Cover identity controls, compliance, segmentation, attacks, hardening, and defensive technologies in the Network+ security domain.
This chapter keeps Network+ security grounded in networking. CompTIA wants you to choose the right identity control, segmentation boundary, defensive feature, or attack classification without overcomplicating the answer.
AAA: Authentication, authorization, and accounting for identity and access-control workflows.
CIA: Confidentiality, integrity, and availability, the core security objectives behind network-security decisions.
CompTIA currently weights this domain at 14% of the Network+ exam.
| Lesson | Focus |
|---|---|
| 4.1 Logical Security, AAA & Identity Controls | Use IAM, MFA, SSO, RADIUS, LDAP, SAML, TACACS+, and least-privilege language correctly in network-access scenarios. |
| 4.2 Physical Security Controls | Connect locks, cameras, badging, and facility controls to the network assets they are trying to protect. |
| 4.3 Deception Technologies | Learn when honeypots and honeynets make sense and what they are meant to observe or divert. |
| 4.4 Risk, Vulnerability, Exploit & CIA | Keep security terminology straight so scenario questions do not collapse into vague security language. |
| 4.5 Audits, Compliance & Data Locality | Connect PCI DSS, GDPR, locality requirements, and audit expectations to network design and operations choices. |
| 4.6 Network Segmentation for Guest, BYOD, IoT & OT | Use network segmentation to separate trust zones and limit blast radius across guest, user-owned, and operational technology environments. |
| 4.7 Network Attacks & Adversary Techniques | Recognize common network attacks, spoofing behaviors, rogue services, wireless attacks, and social-engineering paths that appear in Network+ scenarios. |
| 4.8 Hardening, NAC, ACLs & Defensive Controls | Apply device hardening, NAC, key management, ACLs, trust zones, filtering, and screened-subnet logic to network-defense questions. |
| If the question is really about… | Go first to… |
|---|---|
| identity, MFA, SSO, RADIUS, or TACACS+ | 4.1 Logical Security, AAA & Identity Controls |
| compliance, locality, or governance wording | 4.5 Audits, Compliance & Data Locality |
| guest, BYOD, IoT, or OT separation | 4.6 Network Segmentation for Guest, BYOD, IoT & OT |
| attack names, hardening, NAC, ACLs, or screened subnets | 4.7 Network Attacks & Adversary Techniques or 4.8 Hardening, NAC, ACLs & Defensive Controls |
Use these tie-breakers:
| If the close answers differ on… | Lean toward… |
|---|---|
| identity versus segmentation | the answer that matches who is connecting versus where traffic is allowed to go |
| prevention versus observation | the answer that fits whether the scenario needs blocking or visibility |
| physical versus logical protection | the answer that addresses the actual exposure boundary |
| generic security language versus exact classification | the answer that correctly identifies the weakness, attack path, or impact first |
Protect these lessons first:
Even when Network+ moves into another domain, the ideas here keep returning. Treat this chapter as a reusable reasoning layer, not as a one-time reading block.