Security+ Domain Study Index

📘 Domain Study Guide Links

Domain 1

Fundamental Security Concepts

Core principles like the CIA triad, control types, and security frameworks.

Domain 2

Threats and Vulnerabilities

Covers threat actors, vectors, and the importance of risk awareness.

Domain 3

Cryptographic Solutions

Explains hashing, encryption, PKI, and digital certificates.

Domain 4

Identity and Access Management

Authentication factors, IAM lifecycle, access models, SSO, and PAM.

Domain 5

Secure Network Architecture

Covers segmentation, zones, VPNs, routing, and secure protocols.

Domain 6

Secure Cloud Architecture

Cloud models, shared responsibility, ZTA, CASBs, and orchestration.

Domain 7

Application Security Techniques

Input validation, output encoding, secure coding, and code analysis.

Domain 8

Vulnerability Management

Identifying, classifying, and remediating software and system flaws.

Domain 9

Network Security Capabilities

Firewalls, IDS/IPS, NAC, Wi-Fi protection, and monitoring tools.

Domain 10

Troubleshooting Security Issues

Hardening endpoints, network segmentation, and secure mobile use.

Domain 11

Enhance Application Security

Protocols, file/email security, and coding best practices.

Domain 12

Incident Response and Monitoring

IR lifecycle, forensics, SIEM, and log analysis techniques.

Domain 13

Indicators of Malicious Activity

Malware types, TTPs, password attacks, and URL encoding.

Domain 14

Security Governance Concepts

Policy roles, frameworks, change/config, and automation.

Domain 15

Risk Management Concepts

Risk analysis, BIA, third-party risks, and pen testing cycle.

Domain 16

Data Protection and Compliance

PII, privacy roles, data states, DLP, and security awareness.

🧪 Practice Quizzes

Full Security+ Practice Quiz – Realistic questions with instant feedback

📚 Study Guides & PDFs

🛠 Recommended Tools

Wireshark

Packet analyzer used for network troubleshooting and traffic inspection. Learn more on the official Wireshark website.

Nmap

Network scanner used for host discovery and open port analysis. Learn more on the official Nmap website.

Burp Suite

Web security tool used in penetration testing and vulnerability scanning. Learn more on the official Burp Suite website.

Kali Linux

Linux distro preloaded with security testing and forensic tools. Learn more on the official Kali Linux website.

Metasploit

Framework for developing, testing, and executing exploits. Learn more on the official Metasploit website.

Splunk

SIEM platform for log aggregation and threat monitoring. Learn more on the official Splunk website.

👩‍💻 Hands-On Lab Providers

TryHackMe

Hands-on virtual environments for learning hacking, blue team, and cloud defense.

Hack The Box

Pentesting challenges and certification-aligned skill building labs.

RangeForce

Interactive cyber skills platform for defensive training and simulations.