Certification Planning Guide
See exactly which topics are shared across A+, Network+, Security+, CySA+, and PenTest+. Plan your cert path to save weeks of study time.
The matrix below shows the approximate exam weight of each shared topic area per certification. A check mark means the topic appears on that exam.
| Topic Area | A+ | Network+ | Security+ | CySA+ | PenTest+ |
|---|---|---|---|---|---|
| Networking Fundamentals | 20% | 23% | 18% | — | — |
| Network Security | — | 19% | 28% | 33% | 15% |
| Threat Analysis | — | — | 22% | 30% | 12% |
| Hardware & Troubleshooting | 54% | 23% | — | — | — |
| Cloud & Virtualization | 11% | — | 18% | — | — |
| Incident Response | — | — | 28% | 20% | — |
| Vulnerability Management | — | — | 22% | 30% | 25% |
| Cryptography | — | 19% | 18% | — | — |
| Compliance & Governance | — | — | 20% | 17% | 19% |
| Operating Systems | 25% | — | 12% | — | — |
| Log Analysis & Monitoring | — | — | 28% | 33% | — |
| Access Control | — | — | 18% | 20% | 10% |
| Reconnaissance & Enumeration | — | 12% | — | — | 41% |
| Exploitation & Post-Exploitation | — | — | — | — | 41% |
Percentages represent approximate exam weight for each topic area per certification.
Because CompTIA certifications share core topics, studying for one gives you a head start on the next. Here is how much time you can save.
Networking fundamentals and hardware troubleshooting overlap
Network security, cryptography, and networking overlap
Threat analysis, incident response, and vulnerability management overlap
Vulnerability management, network security, compliance, and access control overlap
Vulnerability management and threat analysis overlap. CySA+ is defensive, PenTest+ is offensive — complementary perspectives
Cumulative overlap across networking, security, and troubleshooting
Security fundamentals carry through all three. CySA+ adds defensive depth, PenTest+ adds offensive depth
The best order depends on your career goal. Here are the most efficient paths based on topic overlap.
Build from hardware fundamentals up through networking to security. The classic CompTIA trifecta.
Go straight into security, then specialize in analysis or penetration testing.
Same trifecta path, but with Network+ as your core focus and differentiator.
Skip Network+ if time-constrained. A+ gives foundations, Security+ opens the most doors.
No. CompTIA has no formal prerequisites for any certification.
You can take Security+ or Network+ without holding A+. However, A+ covers foundational topics (operating systems, networking basics, troubleshooting methodology) that appear on both Network+ and Security+ exams. Having that foundation makes the more advanced certs significantly easier.
CompTIA recommends 2+ years of IT experience before attempting Network+ or Security+. A+ serves as an effective substitute for that experience if you are new to IT.
Bottom line: If you have IT work experience, you can skip A+ and go directly to Network+ or Security+. If you are starting from scratch, A+ first will save you time and frustration on the later exams.
There are 14 major overlap areas across A+, Network+, Security+, CySA+, and PenTest+. The biggest overlaps are between Network+ and Security+ (networking and cryptography), between Security+ and CySA+ (threat analysis, incident response, and vulnerability management), and between CySA+ and PenTest+ (vulnerability management from defensive and offensive perspectives). Studying for one cert gives you a significant head start on the next.
Yes. CompTIA has no formal prerequisites for any certification. However, A+ covers operating systems and networking fundamentals that appear on the Security+ exam, so having that foundation helps. If you have IT work experience, you can often skip A+ without issues.
The CompTIA trifecta is A+, Network+, and Security+ taken in that order. It matters because each cert builds on the previous one, covering overlapping topics with increasing depth. Many IT job postings list the trifecta as a preferred qualification, and the cumulative overlap saves 5-6 weeks of study time compared to studying each cert in isolation.
Significant time. Going from A+ to Network+ saves about 2 weeks due to networking overlap. Network+ to Security+ saves about 3 weeks from shared network security and cryptography content. Security+ to CySA+ saves about 2 weeks on threat analysis and incident response. The full trifecta path saves 5-6 weeks total.
For most people, Network+ first is the better path. About 28% of Security+ content covers network security topics, and having Network+ knowledge makes those sections much easier. However, if you are specifically targeting cybersecurity roles and are short on time, Security+ alone carries more weight with employers.
