CompTIA Security+

Certification Exam
Objectives
EXAM NUMBER: SY0-501
About the Exam
The CompTIA Security+ certification is a vendor-neutral credential. The CompTIA Security+ SY0-501 exam
is an internationally recognized validation of foundation-level security skills and knowledge, and is used
by organizations and security professionals around the globe.
The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to:
• Install and configure systems to secure applications, networks and devices
• Perform threat analysis and respond with appropriate mitigation techniques
• Participate in risk mitigation activities
• Operate with an awareness of applicable policies, laws and regulations
The successful candidate will perform these tasks to support the principles of confidentiality, integrity,
and availability.
The CompTIA Security+ certification is aimed at an IT security professional who has:
• A minimum of two years’ experience in IT administration with a focus on security
• Day-to-day technical information security experience
• Broad knowledge of security concerns and implementation, including the topics in the domain list
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all content in this examination.

EXAM ACCREDITATION
CompTIA Security+ is accredited by ANSI to show compliance with the ISO 17024 standard and, as such,
the exam objectives undergo regular reviews and updates.

EXAM DEVELOPMENT
CompTIA exams result from subject-matter expert workshops and industry-wide survey results regarding
the skills and knowledge required of an IT professional.

CompTIA AUTHORIZED MATERIALS USE POLICY

CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka “brain dumps”), he/she should contact CompTIA at examsecurity@comptia.org to confirm.

PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current and the security
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be valid.

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
TEST DETAILS
Required exam SY0-501
Number of questions Maximum of 90
Types of questions Multiple choice and performance-based
Length of test 90 minutes
Recommended experience At least two years of experience
in IT administration with a focus on security
Passing score 750 (on a scale of 100–900)

EXAM OBJECTIVES (DOMAINS)

The table below lists the domains measured by this examination
and the extent to which they are represented:

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Threats, Attacks and Vulnerabilities 21%

2.0 Technologies and Tools 22%
3.0 Architecture and Design 15%
4.0 Identity and Access Management 16%
5.0 Risk Management 14%
6.0 Cryptography and PKI 12%
Total 100%

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 1.0 Threats, Attacks and Vulnerabilities
1.1 Given a scenario, analyze indicators of compromise
and determine the type of malware.
• Viruses • Bots
• Crypto-malware • RAT
• Ransomware • Logic bomb
• Worm • Backdoor
• Trojan
• Rootkit
• Keylogger
• Adware
• Spyware

1.2 Compare and contrast types of attacks.

• Social engineering - Injection - IV
- Phishing - Cross-site scripting - Evil twin
- Spear phishing - Cross-site request forgery - Rogue AP
- Whaling - Privilege escalation - Jamming
- Vishing - ARP poisoning - WPS
- Tailgating - Amplification - Bluejacking
- Impersonation - DNS poisoning - Bluesnarfing
- Dumpster diving - Domain hijacking - RFID
- Shoulder surfing - Man-in-the-browser - NFC
- Hoax - Zero day - Disassociation
- Watering hole attack - Replay • Cryptographic attacks
- Principles (reasons for effectiveness) - Pass the hash - Birthday
- Authority - Hijacking and related attacks - Known plain text/cipher text
- Intimidation - Clickjacking - Rainbow tables
- Consensus - Session hijacking - Dictionary
- Scarcity - URL hijacking - Brute force
- Familiarity - Typo squatting - Online vs. offline
- Trust - Driver manipulation - Collision
- Urgency - Shimming - Downgrade
• Application/service attacks - Refactoring - Replay
- DoS - MAC spoofing - Weak implementations
- DDoS - IP spoofing
- Man-in-the-middle • Wireless attacks
- Buffer overflow - Replay

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 1.0 Threats, Attacks and Vulnerabilities

1.3 Explain threat actor types and attributes.

• Types of actors • Attributes of actors
- Script kiddies - Internal/external
- Hacktivist - Level of sophistication
- Organized crime - Resources/funding
- Nation states/APT - Intent/motivation
- Insiders • Use of open-source intelligence
- Competitors

1.4 Explain penetration testing concepts.

• Active reconnaissance • Black box
• Passive reconnaissance • White box
• Pivot • Gray box
• Initial exploitation • Penetration testing vs.
• Persistence vulnerability scanning
• Escalation of privilege

