// course outline
CompTIA Security+
Certification Prep
// COMPLETION
0 / 0 topics
DOMAIN 01
General Security Concepts
12%
Foundational security principles, controls, and cryptographic concepts that underpin everything else.
// WEEKS 1–2
- Security control categories & types (preventive, detective, corrective)
- CIA Triad, non-repudiation, AAA framework
- Cryptographic concepts: symmetric, asymmetric, hashing
- PKI, digital certificates, and certificate authorities
- Common security terminology and threat actors
DOMAIN 02
Threats, Vulnerabilities & Mitigations
22%
The largest exam domain — covers attack types, malware, social engineering, and vulnerability management.
// WEEKS 2–3
- Malware types: ransomware, trojans, worms, rootkits, spyware
- Social engineering: phishing, vishing, pretexting, BEC
- Application attacks: SQL injection, XSS, buffer overflow
- Network attacks: DoS/DDoS, man-in-the-middle, DNS poisoning
- Vulnerability scanning, threat intelligence, CVE/CVSS
- Indicators of compromise (IoC) and attack indicators
DOMAIN 03
Security Architecture
18%
Designing secure networks, cloud environments, and infrastructure using modern architectural principles.
// WEEKS 3–4
- Network segmentation: VLANs, DMZ, zero-trust architecture
- Cloud security models: IaaS, PaaS, SaaS, shared responsibility
- Virtualization & containerization security
- Secure network design: firewalls, IDS/IPS, proxies, load balancers
- Infrastructure as Code (IaC) and secure SDLC basics
DOMAIN 04
Security Operations
28%
The heaviest domain — day-to-day security operations, incident response, identity management, and monitoring.
// WEEKS 4–6
- Identity & Access Management: MFA, SSO, PAM, LDAP
- Endpoint security: EDR, antivirus, host-based firewalls
- SIEM, log analysis, and security monitoring
- Incident response lifecycle and forensics basics
- Vulnerability management and patch management
- Data security: DLP, encryption at rest/transit, data classification
- Network security tools: Wireshark, Nmap, tcpdump
DOMAIN 05
Security Program Management & Oversight
12%
Governance, risk, compliance, policies, and third-party risk — the business side of security.
// WEEKS 6–7
- Risk management: risk types, assessment, appetite, tolerance
- Compliance frameworks: NIST, ISO 27001, SOC 2, HIPAA, PCI-DSS
- Security policies, standards, and procedures
- Third-party risk management & supply chain security
- Privacy concepts and data handling regulations (GDPR)
DOMAIN 06
Exam Prep & Practice
Final
Full review, performance-based questions (PBQs), timed practice exams, and weak-area targeting.
// WEEK 8
- 2× full-length timed practice exams (90 questions, 90 min)
- PBQ walkthroughs: drag-and-drop, simulations, scenarios
- Flashcard review of key acronyms and port numbers
- Weak-area targeted review from practice exam analysis
- Exam-day strategy: question pacing, PBQ-first or last?
// 8-WEEK TIMELINE
WK 1
Security Concepts
WK 2
Crypto + Threats
WK 3
Vulnerabilities
WK 4
Architecture
WK 5
Security Ops I
WK 6
Security Ops II
WK 7
GRC & Compliance
WK 8
Practice Exams
Domain 1
Domain 2
Domain 3
Domain 4
Domain 5
Exam Prep