Free resource. No signup needed. Disclosure
COMPTIA ITF+
Lesson 9
Security Fundamentals
Lesson 9: Security Fundamentals
Learn the security basics every IT role needs: CIA triad, authentication, malware, encryption, patching, and how to think in threats → controls.
CIA = Confidentiality, Integrity, Availability
MFA reduces stolen-password risk
Encryption protects data at rest & in transit
Patching closes known vulnerabilities
Backups help you recover (ransomware)
1) The CIA Triad (the core security goals)
- Confidentiality: Only authorized people can access the data (privacy).
- Integrity: Data is accurate and hasn’t been changed improperly.
- Availability: Systems/data are accessible when needed (uptime).
Quick example: A bank app needs confidentiality (protect accounts), integrity (correct balances),
and availability (customers can log in).
2) Authentication vs Authorization
- Authentication = proving who you are (login).
- Authorization = what you’re allowed to do (permissions).
Example
Login = authentication
Admin dashboard access = authorization
Login = authentication
Admin dashboard access = authorization
3) Common threats
- Phishing: tricking users into revealing credentials or running malware.
- Malware: harmful software (virus, worm, trojan, ransomware, spyware).
- Credential attacks: password spraying, brute force, stolen passwords.
- Unpatched systems: attackers exploit known weaknesses.
- Misconfiguration: overly open permissions, default passwords, exposed services.
4) Controls (how we reduce risk)
Preventive controls
- MFA, strong passwords, least privilege
- Firewalls, secure configuration, patching
- Encryption
Detective controls
- Logging & monitoring
- Antivirus/EDR alerts
- Intrusion detection systems
Recovery controls
- Backups (3-2-1 rule)
- Disaster recovery plan
- Incident response steps
5) Encryption (at rest vs in transit)
- At rest: protects stored data (disk encryption, encrypted database fields).
- In transit: protects data moving across networks (TLS/HTTPS).
6) Patching and updates
Patches fix known vulnerabilities. Attackers often exploit old, unpatched software because it’s the easiest path. A simple update policy prevents a huge percentage of real-world incidents.
ITF+ mindset: Security is about reducing risk. You don’t need perfection — you need strong habits:
update, back up, verify links, least privilege, and log what matters.
🧠 Advanced Quiz
10 questions. Score ≥ 75% to unlock the next lesson button.
0/10 answered
Pass: 75%
Saved: —
Question 1
Which part of the CIA triad is most directly impacted by a denial-of-service attack?
Correct: B. DoS attacks aim to make a service unavailable to real users.
Question 2
What is the difference between authentication and authorization?
Correct: A. Login = authentication; access rights = authorization.
Question 3
Select ALL examples of malware.
Correct: A, C, D. Malware includes ransomware, trojans, spyware, worms, and more.
Question 4
Which is the BEST example of a preventive control?
Correct: C. Patching prevents known vulnerabilities from being exploited.
Question 5
What does HTTPS primarily protect?
Correct: B. HTTPS uses TLS encryption to protect data in transit.
Question 6
Select ALL good defenses against phishing.
Correct: A, B, C. Better habits + MFA + training reduce phishing impact.
Question 7
Which best describes least privilege?
Correct: D. Least privilege limits damage if an account is compromised.
Question 8
Which is a strong example of a detective control?
Correct: A. Monitoring and alerts detect suspicious events as they happen.
Question 9
Select ALL that help protect confidentiality.
Correct: B, D. Encryption + access control are core confidentiality tools.
Question 10
Why are backups critical in a ransomware scenario?
Correct: C. Backups are a recovery control — they restore availability/integrity after an attack.
Status: Answer all questions, then click Submit.
Multi-select questions require selecting all correct and only correct options to get credit.
Progress is saved on this device only (localStorage).
Next Lesson
Score ≥ 75% to unlock.