1.5 Explain vulnerability scanning concepts.

• Passively test security controls • Intrusive vs. non-intrusive
• Identify vulnerability • Credentialed vs. non-credentialed
• Identify lack of security controls • False positive
• Identify common misconfigurations

1.6 Explain the impact associated with types of vulnerabilities.

• Race conditions • Memory/buffer vulnerability
• Vulnerabilities due to: - Memory leak
- End-of-life systems - Integer overflow
- Embedded systems - Buffer overflow
- Lack of vendor support - Pointer dereference
• Improper input handling - DLL injection
• Improper error handling • System sprawl/undocumented assets
• Misconfiguration/weak configuration • Architecture/design weaknesses
• Default configuration • New threats/zero day
• Resource exhaustion • Improper certificate and
• Untrained users key management
• Improperly configured accounts
• Vulnerable business processes
• Weak cipher suites and implementations

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 2.0 Technologies and Tools
2.1 Install and configure network components, both hardware-
and software-based, to support organizational security.
• Firewall • Router • SIEM
- ACL - ACLs - Aggregation
- Application-based vs. network-based - Antispoofing - Correlation
- Stateful vs. stateless • Switch - Automated alerting and triggers
- Implicit deny - Port security - Time synchronization
• VPN concentrator - Layer 2 vs. Layer 3 - Event deduplication
- Remote access vs. site-to-site - Loop prevention - Logs/WORM
- IPSec - Flood guard • DLP
- Tunnel mode • Proxy - USB blocking
- Transport mode - Forward and reverse proxy - Cloud-based
- AH - Transparent - Email
- ESP - Application/multipurpose • NAC
- Split tunnel vs. full tunnel • Load balancer - Dissolvable vs. permanent
- TLS - Scheduling - Host health checks
- Always-on VPN - Affinity - Agent vs. agentless
• NIPS/NIDS - Round-robin • Mail gateway
- Signature-based - Active-passive - Spam filter
- Heuristic/behavioral - Active-active - DLP
- Anomaly - Virtual IPs - Encryption
- Inline vs. passive • Access point • Bridge
- In-band vs. out-of-band - SSID • SSL/TLS accelerators
- Rules - MAC filtering • SSL decryptors
- Analytics - Signal strength • Media gateway
- False positive - Band selection/width • Hardware security module
- False negative - Antenna types and placement
- Fat vs. thin
- Controller-based vs. standalone

2.2 Given a scenario, use appropriate software tools

to assess the security posture of an organization.
• Protocol analyzer • Data sanitization tools - tracert
• Network scanners • Steganography tools - nslookup/dig
- Rogue system detection • Honeypot - arp
- Network mapping • Backup utilities - ipconfig/ip/ifconfig
• Wireless scanners/cracker • Banner grabbing - tcpdump
• Password cracker • Passive vs. active - nmap
• Vulnerability scanner • Command line tools - netcat
• Configuration compliance scanner - ping
• Exploitation frameworks - netstat

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 2.0 Technologies and Tools

2.3 Given a scenario, troubleshoot common security issues.

• Unencrypted credentials/clear text - Content filter - Personal email
• Logs and events anomalies - Access points • Unauthorized software
• Permission issues • Weak security configurations • Baseline deviation
• Access violations • Personnel issues • License compliance violation
• Certificate issues - Policy violation (availability/integrity)
• Data exfiltration - Insider threat • Asset management
• Misconfigured devices - Social engineering • Authentication issues
- Firewall - Social media

2.4 Given a scenario, analyze and interpret output from security technologies.
• HIDS/HIPS • Application whitelisting • UTM
• Antivirus • Removable media control • DLP
• File integrity check • Advanced malware tools • Data execution prevention
• Host-based firewall • Patch management tools • Web application firewall

