The document outlines the objectives and complexities of the CompTIA Security+ certification, emphasizing the increased difficulty over the years due to evolving cybersecurity roles and responsibilities. It highlights the shift from basic recall to application and analysis in exam objectives, with a significant increase in performance-based assessment items. Additionally, it maps Security+ competencies to the NICE Cybersecurity Workforce Framework, illustrating how the certification aligns with key roles in the industry.

1. • Risk: Identify risk and participate
in risk mitigation activities.
• Operational Security: Provide infrastructure,
application, information and operational security.
• Security Controls: Apply security
controls to maintain confidentiality,
integrity and availability.
• Technology and Troubleshooting: Identify
appropriate technologies and products and
troubleshoot security events and incidents.
• Governance: Operate with an awareness of
applicable policies, laws and regulations.
CompTIA Security+ certification validates foundational cybersecurity skills. As
cybersecurity skills grow more complex, the baseline continues to rise. These trends
are reflected in the Security+ exam, which has become more difficult over the years.
Why? The Subject Matter Experts who participate in our job task analysis
workshops report that their jobs are more complicated. Their employers
expect them to know more and do more than ever before. This change is
reflected in the exam objectives they help write for CompTIA, which in turn
produces a more difficult exam that is harder to pass. CompTIA exams reflect
a maturing cybersecurity landscape that is becoming more challenging.
Security+ addresses the increased diversity of knowledge, skills and abilities
(KSAs) required of today’s cybersecurity professionals and validates the baseline
cybersecurity skills required to perform effectively on the job.
The CompTIA Security+ certification is a vendor-neutral, internationally recognized
credential used by organizations and security professionals around the globe to validate
foundation- and intermediate-level cybersecurity KSAs. Topics include:
Individuals entering the cybersecurity profession now need to do more than list, identify and
define security techniques. They are expected to interpret, apply and configure solutions.
Meeting the Cybersecurity Skills
Challenge with CompTIA Security+
In this
document:
• Meeting the
Cybersecurity Skills
Challenge with
CompTIA Security+
• Measuring CompTIA
Security+ Difficulty
• Why Hybrid Testing
Approaches Work
Best
• Mapping the NICE
Cybersecurity Work-
force Framework
of the exam
objectives require
application
or analysis
of domain
knowledge, an
increase of 19
percent over the
previous exam
63%
Measuring CompTIA Security+ Difficulty
Using Bloom’s Taxonomy as an organizing principle to discuss the difficulty level of the exam illustrates the emphasis
on the application of KSAs, rather than the simple recall of information. Looking at the exam objectives, 63 percent
require candidates to demonstrate their knowledge at Bloom’s Level 3 (apply) and Level 4 (analyze).
The following table summarizes the percentage of certification exam objectives that fall into each of Bloom’s level.
1

2. Bloom’s Level and Description
Level of
Complexity
SY0-301
(Previous Exam)
SY0-401
(Current Exam)
Level 1: Remembering/Recalling Information
The candidate is able to recall, restate and remember learned information.
Basic 5% 0%
Level 2: Understanding/Explaining Ideas or Concepts
The learner grasps the meaning of information by
interpreting and translating what has been learned.
Low 53% 37%
Level 3: Applying Knowledge and Skills
The learner makes use of information in a new situation
from the one in which it was learned.
Moderate 11% 5%
Level 4: Analyzing
The learner breaks learned information into parts to best understand
that information in an attempt to identify evidence for a conclusion.
High 31% 58%
Level 5: Evaluating
The learner makes decisions based on in depth
reflection, criticism and assessment.
Level 6: Creating
The learner creates new ideas and information
using what has been previously learned.
Security+ Executive Summary
Why Hybrid Testing Approaches Work Best
Over the past several years, cybersecurity practitioners and educators have debated as to which of the following is more
important to validate:
1. An individual’s conceptual knowledge, as validated by “linear” multiple choice items, or
2. Performance associated with a particular job or responsibility, as validated by performance-based items.
Advocates for each of these two aspects of validation often hold one of the approaches as superior over the other, with most
individuals favoring only performance-based items.
CompTIA regards this rift in opinion as a false dilemma. Both domain knowledge expertise and practical skills are absolutely vital
and should be a part of any serious competency training and validation process. Both knowledge- and performance-based
aspects are necessary for training, and nothing can substitute for hands-on learning. The same principle applies to assessment.
This is why CompTIA adopted performance-based items into its certification exams starting in 2011.
To emphasize the growing complexity, the current SY0-401 exam contains almost twice as many Level 4 objectives than the previous SY0-301
exam. As a result of this increased level of competence individuals need to demonstrate, the current exam has more scenario-based, or story-
based, items, which require individuals to weigh several facts and issues and make an appropriate choice based on the information given.
CompTIA has verified that these questions are clearly worded and that qualified individuals have sufficient time to complete the items.
Additionally, the current Security+ exam has more objectives that lend themselves to simulation-based questions. The SY0-301 exam
had six objectives that required individuals to go through simulations or answer scenario-based questions, and the current SY0-401
exam contains 12 such objectives.
2

