Back to blog
Study Tips12 min read

How to Pass the CompTIA Security+ SY0-801 Exam: An 8-Week Study Plan for the New 2026 Objectives

A week-by-week SY0-801 study plan built on CompTIA's draft objectives, including the new AI content in Domain 2. Covers what is confirmed, what is still tentative, and whether you should sit SY0-701 now instead of waiting.

Tom Ashford

Tom Ashford · Security Certifications Lead

15 July 2026

If you are searching for an SY0-801 study plan, you are early, and that is exactly the right place to be. CompTIA has not yet shipped the next version of Security+, but the draft objectives are circulating, the domain weightings are visible, and the headline change is significant: artificial intelligence now has dedicated objectives of its own. This guide gives you an eight-week, week-by-week SY0-801 study plan mapped to those draft objectives, and it is honest about which details are locked in and which are not.

The short answer to the question most people are actually asking: if you can sit Security+ before SY0-801 arrives, sit SY0-701 now. It is a live exam with stable objectives, mature study material, and it holds full value for three years. If your timeline pushes you into late 2026 or beyond anyway, then plan for SY0-801 and use the schedule below.

What Is Confirmed About SY0-801 and What Is Not

This matters more than usual, because a lot of the SY0-801 content already published online quietly presents draft material as final. Here is the honest split.

The objectives document currently in circulation is titled "CompTIA Security+ SY0-801 V8 Exam Objectives, Version 1.0" and is explicitly marked as under development. Draft objectives do move before general availability. Domain weightings in particular have shifted between draft and final versions of past CompTIA exams.

Preview access is expected around 20 October 2026, with general availability following in late 2026. One source cites 17 November 2026 as the launch date, but CompTIA has not published a firm public date, so treat any specific day as tentative until it appears on CompTIA's own certification page.

The question count and exam length are still listed as TBD in the draft. The widespread expectation is that SY0-801 will track SY0-701 closely, meaning up to 90 questions in 90 minutes with performance-based questions front-loaded and a pass mark of 750 on a 100 to 900 scale. That is an informed expectation, not a confirmed specification.

Exam Tip: The current exam, Security+ SY0-701, is confirmed at a maximum of 90 questions in 90 minutes with a passing score of 750 on a scale of 100 to 900. Where this guide states a hard number for SY0-801, it is flagged as draft or expected. Verify against CompTIA's official objectives PDF once version 1.0 leaves draft status.

SY0-701 is expected to retire roughly six months after SY0-801 launches, which points to around mid-2027. If you certify on SY0-701, your certification remains valid for three years from the date you pass. Retirement of an exam version does not invalidate a certification you already hold.

The SY0-801 Domains and Weightings (Draft)

The draft splits Security+ into five domains. Note how heavily weighted operations has become.

DomainTitleDraft weight
1General Security Concepts16%
2Threats, Vulnerabilities, and Attacks24%
3Security Architecture19%
4Security Operations27%
5Security Program Management and Oversight14%

Domain 4 at 27% is the single largest block, and Domains 2 and 4 together account for just over half the exam. That should drive how you spend your eight weeks. Any study plan that gives equal time to all five domains is misallocating your effort by design.

The AI Content Is the Real Story

The most significant addition in SY0-801 is dedicated AI coverage inside Domain 2. Two objectives carry it:

  • Objective 2.4, Large Language Models. Prompt injection, data leakage through model interactions, and defensive patterns for LLM-backed applications.
  • Objective 2.6, AI in Threats and Vulnerabilities. AI-generated phishing, deepfake-driven social engineering, and how attackers use generative tooling to scale existing techniques.

This is not a token addition. It is a whole new body of knowledge inside the second-heaviest domain, and it is the part of the exam with the least mature study material available, precisely because the exam is new. It is also the section where candidates coming from SY0-701 have the biggest blind spot.

Domain 3 also updates its cloud and hybrid patterns. Expect more attention to SASE, SD-WAN, container security, and cloud security posture management (CSPM) tooling than SY0-701 gave them.

For a fuller side-by-side of what changed and what was cut, read our companion breakdown of Security+ SY0-801 vs SY0-701. This post assumes you have chosen SY0-801 and want the schedule.

Should You Wait for SY0-801 or Sit SY0-701 Now?

This is the live question, and the honest answer depends on one variable: your timeline.

