Skip to content
CompTIA Security+ · SY0-701

Security+ Domain 4: Security Operations

Domain 4.0 — Security Operations · 28% of the exam

The biggest domain on the exam — all 9 objectives (4.1–4.9), from hardening and asset management through vulnerability management, monitoring, IAM, automation, incident response, and forensic data sources. 121 pages with 90 exam-style practice questions.

9 modules · 39 topics 121-page PDF 90 practice questions
Read a free sample By the author of 60+ Pluralsight courses · 4.6/5 from 2,000+ ratings
Best value
$19.95/ month

All study guides — current and every new one.

or own the whole exam
$29.95one-time · all 5 domains$49.75
or just this guide
$9.95one-time · lifetime access
  • Interactive online guide
  • Downloadable PDF
  • Lifetime updates
  • 30-day money-back guarantee

Secure checkout via Stripe · no account needed · instant access

28% of your exam score

Domain 4.0 is worth 28% of the SY0-701 exam. Walk in having mastered it — not hoping it doesn't come up.

Every objective, nothing extra

Built line by line from CompTIA's official objectives 4.1–4.9 — 39 in-depth topics with worked scenarios and exam tips, in a 121-page guide you'll actually finish.

90 exam-style questions

Every question comes with instant feedback and a full explanation, so a wrong answer teaches you as much as a right one.

The industry's baseline cert

Security+ is the most widely held cybersecurity certification in the world — the default HR filter for security roles and the baseline for DoD 8140 work.

Read a real excerpt — free

This is the actual opening of Module 4.1, Securing resources — not marketing copy. If you like how it teaches, the rest of the guide reads the same way.

Objective 4.1

Given a scenario, apply common security techniques to computing resources

Baselines and hardening for every device class, wireless installation and security, mobile device management and deployment models, and the application-security techniques that keep code trustworthy.

Everything in this module answers one operational question: how do you make a computing resource safe to run, and keep it that way? The answer starts with a secure baseline (an agreed, documented configuration), continues with hardening for each device class (because a router, a SCADA controller, and an iPhone don't share weaknesses), and extends to the wireless networks devices ride on and the applications they run.

Secure baselines: establish → deploy → maintain

A secure baseline is the documented minimum security configuration for a system type — services disabled, patch level, password policy, logging enabled, firewall rules, and so on. Baselines turn "hardened" from an opinion into a checklist. CompTIA breaks the lifecycle into three verbs you should be able to sequence on the exam:

1 · EstablishDefine the required settings. Start from an industry benchmark (CIS Benchmarks, DISA STIGs, vendor guides), then tailor to your environment and document it.
2 · DeployPush the configuration to every in-scope system — Group Policy, MDM profiles, or configuration-management tools (Ansible, Puppet, Chef) — rather than hand-configuring.
3 · MaintainContinuously audit for drift, remediate deviations, apply patches, and update the baseline itself as threats and business needs change.
Figure 4.1 — The secure baseline lifecycle. "Maintain" loops back into "establish": baselines are living documents, not one-time projects.
Exam tip · Baseline verbs

If a scenario says settings were correct at rollout but drifted afterward, the failed step is maintain. If systems were built inconsistently by hand, the failed step is deploy (no automated, repeatable rollout). If nobody ever agreed what "secure" means, the failed step is establish.

Hardening targets

Hardening reduces the attack surface: remove or disable what isn't needed, constrain what remains, and patch what's left. The core moves are the same everywhere — change default credentials, disable unused ports/services/protocols, apply least privilege, patch, encrypt, and log — but each target class adds its own emphasis:

Mobile devices
Enforce screen lock, full-device encryption, remote wipe, and OS updates via MDM; block sideloading and jailbroken/rooted devices.
Workstations
Patch OS and applications, run endpoint protection, remove local admin rights, disable unused services, apply the baseline image before a machine ever touches the network.
Switches
Change default credentials, disable unused physical ports, use SSH (never Telnet) for management, enable port security/802.1X, and put management traffic on a dedicated VLAN.
Routers
Harden the management plane (SSH, SNMPv3, strong auth), apply ACLs to filter traffic, disable unneeded services, and keep firmware current.
Cloud infrastructure
Least-privilege IAM roles, MFA on all accounts, encrypt data at rest and in transit, lock down security groups and storage permissions — most cloud breaches are misconfigurations, not hypervisor exploits.
Servers
Minimal installs (no GUI or extras where possible), role-based configuration, strict host firewall rules, centralized logging, and disciplined patch windows.
ICS/SCADA
Industrial control / supervisory control and data acquisition systems run physical processes. Segment them from IT networks, restrict remote access, and compensate where patching would interrupt operations or void certification.
Embedded systems
Purpose-built devices with long lifespans and limited update paths — secure the firmware, verify update authenticity (signed firmware), and isolate on the network.
RTOSReal-time Operating System
Deterministic timing matters more than throughput; heavyweight agents and scanning can break real-time guarantees, so favor network isolation, watchdogs, and vendor-validated updates.
IoT devices
Ship with weak defaults: change default passwords first, disable unneeded services, keep firmware patched, and place on an isolated network segment away from business systems.
The guide continues for 121 pagesKeep reading — unlock the full guide

Not ready to buy? Read it later.

