CompTIA Security+

Certification Exam
Objectives
EXAM NUMBER: SY0-501
About the Exam
The CompTIA Security+ certification is a vendor-neutral credential. The CompTIA Security+
exam is an internationally recognized validation of foundation-level security skills and
knowledge, and is used by organizations and security professionals around the globe.
The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required
to install and configure systems to secure applications, networks, and devices; perform threat analysis
and respond with appropriate mitigation techniques; participate in risk mitigation activities; and
operate with an awareness of applicable policies, laws, and regulations. The successful candidate
will perform these tasks to support the principles of confidentiality, integrity, and availability.
The CompTIA Security+ certification is aimed at an IT security professional who has:
A minimum of two years experience in IT administration with a focus on security
Day-to-day technical information security experience
Broad knowledge of security concerns and implementation, including the topics in the domain list
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all content in this examination.

EXAM ACCREDITATION
CompTIA Security+ is accredited by ANSI to show compliance with the ISO 17024 Standard
and, as such, the exam objectives undergo regular reviews and updates.

EXAM DEVELOPMENT
CompTIA exams result from subject matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an IT professional.

CompTIA AUTHORIZED MATERIALS USE POLICY

CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any
content provided by unauthorized third-party training sites (aka brain dumps). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIAs exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka brain dumps), he/she should contact CompTIA at examsecurity@comptia.org to confirm.

PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current and the security
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be valid.

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
TEST DETAILS
Required exam CompTIA Security+ SY0-501
Number of questions Maximum of 90
Types of questions Multiple choice and performance-based
Length of test 90 minutes
Recommended experience At least two years of experience
in IT administration with a focus on security
Passing score 750 (on a scale of 100900)

EXAM OBJECTIVES (DOMAINS)

The table below lists the domains measured by this examination
and the extent to which they are represented:

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Threats, Attacks and Vulnerabilities 21%

2.0 Technologies and Tools 22%
3.0 Architecture and Design 15%
4.0 Identity and Access Management 16%
5.0 Risk Management 14%
6.0 Cryptography and PKI 12%
Total 100%

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 1.0 Threats, Attacks and Vulnerabilities
1.1 Given a scenario, analyze indicators of compromise
and determine the type of malware.
Viruses Bots
Crypto-malware RAT
Ransomware Logic bomb
Worm Backdoor
Trojan
Rootkit
Keylogger
Adware
Spyware

1.2 Compare and contrast types of attacks.

Social engineering - Injection - IV
- Phishing - Cross-site scripting - Evil twin
- Spear phishing - Cross-site request forgery - Rogue AP
- Whaling - Privilege escalation - Jamming
- Vishing - ARP poisoning - WPS
- Tailgating - Amplification - Bluejacking
- Impersonation - DNS poisoning - Bluesnarfing
- Dumpster diving - Domain hijacking - RFID
- Shoulder surfing - Man-in-the-browser - NFC
- Hoax - Zero day - Disassociation
- Watering hole attack - Replay Cryptographic attacks
- Principles (reasons for effectiveness) - Pass the hash - Birthday
- Authority - Hijacking and related attacks - Known plain text/cipher text
- Intimidation - Clickjacking - Rainbow tables
- Consensus - Session hijacking - Dictionary
- Scarcity - URL hijacking - Brute force
- Familiarity - Typo squatting - Online vs. offline
- Trust - Driver manipulation - Collision
- Urgency - Shimming - Downgrade
Application/service attacks - Refactoring - Replay
- DoS - MAC spoofing - Weak implementations
- DDoS - IP spoofing
- Man-in-the-middle Wireless attacks
- Buffer overflow - Replay

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 1.0 Threats, Attacks and Vulnerabilities

1.3 Explain threat actor types and attributes.

Types of actors Attributes of actors
- Script kiddies - Internal/external
- Hacktivist - Level of sophistication
- Organized crime - Resources/funding
- Nation states/APT - Intent/motivation
- Insiders Use of open-source intelligence
- Competitors

