Security+ Domain 2: Threats, Vulnerabilities & Mitigations
Domain 2.0 — Threats, Vulnerabilities & Mitigations · 22% of the exam
Know your enemy — all 5 objectives (2.1–2.5) covering threat actors and their motivations, every attack vector and vulnerability type on the exam, the indicators of malicious activity, and the mitigations that stop them. 92 pages with 75 exam-style practice questions.
All study guides — current and every new one.
- Interactive online guide
- Downloadable PDF
- Lifetime updates
- 30-day money-back guarantee
Secure checkout via Stripe · no account needed · instant access
22% of your exam score
Domain 2.0 is worth 22% of the SY0-701 exam. Walk in having mastered it — not hoping it doesn't come up.
Every objective, nothing extra
Built line by line from CompTIA's official objectives 2.1–2.5 — 27 in-depth topics with worked scenarios and exam tips, in a 92-page guide you'll actually finish.
75 exam-style questions
Every question comes with instant feedback and a full explanation, so a wrong answer teaches you as much as a right one.
The industry's baseline cert
Security+ is the most widely held cybersecurity certification in the world — the default HR filter for security roles and the baseline for DoD 8140 work.
Read a real excerpt — free
This is the actual opening of Module 2.1, Threat actors & motivations — not marketing copy. If you like how it teaches, the rest of the guide reads the same way.
Compare and contrast common threat actors and motivations
Every attack has an attacker. Knowing who is likely to target you — and why — is the foundation of threat modeling: it predicts what they'll go after, how hard they'll try, and how sophisticated their tradecraft will be.
Security+ frames threat actors along three attributes: whether they operate from inside or outside the organization, how much funding and resources they command, and their level of sophistication and capability. Those three dials, plus a motivation, define each of the six named actor types. Get comfortable placing any scenario on those dials — exam questions describe behavior and ask you to name the actor, or name the actor and ask you to predict the behavior.
The six threat actor types
A nation-state actor is a government (or a group sponsored and directed by one) conducting cyber operations for national objectives: espionage, sabotage of critical infrastructure, intellectual-property theft, or preparation for war. Nation-states are the best-funded and most sophisticated actors on the list, and they are the classic operators of the advanced persistent threat (APT) — a long-duration, stealthy campaign that maintains footholds in a target network for months or years. A hallmark of nation-state tradecraft is patience: custom malware, zero-day exploits, and a willingness to wait for the perfect moment rather than smash-and-grab.
An unskilled attacker (often called a script kiddie) sits at the opposite end. They lack the ability to write their own exploits, so they run pre-built tools and scripts downloaded from the internet against whatever targets those tools happen to work on. Their motivations skew toward curiosity, bragging rights, and chaos. Don't dismiss them — an unskilled attacker running a powerful public exploit against an unpatched server does exactly as much damage as an expert would.
A hacktivist attacks in service of a philosophical or political belief — protest by packet. Typical operations are website defacement, DDoS against organizations they oppose, and leaking documents to embarrass a target. Funding is usually low to moderate; sophistication varies widely because loosely organized collectives (Anonymous is the textbook example) contain both experts and amateurs.
An insider threat is anyone with legitimate access — employee, contractor, business partner — who uses that access to harm the organization, whether deliberately (revenge, financial gain, coercion) or accidentally (negligence). Insiders are dangerous out of proportion to their skill because they start behind the perimeter defenses: they don't need to break in, they're already in. That also makes them the hardest actor to detect.
Organized crime is cybercrime run as a business: hierarchical groups with specialists (initial access brokers, malware developers, money launderers) pursuing financial gain at scale. Ransomware-as-a-service operations, large phishing campaigns, payment-card theft, and BEC fraud are their staples. Funding and sophistication are high — sometimes rivaling nation-states — but the motive is almost always money, which makes their behavior predictable: they go where the payout is.
