Domain 5 · 15% of Exam

Security Fundamentals

Domain 5 covers security concepts, threats, vulnerabilities, access control, Layer 2 security, VPNs, and wireless security.

About This Domain

Domain 5 — Security Fundamentals — accounts for 15% of the CCNA certification exam. This domain evaluates your understanding of define key security concepts (threats, vulnerabilities, exploits, mitigation), describe security program elements (user awareness, training, physical access control), configure device access control using local passwords and aaa/radius/tacacs+, and related concepts. Domain 5 covers security concepts, threats, vulnerabilities, access control, Layer 2 security, VPNs, and wireless security. To pass this section you need practical knowledge of how these services and patterns work together in real-world architectures.

What You'll Be Tested On

  • Define key security concepts (threats, vulnerabilities, exploits, mitigation)
  • Describe security program elements (user awareness, training, physical access control)
  • Configure device access control using local passwords and AAA/RADIUS/TACACS+
  • Describe Layer 2 security (DHCP snooping, dynamic ARP inspection, port security)
  • Compare authentication, authorization, and accounting concepts
  • Describe wireless security protocols (WPA, WPA2, WPA3)

Key Cisco Technologies in This Domain

🔒Security Fundamentals🛡️ACLs📶Wireless

Study Strategy for Domain 5

While 15% might seem like a smaller portion of the exam, every point counts toward the passing score. Focus on understanding core concepts and common exam scenarios for this domain.

Exam Tips for Domain 5

💡

Port security violation modes: protect (drop), restrict (drop + log), shutdown (default — err-disable).

💡

DHCP snooping creates a binding table of MAC-to-IP mappings used by DAI.

💡

TACACS+ separates AAA functions and encrypts the full payload; RADIUS combines auth+authz and encrypts only the password.

💡

WPA3 uses SAE (Simultaneous Authentication of Equals) instead of the 4-way handshake.

Frequently Asked Questions

How many questions on the CCNA exam come from Domain 5?

Domain 5 (Security Fundamentals) makes up 15% of the CCNA exam. The exam has 65 scored questions, so approximately 10 questions will come from this domain.

What services should I focus on for Domain 5?

The key services for this domain include Security Fundamentals, ACLs, Wireless. Make sure you understand how each service works, its use cases, and how they integrate with one another.

How should I prepare for Security Fundamentals questions?

Start by reviewing the key topics listed above, then practice with domain-specific questions. Focus on understanding real-world scenarios rather than memorizing facts.

What's the best order to study the CCNA domains?

Many candidates start with the highest-weighted domains first. For the CCNA exam, the domains in order of weight are: Network Fundamentals (20%), Network Access (20%), IP Connectivity (25%), IP Services (10%), Security Fundamentals (15%), Automation and Programmability (10%).

Practice Domain 5 Questions

Test your knowledge of Security Fundamentals with practice questions from our CCNA question bank.

Start Practice Quiz →

Other CCNA Domains

Domain 1Network Fundamentals20%Domain 2Network Access20%Domain 3IP Connectivity25%Domain 4IP Services10%Domain 6Automation and Programmability10%
← CCNA Study HubFree Mock Exam30-Day Study Plan