2.5 Given a scenario, deploy mobile devices securely.

• Connection methods - Screen locks - Camera use
- Cellular - Push notification services - SMS/MMS
- WiFi - Passwords and pins - External media
- SATCOM - Biometrics - USB OTG
- Bluetooth - Context-aware authentication - Recording microphone
- NFC - Containerization - GPS tagging
- ANT - Storage segmentation - WiFi direct/ad hoc
- Infrared - Full device encryption - Tethering
- USB • Enforcement and monitoring for: - Payment methods
• Mobile device management concepts - Third-party app stores • Deployment models
- Application management - Rooting/jailbreaking - BYOD
- Content management - Sideloading - COPE
- Remote wipe - Custom firmware - CYOD
- Geofencing - Carrier unlocking - Corporate-owned
- Geolocation - Firmware OTA updates - VDI

2.6 Given a scenario, implement secure protocols.

• Protocols - SNMPv3 - File transfer
- DNSSEC - SSL/TLS - Directory services
- SSH - HTTPS - Remote access
- S/MIME - Secure POP/IMAP - Domain name resolution
- SRTP • Use cases - Routing and switching
- LDAPS - Voice and video - Network address allocation
- FTPS - Time synchronization - Subscription services
- SFTP - Email and web

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 3.0 Architecture and Design
3.1 Explain use cases and purpose for frameworks, best
practices and secure configuration guides.
• Industry-standard frameworks • Benchmarks/secure configuration guides • Defense-in-depth/layered security
and reference architectures - Platform/vendor-specific guides - Vendor diversity
- Regulatory - Web server - Control diversity
- Non-regulatory - Operating system - Administrative
- National vs. international - Application server - Technical
- Industry-specific frameworks - Network infrastructure devices - User training
- General purpose guides

3.2 Given a scenario, implement secure network architecture concepts.

• Zones/topologies - Logical (VLAN) - Proxies
- DMZ - Virtualization - Firewalls
- Extranet - Air gaps - VPN concentrators
- Intranet • Tunneling/VPN - SSL accelerators
- Wireless - Site-to-site - Load balancers
- Guest - Remote access - DDoS mitigator
- Honeynets • Security device/technology placement - Aggregation switches
- NAT - Sensors - Taps and port mirror
- Ad hoc - Collectors • SDN
• Segregation/segmentation/isolation - Correlation engines
- Physical - Filters

3.3 Given a scenario, implement secure systems design.

• Hardware/firmware security - Workstation • Peripherals
- FDE/SED - Appliance - Wireless keyboards
- TPM - Kiosk - Wireless mice
- HSM - Mobile OS - Displays
- UEFI/BIOS - Patch management - WiFi-enabled MicroSD cards
- Secure boot and attestation - Disabling unnecessary - Printers/MFDs
- Supply chain ports and services - External storage devices
- Hardware root of trust - Least functionality - Digital cameras
- EMI/EMP - Secure configurations
• Operating systems - Trusted operating system
- Types - Application whitelisting/blacklisting
- Network - Disable default accounts/passwords
- Server
CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 3.0 Architecture and Design

3.4 Explain the importance of secure staging deployment concepts.

• Sandboxing - Staging
• Environment - Production
- Development • Secure baseline
- Test • Integrity measurement

3.5 Explain the security implications of embedded systems.

• SCADA/ICS • SoC • Special purpose
• Smart devices/IoT • RTOS - Medical devices
- Wearable technology • Printers/MFDs - Vehicles
- Home automation • Camera systems - Aircraft/UAV
• HVAC

3.6 Summarize secure application development and deployment concepts.

• Development life-cycle models • Secure coding techniques - Memory management
- Waterfall vs. Agile - Proper error handling - Use of third-party libraries and SDKs
• Secure DevOps - Proper input validation - Data exposure
- Security automation - Normalization • Code quality and testing
- Continuous integration - Stored procedures - Static code analyzers
- Baselining - Code signing - Dynamic analysis (e.g., fuzzing)
- Immutable systems - Encryption - Stress testing
- Infrastructure as code - Obfuscation/camouflage - Sandboxing
• Version control and change management - Code reuse/dead code - Model verification
• Provisioning and deprovisioning - Server-side vs. client-side • Compiled vs. runtime code
execution and validation

3.7 Summarize cloud and virtualization concepts.

• Hypervisor • Cloud deployment models • On-premise vs. hosted vs. cloud
- Type I - SaaS • VDI/VDE
- Type II - PaaS • Cloud access security broker
- Application cells/containers - IaaS • Security as a service
• VM sprawl avoidance - Private
• VM escape protection - Public
• Cloud storage - Hybrid
- Community