1.4 Explain penetration testing concepts.

Active reconnaissance Black box
Passive reconnaissance White box
Pivot Gray box
Initial exploitation Penetration testing vs.
Persistence vulnerability scanning
Escalation of privilege

1.5 Explain vulnerability scanning concepts.

Passively test security controls Intrusive vs. non-intrusive
Identify vulnerability Credentialed vs. non-credentialed
Identify lack of security controls False positive
Identify common misconfigurations

1.5 Explain the impact associated with types of vulnerabilities.

Race conditions Memory/buffer vulnerability
Vulnerabilities due to: - Memory leak
- End-of-life systems - Integer overflow
- Embedded systems - Buffer overflow
- Lack of vendor support - Pointer dereference
Improper input handling - DLL injection
Improper error handling System sprawl/undocumented assets
Misconfiguration/weak configuration Architecture/design weaknesses
Default configuration New threats/zero day
Resource exhaustion Improper certificate and
Untrained users key management
Improperly configured accounts
Vulnerable business processes
Weak cipher suites and implementations

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 2.0 Technologies and Tools
2.1 Install and configure network components, both hardware-
and software-based, to support organizational security.
Firewall Router SIEM
- ACL - ACLs - Aggregation
- Application-based vs. network-based - Antispoofing - Correlation
- Stateful vs. stateless Switch - Automated alerting and triggers
- Implicit deny - Port security - Time synchronization
VPN concentrator - Layer 2 vs. Layer 3 - Event deduplication
- Remote access vs. site-to-site - Loop prevention - Logs/WORM
- IPSec - Flood guard DLP
- Tunnel mode Proxy - USB blocking
- Transport mode - Forward and reverse proxy - Cloud-based
- AH - Transparent - Email
- ESP - Application/multipurpose NAC
- Split tunnel vs. full tunnel Load balancer - Dissolvable vs. permanent
- TLS - Scheduling - Host health checks
- Always-on VPN - Affinity - Agent vs. agentless
NIPS/NIDS - Round-robin Mail gateway
- Signature-based - Active-passive - Spam filter
- Heuristic/behavioral - Active-active - DLP
- Anomaly - Virtual IPs - Encryption
- Inline vs. passive Access point Bridge
- In-band vs. out-of-band - SSID SSL/TLS accelerators
- Rules - MAC filtering SSL decryptors
- Analytics - Signal strength Media gateway
- False positive - Band selection/width Hardware security module
- False negative - Antenna types and placement
- Fat vs. thin
- Controller-based vs. standalone

2.2 Given a scenario, use appropriate software tools

to assess the security posture of an organization.
Protocol analyzer Data sanitization tools - tracert
Network scanners Steganography tools - nslookup/dig
- Rogue system detection Honeypot - arp
- Network mapping Backup utilities - ipconfig/ip/ifconfig
Wireless scanners/cracker Banner grabbing - tcpdump
Password cracker Passive vs. active - nmap
Vulnerability scanner Command line tools - netcat
Configuration compliance scanner - ping
Exploitation frameworks - netstat

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 2.0 Technologies and Tools

2.3 Given a scenario, troubleshoot common security issues.

Unencrypted credentials/clear text - Content filter - Personal email
Logs and events anomalies - Access points Unauthorized software
Permission issues Weak security configurations Baseline deviation
Access violations Personnel issues License compliance violation
Certificate issues - Policy violation (availability/integrity)
Data exfiltration - Insider threat Asset management
Misconfigured devices - Social engineering Authentication issues
- Firewall - Social media

2.4 Given a scenario, analyze and interpret output from security technologies.
HIDS/HIPS Application whitelisting UTM
Antivirus Removable media control DLP
File integrity check Advanced malware tools Data execution prevention
Host-based firewall Patch management tools Web application firewall

