🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Security Free

Cybersecurity Fundamentals

The Cybersecurity Fundamentals course teaches core security principles, threat and vulnerability concepts, basic cryptography, network protection, and identity access management, giving learners essential knowledge to protect systems and prepare for certification.

Who Should Take This

It is designed for entry‑level IT professionals, system administrators, and aspiring security analysts who have basic networking knowledge and want to build a solid foundation in cybersecurity. These learners aim to understand vendor‑neutral concepts, enhance their job readiness, and position themselves for CompTIA Security+ or ISC2 CC certifications.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

68 learning goals
1 Security Principles
3 topics

CIA Triad and Core Concepts

  • Define confidentiality, integrity, and availability as the three pillars of information security and provide examples of controls that protect each.
  • Explain how the CIA triad applies to real-world scenarios and analyze which pillar is most critical for a given system (e.g., banking vs. hospital vs. media company).
  • Describe non-repudiation and explain how digital signatures and audit logs ensure that actions cannot be denied by the actor who performed them.

Security Design Principles

  • Explain the principle of least privilege and describe how it limits the blast radius of compromised accounts by granting only the minimum access required.
  • Describe defense in depth as a layered security strategy and identify the physical, network, host, application, and data layers where controls should be placed.
  • Explain separation of duties and dual control, and describe how they prevent fraud and reduce insider threat risk in critical business processes.
  • Compare security through obscurity with open design principles and evaluate why relying solely on secrecy of mechanisms is an insufficient security strategy.

AAA Framework

  • Define authentication, authorization, and accounting, and explain how together they form a complete access control framework.
  • Describe RADIUS and TACACS+ as centralized AAA protocols and compare their architecture, transport, and typical deployment scenarios.
2 Threats and Vulnerabilities
5 topics

Malware Types

  • Identify and describe common malware categories including viruses, worms, trojans, ransomware, spyware, adware, rootkits, and logic bombs.
  • Compare the propagation mechanisms of viruses, worms, and trojans and evaluate the relative risk each poses to network environments.
  • Describe anti-malware defense mechanisms including signature-based detection, heuristic analysis, sandboxing, and endpoint detection and response (EDR) at a conceptual level.

Social Engineering

  • Identify social engineering attack types including phishing, spear phishing, whaling, vishing, smishing, pretexting, and tailgating.
  • Explain the psychological principles (authority, urgency, scarcity, social proof) that social engineers exploit and describe awareness training as a primary countermeasure.

Application Vulnerabilities

  • Describe common web application vulnerabilities from the OWASP Top 10 including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
  • Explain how input validation, parameterized queries, output encoding, and CSRF tokens mitigate common web application attack vectors.
  • Analyze a scenario involving an application vulnerability and determine which OWASP category it falls under and what remediation steps are appropriate.

Vulnerability Assessment

  • Describe the vulnerability management lifecycle including discovery, prioritization, remediation, and verification, and explain the role of CVE identifiers and CVSS scoring.
  • Compare vulnerability scanning, penetration testing, and red team exercises, and explain when each assessment type is appropriate.

Network-Based Attacks

  • Describe common network attacks including DoS/DDoS, man-in-the-middle, ARP poisoning, DNS spoofing, and session hijacking, and explain the protocol weaknesses each exploits.
  • Explain how botnets are assembled through command-and-control infrastructure and describe how they amplify DDoS attacks using reflection and amplification techniques.
3 Cryptography Basics
4 topics

Symmetric Encryption

  • Explain symmetric encryption and describe how a single shared key is used for both encryption and decryption, identifying the key distribution problem.
  • Identify common symmetric algorithms including AES, 3DES, and ChaCha20, and describe their key sizes, block sizes, and relative performance characteristics.
  • Compare block cipher modes of operation (ECB, CBC, CTR, GCM) and evaluate which mode provides both confidentiality and integrity.

