About This Domain
Domain 2 — Threats, Vulnerabilities, and Mitigations — accounts for 22% of the SECPLUS certification exam. This domain evaluates your understanding of threat actor types and motivations, social engineering and phishing, malware types, and related concepts. Threat landscape, attacks, and mitigations. To pass this section you need practical knowledge of how these technologies work together.
What You'll Be Tested On
- Threat actor types and motivations
- Social engineering and phishing
- Malware types
- Application attacks (XSS, SQLi, CSRF)
- Indicators of compromise
Key Technologies in This Domain
Study Strategy for Domain 2
While 22% might seem like a smaller portion, every point counts toward the passing score.
Exam Tips for Domain 2
This is 22% — know all attack types and their mitigations.
Frequently Asked Questions
How many questions come from Domain 2?
Domain 2 (Threats, Vulnerabilities, and Mitigations) makes up 22% of the SECPLUS exam.
What should I focus on for Domain 2?
Key topics include Threats & Attacks.
How should I prepare for Threats, Vulnerabilities, and Mitigations questions?
Review key topics, then practice with domain-specific questions focusing on real-world scenarios.
What's the best order to study SECPLUS domains?
Start with highest-weighted: General Security Concepts (12%), Threats, Vulnerabilities, and Mitigations (22%), Security Architecture (18%), Security Operations (28%), Security Program Management (20%).
Practice Domain 2 Questions
Test your knowledge of Threats, Vulnerabilities, and Mitigations with practice questions from our SECPLUS question bank.
Start Practice Quiz →