Interactive Domain 3 practice questions load here — covering architecture models, data protection. Each answer is revealed with a full explanation and its source after you respond.
JavaScript is required for the interactive quiz. You can still browse all of CompTIA Security+ while JavaScript loads.
Want all five domains under exam conditions? Take a full 90-question mock →
Security Architecture is the design domain of Security+: at 18% of the SY0-701 exam, it asks you to weigh trade-offs rather than recite definitions. Where earlier domains catalog threats, this one is about the design decisions that shape how an enterprise is built: choosing between on-premises, cloud, serverless, and virtualized models, and understanding what each one means for your attack surface. A serverless function scales cheaply but hands responsibility to the provider; a hypervisor consolidates workloads but introduces VM-escape risk. The exam expects you to compare those implications, not just name them.
A large slice of the domain centers on securing the infrastructure you operate. Expect scenarios on zero trust, where a policy enforcement point evaluates each request on its own merits instead of trusting a network location, and on remote access patterns like ZTNA versus a traditional VPN. Port security with 802.1X/EAP, proxies, and other network appliances show up here too, framed as principles you apply to a specific situation.
The remaining objectives cover protecting data and keeping the business running. You will distinguish tokenization, data masking, and hashing for integrity, and reason about where each belongs, such as substituting realistic but fake PII into a non-production test database. Resilience and recovery round it out: recovery site types, RTO targets, and the difference between a UPS bridging a momentary outage and a generator carrying a longer one.
The terms that show up most on Domain 3 questions — one line each.
Practice the other domains, or go deeper with the full study materials.