CompTIA Security+

Certification Exam
Objectives
EXAM NUMBER: SY0-601
About the Exam
Candidates are encouraged to use this document to help prepare for the CompTIA
Security+ (SY0-601) certification exam. The CompTIA Security+ certification exam will
verify the successful candidate has the knowledge and skills required to:
• Assess the security posture of an enterprise environment and recommend
and implement appropriate security solutions
• Monitor and secure hybrid environments, including cloud, mobile, and IoT
• Operate with an awareness of applicable laws and policies, including
principles of governance, risk, and compliance
• Identify, analyze, and respond to security events and incidents
This is equivalent to two years of hands-on experience working in a security/systems administrator job role.
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all the content of this examination.

EXAM DEVELOPMENT
CompTIA exams result from subject matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an IT professional.

CompTIA AUTHORIZED MATERIALS USE POLICY

CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka “brain dumps”), they should contact CompTIA at [email protected] to confirm.

PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes, or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current, and the security
of the questions is protected. When necessary, we will publish updated exams based on testing
exam objectives. Please know that all related exam preparation materials will still be valid.

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
TEST DETAILS
Required exam SY0-601
Number of questions Maximum of 90
Types of questions Multiple-choice and performance-based
Length of test 90 minutes
Recommended experience • At least 2 years of work experience
in IT systems administration with
a focus on security
• Hands-on technical information security experience
• Broad knowledge of security concepts
Passing score 750 (on a scale of 100–900)

EXAM OBJECTIVES (DOMAINS)

The table below lists the domains measured by this examination
and the extent to which they are represented:

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Attacks, Threats, and Vulnerabilities 24%

2.0 Architecture and Design 21%
3.0 Implementation 25%
4.0 Operations and Incident Response 16%
5.0 Governance, Risk, and Compliance 14%
Total 100%

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 1.0 Threats, Attacks, and Vulnerabilities
1.1 Compare and contrast different types of social engineering techniques.
• Phishing • Prepending - Social media
• Smishing • Identity fraud • Principles (reasons for effectiveness)
• Vishing • Invoice scams - Authority
• Spam • Credential harvesting - Intimidation
• Spam over instant messaging (SPIM) • Reconnaissance - Consensus
• Spear phishing • Hoax - Scarcity
• Dumpster diving • Impersonation - Familiarity
• Shoulder surfing • Watering hole attack - Trust
• Pharming • Typosquatting - Urgency
• Tailgating • Pretexting
• Eliciting information • Influence campaigns
• Whaling - Hybrid warfare

1.2 Given a scenario, analyze potential indicators

to determine the type of attack.
• Malware • Password attacks • Adversarial artificial intelligence (AI)
- Ransomware - Spraying - Tainted training data for
- Trojans - Dictionary machine learning (ML)
- Worms - Brute force - Security of machine
- Potentially unwanted programs (PUPs) - Offline learning algorithms
- Fileless virus - Online • Supply-chain attacks
- Command and control - Rainbow table • Cloud-based vs. on-premises attacks
- Bots - Plaintext/unencrypted • Cryptographic attacks
- Cryptomalware • Physical attacks - Birthday
- Logic bombs - Malicious Universal - Collision
- Spyware Serial Bus (USB) cable - Downgrade
- Keyloggers - Malicious flash drive
- Remote access Trojan (RAT) - Card cloning
- Rootkit - Skimming
- Backdoor

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 1.0 Threats, Attacks, and Vulnerabilities

1.3 Given a scenario, analyze potential indicators

associated with application attacks.
• Privilege escalation • Race conditions • Application programming
• Cross-site scripting - Time of check/time of use interface (API) attacks
• Injections • Error handling • Resource exhaustion
- Structured query language (SQL) • Improper input handling • Memory leak
- Dynamic-link library (DLL) • Replay attack • Secure Sockets Layer (SSL) stripping
- Lightweight Directory - Session replays • Driver manipulation
Access Protocol (LDAP) • Integer overflow - Shimming
- Extensible Markup Language (XML) • Request forgeries - Refactoring
• Pointer/object dereference - Server-side • Pass the hash
• Directory traversal - Cross-site
• Buffer overflows

1.4 Given a scenario, analyze potential indicators

associated with network attacks.
• Wireless • Layer 2 attacks - Application
- Evil twin - Address Resolution - Operational technology (OT)
- Rogue access point Protocol (ARP) poisoning • Malicious code or script execution
- Bluesnarfing - Media access control (MAC) flooding - PowerShell
- Bluejacking - MAC cloning - Python
- Disassociation • Domain name system (DNS) - Bash
- Jamming - Domain hijacking - Macros
- Radio frequency identification (RFID) - DNS poisoning - Visual Basic for Applications (VBA)
- Near-field communication (NFC) - Uniform Resource
- Initialization vector (IV) Locator (URL) redirection
• On-path attack (previously - Domain reputation
known as man-in-the-middle attack/ • Distributed denial-of-service (DDoS)
man-in-the-browser attack) - Network

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 1.0 Threats, Attacks, and Vulnerabilities