2.5 Given a scenario, deploy mobile devices securely.

Connection methods - Screen locks - Camera use
- Cellular - Push notification services - SMS/MMS
- WiFi - Passwords and pins - External media
- SATCOM - Biometrics - USB OTG
- Bluetooth - Context-aware authentication - Recording microphone
- NFC - Containerization - GPS tagging
- ANT - Storage segmentation - WiFi direct/ad hoc
- Infrared - Full device encryption - Tethering
- USB Enforcement and monitoring for: - Payment methods
Mobile device management concepts - Third-party app stores Deployment models
- Application management - Rooting/jailbreaking - BYOD
- Content management - Sideloading - COPE
- Remote wipe - Custom firmware - CYOD
- Geofencing - Carrier unlocking - Corporate-owned
- Geolocation - Firmware OTA updates - VDI

2.6 Given a scenario, implement secure protocols.

Protocols - SNMPv3 - File transfer
- DNSSEC - SSL/TLS - Directory services
- SSH - HTTPS - Remote access
- S/MIME - Secure POP/IMAP - Domain name resolution
- SRTP Use cases - Routing and switching
- LDAPS - Voice and video - Network address allocation
- FTPS - Time synchronization - Subscription services
- SFTP - Email and web

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 3.0 Architecture and Design
3.1 Explain use cases and purpose for frameworks, best
practices and secure configuration guides.
Industry-standard frameworks Benchmarks/secure configuration guides Defense-in-depth/layered security
and reference architectures - Platform/vendor-specific guides - Vendor diversity
- Regulatory - Web server - Control diversity
- Non-regulatory - Operating system - Administrative
- National vs. international - Application server - Technical
- Industry-specific frameworks - Network infrastructure devices - User training
- General purpose guides

3.2 Given a scenario, implement secure network architecture concepts.

Zones/topologies - Logical (VLAN) - Proxies
- DMZ - Virtualization - Firewalls
- Extranet - Air gaps - VPN concentrators
- Intranet Tunneling/VPN - SSL accelerators
- Wireless - Site-to-site - Load balancers
- Guest - Remote access - DDoS mitigator
- Honeynets Security device/technology placement - Aggregation switches
- NAT - Sensors - Taps and port mirror
- Ad hoc - Collectors SDN
Segregation/segmentation/isolation - Correlation engines
- Physical - Filters

3.3 Given a scenario, implement secure systems design.

Hardware/firmware security - Workstation Peripherals
- FDE/SED - Appliance - Wireless keyboards
- TPM - Kiosk - Wireless mice
- HSM - Mobile OS - Displays
- UEFI/BIOS - Patch management - WiFi-enabled MicroSD cards
- Secure boot and attestation - Disabling unnecessary - Printers/MFDs
- Supply chain ports and services - External storage devices
- Hardware root of trust - Least functionality - Digital cameras
- EMI/EMP - Secure configurations
Operating systems - Trusted operating system
- Types - Application whitelisting/blacklisting
- Network - Disable default accounts/passwords
- Server
CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 3.0 Architecture and Design

3.4 Explain the importance of secure staging deployment concepts.

Sandboxing - Staging
Environment - Production
- Development Secure baseline
- Test Integrity measurement

3.5 Explain the security implications of embedded systems.

SCADA/ICS SoC Special purpose
Smart devices/IoT RTOS - Medical devices
- Wearable technology Printers/MFDs - Vehicles
- Home automation Camera systems - Aircraft/UAV
HVAC

3.6 Summarize secure application development and deployment concepts.

Development life-cycle models Secure coding techniques - Memory management
- Waterfall vs. Agile - Proper error handling - Use of third-party libraries and SDKs
Secure DevOps - Proper input validation - Data exposure
- Security automation - Normalization Code quality and testing
- Continuous integration - Stored procedures - Static code analyzers
- Baselining - Code signing - Dynamic analysis (e.g., fuzzing)
- Immutable systems - Encryption - Stress testing
- Infrastructure as code - Obfuscation/camouflage - Sandboxing
Version control and change management - Code reuse/dead code - Model verification
Provisioning and deprovisioning - Server-side vs. client-side Compiled vs. runtime code
execution and validation

3.7 Summarize cloud and virtualization concepts.

Hypervisor Cloud deployment models On-premise vs. hosted vs. cloud
- Type I - SaaS VDI/VDE
- Type II - PaaS Cloud access security broker
- Application cells/containers - IaaS Security as a Service
VM sprawl avoidance - Private
VM escape protection - Public
Cloud storage - Hybrid
- Community