We'll email you a free sample of this guide as a PDF — no purchase needed.

Try 3 sample questions

Pulled straight from the guide's 90-question bank — tap an answer for instant feedback and the explanation.

From module 4.1 · Securing resources

  1. 1. An audit finds that servers deployed six months ago matched the approved configuration, but many now have unauthorized services enabled and missing patches. Which phase of the secure baseline lifecycle has failed?

From module 4.2 · Asset management

  1. 1. A company is returning 200 leased laptops. The lessor requires the hardware back in working condition, but the drives contain confidential project data. What should the company do before shipment?

From module 4.3 · Vulnerability management

  1. 1. A vulnerability scanner flags a web server as missing a critical patch, but the administrator confirms the patch was applied and the vulnerable code path is absent. What has the scanner produced?

87 more questions like these are waiting inside.

What's inside

  • 39 in-depth topics across 9 modules, mapped to objectives 4.1–4.9
  • 90 exam-style practice questions with instant feedback
  • Full answer key with explanations for every question
  • Complete Security+ acronym & key-term reference
  • 121-page downloadable PDF for offline study and printing
  • Lifetime updates as the exam evolves

The modules, mapped to the objectives

  1. 4.1

    Securing resources

    Given a scenario, apply common security techniques to computing resources

    10 Qs
    Mobile devicesWorkstationsSwitchesRoutersCloud infrastructureServers
  2. 4.2

    Asset management

    Explain the security implications of proper hardware, software, and data asset management

    10 Qs
    OwnershipClassification
  3. 4.3

    Vulnerability management

    Explain various activities associated with vulnerability management

    10 Qs
    Vulnerability scanStatic analysisDynamic analysisPackage monitoringPenetration testingResponsible disclosure
  4. 4.4

    Alerting & monitoring

    Explain security alerting and monitoring concepts and tools

    10 Qs
    Log aggregationAlertingScanningReportingArchivingSCAPSecurity Content Automation Protocol
  5. 4.5

    Enterprise capabilities

    Given a scenario, modify enterprise capabilities to enhance security

    10 Qs
    Agent-basedCentralized proxyURL scanningContent categorizationBlock rulesReputation
  6. 4.6

    Identity & access management

    Given a scenario, implement and maintain identity and access management

    10 Qs
    LDAPLightweight Directory Access ProtocolSAMLSecurity Assertions Markup LanguageOAuthOpen AuthorizationBiometricsHard / soft tokensSecurity keys
  7. 4.7

    Automation & orchestration

    Explain the importance of automation and orchestration related to secure operations

    10 Qs
    User provisioningResource provisioningGuard railsSecurity groupsTicket creationEscalation
  8. 4.8

    Incident response

    Explain appropriate incident response activities

    10 Qs
    Legal holdChain of custodyAcquisitionReportingPreservationE-discovery
  9. 4.9

    Investigation data sources

    Given a scenario, use data sources to support an investigation

    10 Qs
    Vulnerability scansAutomated reportsDashboardsPacket capturesPCAP
Chris Rees

About the author

Chris Rees

Professional information technologist with 25+ years in IT and the author of 60+ certification training courses — 50+ live on Pluralsight, rated 4.6/5 across more than 2,000 reviews. This guide is that same exam-focused teaching, in a format you can finish.

More about Chris
Save 40%

Sitting the whole exam? Get the Complete Security+ Collection.

All 5 SY0-701 domains — including this guide — for $29.95 instead of $49.75.

See everything inside

Questions, answered

Do I need an account to buy?

No. Checkout is a single Stripe form — email and card, about 30 seconds. We create your access from your checkout email automatically and sign you in the moment payment completes.

Is this up to date with the real SY0-701 exam?

Yes — the guide is mapped module-by-module to CompTIA's official Security+ objectives (4.1–4.9), and lifetime updates are included, so as the exam evolves your guide does too.

What exactly do I get?

Instant access to the interactive online guide with all 90 practice questions, plus a 121-page PDF you can download, print, and keep forever.

Do I need the other domains too?

This guide covers Domain 4.0 (28% of the exam). To prepare for the whole exam, the Complete Security+ Collection bundles all 5 domains for $29.95 — less than the price of three guides.

What if it isn't for me?

Every purchase comes with a 30-day money-back guarantee — email us and we'll refund you, no hoops.

Who wrote it?

Chris Rees — a professional information technologist with 25+ years in IT and the author of 60+ certification courses, rated 4.6/5 across 2,000+ reviews on Pluralsight.

Be ready for 28% of the exam — for $9.95

Instant access, lifetime updates, and a 30-day money-back guarantee. The only risk is walking into the exam without it.

Get the guide

Share this guide