Learn about the Security+ SY0-401


Alert! The Security+ SY0-401 exam will be retired on July 31st, 2018. See this page for information about the SY0-501 exam. 

Exam Details

Updated 7/26/2014

To obtain the Security+ SY0-401 certification (released in May of 2014) you must pass one exam. Here’s a quick breakdown of the exam specifications:

Exam Questions Time Allowed Passing Score Cost
SY0-401 Maximum of 90 90 minutes 750 $293

The passing score of 750 is graded on a scale of 100-900. Mathematically, this is equal to answering 81% correct on the exam. This exam is considered to be more difficult than the A+ and Network+ exams and is usually taken third of the three. CompTIA expects a person to have a solid understanding of networking, as well as two years IT experience, before attempting the Security+ exam (or Sec+ as it is often called).

The bulk of the exam is made up of multiple choice questions, but there will be a few performance-based questions as well. In these simulation questions you will drag and drop answers to their correct locations, and perform step-by-step simulations. (See this link to CompTIA’s website for more information about CompTIA performance-based questions.)

The content of the exam is described by CompTIA in an objectives document. You can download the objectives (in .PDF format) by clicking the following link:

SY0-401 Objectives (as of the writing of this article, version 6 is the latest objectives document)

Or, by clicking here and filling out the form.

The Security+ objectives are broken down into 6 domains. Each domain covers a particular percentage of the exam as shown below:

  • 1.0 Network Security (20%)
  • 2.0 Compliance and Operational Security (18%)
  • 3.0 Threats and Vulnerabilities (20%)
  • 4.0 Application, Data and Host Security (15%)
  • 5.0 Access Control and Identity Management (15%)
  • 6.0 Cryptography (12%)

Even though some domains are weighted more heavily than others, it’s important to study all of the domains, and all of the objectives within each domain. Exam questions can come from any of the objectives. And CompTIA can change the exam questions at any time. One person’s exam may differ greatly from another person’s. Study everything thoroughly, and you will ensure a passing score, regardless of what questions you see.

Video: How to go about obtaining the Security+ Certification

Security+ Exam costs and how to save money

The cost of the Security+ exam shown in the previous table is for exams taken in the United States. (Other countries prices will vary.) The exam fee is not paid directly to CompTIA however. You must register for, and schedule the exam with Pearson Vue. This organization administers the exam at a testing facility near you, so it is the one to be paid. You can register online or by phone. Be sure to have a credit card ready and your Social Security#. If you do not have a Social Security number and this is your first exam, the testing agency will assign you an examinee number. Be sure to take two forms of ID (one with photo, both signed) to the testing center on the day of your exam. For help on how to pass any exam, see my article at this link. Additional information on how to take the test from CompTIA’s site can be found at this link.

One sure way to save yourself money in the long run is to not rush the exam. Only take the exam when you are fully ready. How will you know? You should be passing your practice exams with scores of 90% or higher. If your study guide only has one practice exam, consider purchasing a second study guide, or additional practice exams. You should also be able to define any key word that is listed in your study guide and the acronyms listed in the objectives. You should also create some kind of cheat sheet (which I show how to create in my books) from which to do last minute study. By doing these things, you give yourself a much better chance of passing. Remember, if you fail a certification exam, you will have to pay for it and take it all over again!


Frequently Asked Questions

Quite often I get questions from students and readers about the best ways to prepare for the Security+. The following details some of the most common questions about the Sec+ exam, and my answers and recommendations. Keep in mind that these are general recommendations that work for most people, but that some people will have special circumstances. If you have questions that are not covered here, or have questions about my books, feel free to contact me.

Q: Why get the CompTIA Security+ certification?

A: The Security+ certification is a stepping stone into the security field. It provides an excellent foundation for IT professionals whether they want to find a job in network security, or train for more advanced security certifications such as the CISSP or CEH. By adding the Security+ certification to a resume, a person can expect more interest from employers when applying for jobs. Also, many organizations require that their current employees stay current with the latest security certifications, including the Sec+.

Q: What kind of experience and pre-requisites should I have before attempting the CompTIA Security+ exam?

A: CompTIA recommends that a person has 2 years of experience in the IT Field with an emphasis on security. However, many people take the exam with less experience. It is also recommended that the Network+ certification be attained first.

Q: Should I set up a home lab? And if so, what equipment should I use?

A: You should definitely have a home-lab. I recommend you have multiple computers (or virtual machines) that you can run server and client operating systems on. Network them and some mobile devices together via at least one SOHO router, and be ready to configure, test, and secure!

Q: Should I take a class on Security+?

A: If you do not have the recommended 2 years of experience in the field, then I recommend an instructor-led CompTIA Security+ course. For example, an on-site course where you can learn in a hands-on manner from a dedicated instructor in a classroom. I also recommend a class in networking (preferably a Network+ course) if you don’t have much networking experience. The networking course should be taken before the security course.

Security+ courses can be taken at county and community colleges, technical schools, and even some high schools. Click the search button below to find Security+ training centers in your area.


Q: What do I get when I pass the exam?

A: First of all, when you complete the exam at the testing center a printout will be given to you. This will tell you your score among other things and acts as proof that you passed. It is the responsibility of the testing center to give you this printout, make sure you receive it.

Afterward you can either download your certificate in PDF format from CompTIA (directions on how to do this are on your score report), or request a printed certificate. An example of my certificate is shown below. You’ll note that you can verify a person’s certificate by going to the link at the bottom left of the certificate and entering the code listed above it. You can also setup a transcript for employers to view. They will be able to see what CompTIA certifications you passed (that you select for viewing), but not the scores.

You might notice that the date certified on the certificate above shows June 22, 2011. Of course, I have taken the Security+ ce exam since then (the latest was in June of 2014), but the certificate only shows the first time passed. Any subsequent passes simply push the valid date out. As you can see, mine was pushed out to June 22, 2017. In addition, any previously passed lower-level CompTIA exams are also extended to that date – for example the A+ or Network+. For more information about the various ways to extend the life of your certification see this link at CompTIA’s website.

Q: How long does the certification last for?

A: As of January 1st, 2011, the Security+ certification is valid for 3 years from whenever you passed the exam. After 3 years, a person would need to re-certify by either taking the new exam, or by obtaining continuing education units (CEUs). CEUs can be gathered by taking classes, sitting workshops, teaching classes, taking a higher level exam, and so on. See this link for more information on how this can be accomplished. If you were certified before January 1st, 2011, your certification will remain valid for life. This also applies to the A+ and Network+ exams.

Q: Can I still take the bridge exam?

A: No, the bridge exam has been retired. In fact, CompTIA is retiring the bridge exams for each of the A+, Net+, and Sec+. This is because these exams have become 3-year renewables as of January 1st, 2011.

Q: Can I take the exam in Spanish?

A: Not currently (as of 5/28/2014). But additional languages beyond English are to follow soon.

Q: What’s next after the Security+?

A: Some students decide to concentrate on getting that job (or that next job). Others opt to study for more certifications such as the CISSP, CEH, or other similar security certifications.

Whatever you choose, keep learning and good luck to you! When you pass the exam, drop me a line and let me know. I’d love to hear from you!