1.5 Explain different threat actors, vectors, and intelligence sources.

• Actors and threats • Vectors - Automated Indicator Sharing (AIS)
- Advanced persistent threat (APT) - Direct access - Structured Threat Information
- Insider threats - Wireless eXpression (STIX)/Trusted
- State actors - Email Automated eXchange of
- Hacktivists - Supply chain Intelligence Information (TAXII)
- Script kiddies - Social media - Predictive analysis
- Criminal syndicates - Removable media - Threat maps
- Hackers - Cloud - File/code repositories
- Authorized • Threat intelligence sources • Research sources
- Unauthorized - Open-source intelligence (OSINT) - Vendor websites
- Semi-authorized - Closed/proprietary - Vulnerability feeds
- Shadow IT - Vulnerability databases - Conferences
- Competitors - Public/private information- - Academic journals
• Attributes of actors sharing centers - Request for comments (RFC)
- Internal/external - Dark web - Local industry groups
- Level of sophistication/capability - Indicators of compromise - Social media
- Resources/funding - Threat feeds
- Intent/motivation - Adversary tactics, techniques,
and procedures (TTP)

1.6 Explain the security concerns associated with

various types of vulnerabilities.
• Cloud-based vs. on-premises • Third-party risks • Legacy platforms
vulnerabilities - Vendor management • Impacts
• Zero-day - System integration - Data loss
• Weak configurations - Lack of vendor support - Data breaches
- Open permissions - Supply chain - Data exfiltration
- Unsecure root accounts - Outsourced code development - Identity theft
- Errors - Data storage - Financial
- Weak encryption • Improper or weak patch management - Reputation
- Unsecure protocols - Firmware - Availability loss
- Default settings - Operating system (OS)
- Open ports and services - Applications

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 1.0 Threats, Attacks, and Vulnerabilities

1.7 Summarize the techniques used in security assessments.

• Threat hunting • Syslog/Security information and
- Intelligence fusion event management (SIEM)
- Threat feeds - Review reports
- Advisories and bulletins - Packet capture
- Maneuver - Data inputs
• Vulnerability scans - User behavior analysis
- False positives - Sentiment analysis
- False negatives - Security monitoring
- Log reviews - Log aggregation
- Credentialed vs. non-credentialed - Log collectors
- Intrusive vs. non-intrusive • Security orchestration,
- Application automation, and response (SOAR)
- Web application
- Network
- Common Vulnerabilities and
Exposures (CVE)/Common
Vulnerability Scoring System (CVSS)
- Configuration review

1.8 Explain the techniques used in penetration testing.

• Penetration testing • Passive and active reconnaissance
- Known environment - Drones
- Unknown environment - War flying
- Partially known environment - War driving
- Rules of engagement - Footprinting
- Lateral movement - OSINT
- Privilege escalation • Exercise types
- Persistence - Red-team
- Cleanup - Blue-team
- Bug bounty - White-team
- Pivoting - Purple-team

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 2.0 Architecture and Design
2.1 Explain the importance of security concepts
in an enterprise environment.
• Configuration management • Geographical considerations • Deception and disruption
- Diagrams • Response and recovery controls - Honeypots
- Baseline configuration • Secure Sockets Layer (SSL)/Transport - Honeyfiles
- Standard naming conventions Layer Security (TLS) inspection - Honeynets
- Internet protocol (IP) schema • Hashing - Fake telemetry
• Data sovereignty • API considerations - DNS sinkhole
• Data protection • Site resiliency
- Data loss prevention (DLP) - Hot site
- Masking - Cold site
- Encryption - Warm site
- At rest
- In transit/motion
- In processing
- Tokenization
- Rights management

2.2 Summarize virtualization and cloud computing concepts.

• Cloud models • Managed service provider (MSP)/ • Infrastructure as code
- Infrastructure as a service (IaaS) managed security service - Software-defined networking (SDN)
- Platform as a service (PaaS) provider (MSSP) - Software-defined visibility (SDV)
- Software as a service (SaaS) • On-premises vs. off-premises • Serverless architecture
- Anything as a service (XaaS) • Fog computing • Services integration
- Public • Edge computing • Resource policies
- Community • Thin client • Transit gateway
- Private • Containers • Virtualization
- Hybrid • Microservices/API - Virtual machine (VM)
• Cloud service providers sprawl avoidance
- VM escape protection

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 2.0 Architecture and Design

2.3 Summarize secure application development,

deployment, and automation concepts.
• Environment - Code reuse/dead code • Automation/scripting
- Development - Server-side vs. client-side - Automated courses of action
- Test execution and validation - Continuous monitoring
- Staging - Memory management - Continuous validation
- Production - Use of third-party libraries and - Continuous integration
- Quality assurance (QA) software development kits (SDKs) - Continuous delivery
• Provisioning and deprovisioning - Data exposure - Continuous deployment
• Integrity measurement • Open Web Application • Elasticity
• Secure coding techniques Security Project (OWASP) • Scalability
- Normalization • Software diversity • Version control
- Stored procedures - Compiler
- Obfuscation/camouflage - Binary

2.4 Summarize authentication and authorization design concepts.

• Authentication methods • Biometrics • Multifactor authentication
- Directory services - Fingerprint (MFA) factors and attributes
- Federation - Retina - Factors
- Attestation - Iris - Something you know
- Technologies - Facial - Something you have
- Time-based one- - Voice - Something you are
time password (TOTP) - Vein - Attributes
- HMAC-based one-time - Gait analysis - Somewhere you are
password (HOTP) - Efficacy rates - Something you can do
- Short message service (SMS) - False acceptance - Something you exhibit
- Token key - False rejection - Someone you know
- Static codes - Crossover error rate • Authentication, authorization,
- Authentication applications and accounting (AAA)
- Push notifications • Cloud vs. on-premises requirements
- Phone call
- Smart card authentication

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 2.0 Architecture and Design