Asymmetric Encryption

  • Explain asymmetric encryption using public-private key pairs and describe how it solves the key distribution problem inherent in symmetric encryption.
  • Identify common asymmetric algorithms including RSA, ECDSA, and Diffie-Hellman, and describe their primary use cases (encryption, key exchange, digital signatures).
  • Explain how hybrid encryption combines asymmetric key exchange with symmetric bulk encryption and describe why this approach is used in TLS and PGP.

Hashing and Digital Signatures

  • Describe cryptographic hash functions and their properties (deterministic, fixed-length output, collision resistance, avalanche effect) and identify common algorithms (SHA-256, SHA-3, MD5).
  • Explain how digital signatures use hashing and asymmetric encryption together to provide authentication, integrity, and non-repudiation.
  • Explain how HMAC combines hashing with a secret key to provide message authentication and describe its use in API authentication and session tokens.

PKI and Certificates

  • Describe the components of a Public Key Infrastructure including certificate authorities (CA), registration authorities (RA), certificate revocation lists (CRL), and OCSP.
  • Explain the X.509 certificate format and describe how chain-of-trust validation works from a server certificate through intermediate CAs to a trusted root CA.
  • Analyze a TLS certificate error scenario and determine whether the cause is expiration, hostname mismatch, untrusted CA, or revocation.
4 Network Security
5 topics

Firewalls and Network Filtering

  • Describe firewall types including packet filtering, stateful inspection, application-layer (proxy), and next-generation firewalls (NGFW), and explain the inspection capabilities of each.
  • Explain the concept of DMZ architecture and describe how dual-firewall or single-firewall three-leg designs isolate public-facing servers from internal networks.

Intrusion Detection and Prevention

  • Distinguish between intrusion detection systems (IDS) and intrusion prevention systems (IPS) and explain the difference between network-based and host-based deployment.
  • Compare signature-based and anomaly-based detection methods and evaluate the trade-offs between false positive rates and detection of novel threats.

VPNs and Secure Tunneling

  • Describe VPN architectures including site-to-site and remote-access configurations and explain how they provide confidentiality and integrity over untrusted networks.
  • Compare IPsec and SSL/TLS VPN technologies and evaluate their suitability for different use cases based on layer of operation, client requirements, and deployment complexity.

Wireless Security

  • Describe wireless security protocols including WEP, WPA, WPA2, and WPA3, and explain the vulnerabilities that led to each protocol's successor.
  • Identify common wireless attacks including evil twin, deauthentication, and WPS brute-force, and describe countermeasures for each.
  • Compare WPA2-Personal (PSK) and WPA2-Enterprise (802.1X) authentication and evaluate which is appropriate for home versus corporate environments.

Network Segmentation

  • Explain network segmentation using VLANs, subnets, and micro-segmentation, and describe how segmentation limits lateral movement after a breach.
  • Describe the zero trust network model and explain how it differs from traditional perimeter-based security by requiring continuous verification of identity and device posture.
5 Identity and Access Management
4 topics

Authentication Methods

  • Identify the three authentication factor categories (something you know, have, and are) and provide examples of each including passwords, tokens, and biometrics.
  • Explain multi-factor authentication (MFA) and describe how combining factors from different categories significantly reduces the risk of credential compromise.
  • Compare password-based authentication with passwordless methods (FIDO2, passkeys, certificate-based) and evaluate the security and usability trade-offs.

Authorization Models

  • Describe common access control models including discretionary (DAC), mandatory (MAC), role-based (RBAC), and attribute-based (ABAC) access control.
  • Apply RBAC principles to assign permissions based on job functions and evaluate how role hierarchies simplify access management in enterprise environments.
  • Analyze an access control scenario and determine which model (DAC, MAC, RBAC, ABAC) best satisfies the security requirements based on sensitivity classification and operational needs.

SSO and Federation

  • Explain single sign-on (SSO) and describe how it allows users to authenticate once and access multiple applications without re-entering credentials.
  • Describe federated identity protocols including SAML, OAuth 2.0, and OpenID Connect, and explain how they enable cross-organization authentication and authorization.