Sit SY0-701 now if: you need the certification for a job application, a DoD 8140 requirement, or a promotion inside the next six months. You need it on your CV this year. You want mature study material and a stable, well-documented exam. You would rather not be an early adopter on an exam with no published pass-rate history.

Plan for SY0-801 if: your realistic exam date lands in late 2026 or 2027 anyway. You work in a role where the AI security content is directly useful. You want the longest possible runway before the next version cycle makes your certification look dated on paper.

Exam Tip: There is no bonus for holding the newest version. A Security+ earned on SY0-701 and a Security+ earned on SY0-801 are the same certification on your CV, both valid for three years. Recruiters filter for "Security+", not for the exam code. Do not delay a career move to wait for a version number.

The one genuinely bad option is drifting. If you start studying SY0-701 material now, procrastinate for six months, and then have to re-learn the AI objectives for SY0-801, you have paid twice. Pick a version, pick a date, and book it.

The 8-Week SY0-801 Study Plan

This plan assumes roughly 10 to 12 hours per week, so about 1.5 to 2 hours on weekdays with a longer session at the weekend. It weights time by draft domain size, front-loads the concepts everything else depends on, and reserves the final fortnight for practice under exam conditions.

Book your exam before week one. A booked date is the single most effective piece of study equipment you will use.

Week 1: General Security Concepts (Domain 1)

Build the vocabulary the rest of the exam is written in. Everything downstream assumes this.

  • CIA triad, non-repudiation, authentication, authorisation and accounting
  • Security control categories: technical, managerial, operational, physical
  • Control types: preventive, deterrent, detective, corrective, compensating, directive
  • Zero trust: control plane, data plane, policy engine, policy enforcement point
  • Change management and its security implications
  • Cryptography foundations: symmetric versus asymmetric, PKI, certificates, hashing, digital signatures

Do not rush the control categories and types. CompTIA loves asking you to classify a control in a scenario, and it is free marks once the taxonomy is automatic.

Week 2: Threats and Attack Types (Domain 2, part one)

  • Threat actors: nation state, unskilled attacker, hacktivist, insider threat, organised crime, shadow IT
  • Threat vectors and attack surfaces: message-based, image-based, file-based, voice call, removable device, supply chain
  • Malware types: ransomware, trojan, worm, spyware, rootkit, logic bomb, keylogger
  • Application attacks: injection, buffer overflow, replay, privilege escalation, forgery
  • Network attacks: DDoS, DNS attacks, on-path, credential replay, malicious code

This is classic Security+ territory and SY0-701 material covers it well. Use what exists.

Week 3: AI Threats and LLM Security (Domain 2, part two)

Give this its own week. It is the newest content, the least well served by existing study material, and the most likely place to lose marks if you treat it as an afterthought.

Objective 2.4, Large Language Models:

  • Prompt injection, both direct and indirect, and why untrusted input reaching a model is the core problem
  • Data leakage: sensitive data in prompts, in training data, and in model outputs
  • Defensive patterns: input validation, output filtering, least privilege for model tooling, human review on consequential actions
  • The trust boundary question: what the model can read versus what it can act on

Objective 2.6, AI in Threats and Vulnerabilities:

  • AI-generated phishing and why it defeats the traditional "look for bad grammar" advice
  • Deepfake audio and video in social engineering and business email compromise
  • How generative tooling scales reconnaissance and pretexting
  • Detection and control approaches, including out-of-band verification for high-value transactions

Exam Tip: These objectives are in draft. Re-check objectives 2.4 and 2.6 against the final CompTIA PDF when it publishes, because new content is the most likely part of a draft to be reworded or renumbered before general availability.

Week 4: Security Architecture (Domain 3)

  • Architecture models: cloud, IaC, serverless, microservices, on-premises, centralised versus decentralised
  • Updated cloud and hybrid patterns: SASE, SD-WAN, container security, CSPM
  • Secure infrastructure: device placement, security zones, failure modes, network appliances
  • Data protection: classification, at rest, in transit, in use, tokenisation, masking, encryption
  • Resilience: high availability, site considerations, testing, backups, power

The cloud content here is where SY0-801 has moved furthest from older Security+ material. If your experience is on-premises, spend extra time on SASE and CSPM specifically.

Week 5: Security Operations (Domain 4, part one)

Domain 4 is the largest block at a draft 27%, so it gets two weeks.