2.5 Given a scenario, implement cybersecurity resilience.

• Redundancy distribution units (PDUs) - Online vs. offline
- Geographic dispersal • Replication - Offsite storage
- Disk - Storage area network - Distance considerations
- Redundant array of - VM • Non-persistence
independent (or • On-premises vs. cloud - Revert to known state
inexpensive) disks (RAID) levels • Backup types - Last known-good configuration
- Multipath - Full - Live boot media
- Network - Incremental • High availability
- Load balancers - Snapshot - Scalability
- Network interface - Differential • Restoration order
card (NIC) teaming - Tape • Diversity
- Power - Disk - Technologies
- Uninterruptible - Copy - Vendors
power supply (UPS) - Network-attached storage (NAS) - Crypto
- Generator - Storage area network - Controls
- Dual supply - Cloud
- Managed power - Image

2.6 Explain the security implications of embedded and specialized systems.

• Embedded systems • Specialized - Subscriber identity module (SIM) cards
- Raspberry Pi - Medical systems - Zigbee
- Field-programmable gate array (FPGA) - Vehicles • Constraints
- Arduino - Aircraft - Power
• Supervisory control and data acquisition - Smart meters - Compute
(SCADA)/industrial control system (ICS) • Voice over IP (VoIP) - Network
- Facilities • Heating, ventilation, air - Crypto
- Industrial conditioning (HVAC) - Inability to patch
- Manufacturing • Drones - Authentication
- Energy • Multifunction printer (MFP) - Range
- Logistics • Real-time operating system (RTOS) - Cost
• Internet of Things (IoT) • Surveillance systems - Implied trust
- Sensors • System on chip (SoC)
- Smart devices • Communication considerations
- Wearables - 5G
- Facility automation - Narrow-band
- Weak defaults - Baseband radio

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 2.0 Architecture and Design

2.7 Explain the importance of physical security controls.

• Bollards/barricades - Electronic • Air gap
• Access control vestibules - Physical • Screened subnet (previously
• Badges - Cable locks known as demilitarized zone)
• Alarms • USB data blocker • Protected cable distribution
• Signage • Lighting • Secure areas
• Cameras • Fencing - Air gap
- Motion recognition • Fire suppression - Vault
- Object detection • Sensors - Safe
• Closed-circuit television (CCTV) - Motion detection - Hot aisle
• Industrial camouflage - Noise detection - Cold aisle
• Personnel - Proximity reader • Secure data destruction
- Guards - Moisture detection - Burning
- Robot sentries - Cards - Shredding
- Reception - Temperature - Pulping
- Two-person integrity/control • Drones - Pulverizing
• Locks • Visitor logs - Degaussing
- Biometrics • Faraday cages - Third-party solutions

2.8 Summarize the basics of cryptographic concepts.

• Digital signatures • Blockchain - Supporting integrity
• Key length - Public ledgers - Supporting obfuscation
• Key stretching • Cipher suites - Supporting authentication
• Salting - Stream - Supporting non-repudiation
• Hashing - Block • Limitations
• Key exchange • Symmetric vs. asymmetric - Speed
• Elliptic-curve cryptography • Lightweight cryptography - Size
• Perfect forward secrecy • Steganography - Weak keys
• Quantum - Audio - Time
- Communications - Video - Longevity
- Computing - Image - Predictability
• Post-quantum • Homomorphic encryption - Reuse
• Ephemeral • Common use cases - Entropy
• Modes of operation - Low power devices - Computational overheads
- Authenticated - Low latency - Resource vs. security constraints
- Unauthenticated - High resiliency
- Counter - Supporting confidentiality

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 3.0 Implementation
3.1 Given a scenario, implement secure protocols.
• Protocols - Simple Network Management • Use cases
- Domain Name System Protocol, version 3 (SNMPv3) - Voice and video
Security Extensions (DNSSEC) - Hypertext transfer protocol - Time synchronization
- SSH over SSL/TLS (HTTPS) - Email and web
- Secure/Multipurpose Internet - IPSec - File transfer
Mail Extensions (S/MIME) - Authentication header (AH)/ - Directory services
- Secure Real-time Transport Encapsulating Security - Remote access
Protocol (SRTP) Payloads (ESP) - Domain name resolution
- Lightweight Directory Access - Tunnel/transport - Routing and switching
Protocol Over SSL (LDAPS) - Post Office Protocol (POP)/ - Network address allocation
- File Transfer Protocol, Secure (FTPS) Internet Message Access Protocol (IMAP) - Subscription services
- SSH File Transfer Protocol (SFTP)

3.2 Given a scenario, implement host or application security solutions.

• Endpoint protection • Database • Hardening
- Antivirus - Tokenization - Open ports and services
- Anti-malware - Salting - Registry
- Endpoint detection - Hashing - Disk encryption
and response (EDR) • Application security - OS
- DLP - Input validations - Patch management
- Next-generation firewall (NGFW) - Secure cookies - Third-party updates
- Host-based intrusion prevention - Hypertext Transfer - Auto-update
system (HIPS) Protocol (HTTP) headers • Self-encrypting drive (SED)/
- Host-based intrusion detection - Code signing full-disk encryption (FDE)
system (HIDS) - Allow list - Opal
- Host-based firewall - Block list/deny list • Hardware root of trust
• Boot integrity - Secure coding practices • Trusted Platform Module (TPM)
- Boot security/Unified Extensible - Static code analysis • Sandboxing
Firmware Interface (UEFI) - Manual code review
- Measured boot - Dynamic code analysis
- Boot attestation - Fuzzing