Privileged Access Management

  • Describe privileged access management (PAM) and explain how credential vaulting, session recording, and just-in-time access reduce the risk of administrative account compromise.
6 Incident Response and Compliance
5 topics

Incident Response Process

  • Describe the NIST incident response lifecycle phases: preparation, detection and analysis, containment, eradication, recovery, and post-incident activity.
  • Explain the importance of an incident response plan and describe key components including roles, communication procedures, escalation paths, and evidence preservation.
  • Describe digital forensics principles including chain of custody, evidence integrity, order of volatility, and the importance of creating forensic images before analysis.
  • Analyze a security incident scenario and determine the appropriate containment strategy (isolation, quarantine, null routing) based on the attack vector and business impact.

Risk Management

  • Define threat, vulnerability, risk, and asset, and explain how risk is calculated as the product of threat likelihood and impact.
  • Describe the four risk treatment options (accept, mitigate, transfer, avoid) and explain factors that influence which option is chosen for a given risk.
  • Compare qualitative and quantitative risk assessment methodologies and evaluate which approach is more appropriate for a given organizational context.

Security Governance and Frameworks

  • Describe major security frameworks and standards including NIST CSF, ISO 27001, CIS Controls, and COBIT, and explain their role in guiding organizational security programs.
  • Distinguish between policies, standards, procedures, and guidelines as elements of a security governance hierarchy, and explain how each contributes to consistent security practices.

Regulatory Compliance

  • Identify major regulatory frameworks including GDPR, HIPAA, PCI-DSS, and SOX, and describe the types of data and organizations each regulation governs.
  • Explain data classification levels (public, internal, confidential, restricted) and describe how classification drives the selection of protective controls and handling procedures.
  • Describe data privacy principles including consent, purpose limitation, data minimization, and the right to erasure, and explain how they apply under GDPR.

Business Continuity and Disaster Recovery

  • Define Recovery Time Objective (RTO), Recovery Point Objective (RPO), and Maximum Tolerable Downtime (MTD), and explain how they drive disaster recovery planning decisions.
  • Compare disaster recovery site types (hot, warm, cold) and evaluate the cost, recovery time, and data loss trade-offs of each.
  • Describe backup strategies including full, incremental, and differential backups, and explain the 3-2-1 backup rule for data protection.

Hands-On Labs

3 labs ~55 min total Console Simulator Code Sandbox

Practice in a simulated cloud console or Python code sandbox — no account needed. Each lab runs entirely in your browser.

Scope

Included Topics

  • Core security principles including the CIA triad (confidentiality, integrity, availability), defense in depth, least privilege, separation of duties, and AAA (authentication, authorization, accounting).
  • Common threats and vulnerabilities including malware types, social engineering, application vulnerabilities (injection, XSS, CSRF), and vulnerability assessment methodologies.
  • Cryptography basics including symmetric and asymmetric encryption, hashing, digital signatures, PKI, and certificate management.
  • Network security fundamentals including firewalls, IDS/IPS, VPNs, network segmentation, and wireless security protocols (WPA2, WPA3).
  • Identity and access management including authentication factors, MFA, RBAC, SSO, directory services, and privileged access management.
  • Incident response lifecycle, security governance, risk management frameworks, and regulatory compliance concepts (GDPR, HIPAA, PCI-DSS).

Not Covered

  • Hands-on penetration testing tool usage (Metasploit, Burp Suite, Nmap scripting engine) beyond conceptual awareness.
  • Detailed malware reverse engineering, binary analysis, and assembly language.
  • Advanced cryptanalysis, mathematical proofs of cipher security, and custom algorithm design.
  • Vendor-specific SIEM configuration, EDR product administration, and SOC platform operations.
  • Legal case law analysis and jurisdiction-specific regulatory interpretation beyond awareness-level.

Ready to master Cybersecurity Fundamentals?

Adaptive learning that maps your knowledge and closes your gaps.

Subscribe to Access