terms like 'vulnerability' vs. 'threat' vs. 'risk'. Finally, practice with scenario-based questions from CompTIA’s official study materials or a reputable test bank. Don’t just read—quiz yourself daily. This domain is 12% of the exam, so you need to master it, but it’s also the easiest to score high on if you practice.

    📅 6 days🎯 ~15 questions/day⚖ 12% of exam
    Study →
    • ✓Define and apply the CIA triad (confidentiality, integrity, availability) to scenarios like encrypting data at rest (confidentiality) or hashing files (integrity).
    • ✓Identify and differentiate security control types: deterrent (e.g., warning signs), preventive (e.g., firewalls), detective (e.g., IDS), corrective (e.g., backups), compensating (e.g., alternative controls), and directive (e.g., policies).
    • ✓Understand risk management concepts: risk = likelihood x impact, and terms like RPO (Recovery Point Objective) and RTO (Recovery Time Objective) in disaster recovery.
  • (continued)Threats, Vulnerabilities, and Mitigations

    The Threats, Vulnerabilities & Mitigations domain of the SY0-701 exam is all about understanding the bad things that can happen to an organization's systems and data, and how to stop them. Think of it as the defensive playbook for cybersecurity. You'll learn about different types of attacks—like phishing, ransomware, and denial-of-service—and the weaknesses (vulnerabilities) they exploit, such as unpatched software or weak passwords. But it's not just about knowing the threats; you also need to know how to fix them. That's where mitigations come in—things like firewalls, encryption, access controls, and security policies. For example, if a company has a vulnerability in its web application, a mitigation might be to apply a patch or use a web application firewall. This domain is the core of what security professionals do every day: identify risks, protect assets, and respond to incidents. Why is this domain so important in real-world IT and security work? Because threats are everywhere. In a typical day, a security analyst might deal with phishing emails, scan for unpatched systems, or configure a VPN to secure remote access. Cloud environments add complexity—misconfigured S3 buckets can expose sensitive data, and compromised API keys can lead to breaches. Understanding these threats and how to mitigate them is critical for roles like security analyst, network administrator, and cloud engineer. Even if you're not in a dedicated security role, knowing these concepts helps you protect your organization from costly incidents. For instance, a simple social engineering attack could trick an employee into revealing credentials, leading to a data breach that costs millions. The SY0-701 exam ensures you have the foundational knowledge to prevent such scenarios. On the exam itself, this domain tests your ability to identify, analyze, and respond to security threats and vulnerabilities. You'll see questions about attack types (e.g., spear phishing vs. whaling), vulnerability scanning tools (like Nessus or OpenVAS), and mitigation techniques (e.g., patch management, network segmentation). You'll also need to understand indicators of compromise (IoCs) and how to interpret them. For example, a question might describe a sudden spike in outbound traffic and ask you to identify the likely attack (data exfiltration) and suggest a mitigation (egress filtering). The exam also covers emerging threats like supply chain attacks and AI-powered malware. You'll need to know not just the definitions, but how to apply them in scenarios—like choosing the best control to prevent a SQL injection attack (parameterized queries) or detecting a man-in-the-middle attack (certificate validation). To study this domain effectively, start by understanding the threat landscape. Make flashcards for common attack types (phishing, ransomware, DDoS, etc.) and their characteristics. Then, focus on vulnerabilities—learn about CVEs, the Common Vulnerability Scoring System (CVSS), and how to prioritize patches. For mitigations, group them into categories: administrative (policies, training), technical (firewalls, IDS/IPS, encryption), and physical (locks, biometrics). Practice with scenario-based questions—many resources offer practice exams that mimic the SY0-701 style. Use the acronym STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to categorize threats, and remember the CIA triad (Confidentiality, Integrity, Availability) as a framework for mitigations. Finally, stay current—follow security news to see real-world examples of attacks and how they were mitigated. This domain is heavy, but with consistent study and hands-on practice (like using a home lab or online sandboxes), you can master it.