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 3.0 Implementation

3.3 Given a scenario, implement secure network designs.

• Load balancing • Out-of-band management - Aggregators
- Active/active • Port security - Firewalls
- Active/passive - Broadcast storm prevention - Web application firewall (WAF)
- Scheduling - Bridge Protocol Data  - NGFW
- Virtual IP Unit (BPDU) guard - Stateful
- Persistence - Loop prevention - Stateless
• Network segmentation - Dynamic Host Configuration - Unified threat management (UTM)
- Virtual local area network (VLAN) Protocol (DHCP) snooping - Network address
- Screened subnet (previously - Media access translation (NAT) gateway
known as demilitarized zone) control (MAC) filtering - Content/URL filter
- East-west traffic • Network appliances - Open-source vs. proprietary
- Extranet - Jump servers - Hardware vs. software
- Intranet - Proxy servers - Appliance vs. host-based vs. virtual
- Zero Trust - Forward • Access control list (ACL)
• Virtual private network (VPN) - Reverse • Route security
- Always-on - Network-based intrusion detection • Quality of service (QoS)
- Split tunnel vs. full tunnel system (NIDS)/network-based • Implications of IPv6
- Remote access vs. site-to-site intrusion prevention system (NIPS) • Port spanning/port mirroring
- IPSec - Signature-based - Port taps
- SSL/TLS - Heuristic/behavior • Monitoring services
- HTML5 - Anomaly • File integrity monitors
- Layer 2 tunneling protocol (L2TP) - Inline vs. passive
• DNS - HSM
• Network access control (NAC) - Sensors
- Agent and agentless - Collectors

3.4 Given a scenario, install and configure wireless security settings.

• Cryptographic protocols - IEEE 802.1X - Controller and access point security
- WiFi Protected Access 2 (WPA2) - Remote Authentication Dial-in
- WiFi Protected Access 3 (WPA3) User Service (RADIUS) Federation
- Counter-mode/CBC-MAC • Methods
Protocol (CCMP) - Pre-shared key (PSK) vs.
- Simultaneous Authentication Enterprise vs. Open
of Equals (SAE) - WiFi Protected Setup (WPS)
• Authentication protocols - Captive portals
- Extensible Authentication • Installation considerations
Protocol (EAP) - Site surveys
- Protected Extensible - Heat maps
Authentication Protocol (PEAP) - WiFi analyzers
- EAP-FAST - Channel overlaps
- EAP-TLS - Wireless access point
- EAP-TTLS (WAP) placement

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 3.0 Implementation

3.5 Given a scenario, implement secure mobile solutions.

• Connection methods and receivers - Biometrics - Camera use
- Cellular - Context-aware authentication - SMS/Multimedia Messaging Service
- WiFi - Containerization (MMS)/Rich Communication
- Bluetooth - Storage segmentation Services (RCS)
- NFC - Full device encryption - External media
- Infrared • Mobile devices - USB On-The-Go (USB OTG)
- USB - MicroSD hardware - Recording microphone
- Point-to-point security module (HSM) - GPS tagging
- Point-to-multipoint - MDM/Unified Endpoint - WiFi direct/ad hoc
- Global Positioning System (GPS) Management (UEM) - Tethering
- RFID - Mobile application - Hotspot
• Mobile device management (MDM) management (MAM) - Payment methods
- Application management - SEAndroid • Deployment models
- Content management • Enforcement and monitoring of: - Bring your own device (BYOD)
- Remote wipe - Third-party application stores - Corporate-owned
- Geofencing - Rooting/jailbreaking personally enabled (COPE)
- Geolocation - Sideloading - Choose your own device (CYOD)
- Screen locks - Custom firmware - Corporate-owned
- Push notifications - Carrier unlocking - Virtual desktop infrastructure (VDI)
- Passwords and PINs - Firmware over-the-air (OTA) updates

3.6 Given a scenario, apply cybersecurity solutions to the cloud.

• Cloud security controls • Solutions
- High availability across zones - CASB
- Resource policies - Application security
- Secrets management - Next-generation secure
- Integration and auditing web gateway (SWG)
- Storage - Firewall considerations
- Permissions in a cloud environment
- Encryption - Cost
- Replication - Need for segmentation
- High availability - Open Systems
- Network Interconnection (OSI) layers
- Virtual networks • Cloud native controls vs.
- Public and private subnets third-party solutions
- Segmentation
- API inspection and integration
- Compute
- Security groups
- Dynamic resource allocation
- Instance awareness
- Virtual private
cloud (VPC) endpoint
- Container security

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 3.0 Implementation

3.7 Given a scenario, implement identity and

account management controls.
• Identity - Guest accounts - Access policies
- Identity provider (IdP) - Service accounts - Account permissions
- Attributes • Account policies - Account audits
- Certificates - Password complexity - Impossible travel time/risky login
- Tokens - Password history - Lockout
- SSH keys - Password reuse - Disablement
- Smart cards - Network location
• Account types - Geofencing
- User account - Geotagging
- Shared and generic - Geolocation
accounts/credentials - Time-based logins

3.8 Given a scenario, implement authentication

and authorization solutions.
• Authentication management - 802.1X - Role-based access control
- Password keys - RADIUS - Rule-based access control
- Password vaults - Single sign-on (SSO) - MAC
- TPM - Security Assertion - Discretionary access control (DAC)
- HSM Markup Language (SAML) - Conditional access
- Knowledge-based authentication - Terminal Access Controller - Privileged access management
• Authentication/authorization Access Control System Plus (TACACS+) - Filesystem permissions
- EAP - OAuth
- Challenge-Handshake - OpenID
Authentication Protocol (CHAP) - Kerberos
- Password Authentication • Access control schemes
Protocol (PAP) - Attribute-based access control (ABAC)

