[2/3] Security+ Domains Explained: What to Study (and What to Ignore)
How to pass CompTIA Security+ in 4 weeks without years of experience, expensive courses, or wasting time on irrelevant topics! All you need is a plan and 4 weeks of execution.
Most people fail CompTIA Security+ for one simple reason.
It isn’t a lack of experience.
It isn’t that they are not smart enough.
It isn’t even an absence of an $800 course.
It’s not knowing what really matters for the exam.
They treat all topics the same. They try to “cover everything.” And naturally, they get lost and fail.
💡 NOTE: “Security+ is not about knowing everything. It’s about knowing what matters.”
In Part 1, we talked about what the exam really is.
Now it’s time to break it down:
👉 What’s inside each domain
👉 What you should actually focus on
👉 What you can safely ignore
Let’s get to it!
WARNING: This article won’t bring anything exciting, but it will help you bring structure to your preparation for the CompTIA Security+ exam.
If you’re just joining: This is Part 2 of my 3-part series on how to pass CompTIA Security+ in 4 weeks.
![[1/3] How to Pass Security+ in 4 Weeks - Introduction](https://substackcdn.com/image/fetch/$s_!kGbq!,w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7d28a3af-e2a1-407a-9594-496f056ae4fe_1536x1024.png)
In Part 1, I explained:
what the exam actually tests
why most people fail
how to think about Security+ the right way
Now we focus on what to study, and what to ignore.
The 5 Domains of Security+
I have already mentioned this last time, but I think it’s absolutely crucial to understand this.
Understanding the exam structure is not optional. It’s one of the fastest ways to improve your score.
The current version (SY0-701) is built around 5 domains.
And you need to know what hides under the hood of each domain. And yes, you guessed it right, that’s what I am going to show you today!
And not only that! I have already explained most of the topics in my 80+ articles here on Decoded Security. So, this is nothing but just a big bank of resources that will help you pass this exam without an $800 course!
Sounds good, right?
So let’s take it domain by domain!
General Security Concepts (12%)
The goal of this chapter is to verify that you understand the fundamental concepts of cybersecurity. Yes, it counts “only” for 12% of the exam, but you are going to need those concepts across all domains, so make sure you know them!
Note: Each topic links to a detailed article if you want to go deeper. :)
What to focus on:
Technical
Administrative
Physical
Least privilege
Zero Trust
Defense in depth
Cryptography basics:
Are you preparing for CompTIA Security+?
Comment “Security+” and I’ll send you a FREE guide describing the TOP 10 most important topics for the exam!
Threats, Vulnerabilities, and Mitigations (22%)
The goal of this domain is to understand how attacks actually work and how to stop them.
You need to know the types of attacks to recognize them and design systems that are resilient to them.
What to focus on:
Ransomware
Trojans
Worms
Pretexting
Baiting
TCP/UDP
FTP
SMTP
….. (see the article above)
Network attacks: (in progress)
DoS / DDoS
Man-in-the-middle
DNS spoofing
Vulnerabilities: (in progress)
Misconfigurations
Unpatched systems
Weak passwords
Mitigation basics: (in progress)
Patching
Input validation
Segmentation
Security Architecture (18%)
This domain focuses on secure design.
In other words, it teaches you how to build systems that are secure by default, not systems that need to be fixed later.
You’re not reacting to attacks here. You’re preventing them before they even become possible.
This includes how networks are structured, how systems communicate, how identities are managed, and how trust is established between components.
Because once a system is deployed, fixing security issues becomes:
- slower
- more expensive
- and often incomplete
That’s why good security professionals think about architecture first.
What to focus on:
Network design:
Segmentation (In progress)
DMZ (In progress)
HTTPS / TLS
SSH
Identity & Access Management
System hardening (In progress)
Are you preparing for the Security+ exam? Let me know in the comments and let’s discuss it!
Security Operations (28%)
This is the most important domain on the exam.
This is where cybersecurity becomes real work.
You’re not designing systems anymore. You’re operating them.
detecting attacks
responding to incidents
minimizing damage
recovering systems
Basically, we focus on what you do when something actually happens.
Key idea here:
You won’t be judged on preventing every incident.
You’ll be judged on how you handle them.
What to focus on:
Monitoring & logging: (In progress)
SIEM basics
Log analysis
Preparation
Detection
Containment
Recovery
Reporting
Vulnerability management (In progress)
Scanning
Prioritization
Tools (high-level):
EDR (In progress)
Backup & recovery
Is there any comment you are struggling with? Just let me know in the comments and I will break it down for you!
Security Program Management and Oversight (20%) (My favorite domain!!)
This is where cybersecurity becomes a business decision.
It’s not about tools. It’s about managing risk.
Because in reality:
You can’t secure everything
You can’t eliminate all risk
So the goal is to understand risk and make the right decisions. Because at the end, it’s all about MONEY.
Most technical people underestimate this domain. That’s a mistake.
Because this is how companies actually decide:
what to protect
how much to invest
what risks to accept
💡 Key idea:
Security is not about eliminating risk. It’s about managing it.
What to focus on:
Risk = likelihood × impact
Mitigate / Transfer / Accept / Avoid
Compliance and Privacy:
Third-party risk (In progress)
Security awareness (In progress)
This is it. That’s the list of topics you need to cover to have a chance to pass the exam!
I know it might look scary, but trust me. We just made a very important step.
We put everything we need to know in one place. Which means, now we just start crossing the things off the list.
Conclusion
This is it! The exam might sound scary at this point, but I promise you—once you start crossing topics off your list, it will feel better and better.
You now know:
the structure of the exam
what the exam looks like
what is in each domain
And you have the resources to help you study.
You’re missing one last thing:
A strategy.
That’s what we’ll dive into next time!
Thanks for reading Decoded Security!
- Erich
PS: If you have any questions, feel free to reach out to me!
Let’s Connect
If you want to collaborate, discuss, or just geek out over networking and cybersecurity, reach out:
Email: erich.winkler@decodedsecurity.com
LinkedIn: Erich Winkler
Gumroad community: Decoded Security
Start Here: Decoded Security Roadmap
Enjoyed this article? Like it or drop a comment. I’d love to hear your thoughts and questions!
Let’s learn and grow together!