Show:
Core Security Concepts
Identities, Access & Zero Trust
Data Protection & Resilience
Network & Infrastructure Security
Threats, Detection & Response
100

A security weakness like a bug, misconfiguration, or process gap that an attacker can exploit. 

What is a vulnerability 

100

This is how you prove who you are—using something like a password, token, or fingerprint.

What is authentication 

100

Copy of data used to restore after loss or corruption.

What is a Backup

100

Filters traffic to allow or block connections based on rules.

What is a firewall 

100

Malicious software (ransomware, viruses, worms, trojans, etc.)

What is Malware 

200

Anything that could cause harm (attacker, malware, insider, natural event)

What is a threat 

200

After you log in, this determines what you’re allowed to do or see.

What is authorization 

200

Point‑in‑time copy of data or a volume, often used for fast restores. 

What is a snapshot 

200

Tools that detect (and sometimes block) suspicious network activity.

What is intrusion detection/prevention 
200

 Risk from internal users either malicious or careless. 

What is Insider Threat 

300

The likelihood a threat will exploit a vulnerability, and the impact if it does.

What is risk 

300

Two or more methods to prove identity (password + code + biometric). 

What is MFA - Multi‑Factor Authentication

300

Malware that encrypts data and demands payment

What is ransomware

300

Encrypted tunnel between a user/site and the network.

What is VPN

300

Team and tools that monitor and respond to security events 24x7.

What is Security Operations Center (SOC) 

400

Keeping data secret from unauthorized people.

What is confidentiality 

400

This approach to security is summarized as “never trust, always verify,” even inside the network.

What is Zero Trust 

400

Highly isolated backup environment (often with immutable copies) designed to survive cyberattacks and support clean recovery.

What is Cyber Recovery Vault/ Isolated Recovery Environment 

400

Any device on the network (server, laptop, VM, container, IoT).

What is Endpoint 

400

The process and playbooks to detect, contain, eradicate, and recover from security incidents.

What is Incident Response 

500

All the ways an attacker could get in (ports, apps, users, APIs, etc.)

What is attack surface 

500

This type of security helps protect powerful admin accounts with extra controls and monitoring.

What is Privileged Access Management (PAM) 

500

Backup that cannot be changed or deleted during a set retention period.

What is a Immutable Backup 

500

Advanced endpoint protection that detects and responds to attacks on devices/servers.

What is Endpoint detection & response 

500

Central platform that collects and correlates logs/events from many systems for alerting, investigation, and compliance.

What is SIEM - Security Information and Event Management