3.9 Given a scenario, implement public key infrastructure.

• Public key infrastructure (PKI) • Types of certificates - Privacy enhanced mail (PEM)
- Key management - Wildcard - Personal information exchange (PFX)
- Certificate authority (CA) - Subject alternative name - .cer
- Intermediate CA - Code signing - P12
- Registration authority (RA) - Self-signed - P7B
- Certificate revocation list (CRL) - Machine/computer • Concepts
- Certificate attributes - Email - Online vs. offline CA
- Online Certificate Status - User - Stapling
Protocol (OCSP) - Root - Pinning
- Certificate signing request (CSR) - Domain validation - Trust model
- CN - Extended validation - Key escrow
- Subject alternative name • Certificate formats - Certificate chaining
- Expiration - Distinguished encoding rules (DER)

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 4.0 Operations and Incident Response
4.1 Given a scenario, use the appropriate tool to
assess organizational security.
• Network reconnaissance and discovery - scanless - OpenSSL
- tracert/traceroute - dnsenum • Packet capture and replay
- nslookup/dig - Nessus - Tcpreplay
- ipconfig/ifconfig - Cuckoo - Tcpdump
- nmap • File manipulation - Wireshark
- ping/pathping - head • Forensics
- hping - tail - dd
- netstat - cat - Memdump
- netcat - grep - WinHex
- IP scanners - chmod - FTK imager
- arp - logger - Autopsy
- route • Shell and script environments • Exploitation frameworks
- curl - SSH • Password crackers
- theHarvester - PowerShell • Data sanitization
- sn1per - Python

4.2 Summarize the importance of policies, processes,

and procedures for incident response.
• Incident response plans • Exercises • Stakeholder management
• Incident response process - Tabletop • Communication plan
- Preparation - Walkthroughs • Disaster recovery plan
- Identification - Simulations • Business continuity plan
- Containment • Attack frameworks • Continuity of operations planning (COOP)
- Eradication - MITRE ATT&CK • Incident response team
- Recovery - The Diamond Model of • Retention policies
- Lessons learned Intrusion Analysis
- Cyber Kill Chain

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 4.0 Operations and Incident Response

4.3 Given an incident, utilize appropriate data

sources to support an investigation.
• Vulnerability scan output - Security • Metadata
• SIEM dashboards - Web - Email
- Sensor - DNS - Mobile
- Sensitivity - Authentication - Web
- Trends - Dump files - File
- Alerts - VoIP and call managers • Netflow/sFlow
- Correlation - Session Initiation Protocol (SIP) traffic - Netflow
• Log files • syslog/rsyslog/syslog-ng - sFlow
- Network • journalctl - IPFIX
- System • NXLog • Protocol analyzer output
- Application • Bandwidth monitors

4.4 Given an incident, apply mitigation techniques

or controls to secure an environment.
• Reconfigure endpoint security solutions • Isolation
- Application approved list • Containment
- Application blocklist/deny list • Segmentation
- Quarantine • SOAR
• Configuration changes - Runbooks
- Firewall rules - Playbooks
- MDM
- DLP
- Content filter/URL filter
- Update or revoke certificates

4.5 Explain the key aspects of digital forensics.

• Documentation/evidence • Acquisition • On-premises vs. cloud
- Legal hold - Order of volatility - Right-to-audit clauses
- Video - Disk - Regulatory/jurisdiction
- Admissibility - Random-access memory (RAM) - Data breach notification laws
- Chain of custody - Swap/pagefile • Integrity
- Timelines of sequence of events - OS - Hashing
- Time stamps - Device - Checksums
- Time offset - Firmware - Provenance
- Tags - Snapshot • Preservation
- Reports - Cache • E-discovery
- Event logs - Network • Data recovery
- Interviews - Artifacts • Non-repudiation
• Strategic intelligence/
counterintelligence

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 5.0 Governance, Risk, and Compliance
5.1 Compare and contrast various types of controls.
• Category • Control type - Deterrent
- Managerial - Preventive - Compensating
- Operational - Detective - Physical
- Technical - Corrective

5.2 Explain the importance of applicable regulations, standards, or

frameworks that impact organizational security posture.
• Regulations, standards, and legislation and Technology (NIST) Risk - Cloud control matrix
- General Data Protection Management Framework (RMF)/ - Reference architecture
Regulation (GDPR) Cybersecurity Framework • Benchmarks /secure
- National, territory, or state laws (CSF) configuration guides
- Payment Card Industry Data - International Organization - Platform/vendor-specific guides
Security Standard (PCI DSS) for Standardization (ISO) - Web server
• Key frameworks 27001/27002/27701/31000 - OS
- Center for Internet Security (CIS) - SSAE SOC 2 Type I/II - Application server
- National Institute of Standards - Cloud security alliance - Network infrastructure devices

