creedalene/CompTIA-SecurityX-Domain2.Security-Architecture

# CompTIA SecurityX (CAS-005) Domain 2.0 Security Architecture ## Overview Detailed reference notes for Domain 2 (27% of exam) of CompTIA SecurityX (CAS-005). Covers enterprise security architecture, resilient systems, secure SDLC, cloud/hybrid designs, Zero Trust, microsegmentation, access controls (RBAC/ABAC), CASB, container security, encryption & key management. ## Repository Purpose ## Domain 2.0 Coverage The content strives to provide clear, structured coverage of core security architecture topics, including enterprise security architecture design, resilient systems analysis, secure Systems Development Lifecycle (SDLC) integration, cloud and hybrid architectures, and implementation of advanced security controls. ## Detailed Notes - **[SecurityX (CAS-005) Domain 2.1: Resilient Systems Design](https://github.com/creedalene/CompTIA-SecurityX-Domain2.Security-Architecture/blob/main/SecurityX-Domain2.1.md)** - **[SecurityX (CAS-005) Domain 2.2: Security in the Systems Life Cycle](https://github.com/creedalene/CompTIA-SecurityX-Domain2.Security-Architecture/blob/main/SecurityX-Domain2.2.md)** - **[SecurityX (CAS-005) Domain 2.3: Integrating Controls in Secure Architecture Design](https://github.com/creedalene/CompTIA-SecurityX-Domain2.Security-Architecture/blob/main/SecurityX-Domain2.3.md)** - **[SecurityX (CAS-005) Domain 2.4: Access, Authentication, and Authorization Systems](https://github.com/creedalene/CompTIA-SecurityX-Domain2.Security-Architecture/blob/main/SecurityX-Domain2.4.md)** - **[SecurityX (CAS-005) Domain 2.5: Secure Cloud Capabilities Implementation](https://github.com/creedalene/CompTIA-SecurityX-Domain2.Security-Architecture/blob/main/SecurityX-Domain2.5.md)** - **[SecurityX (CAS-005) Domain 2.6: Integrating Zero Trust Concepts into System Architecture Design](https://github.com/creedalene/CompTIA-SecurityX-Domain2.Security-Architecture/blob/main/SecurityX-Domain2.6.md)** ## Key Topics * Enterprise security architecture design and resilient systems * Secure SDLC integration with security controls * Cloud, hybrid, and on-premises security considerations * Zero Trust Architecture, microsegmentation, and network segmentation * Advanced access control models (DAC, MAC, RBAC, ABAC) * Cloud security capabilities (CASB, secure CI/CD, containers, serverless) * Cloud data security: encryption, key management, exposure, and remanence * Shared responsibility model across cloud providers * Cryptographic solutions and PKI in complex environments * Proactive, detective, and preventative security controls ## DoD / Defense Focus Particular emphasis is placed on DoD-relevant architectures, including alignment with DoD Zero Trust Reference Architecture, DISA STIGs, and secure engineering practices used in defense and mission-critical environments. ## DoD Naming Note ## How to Use This Repository - Navigate through the individual markdown files for each subtopic - Use the comparison tables and diagrams for quick reference - Cross-reference with official NIST and DoD sources for exam preparation and real-world application - Clone the repo for offline study or contribute improvements via pull requests **Maintained by Cree Dalene, Senior Cybersecurity Assessor**