    📅 7 days🎯 ~14 questions/day⚖ 22% of exam
    Study →
    • ✓Identifying and differentiating between types of social engineering attacks (e.g., spear phishing, vishing, tailgating)
    • ✓Understanding vulnerability scanning tools and interpreting scan results (e.g., Nessus, OpenVAS)
    • ✓Applying mitigation techniques for common network attacks (e.g., DDoS mitigation using rate limiting or anycast)
  • (continued)Security Architecture

    Security Architecture is the domain of the SY0-701 exam that focuses on how to design and implement secure networks, systems, and applications. Think of it as the blueprint for an organization's security posture—deciding where to place firewalls, how to segment a network, what encryption to use, and how to manage access controls. In plain English, it's about making sure that the right people have the right access to the right resources, while keeping bad actors out. For example, a security architect might design a multi-tier web application where the database server is isolated in a separate subnet, accessible only from the application server, and all communication is encrypted with TLS. This domain covers both the theory and practical implementation of such designs. Why is this important for real-world IT and cloud work? Because every company, from startups to global enterprises, relies on secure architectures to protect sensitive data and maintain operations. A misconfigured cloud environment can lead to data breaches costing millions, as seen in incidents like the Capital One breach where a misconfigured web application firewall allowed access to S3 buckets. Understanding Security Architecture helps you prevent such disasters by applying principles like defense in depth, least privilege, and secure segmentation. In cloud environments (AWS, Azure, GCP), you need to know how to set up virtual private clouds, security groups, identity and access management (IAM) roles, and encryption keys. This domain is critical for roles like security analyst, network administrator, cloud engineer, and of course, security architect. On the SY0-701 exam, Security Architecture tests your ability to apply security principles to design and implement secure systems. You'll be asked about secure network architectures (e.g., DMZ, VLANs, VPNs), secure system design (e.g., trusted computing base, hardware security modules), and secure application development (e.g., secure coding practices, application firewalls). The exam also covers cloud and virtualization security, including shared responsibility models, hypervisor security, and container security. You'll need to know how to select and configure security controls like firewalls, intrusion prevention systems, and data loss prevention solutions. Expect scenario-based questions where you must choose the best architecture to meet security requirements—for instance, which network segmentation strategy prevents lateral movement in case of a breach. To study effectively, start by understanding the core principles: defense in depth, least privilege, separation of duties, and secure defaults. Then, map these to concrete technologies: VLANs for segmentation, VPNs for remote access, TLS for encryption, and IAM for access control. Use diagrams to visualize network architectures—draw a typical enterprise network with a DMZ, internal network, and management network. Practice with labs: set up a simple AWS VPC with public and private subnets, configure security groups, and test connectivity. Review common exam traps like confusing encryption in transit vs. at rest, or thinking that a firewall alone provides sufficient security. Focus on the CompTIA Security+ objectives for this domain, and use practice questions to identify weak areas. Remember, the exam is about applying concepts, not just memorizing definitions. Good luck!

    📅 7 days🎯 ~14 questions/day⚖ 18% of exam
    Study →
    • ✓Secure network architecture design (e.g., DMZ, VLANs, VPNs)
    • ✓Secure system design (e.g., trusted platform module, secure boot)
    • ✓Cloud and virtualization security (e.g., shared responsibility, hypervisor security)
  • (continued)Security Operations

    Security Operations is the single largest domain on the SY0-701 exam at 28% — and the one most grounded in real-world analyst work. This domain covers what a security team does every day: detecting threats through SIEM and IDS/IPS, running the incident response playbook, scanning and patching vulnerabilities, protecting data, and keeping change management locked down. Exam questions are almost entirely scenario-based. You will be handed a situation — ransomware hits a file server, a SIEM alert fires at 2am, a critical CVE drops for a system you own — and asked what to do next, in what order, and with which tool. The NIST SP 800-61 incident response lifecycle (Preparation → Detection and Analysis → Containment → Eradication and Recovery → Post-Incident Activity) appears on nearly every exam version. Treat it as a required memorisation.

    📅 7 days🎯 ~12 questions/day⚖ 28% of exam
    Study →
    • ✓Incident response lifecycle — Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident Activity (NIST SP 800-61). Know the exact order cold.
    • ✓Vulnerability management — scan types, CVSS severity scoring, patch prioritisation, and the critical difference between a vulnerability scan and a penetration test.
    • ✓Security monitoring — SIEM log correlation, IDS vs IPS placement and behaviour, alert triage, and separating true positives from false positives.
  • (continued)Security Program Management and Oversight

