Like this article? We recommend
Exam Objectives
Exam Objectives
You can retrieve a full listing of the all the objectives for the SY0-301 Security+ exam here. The following list provides an overview of the topics that are covered in each of the domains.
Network Security
- Explain the security function and purpose of network devices and technologies
- Apply and implement secure network administration principles
- Distinguish and differentiate network design elements and compounds
- Implement and use common protocols
- Identify commonly used default network ports
- Implement wireless network in a secure manner
Compliance and Operational Security
- Explain risk related concepts
- Carry out appropriate risk mitigation strategies
- Execute appropriate incident response procedures
- Explain the importance of security related awareness and training
- Compare and contrast aspects of business continuity
- Explain the impact and proper use of environmental controls
- Execute disaster recovery plans and procedures
- Exemplify the concepts of confidentiality, integrity and availability (CIA)
Threats and Vulnerabilities
- Analyze and differentiate among types of malware
- Analyze and differentiate among types of attacks
- Analyze and differentiate among types of social engineering attacks
- Analyze and differentiate among types of wireless attacks
- Analyze and differentiate among types of application attacks
- Analyze and differentiate among types of mitigation and deterrent techniques
- Implement assessment tools and techniques to discover security threats and vulnerabilities
- Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning
Application, Data and Host Security
- Explain the importance of application security
- Carry out appropriate procedures to establish host security
- Explain the importance of data security
Access Control and Identity Management
- Explain the function and purpose of authentication services
- Explain the fundamental concepts and best practices related to authentication, authorization and access control
- Implement appropriate security controls when performing account management
Cryptography
- Summarize general cryptography concepts
- Use and apply appropriate cryptographic tools and products
- Explain the core concepts of public key infrastructure
- Implement PKI, certificate management and associated components