Security+
CompTIA Security+
Broad entry-level knowledge across threats, ops, IAM, network, and crypto basics.
› SecProve Security+ practice — what you get
free · unlimited · no upsell- Misconception coaching on every wrong answer
Every distractor is tagged with the cognitive trap it represents (best-vs-correct, scope-confusion, negation-miss, etc.) and the explanation leads with why a candidate falls for it. No other Sec+ bank does this systematically.
- Exam Autopsy after every session
Each miss is classified into one of eight failure modes — knowledge gap, answer-switching, high-confidence miss, fast trap, fatigue, recurring trap, slow miss, explanation skip. You see why you missed, not just what.
- Trap Immunity progression
25 cognitive traps tracked over time with per-archetype status (emerging → active → improving → immune). Targeted drill mode lets you train against the trap, not the topic.
- First Answer Shadow Mode
Tracks your first selected answer separately from your final submission. After ~20 attempts, shows your first-instinct score, your final score, and a Trust Your Gut Index — so you know whether second-guessing is helping or hurting.
Pair with Jason Dion (scenario-focused, harder than the exam) or Professor Messer (video course alignment) for depth-of-bank. SecProve is the diagnostic layer above any of them.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Market signals
public, citable inputs to the recognition score› Built for these roles
› Exam format
Up to 90 questions, 90 minutes. Mix of multiple-choice and performance-based items (PBQs) — short hands-on sims that ask you to configure or analyze something. Pearson VUE in person or online proctored.
First retake immediate; 14-day wait before each subsequent attempt.
› Recertification
50 CompTIA CEUs over the three-year cycle (avg ~17/yr) plus the $50/yr Continuing Education Program fee. Higher-tier CompTIA certs auto-renew Security+.
› 3-year cost of ownership
Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 4 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.
AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.
SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.
Symmetric/asymmetric, PKI, TLS/SSL, hashing, post-quantum cryptography, key management.
› Also touched
Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.
Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.
OWASP Top 10, secure SDLC, SAST/DAST/IAST, API security, code review, DevSecOps.
AWS/Azure/GCP security controls, IAM policies, CSPM, container security, shared responsibility model.
SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.
› Known coverage gaps
Domains this cert does not meaningfully address. Plan follow-up learning here if your role touches any of them.
› Prerequisites
Two years of IT experience recommended (not required). CompTIA Network+ strongly advised as preparation.
- Basic networking (TCP/IP, DNS, HTTP, subnetting)
- Operating-system fundamentals (Windows + Linux)
- General security concepts
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
› Study materials
Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.
- CompTIA Security+ Study Guide (SY0-701) by Mike Chapple — Sybex
- CompTIA Security+ All-in-One Exam Guide, 7th Ed. (Conklin, White) — McGraw Hill
› Version & lifecycle
SY0-601 retired 2024-07. CompTIA refreshes the Security+ blueprint every ~3 years.
› Salary signal
Entry security analyst / junior IT generalist, US, 0–3 years.
Robert Half Salary Guide + Glassdoor 'Security Analyst' aggregations · 2024 · US base only · p25–p75 range
› How it compares
ISC2's free-training entry alternative — vendor-neutral with no exam fee initially, but newer brand recognition.
↔ Compare side-by-sideMore hands-on operations focus (SSCP) vs Security+'s broad foundational coverage.
↔ Compare side-by-side› Careers that commonly pursue this cert
Monitor, detect, and respond to security threats in a Security Operations Center. The front line of cyber defense.
Design, build, and maintain security infrastructure. The architects of an organization's defensive posture.
Owns the end-to-end find → prioritize → fix → verify loop at scale, now increasingly AI-driven.
› Common exam traps to study
Cybersecurity cert exams reuse the same 25 distractor patterns over and over — category confusion, RTO vs RPO, IDS vs IPS, MD5 vs SHA-256, and more. Once you can name the trap, you stop falling for it. Each archetype page covers what it is, the specific pairs candidates confuse, and how to avoid it.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.