5.3 Explain the importance of policies to organizational security.

• Personnel - Computer-based training (CBT) • Data
- Acceptable use policy - Role-based training - Classification
- Job rotation • Diversity of training techniques - Governance
- Mandatory vacation • Third-party risk management - Retention
- Separation of duties - Vendors • Credential policies
- Least privilege - Supply chain - Personnel
- Clean desk space - Business partners - Third-party
- Background checks - Service level agreement (SLA) - Devices
- Non-disclosure agreement (NDA) - Memorandum of - Service accounts
- Social media analysis understanding (MOU) - Administrator/root accounts
- Onboarding - Measurement systems analysis (MSA) • Organizational policies
- Offboarding - Business partnership agreement (BPA) - Change management
- User training - End of life (EOL) - Change control
- Gamification - End of service life (EOSL) - Asset management
- Capture the flag - NDA
- Phishing campaigns
- Phishing simulations

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
 5.0 Governance, Risk, and Compliance

5.4 Summarize risk management processes and concepts.

• Risk types - Risk control self-assessment • Disasters
- External - Risk awareness - Environmental
- Internal - Inherent risk - Person-made
- Legacy systems - Residual risk - Internal vs. external
- Multiparty - Control risk • Business impact analysis
- IP theft - Risk appetite - Recovery time objective (RTO)
- Software compliance/licensing - Regulations that affect risk posture - Recovery point objective (RPO)
• Risk management strategies - Risk assessment types - Mean time to repair (MTTR)
- Acceptance - Qualitative - Mean time between failures (MTBF)
- Avoidance - Quantitative - Functional recovery plans
- Transference - Likelihood of occurrence - Single point of failure
- Cybersecurity insurance - Impact - Disaster recovery plan (DRP)
- Mitigation - Asset value - Mission essential functions
• Risk analysis - Single-loss expectancy (SLE) - Identification of critical systems
- Risk register - Annualized loss expectancy (ALE) - Site risk assessment
- Risk matrix/heat map - Annualized rate of occurrence (ARO)
- Risk control assessment

5.5 Explain privacy and sensitive data concepts in relation to security.

• Organizational consequences - Personally identifiable • Information life cycle
of privacy and data breaches information (PII) • Impact assessment
- Reputation damage - Health information • Terms of agreement
- Identity theft - Financial information • Privacy notice
- Fines - Government data
- IP theft - Customer data
• Notifications of breaches • Privacy enhancing technologies
- Escalation - Data minimization
- Public notifications and disclosures - Data masking
• Data types - Tokenization
- Classifications - Anonymization
- Public - Pseudo-anonymization
- Private • Roles and responsibilities
- Sensitive - Data owners
- Confidential - Data controller
- Critical - Data processor
- Proprietary - Data custodian/steward
- Data protection officer (DPO)

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
Security+ (SY0-601) Acronym List

The following is a list of acronyms that appear on the CompTIA

Security+ exam. Candidates are encouraged to review the complete
list and attain a working knowledge of all listed acronyms as
part of a comprehensive exam preparation program.
ACRONYM DEFINITION ACRONYM DEFINITION
3DES Triple Data Encryption Standard CAR Corrective Action Report
AAA Authentication, Authorization, and Accounting CASB Cloud Access Security Broker
ABAC Attribute-based Access Control CBC Cipher Block Chaining
ACL Access Control List CBT Computer-based Training
AD Active Directory CCMP Counter-Mode/CBC-MAC Protocol
AES Advanced Encryption Standard CCTV Closed-Circuit Television
AES256 Advanced Encryption Standards 256bit CERT Computer Emergency Response Team
AH Authentication Header CFB Cipher Feedback
AI Artificial Intelligence CHAP Challenge-Handshake Authentication Protocol
AIS Automated Indicator Sharing CI/CD Continuous Integration/Continuous Delivery
ALE Annualized Loss Expectancy CIO Chief Information Officer
AP Access Point CIRT Computer Incident Response Team
API Application Programming Interface CIS Center for Internet Security
APT Advanced Persistent Threat CMDB Configuration Management Database
ARO Annualized Rate of Occurrence CMS Content Management System
ARP Address Resolution Protocol CN Common Name
ASLR Address Space Layout Randomization COOP Continuity of Operations Planning
ASP Active Server Pages COPE Corporate-owned Personally Enabled
ATT&CK Adversarial Tactics, Techniques, CP Contingency Planning
and Common Knowledge CPU Central Processing Unit
AUP Acceptable Use Policy CRC Cyclic Redundancy Check
AV Antivirus CRL Certificate Revocation List
BASH Bourne Again Shell CSA Cloud Security Alliance
BCP Business Continuity Planning CSIRT Computer Security Incident Response Team
BGP Border Gateway Protocol CSO Chief Security Officer
BIA Business Impact Analysis CSP Cloud Service Provider
BIOS Basic Input/Output System CSR Certificate Signing Request
BPA Business Partnership Agreement CSRF Cross-Site Request Forgery
BPDU Bridge Protocol Data Unit CSU Channel Service Unit
BSSID Basic Service Set Identifier CTM Counter-Mode
BYOD Bring Your Own Device CTO Chief Technology Officer
CA Certificate Authority CVE Common Vulnerabilities and Exposures
CAPTCHA Completely Automated Public Turing CVSS Common Vulnerability Scoring System
Test to Tell Computers and Humans Apart CYOD Choose Your Own Device
DAC Discretionary Access Control