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 3.0 Architecture and Design

3.8 Explain how resiliency and automation strategies reduce risk.

Automation/scripting Non-persistence Scalability
- Automated courses of action - Snapshots Distributive allocation
- Continuous monitoring - Revert to known state Redundancy
- Configuration validation - Rollback to known configuration Fault tolerance
Templates - Live boot media High availability
Master image Elasticity RAID

3.9 Explain the importance of physical security controls.

Lighting Environmental controls
Signs - HVAC
Fencing/gate/cage - Hot and cold aisles
Security guards - Fire suppression
Alarms Cable locks
Safe Screen filters
Secure cabinets/enclosures Cameras
Protected distribution/Protected cabling Motion detection
Airgap Logs
Mantrap Infrared detection
Faraday cage Key management
Lock types
Biometrics
Barricades/bollards
Tokens/cards

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 4.0 Identity and Access Management
4.1 Compare and contrast identity and access management concepts
Identification, authentication, - Something you have Federation
authorization and accounting (AAA) - Something you know Single sign-on
Multifactor authentication - Somewhere you are Transitive trust
- Something you are - Something you do

4.2 Given a scenario, install and configure identity and access services.
LDAP MSCHAP Shibboleth
Kerberos RADIUS Secure token
TACACS+ SAML NTLM
CHAP OpenID Connect
PAP OAUTH

4.3 Given a scenario, implement identity and access management controls.

- Access control models Biometric factors Tokens
- MAC - Fingerprint scanner - Hardware
- DAC - Retinal scanner - Software
- ABAC - Iris scanner - HOTP/TOTP
- Role-based access control - Voice recognition Certificate-based authentication
- Rule-based access control - Facial recognition - PIV/CAC/smart card
Physical access control - False acceptance rate - IEEE 802.1x
- Proximity cards - False rejection rate File system security
- Smart cards - Crossover error rate Database security

4.4 Given a scenario, differentiate common account management practices.

Account types - Permission auditing and review - Group policy
- User account - Usage auditing and review - Password complexity
- Shared and generic - Time-of-day restrictions - Expiration
accounts/credentials - Recertification - Recovery
- Guest accounts - Standard naming convention - Disablement
- Service accounts - Account maintenance - Lockout
- Privileged accounts - Group-based access control - Password history
General Concepts - Location-based policies - Password reuse
- Least privilege Account policy enforcement - Password length
- Onboarding/offboarding - Credential management

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 5.0 Risk Management
5.1 Explain the importance of policies, plans and
procedures related to organizational security.
Standard operating procedure - Clean desk - NDA
Agreement types - Background checks - Onboarding
- BPA - Exit interviews - Continuing education
- SLA - Role-based awareness training - Acceptable use policy/rules of behavior
- ISA - Data owner - Adverse actions
- MOU/MOA - System administrator General security policies
Personnel management - System owner - Social media networks/applications
- Mandatory vacations - User - Personal email
- Job rotation - Privileged user
- Separation of duties - Executive user

5.2 Summarize business impact analysis concepts.

RTO/RPO Single point of failure - Finance
MTBF Impact - Reputation
MTTR - Life Privacy impact assessment
Mission-essential functions - Property Privacy threshold assessment
Identification of critical systems - Safety

5.3 Explain risk management processes and concepts.

Threat assessment - Likelihood of occurrence - Risk response techniques
- Environmental - Supply chain assessment - Accept
- Manmade - Impact - Transfer
- Internal vs. external - Quantitative - Avoid
Risk assessment - Qualitative - Mitigate
- SLE - Testing Change management
- ALE - Penetration testing authorization
- ARO - Vulnerability testing
- Asset value authorization
- Risk register

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 5.0 Risk Management

5.4 Given a scenario, follow incident response procedures.

Incident response plan - Cyber-incident response teams - Containment
- Documented incident - Exercise - Eradication
types/category definitions Incident response process - Recovery
- Roles and responsibilities - Preparation - Lessons learned
- Reporting requirements/escalation - Identification