    Security Program Management & Oversight is the domain of the SY0-701 exam that covers how organizations build, maintain, and improve their security programs. Think of it as the 'management layer' of cybersecurity—not the technical tools like firewalls or antivirus, but the policies, procedures, governance, and risk management that ensure those tools are used effectively. In plain English, this domain teaches you how to run a security department like a business: setting goals, measuring performance, managing budgets, complying with laws, and continuously improving. It’s about the 'big picture' decisions that keep an organization safe from cyber threats. Why is this important for real-world IT/security/cloud work? Because technical skills alone won't get you far. A security engineer who can configure a SIEM but doesn't understand incident response plans or compliance requirements (like GDPR or HIPAA) is a liability. In the real world, you’ll need to justify security spending to executives, write policies that balance security with usability, and ensure your cloud infrastructure meets regulatory standards. For example, if you work at a healthcare company, you must know how to implement a security program that protects patient data under HIPAA. This domain gives you the vocabulary and frameworks to communicate with managers, auditors, and legal teams. On the SY0-701 exam, this domain (worth 20% of the score) tests your knowledge of: security governance principles (e.g., policies, standards, procedures), risk management processes (identifying, assessing, and mitigating risks), compliance with laws and regulations (e.g., GDPR, PCI DSS), business continuity and disaster recovery concepts, and security awareness training. You’ll also see questions on third-party risk management, data classification, and security metrics (KPIs). The exam won’t ask you to write a policy, but you must understand the purpose of each document and when to use it. For instance, you should know the difference between a policy (high-level intent) and a procedure (step-by-step instructions). To approach studying this domain, start by memorizing the key documents and their hierarchy: policies → standards → procedures → guidelines. Then, focus on risk management: the steps of risk assessment (identification, analysis, evaluation, treatment) and common risk treatment options (avoid, transfer, mitigate, accept). Use real-world examples: imagine a company storing customer credit card data—what PCI DSS requirements apply? How would you create a business continuity plan for a ransomware attack? Practice with sample questions that ask you to identify the correct policy or control for a given scenario. Since this domain is conceptual, create flashcards for terms like 'due care' vs. 'due diligence,' 'RPO' vs. 'RTO,' and 'quantitative' vs. 'qualitative' risk assessment. Finally, connect the dots: security program management ties together all other domains—it’s the 'why' behind the technical controls you learn elsewhere.

    📅 7 days🎯 ~12 questions/day
    Study →
    • ✓Security governance principles: policies, standards, procedures, and guidelines
    • ✓Risk management process: identification, assessment, analysis, and treatment of risks
    • ✓Compliance with laws and regulations: GDPR, HIPAA, PCI DSS, SOX, etc.

Week 13— Threats, Vulnerabilities, and Mitigations · Security Architecture · Security Operations · Security Program Management and Oversight

22 days
  • (continued)Threats, Vulnerabilities, and Mitigations

    The Threats, Vulnerabilities & Mitigations domain of the SY0-701 exam is all about understanding the bad things that can happen to an organization's systems and data, and how to stop them. Think of it as the defensive playbook for cybersecurity. You'll learn about different types of attacks—like phishing, ransomware, and denial-of-service—and the weaknesses (vulnerabilities) they exploit, such as unpatched software or weak passwords. But it's not just about knowing the threats; you also need to know how to fix them. That's where mitigations come in—things like firewalls, encryption, access controls, and security policies. For example, if a company has a vulnerability in its web application, a mitigation might be to apply a patch or use a web application firewall. This domain is the core of what security professionals do every day: identify risks, protect assets, and respond to incidents. Why is this domain so important in real-world IT and security work? Because threats are everywhere. In a typical day, a security analyst might deal with phishing emails, scan for unpatched systems, or configure a VPN to secure remote access. Cloud environments add complexity—misconfigured S3 buckets can expose sensitive data, and compromised API keys can lead to breaches. Understanding these threats and how to mitigate them is critical for roles like security analyst, network administrator, and cloud engineer. Even if you're not in a dedicated security role, knowing these concepts helps you protect your organization from costly incidents. For instance, a simple social engineering attack could trick an employee into revealing credentials, leading to a data breach that costs millions. The SY0-701 exam ensures you have the foundational knowledge to prevent such scenarios. On the exam itself, this domain tests your ability to identify, analyze, and respond to security threats and vulnerabilities. You'll see questions about attack types (e.g., spear phishing vs. whaling), vulnerability scanning tools (like Nessus or OpenVAS), and mitigation techniques (e.g., patch management, network segmentation). You'll also need to understand indicators of compromise (IoCs) and how to interpret them. For example, a question might describe a sudden spike in outbound traffic and ask you to identify the likely attack (data exfiltration) and suggest a mitigation (egress filtering). The exam also covers emerging threats like supply chain attacks and AI-powered malware. You'll need to know not just the definitions, but how to apply them in scenarios—like choosing the best control to prevent a SQL injection attack (parameterized queries) or detecting a man-in-the-middle attack (certificate validation). To study this domain effectively, start by understanding the threat landscape. Make flashcards for common attack types (phishing, ransomware, DDoS, etc.) and their characteristics. Then, focus on vulnerabilities—learn about CVEs, the Common Vulnerability Scoring System (CVSS), and how to prioritize patches. For mitigations, group them into categories: administrative (policies, training), technical (firewalls, IDS/IPS, encryption), and physical (locks, biometrics). Practice with scenario-based questions—many resources offer practice exams that mimic the SY0-701 style. Use the acronym STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to categorize threats, and remember the CIA triad (Confidentiality, Integrity, Availability) as a framework for mitigations. Finally, stay current—follow security news to see real-world examples of attacks and how they were mitigated. This domain is heavy, but with consistent study and hands-on practice (like using a home lab or online sandboxes), you can master it.