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 3.0 Architecture and Design

3.8 Explain how resiliency and automation strategies reduce risk.

• Automation/scripting • Non-persistence • Scalability
- Automated courses of action - Snapshots • Distributive allocation
- Continuous monitoring - Revert to known state • Redundancy
- Configuration validation - Rollback to known configuration • Fault tolerance
• Templates - Live boot media • High availability
• Master image • Elasticity • RAID

3.9 Explain the importance of physical security controls.

• Lighting • Environmental controls
• Signs - HVAC
• Fencing/gate/cage - Hot and cold aisles
• Security guards - Fire suppression
• Alarms • Cable locks
• Safe • Screen filters
• Secure cabinets/enclosures • Cameras
• Protected distribution/Protected cabling • Motion detection
• Airgap • Logs
• Mantrap • Infrared detection
• Faraday cage • Key management
• Lock types
• Biometrics
• Barricades/bollards
• Tokens/cards

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 4.0 Identity and Access Management
4.1 Compare and contrast identity and access management concepts
• Identification, authentication, - Something you have • Federation
authorization and accounting (AAA) - Something you know • Single sign-on
• Multifactor authentication - Somewhere you are • Transitive trust
- Something you are - Something you do

4.2 Given a scenario, install and configure identity and access services.
• LDAP • MSCHAP • Shibboleth
• Kerberos • RADIUS • Secure token
• TACACS+ • SAML • NTLM
• CHAP • OpenID Connect
• PAP • OAUTH

4.3 Given a scenario, implement identity and access management controls.

• - Access control models • Biometric factors • Tokens
- MAC - Fingerprint scanner - Hardware
- DAC - Retinal scanner - Software
- ABAC - Iris scanner - HOTP/TOTP
- Role-based access control - Voice recognition • Certificate-based authentication
- Rule-based access control - Facial recognition - PIV/CAC/smart card
• Physical access control - False acceptance rate - IEEE 802.1x
- Proximity cards - False rejection rate • File system security
- Smart cards - Crossover error rate • Database security

4.4 Given a scenario, differentiate common account management practices.

• Account types - Permission auditing and review - Group policy
- User account - Usage auditing and review - Password complexity
- Shared and generic - Time-of-day restrictions - Expiration
accounts/credentials - Recertification - Recovery
- Guest accounts - Standard naming convention - Disablement
- Service accounts - Account maintenance - Lockout
- Privileged accounts - Group-based access control - Password history
• General Concepts - Location-based policies - Password reuse
- Least privilege • Account policy enforcement - Password length
- Onboarding/offboarding - Credential management

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 5.0 Risk Management
5.1 Explain the importance of policies, plans and
procedures related to organizational security.
• Standard operating procedure - Clean desk - NDA
• Agreement types - Background checks - Onboarding
- BPA - Exit interviews - Continuing education
- SLA - Role-based awareness training - Acceptable use policy/rules of behavior
- ISA - Data owner - Adverse actions
- MOU/MOA - Systems administrator • General security policies
• Personnel management - System owner - Social media networks/applications
- Mandatory vacations - User - Personal email
- Job rotation - Privileged user
- Separation of duties - Executive user

5.2 Summarize business impact analysis concepts.

• RTO/RPO • Single point of failure - Finance
• MTBF • Impact - Reputation
• MTTR - Life • Privacy impact assessment
• Mission-essential functions - Property • Privacy threshold assessment
• Identification of critical systems - Safety

5.3 Explain risk management processes and concepts.

• Threat assessment - Likelihood of occurrence - Risk response techniques
- Environmental - Supply chain assessment - Accept
- Manmade - Impact - Transfer
- Internal vs. external - Quantitative - Avoid
• Risk assessment - Qualitative - Mitigate
- SLE - Testing • Change management
- ALE - Penetration testing authorization
- ARO - Vulnerability testing
- Asset value authorization
- Risk register

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 5.0 Risk Management

5.4 Given a scenario, follow incident response procedures.

• Incident response plan - Cyber-incident response teams - Containment
- Documented incident - Exercise - Eradication
types/category definitions • Incident response process - Recovery
- Roles and responsibilities - Preparation - Lessons learned
- Reporting requirements/escalation - Identification

