Security+ 7×7 · Video 3
Security+ Domain 3: Security Architecture, Networks, Cloud & Zero Trust
Learn secure architecture thinking: networks, cloud, identity, segmentation, zero trust, resilience, and secure design tradeoffs.
Watch the session
Video lesson
Exam focus
Design secure systems, not just isolated controls.
Domain 3 tests whether you understand how security controls fit into networks, cloud, identity, and architecture decisions.
What you will learn
- ✅ How secure architecture decisions are made
- ✅ How segmentation and zero trust reduce risk
- ✅ How cloud security changes responsibility
- ✅ How to reason through network placement questions
Key SY0-701 concepts
- • Network segmentation, DMZs, VLANs, NAC, firewalls
- • Zero trust, least privilege, identity-aware access
- • Cloud shared responsibility and secure cloud design
- • Resilience, redundancy, backups, high availability
- • Secure baselines and architecture hardening
Practice focus
Practice architecture diagrams. Given users, apps, data, and networks, decide where controls belong and explain what risk each control reduces.
Session resources
Download and study
Action step
Draw one secure architecture.
Sketch a simple app, users, network boundary, identity provider, data store, firewall, monitoring, and backup. Label why each control exists.
FAQ
Common questions
Is Domain 3 hard?
It can be challenging because it tests how controls fit into systems. Focus on diagrams and scenarios.
Do I need cloud experience?
You need cloud security concepts, shared responsibility, identity, network boundaries, and monitoring awareness.
What comes next?
Continue to Session 4 for security operations, SIEM, logs, and incident response.