    📅 6 days🎯 ~14 questions/day⚖ 22% of exam
    Study →
    • ✓Identifying and differentiating between types of social engineering attacks (e.g., spear phishing, vishing, tailgating)
    • ✓Understanding vulnerability scanning tools and interpreting scan results (e.g., Nessus, OpenVAS)
    • ✓Applying mitigation techniques for common network attacks (e.g., DDoS mitigation using rate limiting or anycast)
  • (continued)Security Architecture

    Security Architecture is the domain of the SY0-701 exam that focuses on how to design and implement secure networks, systems, and applications. Think of it as the blueprint for an organization's security posture—deciding where to place firewalls, how to segment a network, what encryption to use, and how to manage access controls. In plain English, it's about making sure that the right people have the right access to the right resources, while keeping bad actors out. For example, a security architect might design a multi-tier web application where the database server is isolated in a separate subnet, accessible only from the application server, and all communication is encrypted with TLS. This domain covers both the theory and practical implementation of such designs. Why is this important for real-world IT and cloud work? Because every company, from startups to global enterprises, relies on secure architectures to protect sensitive data and maintain operations. A misconfigured cloud environment can lead to data breaches costing millions, as seen in incidents like the Capital One breach where a misconfigured web application firewall allowed access to S3 buckets. Understanding Security Architecture helps you prevent such disasters by applying principles like defense in depth, least privilege, and secure segmentation. In cloud environments (AWS, Azure, GCP), you need to know how to set up virtual private clouds, security groups, identity and access management (IAM) roles, and encryption keys. This domain is critical for roles like security analyst, network administrator, cloud engineer, and of course, security architect. On the SY0-701 exam, Security Architecture tests your ability to apply security principles to design and implement secure systems. You'll be asked about secure network architectures (e.g., DMZ, VLANs, VPNs), secure system design (e.g., trusted computing base, hardware security modules), and secure application development (e.g., secure coding practices, application firewalls). The exam also covers cloud and virtualization security, including shared responsibility models, hypervisor security, and container security. You'll need to know how to select and configure security controls like firewalls, intrusion prevention systems, and data loss prevention solutions. Expect scenario-based questions where you must choose the best architecture to meet security requirements—for instance, which network segmentation strategy prevents lateral movement in case of a breach. To study effectively, start by understanding the core principles: defense in depth, least privilege, separation of duties, and secure defaults. Then, map these to concrete technologies: VLANs for segmentation, VPNs for remote access, TLS for encryption, and IAM for access control. Use diagrams to visualize network architectures—draw a typical enterprise network with a DMZ, internal network, and management network. Practice with labs: set up a simple AWS VPC with public and private subnets, configure security groups, and test connectivity. Review common exam traps like confusing encryption in transit vs. at rest, or thinking that a firewall alone provides sufficient security. Focus on the CompTIA Security+ objectives for this domain, and use practice questions to identify weak areas. Remember, the exam is about applying concepts, not just memorizing definitions. Good luck!