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
ACRONYM DEFINITION ACRONYM DEFINITION
DBA Database Administrator HIPS Host-based Intrusion Prevention System
DDoS Distributed Denial-of-Service HMAC Hash-based Message Authentication Code
DEP Data Execution Prevention HOTP HMAC-based One-time Password
DER Distinguished Encoding Rules HSM Hardware Security Module
DES Data Encryption Standard HSMaaS Hardware Security Module as a Service
DHCP Dynamic Host Configuration Protocol HTML Hypertext Markup Language
DHE Diffie-Hellman Ephemeral HTTP Hypertext Transfer Protocol
DKIM Domain Keys Identified Mail HTTPS Hypertext Transfer Protocol Secure
DLL Dynamic-link Library HVAC Heating, Ventilation, Air Conditioning
DLP Data Loss Prevention IaaS Infrastructure as a Service
DMARC Domain Message Authentication IAM Identity and Access Management
Reporting and Conformance ICMP Internet Control Message Protocol
DNAT Destination Network Address Translation ICS Industrial Control Systems
DNS Domain Name System IDEA International Data Encryption Algorithm
DNSSEC Domain Name System Security Extensions IDF Intermediate Distribution Frame
DoS Denial-of-Service IdP Identity Provider
DPO Data Protection Officer IDS Intrusion Detection System
DRP Disaster Recovery Plan IEEE Institute of Electrical and Electronics Engineers
DSA Digital Signature Algorithm IKE Internet Key Exchange
DSL Digital Subscriber Line IM Instant Messaging
EAP Extensible Authentication Protocol IMAP4 Internet Message Access Protocol v4
ECB Electronic Code Book IoC Indicators of Compromise
ECC Elliptic-curve Cryptography IoT Internet of Things
ECDHE Elliptic-curve Diffie-Hellman Ephemeral IP Internet Protocol
ECDSA Elliptic-curve Digital Signature Algorithm IPS Intrusion Prevention System
EDR Endpoint Detection and Response IPSec Internet Protocol Security
EFS Encrypted File System IR Incident Response
EIP Extended Instruction Pointer IRC Internet Relay Chat
EOL End of Life IRP Incident Response Plan
EOS End of Service ISA Interconnection Security Agreement
ERP Enterprise Resource Planning ISFW Internal Segmentation Firewall
ESN Electronic Serial Number ISO International Organization for Standardization
ESP Encapsulating Security Payload ISP Internet Service Provider
ESSID Extended Service Set Identifier ISSO Information Systems Security Officer
FACL File System Access Control List ITCP IT Contingency Plan
FDE Full Disk Encryption IV Initialization Vector
FIM File Integrity Monitoring JSON JavaScript Object Notation
FPGA Field Programmable Gate Array KDC Key Distribution Center
FRR False Rejection Rate KEK Key Encryption Key
FTP File Transfer Protocol L2TP Layer 2 Tunneling Protocol
FTPS Secured File Transfer Protocol LAN Local Area Network
GCM Galois/Counter Mode LDAP Lightweight Directory Access Protocol
GDPR General Data Protection Regulation LEAP Lightweight Extensible Authentication Protocol
GPG GNU Privacy Guard MaaS Monitoring as a Service
GPO Group Policy Object MAC Media Access Control
GPS Global Positioning System MAM Mobile Application Management
GPU Graphics Processing Unit MAN Metropolitan Area Network
GRE Generic Routing Encapsulation MBR Master Boot Record
HA High Availability MD5 Message Digest 5
HDD Hard Disk Drive MDF Main Distribution Frame
HIDS Host-based Intrusion Detection System MDM Mobile Device Management

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
ACRONYM DEFINITION ACRONYM DEFINITION
MFA Multifactor Authentication PAP Password Authentication Protocol
MFD Multifunction Device PAT Port Address Translation
MFP Multifunction Printer PBKDF2 Password-based Key Derivation Function 2
ML Machine Learning PBX Private Branch Exchange
MMS Multimedia Message Service PCAP Packet Capture
MOA Memorandum of Agreement PCI DSS Payment Card Industry Data Security Standard
MOU Memorandum of Understanding PDU Power Distribution Unit
MPLS Multiprotocol Label Switching PE Portable Executable
MSA Measurement Systems Analysis PEAP Protected Extensible Authentication Protocol
MS-CHAP Microsoft Challenge-Handshake PED Portable Electronic Device
Authentication Protocol PEM Privacy Enhanced Mail
MSP Managed Service Provider PFS Perfect Forward Secrecy
MSSP Managed Security Service Provider PGP Pretty Good Privacy
MTBF Mean Time Between Failures PHI Personal Health Information
MTTF Mean Time to Failure PII Personally Identifiable Information
MTTR Mean Time to Repair PIN Personal Identification Number
MTU Maximum Transmission Unit PIV Personal Identity Verification
NAC Network Access Control PKCS Public Key Cryptography Standards
NAS Network-attached Storage PKI Public Key Infrastructure
NAT Network Address Translation PoC Proof of Concept
NDA Non-disclosure Agreement POP Post Office Protocol
NFC Near-field Communication POTS Plain Old Telephone Service
NFV Network Function Virtualization PPP Point-to-Point Protocol
NGFW Next-generation Firewall PPTP Point-to-Point Tunneling Protocol
NG-SWG Next-generation Secure Web Gateway PSK Preshared Key
NIC Network Interface Card PTZ Pan-Tilt-Zoom
NIDS Network-based Intrusion Detection System PUP Potentially Unwanted Program
NIPS Network-based Intrusion Prevention System QA Quality Assurance
NIST National Institute of Standards & Technology QoS Quality of Service
NOC Network Operations Center RA Registration Authority
NTFS New Technology File System RAD Rapid Application Development
NTLM New Technology LAN Manager RADIUS Remote Authentication Dial-in User Service
NTP Network Time Protocol RAID Redundant Array of
NTPSec Network Time Protocol Secure Independent (or Inexpensive) Disks
OCSP Online Certificate Status Protocol RAM Random Access Memory
OID Object Identifier RAS Remote Access Server
OS Operating System RAT Remote Access Trojan
OSI Open Systems Interconnection RC4 Rivest Cipher version 4
OSINT Open-source Intelligence RCS Rich Communication Services
OSPF Open Shortest Path First RDP Remote Desktop Protocol
OT Operational Technology RFC Request for Comments
OTA Over-The-Air RFI Remote File Inclusion
OTG On-The-Go RFID Radio Frequency Identification
OVAL Open Vulnerability and Assessment Language RIPEMD RACE Integrity Primitives
OWASP Open Web Application Security Project Evaluation Message Digest
P12 PKCS #12 ROI Return on Investment
P2P Peer-to-Peer RPO Recovery Point Objective
PaaS Platform as a Service RSA Rivest, Shamir, & Adleman
PAC Proxy Auto Configuration RTBH Remotely Triggered Black Hole
PAM Privileged Access Management RTO Recovery Time Objective
PAM Pluggable Authentication Modules RTOS Real-time Operating System

