CompuTIA Security+

CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the fastest-growing fields in IT.

CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in:

  • Network security
  • Compliance and operational security
  • Threats and vulnerabilities
  • Application, data and host security
  • Access control and identity management
  • Cryptography

CompTIA Security+ not only ensures that candidates will apply knowledge of security concepts, tools, and procedures to react to security incidents, it ensures that security personnel are anticipating security risks and guarding against them.

Candidate job roles include security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator, and network administrator. Organizations that employ CompTIA Security+ certified staff include Hitachi Information Systems (Japan), Trendmicro (Philippines), Lockheed Martin, the U.S. State Department, Prestariang Systems Sdn. Bhd. (Malaysia) and U.S. government contractors such as EDS, General Dynamics and Northrop Grumman. CompTIA Security+ is one of the options for certifications required by the U.S. Department of Defense, for military personnel or military contractors engaged in information assurance activities.

The CompTIA Security+ certification is accredited by the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI).The CompTIA Security+ certification may be kept current through the CompTIA Continuing Education program.

Exam Info

Exam codes: SY0-301 or JK0-018
Format: Conventional multiple choice
Number of questions: 100
Passing Score: 750 (scale 100 – 900)
Exam objectives
Official Sample Questions

Sponsored Links – Try a free video today!

PrepLogic – Free Security+ Practice Exams!

Practice Exams

CompTIA Security+ – 50 questions
CompTIA Security+ Identifying Well-known ports – 20 questions


Access Control
Covers access control, access control models, DAC, MAC, and RBAC.

Covers username/password, CHAP, certificates, Kerberos, mutual authentication, biometrics, tokens, and smartcard authentication.

Covers the different type of attackers, their level of skills and resources, and their motivation.

DoS Attacks
Covers the concept of Denial of Service attacks and Distributed Denial of Service attacks, including a technical overview of the most common type of DoS attacks such as TCP SYN, UDP flooding and Smurfing.

Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.

Covers password, replay, back doors, Man-in-the-Middle, TCP Hijacking, mathematical, birthday, weak keys, and software exploitation attacks.

Social Engineering Attacks
Covers the human aspect of security.

Email Security
Covers S/MIME, message encryption and digital signatures, PGP, SPAM, relaying and reverse lookups.

Remote Access Technologies
Covers remote access services, PPP, VPNs, tunneling, IPSec, SSH, L2TP, PPTP, 802.1x, RADIUS, and TACACS.

Internet Security
Covers Internet security, Intranet, Extranet, SSL, HTTPS, S-HTTP, TLS, SFTP, Blind/anonymous FTP, ActiveX, CGI, Java script, Java, signed applets, cookies, buffer overflows, and instant messaging.

Malicious Code
Covers viruses, Trojan Horses, back door attacks, worms and logic bombs.

Network Devices
Covers security concerns of using switches, routers, PBXs, firewalls, NAT, and mobile devices, as well as security zones such as DMZ and VLANs.

Network and Storage Media*
Covers security concerns of coaxial, UTP, STP, and fiber optic cabling, and removable media such as diskettes, CDs, hard drives, flashcards, tapes, and smartcards.

Wireless Network Security
Covers 802.11x, WEP, WAP, WTLS, vulnerabilities and various related wireless security technologies.

Intrusion Detection Systems (IDS)
Covers intrusion detection systems concepts and characteristics. Passive vs Active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.

Physical Security
Covers physical security aspects such as physical barriers, access controls, environmental security, shielding, and fire suppression.

Risk Identification
Covers asset identification, vulnerability assessment, threat identification, and risk identication.

Covers computer forensics, identification and collection of evidence, preservation of evidence, and chain of custody.

Recommended Books

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s