CompTIA Security+ (SY0-701) Exam Topics & Domains

What's actually on the SY0-701 exam — the five domains, their weightings, and what each one really tests — in plain language.

Entry-levelCybersecuritySY0-701
⏱️ 10 min read

Before you memorise a single fact, it pays to know the shape of the exam — which topics carry the most weight, and what each one is really asking you to do.

In short: The CompTIA Security+ SY0-701 exam covers five domains: General Security Concepts (12%), Threats, Vulnerabilities & Mitigations (22%), Security Architecture (18%), Security Operations (28%), and Security Program Management & Oversight (20%). Security Operations is the largest, so it deserves the most study time.

The five domains at a glance

SY0-701 is organised into five topic areas, each worth a fixed share of the exam. The percentages tell you where to spend your time: Security Operations alone is more than a quarter of the exam, and together with Threats and Program Management it makes up 70% of everything you'll be asked.

CompTIA Security+ SY0-701 domains and their published exam weightings.
DomainWeightWhat it really tests
1. General Security Concepts12%Core vocabulary: the CIA triad, security control types (technical, managerial, operational, physical), the AAA model, zero trust, and basic cryptography ideas.
2. Threats, Vulnerabilities & Mitigations22%Threat actors and their motives, social-engineering and malware types, common vulnerabilities, indicators of an attack, and how to mitigate them.
3. Security Architecture18%Designing secure networks and systems: segmentation, secure protocols, cloud and virtualization concepts, resilience, and protecting data at rest and in transit.
4. Security Operations28%The day-to-day work: hardening, identity and access management, monitoring and logging, vulnerability management, and incident response. The largest domain.
5. Security Program Management & Oversight20%Governance, risk management, third-party/vendor risk, compliance, security policies, and how audits and awareness programs fit together.
🔑 Where to spend your time

If you're short on time, front-load Domain 4 (Security Operations, 28%) and Domain 2 (Threats, 22%). They are both the heaviest-weighted and the most hands-on, so studying them pays back twice.

How the exam is structured

The exam uses multiple-choice and a small number of performance-based questions (interactive tasks). It commonly includes up to about 90 questions and runs for 90 minutes. The reported passing score is 750 on a scaled range of 100–900 — but that scale is not a simple percentage, so treat any practice percentage as a study signal, not a predicted exam score.

⚠️ About the exam version

SY0-701 is the current version at the time of writing. CompTIA periodically refreshes the exam (a newer code adds more AI-related content); always confirm the current exam code and published objectives on CompTIA's certification site before you book.

✅ Key takeaways
  • SY0-701 has five domains; Security Operations (28%) is the biggest.
  • Domains 2, 4 and 5 together are 70% of the exam — prioritise them.
  • Passing is 750 on a 100–900 scale; a practice percentage is only a study signal.

Frequently asked questions

How many domains are on the Security+ SY0-701 exam?

Five: General Security Concepts (12%), Threats, Vulnerabilities & Mitigations (22%), Security Architecture (18%), Security Operations (28%), and Security Program Management & Oversight (20%).

What is the passing score for Security+ SY0-701?

The reported passing score is 750 on a scaled range of 100–900. Because the scale is not a straight percentage, a raw practice percentage does not translate directly to the scaled score.

Which Security+ domain is the most important to study?

Domain 4, Security Operations, is the largest at 28% of the exam, followed by Domain 2, Threats, Vulnerabilities & Mitigations, at 22%.

Ready to test yourself under exam-style conditions?
Try the full Security+ practice exam →

Independent study resource. Not affiliated with, authorized, endorsed by, or sponsored by CompTIA, Amazon Web Services, Microsoft, or ISC2. All trademarks are the property of their respective owners and are used here for identification only. All practice questions are original.