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
ACRONYM DEFINITION ACRONYM DEFINITION
RTP Real-time Transport Protocol TACACS+ Terminal Access Controller Access Control System
S/MIME Secure/Multipurpose Internet Mail Extensions TAXII Trusted Automated eXchange
SaaS Software as a Service of Intelligence Information
SAE Simultaneous Authentication of Equals TCP Transmission Control Protocol
SAML Security Assertions Markup Language TCP/IP Transmission Control Protocol/Internet Protocol
SAN Storage Area Network TGT Ticket Granting Ticket
SCADA Supervisory Control and Data Acquisition TKIP Temporal Key Integrity Protocol
SCAP Security Content Automation Protocol TLS Transport Layer Security
SCEP Simple Certificate Enrollment Protocol TOTP Time-based One Time Password
SDK Software Development Kit TPM Trusted Platform Module
SDLC Software Development Life Cycle TSIG Transaction Signature
SDLM Software Development Life-cycle Methodology TTP Tactics, Techniques, and Procedures
SDN Software-defined Networking UAT User Acceptance Testing
SDP Service Delivery Platform UDP User Datagram Protocol
SDV Software-defined Visibility UEBA User and Entity Behavior Analytics
SED Self-Encrypting Drives UEFI Unified Extensible Firmware Interface
SEH Structured Exception Handling UEM Unified Endpoint Management
SFTP SSH File Transfer Protocol UPS Uninterruptible Power Supply
SHA Secure Hashing Algorithm URI Uniform Resource Identifier
SIEM Security Information and Event Management URL Universal Resource Locator
SIM Subscriber Identity Module USB Universal Serial Bus
SIP Session Initiation Protocol USB OTG USB On-The-Go
SLA Service-level Agreement UTM Unified Threat Management
SLE Single Loss Expectancy UTP Unshielded Twisted Pair
SMB Server Message Block VBA Visual Basic for Applications
S/MIME Secure/Multipurpose Internet Mail Extensions VDE Virtual Desktop Environment
SMS Short Message Service VDI Virtual Desktop Infrastructure
SMTP Simple Mail Transfer Protocol VLAN Virtual Local Area Network
SMTPS Simple Mail Transfer Protocol Secure VLSM Variable-length Subnet Masking
SNMP Simple Network Management Protocol VM Virtual Machine
SOAP Simple Object Access Protocol VoIP Voice over IP
SOAR Security Orchestration, Automation, Response VPC Virtual Private Cloud
SoC System on Chip VPN Virtual Private Network
SOC Security Operations Center VTC Video Teleconferencing
SOX Sarbanes Oxley Act WAF Web Application Firewall
SPF Sender Policy Framework WAP Wireless Access Point
SPIM Spam over Instant Messaging WEP Wired Equivalent Privacy
SQL Structured Query Language WIDS Wireless Intrusion Detection System
SQLi SQL Injection WIPS Wireless Intrusion Prevention System
SRTP Secure Real-time Transport Protocol WLAN Wireless Local Area Network
SSD Solid State Drive WORM Write Once Read Many
SSH Secure Shell WPA WiFi Protected Access
SSID Service Set Identifier WPS WiFi Protected Setup
SSL Secure Sockets Layer XaaS Anything as a Service
SSO Single Sign-on XML Extensible Markup Language
SSRF Server-side Request Forgery XOR Exclusive OR
STIX Structured Threat Information eXpression XSRF Cross-site Request Forgery
STP Shielded Twisted Pair XSS Cross-site Scripting
SWG Secure Web Gateway

CompTIA Security+ SY0-601 Certification Exam: Exam Objectives Version 6.0

Copyright © 2019 CompTIA Properties, LLC. All rights reserved.
Security+ Proposed Hardware and Software List

CompTIA has included this sample list of hardware and software to assist candidates
as they prepare for the Security+ exam. This list may also be helpful for training
companies that wish to create a lab component for their training offering.
The bulleted lists below each topic are sample lists and are not exhaustive.

HARDWARE SOFTWARE OTHER

• Laptop with Internet access • Virtualization software • Access to a CSP
• Separate wireless NIC • Penetration testing OS/distributions
• WAP (e.g., Kali Linux, Parrot OS)
• Firewall • SIEM
• UTM • Wireshark
• Mobile device • Metasploit
• Server/cloud server • tcpdump
• IoT devices

© 2019 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such
programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally.
Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduction
or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 007330-Dec2019