Security+ Domain 1: General Security Concepts
Domain 1.0 — General Security Concepts · 12% of the exam
The foundation the rest of Security+ builds on — all 4 objectives (1.1–1.4), from control categories and the CIA triad through change management and every cryptographic solution on the exam. An 82-page guide with worked examples, exam tips, and 60 exam-style practice questions.
All study guides — current and every new one.
- Interactive online guide
- Downloadable PDF
- Lifetime updates
- 30-day money-back guarantee
Secure checkout via Stripe · no account needed · instant access
12% of your exam score
Domain 1.0 is worth 12% of the SY0-701 exam. Walk in having mastered it — not hoping it doesn't come up.
Every objective, nothing extra
Built line by line from CompTIA's official objectives 1.1–1.4 — 22 in-depth topics with worked scenarios and exam tips, in a 82-page guide you'll actually finish.
60 exam-style questions
Every question comes with instant feedback and a full explanation, so a wrong answer teaches you as much as a right one.
The industry's baseline cert
Security+ is the most widely held cybersecurity certification in the world — the default HR filter for security roles and the baseline for DoD 8140 work.
Read a real excerpt — free
This is the actual opening of Module 1.1, Security controls — not marketing copy. If you like how it teaches, the rest of the guide reads the same way.
Compare and contrast various types of security controls
Every safeguard an organization deploys — a firewall rule, a policy document, a fence, a log review — is a security control. This objective gives you the two-axis classification system CompTIA uses everywhere else on the exam: category (how the control is implemented and by whom) and type (what the control does relative to an incident).
A security control is any measure put in place to reduce risk — to prevent, detect, or recover from a security event, or to discourage or redirect the behavior that causes one. Because organizations deploy hundreds of controls, security professionals classify them along two independent axes. The category answers "who implements this, and through what mechanism?" The type answers "when does this act relative to an incident, and what does it accomplish?" Every control has exactly one obvious category on the exam, but a single control can serve different types depending on how it's used — a camera detects intrusions and deters intruders who can see it.
Control categories — how a control is implemented
CompTIA defines four categories. Learn them by their implementation mechanism, not by memorizing example lists: technical controls are enforced by systems, managerial controls by governance and planning, operational controls by people executing day-to-day processes, and physical controls by the tangible world.
Both involve people, so use this test: managerial controls decide and plan (writing the risk assessment, approving the policy, designing the training program), while operational controls execute (the guard walking the patrol, the analyst reviewing logs, the employee attending the training). A policy document is managerial; following the procedure it mandates is operational. When a badge reader enforces the rule, it has become technical or physical.
Not ready to buy? Read it later.
We'll email you a free sample of this guide as a PDF — no purchase needed.
Try 3 sample questions
Pulled straight from the guide's 60-question bank — tap an answer for instant feedback and the explanation.
From module 1.1 · Security controls
1. A company installs a chain-link fence topped with razor wire around its data center property. Which control category does this represent?
From module 1.2 · Fundamental concepts
1. A DDoS attack makes a company's customer portal unreachable for six hours. Which element of the CIA triad was PRIMARILY violated?
From module 1.3 · Change management
1. An administrator deploys a firewall configuration change to production. It causes an outage, and the team discovers there is no documented way to return to the previous configuration. Which change management element was MOST clearly missing?
57 more questions like these are waiting inside.
What's inside
- 22 in-depth topics across 4 modules, mapped to objectives 1.1–1.4
- 60 exam-style practice questions with instant feedback
- Full answer key with explanations for every question
- Complete Security+ acronym & key-term reference
- 82-page downloadable PDF for offline study and printing
- Lifetime updates as the exam evolves
The modules, mapped to the objectives
- 1.115 Qs
Security controls
Compare and contrast various types of security controls
PreventiveDeterrentDetectiveCorrectiveCompensatingDirective - 1.215 Qs
Fundamental concepts
Summarize fundamental security concepts
RBACRole-based Access ControlABACAttribute-based Access ControlMACMandatory Access ControlDACDiscretionary Access ControlRule-based access controlAdaptive identity - 1.315 Qs
Change management
Explain the importance of change management processes and the impact to security
Approval processOwnershipStakeholdersImpact analysisTest resultsBackout plan - 1.415 Qs
Cryptographic solutions
Explain the importance of using appropriate cryptographic solutions
SteganographyTokenizationData maskingCertificate authorityCACRLCertificate Revocation ListOCSPOnline Certificate Status Protocol

About the author
Chris Rees
Professional information technologist with 25+ years in IT and the author of 60+ certification training courses — 50+ live on Pluralsight, rated 4.6/5 across more than 2,000 reviews. This guide is that same exam-focused teaching, in a format you can finish.
More about ChrisSitting the whole exam? Get the Complete Security+ Collection.
All 5 SY0-701 domains — including this guide — for $29.95 instead of $49.75.
See everything insideQuestions, answered
Do I need an account to buy?
No. Checkout is a single Stripe form — email and card, about 30 seconds. We create your access from your checkout email automatically and sign you in the moment payment completes.
Is this up to date with the real SY0-701 exam?
Yes — the guide is mapped module-by-module to CompTIA's official Security+ objectives (1.1–1.4), and lifetime updates are included, so as the exam evolves your guide does too.
What exactly do I get?
Instant access to the interactive online guide with all 60 practice questions, plus a 82-page PDF you can download, print, and keep forever.
Do I need the other domains too?
This guide covers Domain 1.0 (12% of the exam). To prepare for the whole exam, the Complete Security+ Collection bundles all 5 domains for $29.95 — less than the price of three guides.
What if it isn't for me?
Every purchase comes with a 30-day money-back guarantee — email us and we'll refund you, no hoops.
Who wrote it?
Chris Rees — a professional information technologist with 25+ years in IT and the author of 60+ certification courses, rated 4.6/5 across 2,000+ reviews on Pluralsight.
Be ready for 12% of the exam — for $9.95
Instant access, lifetime updates, and a 30-day money-back guarantee. The only risk is walking into the exam without it.
Get the guide