3. Work Role Description Matching CompTIA Security+ Objectives (Samples)
Cyber Defense
Infrastructure Support
Specialist PR-INF-001
Tests, implements, deploys, maintains and administers
the infrastructure hardware and software.
1.1 — Implement security configuration parameters
on network devices and other technologies
1.2 — Given a scenario, use secure network
administration principles
1.3 — Explain network design elements and components
1.4 — Given a scenario, implement
common protocols and services
1.5 — Given a scenario, troubleshoot security
issues related to wireless networking
Security Control
Assessor SP-RM-002
Conducts independent comprehensive assessments of the
management, operational and technical security controls and
control enhancements employed within or inherited by an
information technology (IT) system to determine the overall
effectiveness of the controls (as defined in NIST 800-37).
2.1 — Explain the importance of risk-related concepts
2.2 — Summarize the security implications of integrating
systems and data with third parties
2.3 — Given a scenario, implement appropriate
risk mitigation strategies
2.8 — Summarize risk management best practices
2.9 — Given a scenario, select the appropriate
control to meet the goals of security
5.1 — Compare and contrast the function and
purpose of authentication services
5.2 — Given a scenario, select the appropriate
authentication, authorization or access control
5.3 — Install and configure security controls when performing
account management, based on best practices
Secure Software
Assessor SP-DEV-002
Analyzes the security of new or existing computer
applications, software or specialized utility
programs and provides actionable results.
1.1 — Implement security configuration parameters
on network devices and other technologies
2.2 — Summarize the security implications of
integrating systems and data with third parties
3.5 — Explain types of application attacks
3.6 — Analyze a scenario and select the appropriate
type of mitigation and deterrent techniques
4.1 — Explain the importance of application
security controls and techniques
4.2 — Summarize mobile security concepts and technologies
4.3 — Given a scenario, select the appropriate
solution to establish host security
The following CompTIA exams contain roughly 10 percent performance-based items:
On average, it takes a test taker roughly one-third of the examination time to complete these performance-
based items. Performance-based items include simulations of technology solutions and story-based
items that require advanced cognitive thinking on the part of the successful test taker.
Mapping the NICE Cybersecurity Workforce Framework
CompTIA Security+ aligns to the following five work roles identified by the National Initiative for Cybersecurity
Education (NICE) Cybersecurity Workforce Framework (NCWF), draft NIST special publication 800-181:
In addition, many work roles are built upon the baseline skills taught in Security+. Following are examples
of some of the work roles that contain approximately 50 percent of Security+ skills:
This mapping is a sample of how CompTIA’s certification standards map to key elements of the NICE framework.
Security+ Executive Summary
• Cyber Defense Infrastructure Support Specialist, PR-INF-001
• Security Control Assessor, SP-RM-002
• Secure Software Assessor, SP-DEV-002
• Research and Development Specialist, SP-RD-001
• System Testing and Evaluation Specialist, SP-TE-001
• Systems Security Analyst, OM-AN-001
• Cyber Defense Analyst, PR-DA-001
• Cyber Defense Incident Responder, PR-IR-001
• Vulnerability Assessment Analyst, PR-VA-001
A+ | Network+ | Security+ | Cybersecurity Analyst (CSA+) | CompTIA Advanced Security Practitioner (CASP)
3