  • Secure baselines, hardening targets, wireless and mobile security
  • Asset management: acquisition, tracking, disposal, decommissioning
  • Vulnerability management: identification, analysis, response, reporting, validation
  • Alerting and monitoring: tools, SIEM, log aggregation, SNMP, NetFlow

Week 6: Security Operations (Domain 4, part two) and Program Management (Domain 5)

  • Enterprise security capabilities: firewalls, IDS/IPS, web filtering, DLP, email security
  • Identity and access management: provisioning, federation, SSO, MFA factors, privileged access management
  • Automation and orchestration, incident response, digital forensics
  • Domain 5: governance, risk management, third-party risk, compliance, audits, security awareness

Domain 5 is only a draft 14% but it is high yield per hour. The concepts are largely definitional, so a focused pass gets you most of the available marks.

Week 7: Practice Exams and Gap Analysis

Stop learning new material. Start measuring.

  • Sit full-length practice exams under real conditions: timed, no notes, no pauses
  • Score by domain, not just overall, so you can see where the marks are leaking
  • For every wrong answer, write one sentence on why the correct answer is correct. Not the topic, the reason
  • Re-study only your weakest two domains

If you are scoring below 70% by the end of week seven, move your exam date. A booked date is motivation, not a suicide pact.

Week 8: Performance-Based Questions and Final Review

  • Drill PBQs specifically. They are expected to appear early in the exam and they are where time management fails
  • If a PBQ stalls you, flag it and move on. The multiple-choice questions behind it are worth the same marks and cost less time
  • Review your error log, not the whole syllabus
  • Final 48 hours: light review only, then sleep

For the endgame, our 48-hour cram strategy covers what actually helps in the last two days and what is just anxiety with a highlighter.

How This Plan Differs From a Standard Security+ Plan

If you have read a generic Security+ study plan, or our own take on how to pass Security+ on your first attempt, three things change for SY0-801.

AI gets a dedicated week. No SY0-701 plan includes this because SY0-701 does not test it meaningfully. This is the biggest single delta between the two versions.

Operations gets two weeks. At a draft 27%, Domain 4 is more than a quarter of the exam. Time allocation should follow the weightings.

You verify before you commit. Because the objectives are draft, you should re-download the official PDF when it goes final and diff it against what you studied. That is a genuinely new step, and skipping it is the main risk of studying this early.

If you want a compressed alternative, our 30-day Security+ plan shows the aggressive version of this approach, though it was written against SY0-701 and does not cover the AI objectives.

Cost, Renewal, and What You Are Actually Buying

CompTIA has not published SY0-801 pricing. For reference, the current SY0-701 exam costs $439 direct from CompTIA as of 1 June 2026. New exam versions typically launch at or slightly above the price of the version they replace, so budget accordingly rather than assuming a specific figure.

Retakes are charged at full price, so a failed attempt is an expensive way to discover you were not ready. This is the entire argument for practice exams in weeks seven and eight.

Security+ is valid for three years from the date you pass. You renew through CompTIA Continuing Education by earning 50 CEUs across the cycle and paying the CE fee, which runs about $50 per year, or $150 across the three years. At least half of any qualifying course content must map to the exam objectives. Miss the deadline and you get a 90-day grace period to submit CEUs and pay, but you cannot earn new CEUs during it.

Ready to Start Practising?

An SY0-801 study plan only works if you are testing yourself, not just reading. Passive review feels productive and is the single most common reason capable candidates fail a first attempt.

CertCrush gives you practice questions with full explanations for every answer, so you learn why the wrong options are wrong, which is exactly what CompTIA scenario questions are built to test. Track your scores by domain and you will know whether you are ready before you pay the exam fee, rather than finding out afterwards.

Browse the Security+ course or create a free account and start practising today. If you are sitting SY0-701 before the switch, the same material has you covered, and everything you learn transfers to SY0-801 apart from the AI objectives you can add later.

Whichever version you choose, book the date first. Everything else follows from that.

Security+SY0-801SY0-701CompTIAstudy planexam prepAI security
Tom Ashford

Written by

Tom Ashford · Security Certifications Lead

Tom spent over a decade in security operations and consulting before turning to full-time exam-prep writing. He covers the big security certifications — CISSP, CISM, CISA, Security+ and the rest of the alphabet — with a soft spot for the questions everyone gets wrong. His rule for every article: if it doesn’t help you score marks, it doesn’t go in.

All articles by Tom

Practise for CompTIA Security+free

10 real exam-style questions with full explanations, no account needed. Then unlock the complete bank with an exam-readiness score and a daily plan built around your exam date.