Domain 3: Security Architecture
CompTIA Security+ (SY0-701) · this domain is approximately 18.0% of the exam · 90 practice questions.
Security Architecture makes up about 18% of the SY0-701 exam and addresses how secure infrastructure is designed at the network, cloud, and application layers. Topics include segmentation strategies, zero-trust principles, virtualization security, secure network topologies, and resilience considerations such as redundancy and backup. Candidates must be able to evaluate architectural diagrams and identify which design choices reduce attack surface or enforce least privilege across hybrid environments.
Key concepts
access control access control models authentication bell-lapadula certificate authority compliance comptia security+ containment cryptography data classification digital certificates digital signatures dmz encryption firewall https incident response multi-level security network security network segmentation non-repudiation patch management penetration testing pki risk management security awareness security controls security fundamentals security monitoring security principles security+ siem social engineering symmetric encryption threat detection threat intelligence tls vulnerability management web security
Free practice questions
Which security model best fits an organization requiring strong isolation between different classification levels of data?
Free question · medium · full answer + explanation
Practice all 90 questions in this domain
The full CompTIA Security+ (SY0-701) bank includes 89 more questions in this domain, each with a verified answer and a written explanation.
- Which security control type is designed to prevent unauthorized access before an incident occurs? Unlock answer & explanation →
- Which of the following best describes a buffer overflow attack? Unlock answer & explanation →
- What is a threat feed in STIX/TAXII context? Unlock answer & explanation →