Shadow IT is the odd one out: not a villain, but a threat source. It's the use of unsanctioned hardware, software, or cloud services by well-meaning employees — a department spinning up its own file-sharing account, a developer wiring up an unapproved SaaS tool. Because these systems bypass the security team entirely, they're unpatched, unmonitored, and unconfigured — an attack surface the organization doesn't even know it has.
Not ready to buy? Read it later.
We'll email you a free sample of this guide as a PDF — no purchase needed.
Try 3 sample questions
Pulled straight from the guide's 75-question bank — tap an answer for instant feedback and the explanation.
From module 2.1 · Threat actors & motivations
1. A security team discovers a stealthy intrusion that has persisted undetected for 14 months. The attackers used custom malware, two previously unknown exploits, and targeted only files related to a government defense contract. Which of the following threat actors is the MOST likely source?
From module 2.2 · Threat vectors & surfaces
1. Several employees receive a text message claiming their bank accounts are locked, with a link to "verify" their credentials. Which of the following BEST describes this attack?
From module 2.3 · Vulnerability types
1. A security tool detects that code executing inside a guest virtual machine has exploited a hypervisor flaw and is now running commands on the host server. Which vulnerability does this describe?
72 more questions like these are waiting inside.
What's inside
- 27 in-depth topics across 5 modules, mapped to objectives 2.1–2.5
- 75 exam-style practice questions with instant feedback
- Full answer key with explanations for every question
- Complete Security+ acronym & key-term reference
- 92-page downloadable PDF for offline study and printing
- Lifetime updates as the exam evolves
The modules, mapped to the objectives
- 2.115 Qs
Threat actors & motivations
Compare and contrast common threat actors and motivations
Internal / externalResources / fundingSophistication / capabilityData exfiltrationEspionageService disruption - 2.215 Qs
Threat vectors & surfaces
Explain common threat vectors and attack surfaces
Image-basedFile-basedVoice callRemovable deviceUnsecure networks — wirelessUnsecure networks — wired - 2.315 Qs
Vulnerability types
Explain various types of vulnerabilities
FirmwareEnd-of-lifeEOLLegacySide loadingJailbreakingZero-day - 2.415 Qs
Malicious activity
Given a scenario, analyze indicators of malicious activity
Brute force (physical)RFID cloningRadio frequency identificationEnvironmentalDNS attacksWireless attacksOn-path attack - 2.515 Qs
Mitigation techniques
Explain the purpose of mitigation techniques used to secure the enterprise
Access control listACLPermissionsLeast privilegeConfiguration enforcementDecommissioning

About the author
Chris Rees
Professional information technologist with 25+ years in IT and the author of 60+ certification training courses — 50+ live on Pluralsight, rated 4.6/5 across more than 2,000 reviews. This guide is that same exam-focused teaching, in a format you can finish.
More about ChrisSitting the whole exam? Get the Complete Security+ Collection.
All 5 SY0-701 domains — including this guide — for $29.95 instead of $49.75.
See everything insideQuestions, answered
Do I need an account to buy?
No. Checkout is a single Stripe form — email and card, about 30 seconds. We create your access from your checkout email automatically and sign you in the moment payment completes.
Is this up to date with the real SY0-701 exam?
Yes — the guide is mapped module-by-module to CompTIA's official Security+ objectives (2.1–2.5), and lifetime updates are included, so as the exam evolves your guide does too.
What exactly do I get?
Instant access to the interactive online guide with all 75 practice questions, plus a 92-page PDF you can download, print, and keep forever.
Do I need the other domains too?
This guide covers Domain 2.0 (22% of the exam). To prepare for the whole exam, the Complete Security+ Collection bundles all 5 domains for $29.95 — less than the price of three guides.
What if it isn't for me?
Every purchase comes with a 30-day money-back guarantee — email us and we'll refund you, no hoops.
Who wrote it?
Chris Rees — a professional information technologist with 25+ years in IT and the author of 60+ certification courses, rated 4.6/5 across 2,000+ reviews on Pluralsight.
Be ready for 22% of the exam — for $9.95
Instant access, lifetime updates, and a 30-day money-back guarantee. The only risk is walking into the exam without it.
Get the guide