Achieve CompTIA Security+ SY0-701 Exam Success

Achieve CompTIA Security+ SY0-701 Exam Success

Retail Price: $59.95

$49.95

The Concise Certification Guide for Today’s Busy Professional
Dr. Jason Edwards, DMIST, CISSP
Softcover, 7.5×9.25, 300 pages
ISBN: 978-1-60427-213-0
e-ISBN: 978-1-60427-868-2
June 2025

Available on backorder

SKU: 978-1-60427-213-0 Categories: , ,

Description

Achieve CompTIA Security+ SY0-701 Exam Success is the most concise and complete Security+ study guide on the market. Designed for busy professionals who have a tighter timeframe for taking and passing the exam, it will help you master key objectives and concepts needed not only for the CompTIA Security+ SY0-701 exam but also as a cybersecurity professional to enhance your career. This easy-to-follow guide matches SY0-701 domain objectives so you can pass the exam on your first attempt in half the study time.

Achieve CompTIA Security+ SY0-701 Exam Success features hundreds of practice exam questions and answers and an online test bank where readers can take full practice exams or practice Domain-specific questions. It also provides access to a glossary of terms, a 12-week study plan, and flashcards of all 300 CompTIA Security+ SY0-701 acronyms found on the exam. It is the all-in-one reference for aspiring cybersecurity professionals and serves as an excellent resource for those beginning their journey in this exciting field.

Key Features

  • Accurately and completely covers all five domains on the CompTIA Security+ SY0-701 Certification exam: General Security Concepts; Threats, Vulnerabilities, and Mitigations; Security Architecture; Security Operations; and Security Program Management and Oversight
  • Provides free online access to over 1,000 practice questions, enabling users to perform practice tests by Exam Objectives (Domains) and/or simulate actual 90-question complete exams, and receive feedback on incorrect answers
  • Beyond helping you pass the exam, it will aid you in building a strong foundation in cybersecurity and gaining knowledge for a successful career
  • Provides numerous exam tips throughout to help test takers maximize their preparation for the exam, minimize their nerves, and feel confident they will succeed
  • WAV features a glossary of terms, an exam study guide, and flashcards of all 300 CompTIA Security+ SY0-701 acronyms found on the exam—available from the Web Added Value Download Resource Center at www.jrosspub.com/wav

About the author(s)

Dr. Jason Edwards is a seasoned cybersecurity expert with extensive experience across many industries, including technology, finance, insurance, and energy. His professional journey is enriched by a Doctorate in Management, Information Systems, and Information Technology, along with profound roles that have contributed to cybersecurity resilience and regulatory compliance for diverse organizations. Each role reflects Jason’s depth of expertise and strategic approach, demonstrating his capability to enhance organizational cybersecurity frameworks and navigate complex risk and compliance landscapes.

A Bronze Star punctuates his remarkable 22-year career as an Army officer, a testament to his extraordinary service and dedication. Beyond organizational contributions, Jason is a stalwart in the cybersecurity community. He engages a broad audience through insightful publications on LinkedIn and steers a comprehensive cybersecurity newsletter, reaching tens of thousands of readers weekly. Jason is the author of several books and lives with his family in San Antonio, Texas.

Table of Contents

Chapter 0: Introduction
Passing the CompTIA Security+ Exam
How to Use This Guide
Establishing a Productive Study Routine
Effective Study Techniques and Resources
Time Management and Sustained Focus
Exam Preparation Tips
Understanding the Exam Format and Pitfalls to Avoid
Test-Taking Strategies for Multiple-Choice Questions
Strategies for Performance-Based Questions
General Test-Taking Tips
Moving Forward: Final Steps Before the Exam
Conclusion

Chapter 1: Domain 1: General Security Concepts
1.1 Various Types of Security Controls
Categories
Control Types
1.2 Summarize Fundamental Security Concepts
Confidentiality, Integrity, and Availability
Non-repudiation
Authentication, Authorization, and Accounting (AAA)
Gap Analysis
Zero Trust
Physical Security
Deception and Disruption Technology
1.3 The Importance of Change Management Processes and Impact to Security
Business Processes Impacting Security Operations
Technical Implications
Documentation
Version Control
1.4 The Importance of Using Appropriate Cryptographic Solutions
Public Key Infrastructure
Encryption
Tools
Obfuscation
Hashing
Salting
Digital Signatures
Key Stretching
Blockchain
Open Public Ledger
Certificates

