Home › Domain 4: Communication and Network Security
CISSP · Domain 4

Communication and Network Security

Bảo mật Truyền thông & Mạng · 13% of CISSP Exam

6 Lessons ~19–23 Exam Questions High Technical Depth

About This Domain

Domain 4 covers the protocols, architectures, and controls that protect data in transit. Master OSI model attacks, firewall types, VPN modes, and wireless security standards.

This domain rewards systematic thinking: map every attack to a specific OSI layer, know which control operates at which layer, and understand the trade-offs between inspection depth and performance. Highly technical — expect questions on IPSec modes, TLS versions, and wireless protocol weaknesses.

Exam Weight Domain 4 accounts for approximately 19–23 questions on the CISSP exam (13% of 150–175 questions). Firewall types, IPSec AH vs ESP, VPN modes (tunnel vs transport), wireless standards (WPA2 vs WPA3), and network attack mitigations are the highest-frequency topics. Strong technical domain — know the "why" behind every control.

6 Lessons in This Domain

01
OSI Model & Network Security Fundamentals
Mô hình OSI & Bảo mật Mạng
  • • Full 7-layer OSI attack surface mapping
  • • ARP poisoning, SYN flood, SSL stripping
  • • WAF at L7, stateful firewall at L4
Start Lesson →
02
Firewalls, IDS/IPS & Network Security Devices
Tường lửa, IDS/IPS & Thiết bị Bảo mật
  • • Packet filter → Stateful → NGFW → WAF
  • • IDS (passive) vs IPS (active inline)
  • • DMZ architecture, honeypots, NAC/802.1X
Start Lesson →
03
VPN, TLS & Encrypted Channels
VPN, TLS & Kênh Mã hóa
  • • IPSec: AH vs ESP, tunnel vs transport mode
  • • TLS 1.3: mandatory PFS via ECDHE
  • • mTLS, HSTS, split tunneling risks
Start Lesson →
04
Wireless Security (WPA3, 802.1X)
Bảo mật Mạng Không dây
  • • WEP (broken) → WPA → WPA2 → WPA3
  • • SAE vs PSK: defeat offline dictionary attacks
  • • 802.1X NAC: EAP-TLS vs PEAP
Start Lesson →
05
Email Security: SPF, DKIM, DMARC & DNS
Bảo mật Email & DNS
  • • SPF + DKIM + DMARC together defeat spoofing
  • • DNSSEC (integrity) vs DoH/DoT (privacy)
  • • S/MIME: encrypt with public, sign with private
Start Lesson →
06
Network Attacks & Mitigations
Tấn công Mạng & Biện pháp Phòng chống
  • • SYN flood, ARP poisoning, VLAN hopping
  • • DDoS volumetric vs application layer
  • • BGP hijacking, RPKI, BCP38, Pass the Hash
Start Lesson →

Domain 4 Full Quiz

Complete all 6 lessons before attempting the full domain quiz. The quiz covers all concepts across all lessons with 20 mixed questions at exam difficulty.

Coming Soon — Complete all lessons first
← Master Index Start Lesson 01: OSI Model →