CompTIA Security+

The Security+ CBK Domains: Outline and key points

March 2, 2021 by Greg Belding

Change is constant, and this extends to certifications like CompTIA’s Security+. CompTIA releases a new version of their certification exams every three years with new and updated content, material and sometimes organization. On Nov. 12, 2020, the latest version of the Security+ certification exam, SY0-601, was released. This new version contains changes made to the common body of knowledge, or CBK, domains. We’ll explore the Security+ CBK domains on the SY0-601 exam and will dive into the new updates to the Security+ domains, what the domains will cover and other useful information about the content of the latest Security+ certification exam.

New exam version, new domain lineup

From the big picture view of things, there has been a roughly 25% change in Security+ certification exam material in SY0-601 versus what was in SY0-501. We now have five domains and the CBK has gained an increased focus on cyberthreats, governance and operations concepts. Below is the Security+ domain lineup for the SY0-601 exam:

  • 1.0 Attacks, threats and vulnerabilities
  • 2.0 Architecture and design
  • 3.0 Implementation
  • 4.0 Operations and incident response
  • 5.0 Governance, risk and compliance

This is a substantial departure from the domains covered by the SY0-501 exam:

  • 1.0 Threats, attacks and vulnerabilities
  • 2.0 Technologies and tools
  • 3.0 Architecture and design
  • 4.0 Identity and access management
  • 5.0 Risk management
  • 6.0 Cryptography and PKI

The new version of Security+ has one less domain than the SY0-501 exam, but the changes go far deeper than Tools and Technologies disappearing. There has been a move from risk management to governance and compliance, and a new focus on operations and incident response.

1.0 Attacks, threats and vulnerabilities

This domain contains the following objectives:

  • 1.1 Compare and contrast different types of social engineering techniques
  • 1.2 Given a scenario, analyze potential indicators to determine the type of attack
  • 1.3 Given a scenario, analyze potential indicators associated with application attacks
  • 1.4 Given a scenario, analyze potential indicators associated with network attacks
  • 1.5 Explain different threat actors, vectors and intelligence sources
  • 1.6 Explain the security concerns associated with various types of vulnerabilities
  • 1.7 Summarize the techniques used in security assessments
  • 1.8 Explain the techniques used in penetration testing

What would modern security be without attacks, threats and vulnerabilities? This domain will test you on the knowledge of contemporary techniques such as social engineering, the ability to determine what kind of attack occurred and the techniques required for security assessments and penetration testing.

2.0 Architecture and design

  • 2.1 Explain the importance of security concepts in an enterprise environment
  • 2.2 Summarize virtualization and cloud computing concepts
  • 2.3 Summarize secure application development, deployment and automation concepts
  • 2.4 Summarize authentication and authorization design concepts
  • 2.5 Given a scenario, implement cybersecurity resilience
  • 2.6 Explain the security implication of embedded and specialized systems
  • 2.7 Explain the importance of physical security controls
  • 2.8 Summarize the basics of cryptographic concepts

The architecture and design of the environment that the security is in is as important as the foundations of information security. Concepts such as enterprise environment, cloud computing, embedded and specialized systems and virtualization will impact the security decisions that you make for an organization that will be materialized during implementation. This domain also does a solid job coving resilience implementation for different scenarios.

3.0 Implementation

  • 3.1 Given a scenario, implement secure protocols
  • 3.2 Given a scenario, implement host or application security solutions
  • 3.3 Given a scenario, implement security network designs
  • 3.4 Given a scenario, install and configure wireless security settings
  • 3.5 Given a scenario, implement secure mobile solutions
  • 3.6 Given a scenario, apply cybersecurity solutions to the cloud
  • 3.7 Given a scenario, implement identity and account management controls
  • 3.8 Given a scenario, implement authentication and authorization solutions
  • 3.9 Given a scenario, implement public key infrastructure

Many layers of implementation need to occur before you reach the state of security that you are looking for at your organization. This domain hits every one of those layers and it is nice to see implementation finally get its own domain, as it is the active force that turns security concepts into security reality.

4.0 Operations and incident response

  • 4.1 Given a scenario, use the appropriate tool to access organizational security
  • 4.2 Summarize the importance of policies, processes and procedures for incident response
  • 4.3 Given an incident, utilize appropriate data sources to support an investigation
  • 4.4 Given an incident, apply mitigation techniques or controls to secure an environment
  • 4.5 Explain the key aspects of digital forensics

Part new CBK, partly reused CBK taken from other domains on SY0-501, this domain gives a good treatise on security from an operations standpoint, including policies, procedures and tools. This knowledge is necessary for understating how to apply security to various real-world scenarios from an operations perspective. This information is buttressed by incident response, investigation and mitigation techniques.

5.0 Governance, risk and compliance

  • 5.1 Compare and contrast various types of controls
  • 5.2 Explain the importance of applicable regulations, standards or frameworks that impact the organizational security posture
  • 5.3 Explain the importance of policies to organizational security
  • 5.4 Summarize risk management processes and concepts
  • 5.5 Explain privacy and sensitive data concepts concerning security

SY0-601 departs from the domain roadmap of the past and combines governance and compliance concepts with the former risk management domain to form a “supergroup” of sorts. Candidates will find that this expansion of CBK in this domain makes the exam more applicable to the real world as these concepts naturally play off of each other. It covers security controls, security standards and frameworks, organizational security policies, risk management and security-minded data privacy and sensitive data concepts.

Traversing the changes

The new Security+ certification exam, SY0-601, has changed its CBK coverage to include cyberthreat, governance and operations concepts from a security perspective. One domain has been dropped, leaving us with five. Do not let the drop in the number of domains fool you — the exam could be more difficult as there is more material covered now, with an increased focus on governance and operations concepts.



1. CompTIA Security+ Certification Exam Objectives – Exam Number: SY0-601.

Posted: March 2, 2021
Articles Author
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.

Leave a Reply

Your email address will not be published. Required fields are marked *