SY0-701 - CompTIA Security+ Cheat Sheet

🎯Take a practice test on this topic9 practice tests · 610 questions→

This sheet maps the CompTIA Security+ SY0-701 (V7) exam, the vendor-neutral baseline certification for core cybersecurity roles. It covers all five domains weighted exactly as CompTIA publishes them: General Security Concepts (12%), Threats, Vulnerabilities, and Mitigations (22%), Security Architecture (18%), Security Operations (28%), and Security Program Management and Oversight (20%). Security+ is performance-based and concept-heavy, so the highest-leverage move is to learn each control, attack, and process by its purpose and the situation that calls for it, not by memorizing definitions. Where CompTIA grades to a specific framework, this sheet uses the body's terminology and the NIST publications the exam is built on.

What This Cheat Sheet Covers

This topic spans 29 focused tables and 561 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Security Control Categories and TypesTable 2: Fundamental Security Concepts: CIA, AAA, Zero Trust, DeceptionTable 3: Change ManagementTable 4: Cryptographic SolutionsTable 5: Threat Actors and MotivationsTable 6: Threat Vectors and Attack SurfacesTable 7: VulnerabilitiesTable 8: Malware and Password AttacksTable 9: Application, Network, Physical, and Cryptographic AttacksTable 10: Mitigation Techniques for Securing the EnterpriseTable 11: Architecture Models and Their Security ImplicationsTable 12: Securing Enterprise InfrastructureTable 13: Data Protection: Types, Classifications, and MethodsTable 14: Resilience and Recovery in Security ArchitectureTable 15: Secure Baselines and Hardening Computing ResourcesTable 16: Asset ManagementTable 17: Vulnerability ManagementTable 18: Alerting and MonitoringTable 19: Enterprise Security CapabilitiesTable 20: Identity and Access ManagementTable 21: Automation and Orchestration for Secure OperationsTable 22: Incident ResponseTable 23: Data Sources for InvestigationsTable 24: Security GovernanceTable 25: Risk ManagementTable 26: Third-Party Risk ManagementTable 27: Security Compliance and PrivacyTable 28: Audits and AssessmentsTable 29: Security Awareness

Table 1: Security Control Categories and Types

Maps to Security+ V7 (SY0-701) Domain 1.0 General Security Concepts, Objective 1.1: compare and contrast security controls. CompTIA classifies every control along two independent axes: its category (how it is implemented) and its type (what function it performs), so one control can be plotted in both.

Concept	Example	Description
Technical (Logical) Control	Firewall rule, antivirus, OS access policy	• A control implemented through technology (hardware, software, firmware). • Category axis, not a function. The same firewall can be preventive or detective.
Managerial (Administrative) Control	Risk assessments, onboarding policy, security policy documents	• A control set through administrative direction: policies, procedures, planning. • Note: CompTIA splits the older "administrative" bucket into managerial (the written policy) and operational (people carrying it out).
Operational Control	Security guards, awareness training, configuration management run by staff	• A control executed day to day by people rather than by a system. • Not to be confused with managerial: managerial writes the policy, operational is the human running it.
Physical Control	Fences, locks, badge readers, bollards, guard shack	• A control that limits physical access to a building, room, or device. • Category, not function. A lock is physical/preventive; a CCTV camera is physical/detective.
Preventive Control	Firewall rule blocking traffic; door lock; guard checking ID	• Stops an undesired event before it happens. • Preventive blocks access; a deterrent only discourages it.

Table 1: Security Control Categories and Types

Concept	Example	Description
Technical (Logical) Control	Firewall rule, antivirus, OS access policy	• A control implemented through technology (hardware, software, firmware). • Category axis, not a function. The same firewall can be preventive or detective.
Managerial (Administrative) Control	Risk assessments, onboarding policy, security policy documents	• A control set through administrative direction: policies, procedures, planning. • Note: CompTIA splits the older "administrative" bucket into managerial (the written policy) and operational (people carrying it out).
Operational Control	Security guards, awareness training, configuration management run by staff	• A control executed day to day by people rather than by a system. • Not to be confused with managerial: managerial writes the policy, operational is the human running it.
Physical Control	Fences, locks, badge readers, bollards, guard shack	• A control that limits physical access to a building, room, or device. • Category, not function. A lock is physical/preventive; a CCTV camera is physical/detective.
Preventive Control	Firewall rule blocking traffic; door lock; guard checking ID	• Stops an undesired event before it happens. • Preventive blocks access; a deterrent only discourages it.