What is CertGuide.ai?

CertGuide.ai is an AI-powered certification prep platform that helps you pass CompTIA exams like Security+, Network+, and A+. It maps all exam concepts, diagnoses your weak areas, and creates personalized study plans.

How does CertGuide compare to CertMaster?

CertGuide.ai offers AI-powered diagnostics that map your knowledge across all 183 Security+ concepts, personalized study plans, and an AI tutor. Unlike traditional prep tools, CertGuide shows you exactly which concepts need work and tracks your progress to exam readiness.

What is the pass rate for CertGuide users?

99% of CertGuide users who reach 95% concept mastery pass their certification exam on the first attempt.

How much does CertGuide cost?

CertGuide offers a free baseline assessment to diagnose your current knowledge. Full course access is $49 per certification exam.

Which CompTIA certifications does CertGuide support?

CertGuide currently supports CompTIA Security+ (SY0-701), with Network+ and A+ (Core 1 & Core 2) launching soon.

CompTIA Security+ SY0-701 Cheat Sheet | Free Study Guide 2024

Exam Domains

Full study guide →

Domain 112%

General Security Concepts

This domain establishes the foundational security principles that underpin the entire Security+ exam. You'll need to understand the CIA triad, different types of security controls (technical, managerial, operational, physical), and when to apply each. Cryptographic concepts including symmetric and asymmetric encryption, hashing, and PKI are heavily tested here.

CIA Triad Zero Trust AAA Framework Security Controls Defense in Depth Gap Analysis PKI Fundamentals Symmetric Encryption Hashing & Salting Digital Signatures Change Management

Domain 222%

Threats, Vulnerabilities & Mitigations

The second-largest domain covers the threat landscape you'll face as a security professional. Expect questions on threat actor types (nation-state, hacktivist, insider), attack vectors (phishing, supply chain, network-based), and common vulnerabilities like SQL injection and cross-site scripting. You'll also need to know how to identify indicators of compromise and implement appropriate mitigations.

Threat Actors Social Engineering Attack Vectors Web App Vulnerabilities Zero-Day Exploits Indicators of Compromise Malware Analysis Supply Chain Risks Patching Strategy Access Controls

Domain 318%

Security Architecture

Domain 3 focuses on designing and implementing secure infrastructure. You'll need to understand cloud security models (IaaS, PaaS, SaaS) and the shared responsibility model, network security concepts like segmentation and firewall types, and data protection strategies. Resilience concepts including high availability, backup strategies, and disaster recovery (RPO/RTO) are critical for this domain.

Cloud Security Network Segmentation Firewall Types VPN & Remote Access Data Classification Data States High Availability Backup Strategies RPO/RTO Containerization

Domain 428%

Security Operations

The largest domain covers day-to-day security operations. Topics include system hardening and secure baselines, vulnerability management (scanning, analysis, remediation), and security monitoring with SIEM and SOAR tools. You'll also need to understand identity and access management, endpoint security, and incident response procedures. This domain is where theory meets practice.

Hardening Secure Baselines Vulnerability Scanning SIEM & Monitoring Mobile Security Wireless Security Asset Management Incident Response

Domain 520%

Security Program Management

Domain 5 covers the governance and management aspects of security. You'll need to understand risk management processes (identification, assessment, response), security policies and procedures, and compliance frameworks like NIST, ISO 27001, and PCI-DSS. Third-party risk management, security awareness training, and audit processes are also heavily tested in this domain.

Risk Assessment Security Policies Compliance Frameworks Third-Party Risk Audit & Assessment Security Awareness Business Continuity

Essential Acronyms

Authentication & Access

AAAAuthentication, Authorization, Accounting

MFAMulti-Factor Authentication

SSOSingle Sign-On

SAMLSecurity Assertion Markup Language

LDAPLightweight Directory Access Protocol

RADIUSRemote Authentication Dial-In User Service

RBACRole-Based Access Control

PAMPrivileged Access Management

Cryptography

PKIPublic Key Infrastructure

CACertificate Authority

AESAdvanced Encryption Standard

RSARivest-Shamir-Adleman

SHASecure Hash Algorithm

TLSTransport Layer Security

HSMHardware Security Module

TPMTrusted Platform Module

Network Security

IDS/IPSIntrusion Detection/Prevention System

NGFWNext-Generation Firewall

WAFWeb Application Firewall

VPNVirtual Private Network

DMZDemilitarized Zone

NACNetwork Access Control

VLANVirtual Local Area Network

SD-WANSoftware-Defined Wide Area Network

Security Operations

SIEMSecurity Information and Event Management

SOARSecurity Orchestration, Automation, Response

SOCSecurity Operations Center

EDREndpoint Detection and Response

XDRExtended Detection and Response

DLPData Loss Prevention

CASBCloud Access Security Broker

UEBAUser and Entity Behavior Analytics

Threats & Vulnerabilities

APTAdvanced Persistent Threat

CVECommon Vulnerabilities and Exposures

CVSSCommon Vulnerability Scoring System

IoCIndicator of Compromise

C2Command and Control

SQLiSQL Injection

XSSCross-Site Scripting

DDoSDistributed Denial of Service

Compliance & Governance

NISTNational Institute of Standards and Technology

ISOInternational Organization for Standardization

GDPRGeneral Data Protection Regulation

HIPAAHealth Insurance Portability and Accountability Act

PCI-DSSPayment Card Industry Data Security Standard

SOCSystem and Organization Controls

BCPBusiness Continuity Plan

RPO/RTORecovery Point/Time Objective

Critical Ports

PortProtocolSecure

22SSHYes

23TelnetNo

25SMTPNo

53DNSNo

80HTTPNo

88KerberosYes

110POP3No

143IMAPNo

389LDAPNo

443HTTPSYes

445SMBNo

636LDAPSYes

993IMAPSYes

995POP3SYes

1433MSSQLNo

3306MySQLNo

3389RDPNo

Key Frameworks

CIA Triad

Confidentiality + Integrity + Availability

Foundation of all security decisions

Risk Formula

Risk = Threat × Vulnerability × Impact

ALE = SLE × ARO

AAA Framework

Authentication → Authorization → Accounting

Who → What → When/Where

Incident Response

PICERL: Preparation → Identification → Containment → Eradication → Recovery → Lessons

Standard IR process

Zero Trust

Never Trust, Always Verify

Applies to internal users too

Defense in Depth

Physical → Network → Host → Application → Data

Layered security controls

Memory Aids

Control Categories

MOPT

Managerial, Operational, Physical, Technical

Control Types

PDDCCD

Preventive, Deterrent, Detective, Corrective, Compensating, Directive

Auth Factors

KHAW

Know, Have, Are, Where

Risk Response

AATM

Accept, Avoid, Transfer, Mitigate

Ready to test your knowledge?

Take our diagnostic assessment to identify gaps across all 5 domains and get a personalized study plan.

Create Study Plan