5.5 Summarize basic concepts of forensics.

Order of volatility - Capture video Recovery
Chain of custody - Record time offset Strategic intelligence/
Legal hold - Take hashes counterintelligence gathering
Data acquisition - Screenshots - Active logging
- Capture system image - Witness interviews Track man-hours
- Network traffic and logs Preservation

5.6 Explain disaster recovery and continuity of operation concepts.

Recovery sites - Snapshots Continuity of operation planning
- Hot site - Full - Exercises/tabletop
- Warm site Geographic considerations - After-action reports
- Cold site - Off-site backups - Failover
Order of restoration - Distance - Alternate processing sites
Backup concepts - Location selection - Alternate business practices
- Differential - Legal implications
- Incremental - Data sovereignty

5.7 Compare and contrast various types of controls.

Deterrent Corrective Administrative
Preventive Compensating Physical
Detective Technical

5.8 Given a scenario, carry out data security and privacy practices.
Data destruction and media sanitization Data sensitivity labeling and handling Data roles
- Burning - Confidential - Owner
- Shredding - Private - Steward/custodian
- Pulping - Public - Privacy officer
- Pulverizing - Proprietary Data retention
- Degaussing - PII Legal and compliance
- Purging - PHI
- Wiping

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 6.0 Cryptography and PKI
6.1 Compare and contrast basic concepts of cryptography.
Symmetric algorithms Key strength Common use cases
Modes of operation Session keys - Low power devices
Asymmetric algorithms Ephemeral key - Low latency
Hashing Secret algorithm - High resiliency
Salt, IV, nonce Data-in-transit - Supporting confidentiality
Elliptic curve Data-at-rest - Supporting integrity
Weak/deprecated algorithms Data-in-use - Supporting obfuscation
Key exchange Random/pseudo-random - Supporting authentication
Digital signatures number generation - Supporting non-repudiation
Diffusion Key stretching - Resource vs. security constraints
Confusion Implementation vs. algorithm selection
Collision - Crypto service provider
Steganography - Crypto modules
Obfuscation Perfect forward secrecy
Stream vs. block Security through obscurity

6.2 Explain cryptography algorithms and their basic characteristics.

Symmetric algorithms Asymmetric algorithms - HMAC
- AES - RSA - RIPEMD
- DES - DSA Key stretching algorithms
- 3DES - Diffie-Hellman - BCRYPT
- RC4 - Groups - PBKDF2
- Blowfish/Twofish - DHE Obfuscation
Cipher modes - ECDHE - XOR
- CBC - Elliptic curve - ROT13
- GCM - PGP/GPG - Substitution ciphers
- ECB Hashing algorithms
- CTR - MD5
- Stream vs. block - SHA

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
 6.0 Cryptography and PKI

6.3 Given a scenario, install and configure wireless security settings.

Cryptographic protocols Authentication protocols - IEEE 802.1x
- WPA - EAP - RADIUS Federation
- WPA2 - PEAP Methods
- CCMP - EAP-FAST - PSK vs. Enterprise vs. Open
- TKIP - EAP-TLS - WPS
- EAP-TTLS - Captive portals

6.4 Given a scenario, implement public key infrastructure.

Components - Stapling - User
- CA - Pinning - Root
- Intermediate CA - Trust model - Domain validation
- CRL - Key escrow - Extended validation
- OCSP - Certificate chaining Certificate formats
- CSR Types of certificates - DER
- Certificate - Wildcard - PEM
- Public key - SAN - PFX
- Private key - Code signing - CER
- Object identifiers (OID) - Self-signed - P12
Concepts - Machine/computer - P7B
- Online vs. offline CA - Email