Conclusion
Domain 1 Questions

Chapter 2: Domain 2: Threats, Vulnerabilities, and Mitigations
2.1 Common Threat Actors and Motivations
Threat Actors
Attributes of Threat Actors
Motivations of Threat Actors
2.2 Common Threat Vectors and Attack Surfaces
Message-Based
Image-Based
File-Based
Voice Call
Removable Devices
Vulnerable Software
Unsupported Systems and Applications
Unsecure Networks
Open Service Ports
Default Credentials
Supply Chain
Human Vectors and Social Engineering
2.3 Various Types of Vulnerabilities
Applications
Operating System (OS)-Based
Web-Based
Hardware
Virtualization
Cloud-Specific
Supply Chain
Cryptographic
Misconfiguration
Mobile Devices
Zero-Day
2.4 Indicators of Malicious Activity
Malware Attacks
Physical Attacks
Network Attacks
Application Attacks
Cryptographic Attacks
Password Attacks
Indicators
2.5 Mitigation Techniques Used to Secure the Enterprise
Segmentation
Access Control
Application Allow List
Isolation
Patching
Encryption
Monitoring
Least Privilege
Configuration Enforcement
Decommissioning
Hardening Techniques

Conclusion
Domain 2 Questions

Chapter 3: Domain 3: Security Architecture
3.1 Security Implications of Different Architecture Models
Architecture and Infrastructure Concepts
Infrastructure as Code
Serverless
Microservices
Network Infrastructure
Architecture Security Considerations
3.2 Applying Security Principles to Secure Enterprise Infrastructure
Infrastructure Considerations
Secure Communication and Access
Selection of Effective Controls
3.3 Concepts and Strategies to Protect Data
Data Types
Data Classifications
General Data Considerations
Methods to Secure Data
3.4 Resilience and Recovery in Security Architecture
High Availability
Site Considerations
Platform Diversity
Multi-Cloud Systems
Continuity of Operations and Capacity Planning
Testing
Backups
Power

Conclusion
Domain 3 Questions

Chapter 4: Domain 4: Security Operations
4.1 Applying Common Security Techniques to Computing Resources
Secure Baselines
Hardening Targets
Wireless Devices
Mobile Solutions
Wireless Security Settings
Application Security
Sandboxing
Monitoring
4.2 The Security Implications of Proper Hardware, Software, and Data Asset Management
Acquisition/Procurement Process
Assignment/Accounting
Monitoring/Asset Tracking
Disposal/Decommissioning
4.3 Vulnerability Management
Identification Methods
Analysis
Vulnerability Response and Remediation
Validation of Remediation
Reporting
4.4 Security Alerting and Monitoring Concepts and Tools
Monitoring Computing Resources
Security Alerting and Monitoring Activities
Tools for Alerting and Monitoring
4.5 Modify Enterprise Capabilities to Enhance Security
Firewalls
IDS and IPS
Web Filter
Operating System Security
Implementation of Secure Protocols
DNS Filtering
Email Security
File Integrity Monitoring
DLP
Network Access Control (NAC)
Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR) and User Behavior Analytics (UBA)
4.6 Implement and Maintain Identity and Access Management
Provisioning/Deprovisioning User Accounts
Permissions Assignments and Implications
Identity Proofing
Federation
Interoperability
Attestation
Access Controls
Multifactor Authentication
Password Concepts
Privileged Access Management Tools
4.7 Automation and Orchestration Related to Secure Operations
Use Cases of Automation and Scripting
Benefits of Automation and Orchestration in Secure Operations
Other Considerations for Automation and Orchestration in Secure Operations
4.8 Incident Response Activities
The Incident Response Process
Incident Response Training
Incident Response Testing
Root Cause Analysis
Threat Hunting
Digital Forensics
4.9 Use Data Sources to Support an Investigation
Log Data
Data Sources

Conclusion
Domain 4 Questions

Chapter 5: Domain 5: Security Program Management and Oversight
5.1 Elements of Effective Security Governance
Guidelines and Policies
Standards
Procedures
External Considerations
Monitoring and Revision
Types of Governance Structures
Systems and Data Roles and Responsibilities
5.2 Elements of the Risk Management Process
Risk Identification
Risk Assessment
Risk Analysis
Risk Register
Risk Tolerance
Risk Appetite
Risk Management Strategies
Risk Reporting
Business Impact Analysis
5.3 Third-Party Risk Assessment and Management
Vendor Assessment
Vendor Selection
Vendor Agreement Types
Vendor Monitoring, Questionnaires, and Rules of Engagement
5.4 Elements of Effective Security Compliance
Compliance Reporting
Consequences of Noncompliance
Compliance Monitoring
Privacy
5.5 Types and Purposes of Audits and Assessments
Attestation
Internal Attestation
External Attestation
Penetration Testing
5.6 Implement Security Awareness Practices
Phishing
Anomalous Behavior Recognition
User Guidance and Training
Reporting and Monitoring
Development and Execution

Conclusion
Domain 5 Questions

Appendix A: 12-Week Study Plan for the Exam
Appendix B: Answers to End-of-Chapter Questions
Appendix C: Exam Study Guide

Index

You may also like…

Related products