What is it?
CompTIA Security+ is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career.
Why is it different?
• More choose Security+ – chosen by more corporations and defense organizations than any other certification on the market to validate core security skills and for fulfilling DoD 8570 compliance.
• Security+ proves hands-on skills – the only baseline cybersecurity certification emphasizing vendor-neutral, hands-on practical skills, ensuring the security professional is better prepared to problem solve a wider variety of today’s complex issues.
• More job roles turn to Security+ to supplement skills – baseline cybersecurity skills are applicable across more of today’s job roles to secure systems, software and hardware.
• Security+ is aligned to the latest trends and techniques – covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls, ensuring high-performance on the job.
About the exam
CompTIA Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. Security+ incorporates best practices in hands-on troubleshooting, ensuring candidates have practical security problem-solving skills required to:
• Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
• Monitor and secure hybrid environments, including cloud, mobile, and IoT
• Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance
• Identify, analyze, and respond to security events and incidents
What’s in this Version?
Cybersecurity attacks continue to grow. Increasingly, more job roles are tasked with baseline security readiness and response to address today’s threats. Updates to Security+ reflect skills relevant to these job roles and prepare candidates to be more proactive in preventing the next attack
New updates to the Security+ exam domains:
• Attacks, Threats and Vulnerabilities – Includes updated coverage of the latest threats, attacks, and vulnerabilities, such as IoT device weaknesses, newer DDoS attacks, and social engineering techniques based on current events.
• Architecture and Design - Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks.
• Implementation – Has been expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security.
• Operations and Incident Response - Includes organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics.
• Governance, Risk, and Compliance - Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.
CompTIA Certification Pathway
CompTIA certifications align with the skillsets needed to support and manage cybersecurity.Enter where appropriate for you. Consider your experience and existing certifications or course of study.
Technical Areas Covered in the Certification
Attacks, Threats and Vulnerabilities
• Compare and contrast different types of social engineering techniques
• Analyze potential indicators to determine the type of attack
• Explain different threat actors, vectors, and intelligence sources
• Explain security concerns associated with various types of vulnerabilities
• Summarize techniques used in security assessments
• Explain techniques used in penetration testing
Architecture and Design
• Explain importance of security concepts in an enterprise environment
• Summarize virtualization and cloud computing concepts, secure application development, deployment, and automation concepts
• Summarize authentication and authorization design concepts and the basics of cryptographic concepts
• Given a scenario, implement cybersecurity resilience
• Explain security implications of embedded and specialized systems and physical security controls
• Given a scenario, implement secure protocols, host or application security solutions, and secure network designs
• Comprehend how to install and configure wireless security settings and how to apply cybersecurity solutions to the cloud
• Given a scenario, implement authentication and authorization solutions and identity and account management controls
• Understand implementing public key infrastructure (PKI)
Operations and Incident Response
• Given a scenario, use appropriate tool to assess organizational security
• Summarize importance of policies, processes, and procedures for incident response
• Given an incident, utilize appropriate data sources to support investigations
• Given an incident, apply mitigation techniques or controls to secure an environment
• Explain key aspects of digital forensics
Governance, Risk and Compliance
• Compare and contrast various types of controls
• Explain importance of applicable regulations, standards, or frameworks that impact organizational security posture
• Explain importance of policies to organizational security
• Summarize risk management processes and concepts
• Explain privacy and sensitive data concepts in relation to security
How does Security+ Compare to Alternatives?
Top Security+ Job Roles
• Security Administrator
• Systems Administrator
• Helpdesk Manager / Analyst
• Security Analyst
• Network / Cloud Engineer
• IT Auditors
• Security Engineer
• IT Project Manager
• Security Officer
• Information Security Manager
• DevOps / Software Developer
• Security Architect
Organizations that have contributed to the development of Security+
• Target Corp.
• U.S. Navy Center for Information Dominance
• Johns Hopkins University Applied Physics Laboratory
• General Dynamics IT (GDIT)
• Max Life Insurance
• Southeastern Louisiana University
• University of Redlands
• Spire Inc.
• Australian Information Security Association / Deakin University
Official CompTIA Content for Security+
Learn with CompTIA
Official CompTIA Content is the only study material exclusively developed by CompTIA for the CompTIA certification candidate; no other content library covers all exam objectives for all certifications. CompTIA learning products have been developed with our Official CompTIA Content to help you prepare for your CompTIA certification exams with confidence. Learners now have everything they need to learn the material and ensure they are prepared for the exam and their career.
Online Learning with CompTIA
Whether you are just starting to prepare and need comprehensive training with CertMaster Learn, want to apply your knowledge hands-on with CompTIA Labs, need a final review with CertMaster Practice, or need to renew your certification upon expiration with CertMaster CE, CompTIA’s online training tools have you covered.