5.5 Summarize basic concepts of forensics.

• Order of volatility - Capture video • Recovery
• Chain of custody - Record time offset • Strategic intelligence/
• Legal hold - Take hashes counterintelligence gathering
• Data acquisition - Screenshots - Active logging
- Capture system image - Witness interviews • Track man-hours
- Network traffic and logs • Preservation

5.6 Explain disaster recovery and continuity of operations concepts.

• Recovery sites - Snapshots • Continuity of operations planning
- Hot site - Full - Exercises/tabletop
- Warm site • Geographic considerations - After-action reports
- Cold site - Off-site backups - Failover
• Order of restoration - Distance - Alternate processing sites
• Backup concepts - Location selection - Alternate business practices
- Differential - Legal implications
- Incremental - Data sovereignty

5.7 Compare and contrast various types of controls.

• Deterrent • Corrective • Administrative
• Preventive • Compensating • Physical
• Detective • Technical

5.8 Given a scenario, carry out data security and privacy practices.
• Data destruction and media sanitization • Data sensitivity labeling and handling • Data roles
- Burning - Confidential - Owner
- Shredding - Private - Steward/custodian
- Pulping - Public - Privacy officer
- Pulverizing - Proprietary • Data retention
- Degaussing - PII • Legal and compliance
- Purging - PHI
- Wiping

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 6.0 Cryptography and PKI
6.1 Compare and contrast basic concepts of cryptography.
• Symmetric algorithms • Key strength • Common use cases
• Modes of operation • Session keys - Low power devices
• Asymmetric algorithms • Ephemeral key - Low latency
• Hashing • Secret algorithm - High resiliency
• Salt, IV, nonce • Data-in-transit - Supporting confidentiality
• Elliptic curve • Data-at-rest - Supporting integrity
• Weak/deprecated algorithms • Data-in-use - Supporting obfuscation
• Key exchange • Random/pseudo-random - Supporting authentication
• Digital signatures number generation - Supporting non-repudiation
• Diffusion • Key stretching - Resource vs. security constraints
• Confusion • Implementation vs. algorithm selection
• Collision - Crypto service provider
• Steganography - Crypto modules
• Obfuscation • Perfect forward secrecy
• Stream vs. block • Security through obscurity

6.2 Explain cryptography algorithms and their basic characteristics.

• Symmetric algorithms • Asymmetric algorithms - HMAC
- AES - RSA - RIPEMD
- DES - DSA • Key stretching algorithms
- 3DES - Diffie-Hellman - BCRYPT
- RC4 - Groups - PBKDF2
- Blowfish/Twofish - DHE • Obfuscation
• Cipher modes - ECDHE - XOR
- CBC - Elliptic curve - ROT13
- GCM - PGP/GPG - Substitution ciphers
- ECB • Hashing algorithms
- CTR - MD5
- Stream vs. block - SHA

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
 6.0 Cryptography and PKI

6.3 Given a scenario, install and configure wireless security settings.

• Cryptographic protocols • Authentication protocols - IEEE 802.1x
- WPA - EAP - RADIUS Federation
- WPA2 - PEAP • Methods
- CCMP - EAP-FAST - PSK vs. Enterprise vs. Open
- TKIP - EAP-TLS - WPS
- EAP-TTLS - Captive portals

6.4 Given a scenario, implement public key infrastructure.

• Components - Stapling - User
- CA - Pinning - Root
- Intermediate CA - Trust model - Domain validation
- CRL - Key escrow - Extended validation
- OCSP - Certificate chaining • Certificate formats
- CSR • Types of certificates - DER
- Certificate - Wildcard - PEM
- Public key - SAN - PFX
- Private key - Code signing - CER
- Object identifiers (OID) - Self-signed - P12
• Concepts - Machine/computer - P7B
- Online vs. offline CA - Email