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
CompTIA Security+ Acronyms

The following is a list of acronyms that appear on the CompTIA

Security+ exam. Candidates are encouraged to review the complete
list and attain a working knowledge of all listed acronyms as a
part of a comprehensive exam preparation program.
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
3DES Triple Digital Encryption Standard CER Cross-over Error Rate
AAA Authentication, Authorization, and Accounting CERT Computer Emergency Response Team
ABAC Attribute-based Access Control CFB Cipher Feedback
ACL Access Control List CHAP Challenge Handshake Authentication Protocol
AES Advanced Encryption Standard CIO Chief Information Officer
AES256 Advanced Encryption Standards 256bit CIRT Computer Incident Response Team
AH Authentication Header CMS Content Management System
ALE Annualized Loss Expectancy COOP Continuity of Operations Plan
AP Access Point COPE Corporate Owned, Personally Enabled
API Application Programming Interface CP Contingency Planning
APT Advanced Persistent Threat CRC Cyclical Redundancy Check
ARO Annualized Rate of Occurrence CRL Certificate Revocation List
ARP Address Resolution Protocol CSIRT Computer Security Incident Response Team
ASLR Address Space Layout Randomization CSO Chief Security Officer
ASP Application Service Provider CSP Cloud Service Provider
AUP Acceptable Use Policy CSR Certificate Signing Request
AV Antivirus CSRF Cross-site Request Forgery
AV Asset Value CSU Channel Service Unit
BAC Business Availability Center CTM Counter-Mode
BCP Business Continuity Planning CTO Chief Technology Officer
BIA Business Impact Analysis CTR Counter
BIOS Basic Input/Output System CYOD Choose Your Own Device
BPA Business Partners Agreement DAC Discretionary Access Control
BPDU Bridge Protocol Data Unit DBA Database Administrator
BYOD Bring Your Own Device DDoS Distributed Denial of Service
CA Certificate Authority DEP Data Execution Prevention
CAC Common Access Card DER Distinguished Encoding Rules
CAN Controller Area Network DES Digital Encryption Standard
CAPTCHA Completely Automated Public Turing DFIR Digital Forensics and Investigation Response
Test to Tell Computers and Humans Apart DHCP Dynamic Host Configuration Protocol
CAR Corrective Action Report DHE Data-Handling Electronics
CBC Cipher Block Chaining DHE Diffie-Hellman Ephemeral
CCMP Counter-Mode/CBC-Mac Protocol DLL Dynamic Link Library
CCTV Closed-circuit Television DLP Data Loss Prevention
CER Certificate DMZ Demilitarized Zone

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
DNAT Destination Network Address Transaction IDEA International Data Encryption Algorithm
DNS Domain Name Service (Server) IDF Intermediate Distribution Frame
DoS Denial of Service IdP Identity Provider
DRP Disaster Recovery Plan IDS Intrusion Detection System
DSA Digital Signature Algorithm IEEE Institute of Electrical and Electronic Engineers
DSL Digital Subscriber Line IIS Internet Information System
DSU Data Service Unit IKE Internet Key Exchange
EAP Extensible Authentication Protocol IM Instant Messaging
ECB Electronic Code Book IMAP4 Internet Message Access Protocol v4
ECC Elliptic Curve Cryptography IoT Internet of Things
ECDHE Elliptic Curve Diffie-Hellman Ephemeral IP Internet Protocol
ECDSA Elliptic Curve Digital Signature Algorithm IPSec Internet Protocol Security
EFS Encrypted File System IR Incident Response
EMI Electromagnetic Interference IR Infrared
EMP Electro Magnetic Pulse IRC Internet Relay Chat
ERP Enterprise Resource Planning IRP Incident Response Plan
ESN Electronic Serial Number ISA Interconnection Security Agreement
ESP Encapsulated Security Payload ISP Internet Service Provider
EF Exposure Factor ISSO Information Systems Security Officer
FACL File System Access Control List ITCP IT Contingency Plan
FAR False Acceptance Rate IV Initialization Vector
FDE Full Disk Encryption KDC Key Distribution Center
FRR False Rejection Rate KEK Key Encryption Key
FTP File Transfer Protocol L2TP Layer 2 Tunneling Protocol
FTPS Secured File Transfer Protocol LAN Local Area Network
GCM Galois Counter Mode LDAP Lightweight Directory Access Protocol
GPG Gnu Privacy Guard LEAP Lightweight Extensible Authentication Protocol
GPO Group Policy Object MaaS Monitoring as a Service
GPS Global Positioning System MAC Mandatory Access Control
GPU Graphic Processing Unit MAC Media Access Control
GRE Generic Routing Encapsulation MAC Message Authentication Code
HA High Availability MAN Metropolitan Area Network
HDD Hard Disk Drive MBR Master Boot Record
HIDS Host-based Intrusion Detection System MD5 Message Digest 5
HIPS Host-based Intrusion Prevention System MDF Main Distribution Frame
HMAC Hashed Message Authentication Code MDM Mobile Device Management
HOTP HMAC-based One-Time Password MFA Multi-Factor Authentication
HSM Hardware Security Module MFD Multi-function Device
HTML Hypertext Markup Language MITM Man-in-the-Middle
HTTP Hypertext Transfer Protocol MMS Multimedia Message Service
HTTPS Hypertext Transfer Protocol over SSL/TLS MOA Memorandum of Agreement
HVAC Heating, Ventilation and Air Conditioning MOU Memorandum of Understanding
IaaS Infrastructure as a Service MPLS Multi-protocol Label Switching
ICMP Internet Control Message Protocol MSCHAP Microsoft Challenge Handshake
ICS Industrial Control Systems Authentication Protocol
ID Identification MSP Managed Service Provider