4. Work Role Description Matching CompTIA Security+ Objectives (Samples)
Research and
Development
Specialist SP-RD-001
Conducts software and systems engineering and
software systems research in order to develop new
capabilities, ensuring cybersecurity is fully integrated.
Conducts comprehensive technology research to evaluate
potential vulnerabilities in cyberspace systems.
2.1 — Explain the importance of risk-related concepts
3.1 — Explain types of malware
3.2 — Summarize various types of attacks
3.3 — Summarize social engineering attacks and
the associated effectiveness with each attack
3.4 — Explain types of wireless attacks
3.5 — Explain types of application attacks
3.6 — Analyze a scenario and select the appropriate
type of mitigation and deterrent techniques
3.7 — Given a scenario, use appropriate tools and techniques
to discover security threats and vulnerabilities
4.1 — Explain the importance of application
security controls and techniques
4.2 — Summarize mobile security concepts and technologies
4.3 — Given a scenario, select the appropriate
solution to establish host security
4.4 — Implement the appropriate controls
to ensure data security
4.5 — Compare and contrast alternative methods to
mitigate security risks in static environments
5.1 — Compare and contrast the function and
purpose of authentication services
5.2 — Given a scenario, select the appropriate
authentication, authorization or access control
System Testing
and Evaluation
Specialist SP-TE-001
Plans, prepares and executes tests of systems
to evaluate results against specifications and
requirements as well as analyze/report test results.
2.8 — Summarize risk management best practices
2.9 — Given a scenario, select the appropriate
control to meet the goals of security
3.8 — Explain the proper use of penetration
testing versus vulnerability scanning
4.3 — Given a scenario, select the appropriate
solution to establish host security
The following work roles contain approximately 50 percent Security+ skills:
Systems Security
Analyst OM-AN-001
Analyzes and develops the integration, testing,
operations and maintenance of systems security.
2.1 — Explain the importance of risk-related concepts
2.2 — Summarize the security implications of
integrating systems and data with third parties
2.3 — Given a scenario, implement appropriate
risk mitigation strategies
2.4 — Given a scenario, implement basic forensic procedures
2.5 — Summarize common incident response procedures
2.6 — Explain the importance of security-
related awareness and training
2.7 — Compare and contrast physical security
and environmental controls
2.8 — Summarize risk management best practices
2.9 — Given a scenario, select the appropriate
control to meet the goals of security
6.1 — Given a scenario, utilize general cryptography concepts
6.2 — Given a scenario, use appropriate cryptographic methods
6.3 — Given a scenario, use appropriate
public key infrastructure (PKI), certificate
management and associated components
Security+ Executive Summary
4

5. Work Role Description Matching CompTIA Security+ Objectives (Samples)
Cyber Defense
Analyst PR-DA-001
Uses data collected from a variety of cyber-defense tools
(e.g., intrusion detection system (IDS) alerts, firewalls,
network traffic logs) to analyze events that occur within
their environments for the purposes of mitigating threats.
3.1 — Explain types of malware
3.2 — Summarize various types of attacks
3.3 — Summarize social engineering attacks and
the associated effectiveness with each attack
3.4 — Explain types of wireless attacks
3.5 — Explain types of application attacks
3.6 — Analyze a scenario and select the appropriate
type of mitigation and deterrent techniques
3.7 — Given a scenario, use appropriate tools and techniques
to discover security threats and vulnerabilities
4.1 — Explain the importance of application
security controls and techniques
4.2 — Summarize mobile security concepts and technologies
4.3 — Given a scenario, select the appropriate
solution to establish host security
4.4 — Implement the appropriate controls
to ensure data security
4.5 — Compare and contrast alternative methods to
mitigate security risks in static environments
Cyber Defense Incident
Responder PR-IR-001
Investigates, analyzes and responds to cyber-incidents
within the network environment or enclave.
2.4 — Given a scenario, implement basic forensic procedures
2.5 — Summarize common incident response procedures
3.6 — Analyze a scenario and select the appropriate
type of mitigation and deterrent techniques
Vulnerability
Assessment Analyst
PR-VA-001
Performs assessments of systems and networks within the
network environment or enclave and identifies where those
systems/networks deviate from acceptable configurations,
enclave policy or local policy. Measures effectiveness of
defense-in-depth architecture against known vulnerabilities.
3.7 — Given a scenario, use appropriate tools and techniques
to discover security threats and vulnerabilities
3.8 — Explain the proper use of penetration testing
versus vulnerability scanning
LEARN MORE
For government inquiries contact: GovernmentSales@CompTIA.org.
For corporate inquiries contact: Jennifer Herroon at jherroon@CompTIA.org
Security+ Executive Summary
5

6. © 2017 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and
education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of
CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names mentioned herein may be trademarks or
service marks of CompTIA Properties, LLC or of their respective owners. Reproduction or dissemination prohibited without written
consent of CompTIA Properties, LLC. Printed in the U.S. 03724-Apr2017
Security+ Executive Summary
6