The Security and Access section of the Administrator study guide contains 4 objectives.
Explain the various organization security controls (e.g., passwords, IP restrictions, identity confirmation, network settings).
Given a user request scenario, apply the appropriate security controls based on the features and capabilities of the Salesforce sharing model (e.g., organization-wide defaults, roles and the role hierarchy, manual sharing, sharing rules and public groups).
Profiles and Permission Sets
Given a scenario, determine the appropriate use of a custom profile or permission set using the various profile settings and permissions.
Describe how folders can be used to organize and secure communication templates, dashboards, and reports.