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
CompTIA Security+ Acronyms

The following is a list of acronyms that appear on the CompTIA Security+ exam.
Candidates are encouraged to review the complete list and attain a working
knowledge of all listed acronyms as part of a comprehensive exam preparation
program.
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
3DES Triple Digital Encryption Standard CER Certificate
AAA Authentication, Authorization, and Accounting CER Cross-over Error Rate
ABAC Attribute-based Access Control CERT Computer Emergency Response Team
ACL Access Control List CFB Cipher Feedback
AES Advanced Encryption Standard CHAP Challenge Handshake Authentication Protocol
AES256 Advanced Encryption Standards 256bit CIO Chief Information Officer
AH Authentication Header CIRT Computer Incident Response Team
ALE Annualized Loss Expectancy CMS Content Management System
AP Access Point COOP Continuity of Operations Plan
API Application Programming Interface COPE Corporate Owned, Personally Enabled
APT Advanced Persistent Threat CP Contingency Planning
ARO Annualized Rate of Occurrence CRC Cyclical Redundancy Check
ARP Address Resolution Protocol CRL Certificate Revocation List
ASLR Address Space Layout Randomization CSIRT Computer Security Incident Response Team
ASP Application Service Provider CSO Chief Security Officer
AUP Acceptable Use Policy CSP Cloud Service Provider
AV Antivirus CSR Certificate Signing Request
AV Asset Value CSRF Cross-site Request Forgery
BAC Business Availability Center CSU Channel Service Unit
BCP Business Continuity Planning CTM Counter-Mode
BIA Business Impact Analysis CTO Chief Technology Officer
BIOS Basic Input/Output System CTR Counter
BPA Business Partners Agreement CYOD Choose Your Own Device
BPDU Bridge Protocol Data Unit DAC Discretionary Access Control
BYOD Bring Your Own Device DBA Database Administrator
CA Certificate Authority DDoS Distributed Denial of Service
CAC Common Access Card DEP Data Execution Prevention
CAN Controller Area Network DER Distinguished Encoding Rules
CAPTCHA Completely Automated Public Turing DES Digital Encryption Standard
Test to Tell Computers and Humans Apart DFIR Digital Forensics and Investigation Response
CAR Corrective Action Report DHCP Dynamic Host Configuration Protocol
CASB Cloud Access Security Broker DHE Data-Handling Electronics
CBC Cipher Block Chaining DHE Diffie-Hellman Ephemeral
CCMP Counter-Mode/CBC-Mac Protocol DLL Dynamic Link Library
CCTV Closed-circuit Television DLP Data Loss Prevention

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
DMZ Demilitarized Zone IaaS Infrastructure as a Service
DNAT Destination Network Address Transaction ICMP Internet Control Message Protocol
DNS Domain Name Service (Server) ICS Industrial Control Systems
DoS Denial of Service ID Identification
DRP Disaster Recovery Plan IDEA International Data Encryption Algorithm
DSA Digital Signature Algorithm IDF Intermediate Distribution Frame
DSL Digital Subscriber Line IdP Identity Provider
DSU Data Service Unit IDS Intrusion Detection System
EAP Extensible Authentication Protocol IEEE Institute of Electrical and Electronic Engineers
ECB Electronic Code Book IIS Internet Information System
ECC Elliptic Curve Cryptography IKE Internet Key Exchange
ECDHE Elliptic Curve Diffie-Hellman Ephemeral IM Instant Messaging
ECDSA Elliptic Curve Digital Signature Algorithm IMAP4 Internet Message Access Protocol v4
EF Exposure Factor IoT Internet of Things
EFS Encrypted File System IP Internet Protocol
EMI Electromagnetic Interference IPSec Internet Protocol Security
EMP Electro Magnetic Pulse IR Incident Response
EOL End of Life IR Infrared
ERP Enterprise Resource Planning IRC Internet Relay Chat
ESN Electronic Serial Number IRP Incident Response Plan
ESP Encapsulated Security Payload ISA Interconnection Security Agreement
EULA End User License Agreement ISP Internet Service Provider
FACL File System Access Control List ISSO Information Systems Security Officer
FAR False Acceptance Rate ITCP IT Contingency Plan
FDE Full Disk Encryption IV Initialization Vector
FRR False Rejection Rate KDC Key Distribution Center
FTP File Transfer Protocol KEK Key Encryption Key
FTPS Secured File Transfer Protocol L2TP Layer 2 Tunneling Protocol
GCM Galois Counter Mode LAN Local Area Network
GPG Gnu Privacy Guard LDAP Lightweight Directory Access Protocol
GPO Group Policy Object LEAP Lightweight Extensible Authentication Protocol
GPS Global Positioning System MaaS Monitoring as a Service
GPU Graphic Processing Unit MAC Mandatory Access Control
GRE Generic Routing Encapsulation MAC Media Access Control
HA High Availability MAC Message Authentication Code
HDD Hard Disk Drive MAN Metropolitan Area Network
HIDS Host-based Intrusion Detection System MBR Master Boot Record
HIPS Host-based Intrusion Prevention System MD5 Message Digest 5
HMAC Hashed Message Authentication Code MDF Main Distribution Frame
HOTP HMAC-based One-Time Password MDM Mobile Device Management
HSM Hardware Security Module MFA Multifactor Authentication
HTML Hypertext Markup Language MFD Multi-function Device
HTTP Hypertext Transfer Protocol MIME Multipurpose Internet Mail Exchange
HTTPS Hypertext Transfer Protocol over SSL/TLS MITM Man-in-the-Middle
HVAC Heating, Ventilation and Air Conditioning MMS Multimedia Message Service

