How long should I study for Security+?

6-10 weeks with Network+ experience. 10-14 weeks for complete beginners.

How Many Questions Are on the CompTIA Security+ Exam? Complete 2026 Guide

Q: How many questions are on the Security+ exam?

Up to 90 questions in 90 minutes including multiple-choice, multiple-select, and performance-based questions (PBQs).

Q: What is the Security+ passing score?

750 out of 900 (~83%). The highest passing threshold among CompTIA's core trio.

Q: How many PBQs are on Security+?

Typically 3-5 PBQs covering firewall configuration, log analysis, PKI setup, and incident response scenarios.

Q: Is Security+ harder than Network+?

Yes. Higher passing score (750 vs 720), more abstract concepts, and requires both networking AND security knowledge.

Q: Does Security+ meet DoD requirements?

Yes. Approved for DoD 8570/8140 IAT Level II, IAM Level I, and IASAE Level I positions.

Q: How much does Security+ cost?

$392 USD. Bundles with CertMaster and retake vouchers available.

Q: What version is current?

The current Security+ exam launched November 2023. Reduced to 4 domains with emphasis on operations and zero trust.

The CompTIA Security+ exam contains up to 90 questions to be completed in 90 minutes, with a passing score of 750 out of 900 (approximately 83%). This makes Security+ the most demanding exam in CompTIA's core certification trio — requiring a higher passing score than both A+ (675-700) and Network+ (720). Security+ is the world's most widely held cybersecurity certification, with over 700,000 professionals certified globally.

As the baseline certification for cybersecurity careers, Security+ is DoD 8570/8140 approved for IAT Level II positions, making it mandatory for many government cybersecurity roles. Security+ holders earn an average of $75,000-$95,000 in their first cybersecurity role, with experienced professionals reaching $110,000+ within 3-5 years.

Max Questions

90 min

Time Limit

750

Passing Score (/900)

$392

Exam Cost

Security+ Domain Breakdown

Domain	% of Exam	~Questions	Key Topics
General Security Concepts	12%	~11	Security controls, CIA triad, zero trust, AAA, gap analysis
Threats, Vulnerabilities, and Mitigations	22%	~20	Threat actors, attack vectors, malware, social engineering
Security Architecture	18%	~16	Network architecture, cloud security, resilience, data protection
Security Operations	28%	~25	Monitoring, incident response, automation, digital forensics
Security Program Management	20%	~18	Governance, risk management, compliance, audits, awareness

Highest-Impact Domain: Security Operations at 28% is the single largest domain. Combined with Threats (22%), these two domains represent 50% of the exam.

Current vs. Previous Exam Version

Feature	Previous Version (Retired)	Current Version
Domains	5	4 (restructured)
New Topics	—	Zero trust, automation, threat intelligence, SOAR
Emphasis Shift	Implementation-focused	Operations and governance-focused

Question Types on Security+

Multiple-Choice (70-80%)

Single-answer and multiple-select questions. No partial credit for multi-select — you must get all selections correct.

Performance-Based Questions (PBQs)

Typically 3-5 PBQs at the beginning:

Firewall rule configuration: Create or modify ACLs to allow/deny traffic
Log analysis: Review logs to identify indicators of compromise
Network diagram security: Place security devices in correct locations
Certificate/PKI management: Configure certificate properties
Incident response ordering: Sequence IR steps correctly

Time Management: The 83% Challenge

You can only miss approximately 15 questions out of 90:

First pass (55-60 min): Skip PBQs. Answer MC at 40-50 seconds each.
Second pass (25-30 min): Return to PBQs and flagged items.
Final review (5 min): Verify no blanks. No penalty for guessing.

Security+ vs. Other Cybersecurity Certifications

Cert	Questions	Time	Score	Cost	Level
Security+	Up to 90	90 min	750/900	$392	Entry
CySA+	Up to 85	165 min	750/900	$392	Intermediate
CASP+	Up to 90	165 min	Pass/Fail	$494	Advanced
CISSP	125-175	240 min	700/1000	$749	Advanced
CEH	125	240 min	60-85%	$1,199	Intermediate
ISC2 CC	100	120 min	700/1000	$199	Entry

Critical Topics to Master

Zero Trust Architecture

Know: never trust/always verify, least privilege, microsegmentation, continuous authentication, assume breach mentality. Understand application to network design, cloud, and identity management.

Cryptography Essentials

Symmetric vs. asymmetric encryption, hashing (SHA-256, MD5), digital signatures, PKI lifecycle, TLS/SSL handshake, key exchange (Diffie-Hellman, ECDHE).

Incident Response

Preparation → identification → containment → eradication → recovery → lessons learned. SIEM configuration, threat hunting, SOAR automation, vulnerability management lifecycle.

Study Preparation

Week 1-2: General Security Concepts + Threats fundamentals
Week 3-4: Security Architecture + cryptography deep dive
Week 5-6: Security Operations + incident response
Week 7-8: Security Program Management + governance
Week 9-10: Full practice exams + targeted weak-area review

Frequently Asked Questions

How many questions are on the Security+ exam?

Up to 90 questions in 90 minutes including MC, multi-select, and PBQs.

What is the Security+ passing score?

750/900 (~83%). Highest in CompTIA's core trio.

How many PBQs are on Security+?

Typically 3-5 covering firewall config, log analysis, PKI, and IR scenarios.

Is Security+ harder than Network+?

Yes. Higher passing score (750 vs 720) and more abstract concepts.

Does Security+ meet DoD requirements?

Yes. Approved for DoD 8570/8140 IAT Level II positions.

How long should I study?

6-10 weeks with Network+ experience. 10-14 weeks for beginners.

How much does Security+ cost?

$392 USD. Bundles available.

What version is current?

The current Security+ exam features 4 domains with emphasis on operations and zero trust.

Practice Security+ Questions

Test your cybersecurity knowledge with adaptive practice questions covering all Security+ domains.

Start Free Practice Test →