This is the Security learning track.

  • What is a proxy? Why might that be important for security?
  • What does IAM mean?
  • What is the difference between a public and a private key?
  • What is OAuth?
  • What is JWT?
  • What is /etc/shadow?
  • What is X-Frame-Options doing?
  • What is HTTP Strict Transport Security?
  • What is KMS/Vault?
  • What is TLS/SSL?
  • What is Cross Site Scripting?
  • How does CORS work?
  • How do you tunnel a port using SSH?
  • What is HTTP Basic Auth and how does it work? (is the login information encrypted?)
  • What is the difference between symmetric and asymmetric encryption?
  • How would you supply database credentials to a service? How would you store that information?
  • What does “encryption at rest” mean?
  • What is Two/Multi Factor Authentication?
  • What is a bastion host?
  • What does DoS/Denial of Service mean?
  • How do you allow a person to log into a system via SSH?
  • What does SSO/Single Sign-On mean?
  • What is chmod/chown used for?
  • What do you do if you see failing SSH login attempts? (john, lisa, admin, root, …)
  • What do you do if you see suspicious HTTP requests? (/admin/login.php, /logs/, …)