Security+: Implementing Secure Network Architecture Concepts

June 26, 2018 by Graeme Messina


The Security+ Sy0-501 has made some changes to the overall layout and structure of the exam objectives, and as such, the domain topics have changed quite a bit. We will be exploring the requirements of Doman 3.2, which deals with Implementing Secure Network Architecture Concepts.

Instead of briefly touching on each point as a guide to point you in the right direction when studying for your exam, we have put together a summary of items that you should definitely know for the exam. This should serve as an indication of what you should be looking to answer, other than just parroting you the definitions of each title. For those looking to find out about training, be sure to check out the Bootcamp specials that we highlight in the conclusion of the article. Infosec’s Bootcamp for Security+ can be found here.

It should go without saying, but you will need to follow your study guide or text book, (or better yet, the Infosec Bootcamp Training Material) and go over each and every item on the exam objective PDF, which can be found here. Only then will you have a solid and holistic idea of what you need to know. So with all of that out of the way, let us take a look at the some of the most likely items that you will need to know for your Sy0-501 exam!

Network Zones and DMZs

Section 3.2 lists these as the first two items to learn on the Zones/Topologies section of the Exam Objectives Guide, so it is a great starting point for us to look at as well. It is really important for you to understand what a network zone is, what they were designed for, whether they are logical, physical, segmented, internal or external. Those are the most probable lines of questioning that you will come across when dealing with that section of the exam. Similarly, DMZs require a thorough understanding of how they act as a neutral area between the internet and your network, and how you would go about setting one up.

Extranet and Intranet

Understand the definitions of these two network types, what they are used for, where they are found, how they work with relation to business partners and internal users within the network. Be sure that you understand how they are different, how they are configured, and how they are positioned within your network.

Wireless and Guest Networks

Wireless is quite a broad topic to broach, but in this section, and in the context of these objectives, we are looking at how wireless networks pertain to guest networks. You will need to understand how to provision guest networks, how they should be segmented and isolated from the rest of the network. Remember to know the definition of what a guest network is as well.

Honeynets, NAT, and Adhoc

You will need to understand what a honeynet is, how you would configure them, where they are positioned on a network, and what you would use them for. Make sure that you understand the monitoring and logging that accompanies such a setup.

NAT needs to be understood in terms of what it can do for your network as a means of protection and protocol routing. There is quite a large amount of information to go through on the subject, but in this sub-domain you should be familiar with what NAT does in essence, and how it would be used in certain situations on a network to help secure access.

Know your Network Segmentation, Segregation and Isolation

This subdomain includes a lot of different technologies and concepts, from physical networks, to VLANs and Virtualization of networks. As such, you will need to know a bit about each. You should know about VLANs, how they are set up, what hardware is needed to run them, what their advantages are. Virtualization needs to be understood as to what it does with regards to hosting virtual computers, but also how virtual networks are handled by these hosts.


VPNs encompass a lot of different technologies and protocols, but for the exam you should concentrate on understanding what a VPN is, what is does, and what you would need to set one up. You must know about the most common VPN protocols such as PPTP, IPSec, L2TP and OpenVPN, which are likely to come up in your exam. It is a good idea to learn about the pros and cons of each network, what encryption they use, and which are the best types for specific applications and uses.

Security Device and Technology Placement

This relates to network planning, where you would place a device, why you would place such a device in that location, and what it is that you are trying to mitigate or solve with such a placement. Understand that this placement works in conjunction with your understanding of the architected of your particular environment. Understand what the benefits are of using such planning strategies, how they would add value to the business, and mitigate outages and your systems going offline.

There are plenty of devices to learn about, and you should be familiar with all of them. These include:

  • Sensors
  • Collectors
  • Correlation engines
  • Filters
  • Proxies
  • Firewalls
  • VPN concentrators
  • SSL accelerators
  • Load balancers
  • DDoS mitigator
  • Aggregation switches
  • Taps and port mirror

Software Defined Networks

You must understand what it is that using this methodology accomplishes within your network, what its main application is, and why you would want to use SDNs in your environment. Learn about how the layers are separated from one another, and what this does for security on your network.


Those wishing to take the CompTIA Security+ SY0-501 exam will need to follow the exam objectives closely, but hopefully these highlights will help to keep you focussed on some key points of subdomain 3.2. Be sure to look at the entire exam objectives list over here, and look closely at each required objective within the domains list.

Infosec Institute is currently offering a fantastic Security+ Training Bootcamp for those wishing to get started with their Security+. More information can be found here about this fantastic hands-on learning experience.


Posted: June 26, 2018
Articles Author
Graeme Messina
View Profile

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.

Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117