Chapter 1 Checkpoint
The foundations, all together. This mixed quiz pulls from every lesson in the chapter. Passing means you have the security engineer's core mental model — the lens the rest of the guide assumes on every page.
The quiz draws a random selection from a larger bank each attempt, so retaking gives you fresh questions. Aim to pass comfortably, not just barely — these five ideas recur in every remaining chapter. If a question stings, follow its revisit link back to the exact section.
What you should be able to do now
Before the quiz, a quick self-check. After Chapter 1 you should be able to:
- Name which CIA property a given incident violates — and explain why a control for one leg often doesn't protect the others.
- Distinguish threat, vulnerability, and risk, and use
Risk = Likelihood × Impactto explain why two systems with the same bug can have wildly different urgency. - Apply the attacker's mindset to an ordinary feature — generate the misuse cases, spot the path of least resistance, and assume breach.
- Locate the trust boundaries in a data flow and state the rule "never trust the client," with the server-side fix.
- Explain defense in depth and least privilege — why independent layers and minimal access turn a single failure into a contained incident rather than a breach.
If any of those feels shaky, revisit that lesson before continuing — Chapter 2 builds directly on this footing.
The checkpoint
Chapter 1: Security Foundations
Pass to unlock the Next button belowChapter 1 complete
With the foundations in place, every later chapter has something to attach to. You now have the vocabulary (CIA, threat/vuln/risk) and the principles (attacker's mindset, trust boundaries, depth, least privilege) that the rest of the guide treats as assumed knowledge.
→ On to Chapter 2: Cryptography — the first concrete toolkit, where these ideas become real primitives: encryption for confidentiality, hashing and signatures for integrity, and the cardinal rule never roll your own crypto.