Skip to main content
Security+ 7×7 Express Track: Domain 3 architecture review. Track overview
Home/Security+ 7×7/Session 03

Security+ 7×7 · Video 3

Security+ Domain 3: Security Architecture, Networks, Cloud & Zero Trust

Learn secure architecture thinking: networks, cloud, identity, segmentation, zero trust, resilience, and secure design tradeoffs.

Watch the session

Video lesson

Exam focus

Design secure systems, not just isolated controls.

Domain 3 tests whether you understand how security controls fit into networks, cloud, identity, and architecture decisions.

What you will learn

  • ✅ How secure architecture decisions are made
  • ✅ How segmentation and zero trust reduce risk
  • ✅ How cloud security changes responsibility
  • ✅ How to reason through network placement questions

Key SY0-701 concepts

  • • Network segmentation, DMZs, VLANs, NAC, firewalls
  • • Zero trust, least privilege, identity-aware access
  • • Cloud shared responsibility and secure cloud design
  • • Resilience, redundancy, backups, high availability
  • • Secure baselines and architecture hardening

Practice focus

Practice architecture diagrams. Given users, apps, data, and networks, decide where controls belong and explain what risk each control reduces.

Action step

Draw one secure architecture.

Sketch a simple app, users, network boundary, identity provider, data store, firewall, monitoring, and backup. Label why each control exists.

Independent educational disclaimer: This training is educational and independent. It is not affiliated with, endorsed by, or sponsored by CompTIA. CompTIA and Security+ are trademarks of their respective owners. Always verify official exam details from CompTIA.

FAQ

Common questions

Is Domain 3 hard?

It can be challenging because it tests how controls fit into systems. Focus on diagrams and scenarios.

Do I need cloud experience?

You need cloud security concepts, shared responsibility, identity, network boundaries, and monitoring awareness.

What comes next?

Continue to Session 4 for security operations, SIEM, logs, and incident response.