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
MTBF Mean Time Between Failures PSK Pre-shared Key
MTTF Mean Time to Failure PTZ Pan-Tilt-Zoom
MTTR Mean Time to Recover or Mean Time to Repair RA Recovery Agent
MTU Maximum Transmission Unit RA Registration Authority
NAC Network Access Control RAD Rapid Application Development
NAT Network Address Translation RADIUS Remote Authentication Dial-in User Server
NDA Non-disclosure Agreement RAID Redundant Array of Inexpensive Disks
NFC Near Field Communication RAS Remote Access Server
NGAC Next Generation Access Control RAT Remote Access Trojan
NIDS Network-based Intrusion Detection System RBAC Role-based Access Control
NIPS Network-based Intrusion Prevention System RBAC Rule-based Access Control
NIST National Institute of Standards & Technology RC4 Rivest Cipher version 4
NTFS New Technology File System RDP Remote Desktop Protocol
NTLM New Technology LAN Manager RFID Radio Frequency Identifier
NTP Network Time Protocol RIPEMD RACE Integrity Primitives
OAUTH Open Authorization Evaluation Message Digest
OCSP Online Certificate Status Protocol ROI Return on Investment
OID Object Identifier RMF Risk Management Framework
OS Operating System RPO Recovery Point Objective
OTA Over The Air RSA Rivest, Shamir, & Adleman
OVAL Open Vulnerability Assessment Language RTBH Remotely Triggered Black Hole
P12 PKCS #12 RTO Recovery Time Objective
P2P Peer to Peer RTOS Real-time Operating System
PaaS Platform as a Service RTP Real-time Transport Protocol
PAC Proxy Auto Configuration S/MIME Secure/Multipurpose Internet Mail Extensions
PAM Pluggable Authentication Modules SaaS Software as a Service
PAP Password Authentication Protocol SAML Security Assertions Markup Language
PAT Port Address Translation SAN Storage Area Network
PBKDF2 Password-based Key Derivation Function 2 SAN Subject Alternative Name
PBX Private Branch Exchange SCADA System Control and Data Acquisition
PCAP Packet Capture SCAP Security Content Automation Protocol
PEAP Protected Extensible Authentication Protocol SCEP Simple Certificate Enrollment Protocol
PED Personal Electronic Device SCP Secure Copy
PEM Privacy-enhanced Electronic Mail SCSI Small Computer System Interface
PFS Perfect Forward Secrecy SDK Software Development Kit
PFX Personal Exchange Format SDLC Software Development Life Cycle
PGP Pretty Good Privacy SDLM Software Development Life Cycle Methodology
PHI Personal Health Information SDN Software Defined Network
PII Personally Identifiable Information SED Self-encrypting Drive
PIV Personal Identity Verification SEH Structured Exception Handler
PKI Public Key Infrastructure SFTP Secured File Transfer Protocol
POODLE Padding Oracle on Downgrade Legacy Encryption SHA Secure Hashing Algorithm
POP Post Office Protocol SHTTP Secure Hypertext Transfer Protocol
POTS Plain Old Telephone Service SIEM Security Information and Event Management
PPP Point-to-Point Protocol SIM Subscriber Identity Module
PPTP Point-to-Point Tunneling Protocol SLA Service Level Agreement

