Work through control types, security principles, change management, and core cryptography for the opening Security+ domain.
This chapter sets the vocabulary and decision patterns that the rest of Security+ keeps reusing. CompTIA is not asking for a list of definitions here. It is testing whether you can classify a control correctly, recognize what a secure design principle is trying to protect, understand why formal change management matters, and choose the right cryptographic building block for the job.
CIA: Confidentiality, integrity, and availability, the core security objectives Security+ keeps returning to.
AAA: Authentication, authorization, and accounting.
PKI: Public key infrastructure, the certificate and trust-chain system behind many identity and encryption scenarios.
CompTIA currently weights this domain at 12% of the Security+ exam. It is the lightest domain, but it creates many of the distinctions that support stronger performance later.
Start with 1.1 Security Controls, then move to 1.2 Security Principles & Zero Trust, 1.3 Change Management, and 1.4 Cryptographic Solutions.
| If the scenario is really about… | Go first to… |
|---|---|
| classifying a preventive, detective, compensating, or physical control | 1.1 Security Controls |
| CIA, AAA, non-repudiation, zero trust, or deception technology | 1.2 Security Principles & Zero Trust |
| approving, documenting, testing, or rolling back a technical change | 1.3 Change Management |
| PKI, encryption, digital signatures, hashing, or certificates | 1.4 Cryptographic Solutions |
This is the lightest domain by weight, but it leaks into almost every other chapter:
If you keep missing later scenario questions because two answers both sound “secure,” come back here and tighten the principles before you do more mixed practice.
If the terms in this chapter still feel blurry, use the glossary before moving forward. Many later misses start as basic vocabulary confusion here.