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
MOA Memorandum of Agreement PIV Personal Identity Verification
MOTD Message of the Day PKI Public Key Infrastructure
MOU Memorandum of Understanding POODLE Padding Oracle on Downgrade Legacy Encryption
MPLS Multi-Protocol Label Switching POP Post Office Protocol
MSCHAP Microsoft Challenge Handshake POTS Plain Old Telephone Service
Authentication Protocol PPP Point-to-Point Protocol
MSP Managed Service Provider PPTP Point-to-Point Tunneling Protocol
MTBF Mean Time Between Failures PSK Pre-shared Key
MTTF Mean Time to Failure PTZ Pan-Tilt-Zoom
MTTR Mean Time to Recover or Mean Time to Repair RA Recovery Agent
MTU Maximum Transmission Unit RA Registration Authority
NAC Network Access Control RAD Rapid Application Development
NAT Network Address Translation RADIUS Remote Authentication Dial-in User Server
NDA Non-disclosure Agreement RAID Redundant Array of Inexpensive Disks
NFC Near Field Communication RAS Remote Access Server
NGAC Next Generation Access Control RAT Remote Access Trojan
NIDS Network-based Intrusion Detection System RBAC Role-based Access Control
NIPS Network-based Intrusion Prevention System RBAC Rule-based Access Control
NIST National Institute of Standards & Technology RC4 Rivest Cipher version 4
NTFS New Technology File System RDP Remote Desktop Protocol
NTLM New Technology LAN Manager REST Representational State Transfer
NTP Network Time Protocol RFID Radio Frequency Identifier
OAUTH Open Authorization RIPEMD RACE Integrity Primitives
OCSP Online Certificate Status Protocol Evaluation Message Digest
OID Object Identifier ROI Return on Investment
OS Operating System RMF Risk Management Framework
OTA Over The Air RPO Recovery Point Objective
OVAL Open Vulnerability Assessment Language RSA Rivest, Shamir, & Adleman
P12 PKCS #12 RTBH Remotely Triggered Black Hole
P2P Peer to Peer RTO Recovery Time Objective
PaaS Platform as a Service RTOS Real-time Operating System
PAC Proxy Auto Configuration RTP Real-time Transport Protocol
PAM Pluggable Authentication Modules S/MIME Secure/Multipurpose Internet Mail Extensions
PAP Password Authentication Protocol SaaS Software as a Service
PAT Port Address Translation SAML Security Assertions Markup Language
PBKDF2 Password-based Key Derivation Function 2 SAN Storage Area Network
PBX Private Branch Exchange SAN Subject Alternative Name
PCAP Packet Capture SCADA System Control and Data Acquisition
PEAP Protected Extensible Authentication Protocol SCAP Security Content Automation Protocol
PED Personal Electronic Device SCEP Simple Certificate Enrollment Protocol
PEM Privacy-enhanced Electronic Mail SCP Secure Copy
PFS Perfect Forward Secrecy SCSI Small Computer System Interface
PFX Personal Exchange Format SDK Software Development Kit
PGP Pretty Good Privacy SDLC Software Development Life Cycle
PHI Personal Health Information SDLM Software Development Life Cycle Methodology
PII Personally Identifiable Information SDN Software Defined Network