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
SLE Single Loss Expectancy VTC Video Teleconferencing
SMB Server Message Block WAF Web Application Firewall
SMS Short Message Service WAP Wireless Access Point
SMTP Simple Mail Transfer Protocol WEP Wired Equivalent Privacy
SMTPS Simple Mail Transfer Protocol Secure WIDS Wireless Intrusion Detection System
SNMP Simple Network Management Protocol WIPS Wireless Intrusion Prevention System
SOAP Simple Object Access Protocol WORM Write Once Read Many
SoC System on Chip WPA WiFi Protected Access
SPF Sender Policy Framework WPA2 WiFi Protected Access 2
SPIM Spam over Internet Messaging WPS WiFi Protected Setup
SPoF Single Point of Failure WTLS Wireless TLS
SQL Structured Query Language XML Extensible Markup Language
SRTP Secure Real-Time Protocol XOR Exclusive Or
SSD Solid State Drive XSRF Cross-site Request Forgery
SSH Secure Shell XSS Cross-site Scripting
SSID Service Set Identifier
SSL Secure Sockets Layer
SSO Single Sign-on
STP Shielded Twisted Pair
TACACS+ Terminal Access Controller Access
Control System Plus
TCP/IP Transmission Control Protocol/Internet Protocol
TGT Ticket Granting Ticket
TKIP Temporal Key Integrity Protocol
TLS Transport Layer Security
TOTP Time-based One-time Password
TPM Trusted Platform Module
TSIG Transaction Signature
UAT User Acceptance Testing
UAV Unmanned Aerial Vehicle
UDP User Datagram Protocol
UEFI Unified Extensible Firmware Interface
UPS Uninterruptable Power Supply
URI Uniform Resource Identifier
URL Universal Resource Locator
USB Universal Serial Bus
USB OTG USB On The Go
UTM Unified Threat Management
UTP Unshielded Twisted Pair
VDE Virtual Desktop Environment
VDI Virtual Desktop Infrastructure
VLAN Virtual Local Area Network
VLSM Variable Length Subnet Masking
VM Virtual Machine
VoIP Voice over IP
VPN Virtual Private Network

CompTIA Security+ Certification Exam Objectives Version 1.0 (Exam Number: SY0-501)
Security+ Proposed Hardware and Software List

CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the Security+ exam. This list may also be helpful
for training companies who wish to create a lab component to their training
offering. The bulleted lists below each topic are a sample list and not exhaustive.

EQUIPMENT HARDWARE TOOLS

Router WiFi analyzers
Firewall Hardware debuggers
Access point
Switch SOFTWARE TOOLS AND SOFTWARE TOOLS
IDS/IPS Exploitation distributions (e.g., Kali)
Server Proxy server
Content filter Virtualization software
Client Virtualized appliances
Mobile device Wireshark
VPN concentrator tcpdump
UTM NMAP
Enterprise security managers/SIEM suite OpenVAS
Load balancer Metasploit/Metaspoitable2
Proxies Back Orifice
DLP appliance Cain & Abel
ICS or similar systems John the Ripper
Network access control servers pfSense
DDoS mitigation hardware Security Onion
Roo
SPARE PARTS/HARDWARE Any UTM
Keyboards
Mice OTHER
Network cables SourceForge
Monitors
Wireless and Bluetooth dongles

2017 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such
programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally.
Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduc-
tion or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 03626-Mar2017