Confidentiality, Integrity, and Availability (CIA Triad)

Security controls (physical, technical, administrative)

Authentication, authorization, and accounting (AAA)

Threat actors and threat vectors

Security roles and responsibilities

Security governance principles

Frameworks, regulations, and compliance (e.g., NIST, ISO, GDPR, HIPAA)

Practice test (50–60 questions)

Types of threats (malware, phishing, ransomware, insider threats, APTs)

Vulnerability types (unpatched software, misconfigurations, zero-days)

Social engineering techniques

Threat intelligence sources and feeds

Indicators of compromise (IOCs)

Risk management process and vulnerability management

Penetration testing and red teaming basics

Practice test (50–60 questions)

Secure network architecture (DMZ, segmentation, VLANs)

Security zones (trusted/untrusted, guest networks)

On-prem, cloud, and hybrid security considerations

Endpoint security (EDR, antivirus, DLP)

Application security (OWASP Top 10)

Secure configuration (hardening, baselines)

Identity and Access Management (IAM)

Password policies

Multifactor authentication (MFA)

Role-based access control (RBAC)

Zero Trust Architecture (ZTA)

Practice test (50–60 questions)

Security monitoring and logging (SIEM, syslog)

Incident response process

Preparation, detection, analysis, containment, eradication, recovery

Digital forensics basics (chain of custody, data acquisition)

Business continuity and disaster recovery

Data security and privacy practices

Patch and configuration management

Secure deployment and automation (DevSecOps)

Practice test (50–60 questions)

Security policies and procedures

Security awareness training

Audits and assessments (internal/external)

Vendor risk management and third-party risks

Supply chain security

Security metrics and reporting

Legal and ethical considerations in cybersecurity

Practice test (50–60 questions)

Mock Interview — Security+ Level (You = Candidate)