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
SED Self-encrypting Drive URL Universal Resource Locator
SEH Structured Exception Handler USB Universal Serial Bus
SFTP Secured File Transfer Protocol USB OTG USB On The Go
SHA Secure Hashing Algorithm UTM Unified Threat Management
SHTTP Secure Hypertext Transfer Protocol UTP Unshielded Twisted Pair
SIEM Security Information and Event Management VDE Virtual Desktop Environment
SIM Subscriber Identity Module VDI Virtual Desktop Infrastructure
SIP Session Initiation Protocol VLAN Virtual Local Area Network
SIPS Session Initiation Protocol Secure VLSM Variable Length Subnet Masking
SLA Service Level Agreement VM Virtual Machine
SLE Single Loss Expectancy VoIP Voice over IP
SMB Server Message Block VPN Virtual Private Network
SMS Short Message Service VTC Video Teleconferencing
SMTP Simple Mail Transfer Protocol WAF Web Application Firewall
SMTPS Simple Mail Transfer Protocol Secure WAP Wireless Access Point
SNMP Simple Network Management Protocol WEP Wired Equivalent Privacy
SOAP Simple Object Access Protocol WIDS Wireless Intrusion Detection System
SoC System on Chip WIPS Wireless Intrusion Prevention System
SPF Sender Policy Framework WORM Write Once Read Many
SPIM Spam over Internet Messaging WPA WiFi Protected Access
SPoF Single Point of Failure WPA2 WiFi Protected Access 2
SQL Structured Query Language WPS WiFi Protected Setup
SRTP Secure Real-Time Protocol WTLS Wireless TLS
SSD Solid State Drive XML Extensible Markup Language
SSH Secure Shell XOR Exclusive Or
SSID Service Set Identifier XSRF Cross-site Request Forgery
SSL Secure Sockets Layer XSS Cross-site Scripting
SSO Single Sign-on
SSP System Security Plan
STP Shielded Twisted Pair
TACACS+ Terminal Access Controller Access
Control System Plus
TCO Total Cost of Ownership
TCP/IP Transmission Control Protocol/Internet Protocol
TGT Ticket Granting Ticket
TKIP Temporal Key Integrity Protocol
TLS Transport Layer Security
TOTP Time-based One-time Password
TPM Trusted Platform Module
TSIG Transaction Signature
UAT User Acceptance Testing
UAV Unmanned Aerial Vehicle
UDP User Datagram Protocol
UEFI Unified Extensible Firmware Interface
UPS Uninterruptable Power Supply
URI Uniform Resource Identifier

CompTIA Security+ Certification Exam Objectives Version 4.0 (Exam Number: SY0-501)
Security+ Proposed Hardware and Software List

CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the Security+ exam. This list may also be helpful
for training companies that wish to create a lab component to their training
offering. The bulleted lists below each topic are sample lists and not exhaustive.

EQUIPMENT HARDWARE TOOLS

• Router • WiFi analyzers
• Firewall • Hardware debuggers
• Access point
• Switch SOFTWARE TOOLS AND SOFTWARE TOOLS
• IDS/IPS • Exploitation distributions (e.g., Kali)
• Server • Proxy server
• Content filter • Virtualization software
• Client • Virtualized appliances
• Mobile device • Wireshark
• VPN concentrator • tcpdump
• UTM • NMAP
• Enterprise security managers/SIEM suite • OpenVAS
• Load balancer • Metasploit/Metaspoitable2
• Proxies • Back Orifice
• DLP appliance • Cain & Abel
• ICS or similar systems • John the Ripper
• Network access control servers • pfSense
• DDoS mitigation hardware • Security Onion
• Roo
SPARE PARTS/HARDWARE • Any UTM
• Keyboards
• Mice OTHER
• Network cables • SourceForge
• Monitors
• Wireless and Bluetooth dongles

© 2017 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such
programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally.
Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduc-
tion or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 03626-Mar2017