    📅 4 days🎯 ~14 questions/day⚖ 18% of exam
    Study →
    • ✓Secure network architecture design (e.g., DMZ, VLANs, VPNs)
    • ✓Secure system design (e.g., trusted platform module, secure boot)
    • ✓Cloud and virtualization security (e.g., shared responsibility, hypervisor security)
  • (continued)Security Operations

    Security Operations is the single largest domain on the SY0-701 exam at 28% — and the one most grounded in real-world analyst work. This domain covers what a security team does every day: detecting threats through SIEM and IDS/IPS, running the incident response playbook, scanning and patching vulnerabilities, protecting data, and keeping change management locked down. Exam questions are almost entirely scenario-based. You will be handed a situation — ransomware hits a file server, a SIEM alert fires at 2am, a critical CVE drops for a system you own — and asked what to do next, in what order, and with which tool. The NIST SP 800-61 incident response lifecycle (Preparation → Detection and Analysis → Containment → Eradication and Recovery → Post-Incident Activity) appears on nearly every exam version. Treat it as a required memorisation.

    📅 6 days🎯 ~12 questions/day⚖ 28% of exam
    Study →
    • ✓Incident response lifecycle — Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident Activity (NIST SP 800-61). Know the exact order cold.
    • ✓Vulnerability management — scan types, CVSS severity scoring, patch prioritisation, and the critical difference between a vulnerability scan and a penetration test.
    • ✓Security monitoring — SIEM log correlation, IDS vs IPS placement and behaviour, alert triage, and separating true positives from false positives.
  • (continued)Security Program Management and Oversight

    Security Program Management & Oversight is the domain of the SY0-701 exam that covers how organizations build, maintain, and improve their security programs. Think of it as the 'management layer' of cybersecurity—not the technical tools like firewalls or antivirus, but the policies, procedures, governance, and risk management that ensure those tools are used effectively. In plain English, this domain teaches you how to run a security department like a business: setting goals, measuring performance, managing budgets, complying with laws, and continuously improving. It’s about the 'big picture' decisions that keep an organization safe from cyber threats. Why is this important for real-world IT/security/cloud work? Because technical skills alone won't get you far. A security engineer who can configure a SIEM but doesn't understand incident response plans or compliance requirements (like GDPR or HIPAA) is a liability. In the real world, you’ll need to justify security spending to executives, write policies that balance security with usability, and ensure your cloud infrastructure meets regulatory standards. For example, if you work at a healthcare company, you must know how to implement a security program that protects patient data under HIPAA. This domain gives you the vocabulary and frameworks to communicate with managers, auditors, and legal teams. On the SY0-701 exam, this domain (worth 20% of the score) tests your knowledge of: security governance principles (e.g., policies, standards, procedures), risk management processes (identifying, assessing, and mitigating risks), compliance with laws and regulations (e.g., GDPR, PCI DSS), business continuity and disaster recovery concepts, and security awareness training. You’ll also see questions on third-party risk management, data classification, and security metrics (KPIs). The exam won’t ask you to write a policy, but you must understand the purpose of each document and when to use it. For instance, you should know the difference between a policy (high-level intent) and a procedure (step-by-step instructions). To approach studying this domain, start by memorizing the key documents and their hierarchy: policies → standards → procedures → guidelines. Then, focus on risk management: the steps of risk assessment (identification, analysis, evaluation, treatment) and common risk treatment options (avoid, transfer, mitigate, accept). Use real-world examples: imagine a company storing customer credit card data—what PCI DSS requirements apply? How would you create a business continuity plan for a ransomware attack? Practice with sample questions that ask you to identify the correct policy or control for a given scenario. Since this domain is conceptual, create flashcards for terms like 'due care' vs. 'due diligence,' 'RPO' vs. 'RTO,' and 'quantitative' vs. 'qualitative' risk assessment. Finally, connect the dots: security program management ties together all other domains—it’s the 'why' behind the technical controls you learn elsewhere.

    📅 6 days🎯 ~12 questions/day
    Study →
    • ✓Security governance principles: policies, standards, procedures, and guidelines
    • ✓Risk management process: identification, assessment, analysis, and treatment of risks
    • ✓Compliance with laws and regulations: GDPR, HIPAA, PCI DSS, SOX, etc.

How to use this 90-day plan

  • →Commit to 1 hour per day — consistency beats marathon sessions.
  • →Start each domain by reading the objective description, then immediately move to practice questions.
  • →Don't skip domains with low weight — exam questions can come from any domain.
  • →When you finish a domain, score ≥ 80% on its practice questions before moving on.
  • →In the final 3 days, do full mixed-domain practice tests to simulate real exam conditions.
  • →Review wrong answers immediately — understanding why you were wrong is more valuable than getting it right.

Other study plan lengths

30-Day Plan60-Day PlanStart Practice Test →