CompTIA Security+ Domains Overview
CompTIA Security+ (SY0-701) covers 6 major domains that test your knowledge of cybersecurity threats, mitigation techniques, and best practices.
Domain 1: General Security Concepts (11%)
CIA Triad, confidentiality, integrity, availability, security policies, defense mechanisms
Key topics: NIST frameworks, security models, threats
Domain 2: Threats, Vulnerabilities & Mitigations (21%)
Malware, social engineering, vulnerabilities, penetration testing, risk management
Key topics: Virus, ransomware, phishing, vulnerability scanning
Domain 3: Cryptography (17%)
Encryption types, hashing, digital signatures, certificate management, PKI
Key topics: AES, RSA, SSL/TLS, hash algorithms, certificate authority
Domain 4: Identity & Access Management (16%)
Authentication, authorization, AAA framework, identity management, access control models
Key topics: MFA, RBAC, LDAP, SSO, biometrics
Domain 5: Security Program Management & Oversight (19%)
Compliance frameworks, regulations, incident response, disaster recovery, business continuity
Key topics: HIPAA, PCI-DSS, GDPR, incident handling, legal/compliance
Domain 6: Infrastructure, Apps & Secure Software (16%)
Network security, cloud security, secure development, application hardening
Key topics: Firewalls, VPN, WAF, SDLC, cloud security
Master Security+ Domains
Get comprehensive domain breakdowns and practice exams for CompTIA Security+.
Browse Security+ Course