{ "faq_version": "1.0", "generated_date": "2026-04-25", "source_textbook": "Cybersecurity: Foundations, Practice, and Professional Responsibility", "total_questions": 90, "categories": [ "Getting Started", "Core Concepts", "Technical Detail", "Common Challenges", "Best Practices", "Advanced Topics" ], "questions": [ { "id": "faq-001", "category": "Getting Started", "question": "What is this course about?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Cybersecurity", "Information Security"], "keywords": ["course", "overview", "ABET", "CSEC2017", "defensible engineering"], "source_links": ["docs/course-description.md"], "has_example": false }, { "id": "faq-002", "category": "Getting Started", "question": "Who is this course for?", "bloom_level": "Remember", "difficulty": "easy", "concepts": [], "keywords": ["audience", "undergraduate", "prerequisites"], "source_links": ["docs/course-description.md"], "has_example": false }, { "id": "faq-003", "category": "Getting Started", "question": "What prerequisites do I need?", "bloom_level": "Remember", "difficulty": "easy", "concepts": [], "keywords": ["prerequisites", "programming", "discrete math", "operating systems"], "source_links": ["docs/course-description.md"], "has_example": false }, { "id": "faq-004", "category": "Getting Started", "question": "What will I be able to do after finishing this course?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Threat Modeling", "Cryptography"], "keywords": ["outcomes", "ABET", "capabilities", "Bloom's"], "source_links": ["docs/course-description.md", "docs/chapters/16-emerging-and-capstone/index.md"], "has_example": false }, { "id": "faq-005", "category": "Getting Started", "question": "How is the textbook organized?", "bloom_level": "Understand", "difficulty": "easy", "concepts": [], "keywords": ["chapters", "organization", "structure", "dependencies"], "source_links": ["docs/chapters/index.md"], "has_example": false }, { "id": "faq-006", "category": "Getting Started", "question": "How is this course aligned with ABET?", "bloom_level": "Understand", "difficulty": "easy", "concepts": [], "keywords": ["ABET", "CAC", "Student Outcomes", "accreditation"], "source_links": ["docs/course-description.md"], "has_example": false }, { "id": "faq-007", "category": "Getting Started", "question": "Do I need to be a strong programmer?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Secure Coding"], "keywords": ["programming", "code", "Python", "C", "secure coding"], "source_links": ["docs/chapters/05-software-vulnerabilities/index.md", "docs/chapters/06-software-assurance/index.md"], "has_example": false }, { "id": "faq-008", "category": "Getting Started", "question": "What knowledge areas does the course cover?", "bloom_level": "Remember", "difficulty": "easy", "concepts": [], "keywords": ["CSEC2017", "knowledge areas", "ABET CAC"], "source_links": ["docs/chapters/index.md"], "has_example": false }, { "id": "faq-009", "category": "Getting Started", "question": "How much time should I plan per chapter?", "bloom_level": "Understand", "difficulty": "easy", "concepts": [], "keywords": ["time", "planning", "study", "workload"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md", "docs/chapters/04-crypto-in-practice/index.md", "docs/chapters/05-software-vulnerabilities/index.md"], "has_example": false }, { "id": "faq-010", "category": "Getting Started", "question": "What are the capstone options?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Capstone Secure System", "Capstone Security Program", "Capstone Applied Research"], "keywords": ["capstone", "project", "team", "deliverables"], "source_links": ["docs/chapters/16-emerging-and-capstone/index.md", "docs/course-description.md"], "has_example": false }, { "id": "faq-011", "category": "Getting Started", "question": "Are there hands-on labs?", "bloom_level": "Understand", "difficulty": "easy", "concepts": [], "keywords": ["labs", "hands-on", "tools", "exercises"], "source_links": ["docs/chapters/06-software-assurance/index.md", "docs/chapters/11-cloud-and-ops-monitoring/index.md", "docs/chapters/15-security-operations/index.md"], "has_example": false }, { "id": "faq-012", "category": "Getting Started", "question": "Where do I find definitions of unfamiliar terms?", "bloom_level": "Remember", "difficulty": "easy", "concepts": [], "keywords": ["glossary", "terminology", "definitions"], "source_links": ["docs/glossary.md"], "has_example": false }, { "id": "faq-013", "category": "Core Concepts", "question": "What is the CIA triad?", "bloom_level": "Remember", "difficulty": "easy", "concepts": ["CIA Triad", "Confidentiality", "Integrity", "Availability", "AAA Framework"], "keywords": ["CIA", "confidentiality", "integrity", "availability"], "source_links": ["docs/chapters/01-security-foundations/index.md"], "has_example": false }, { "id": "faq-014", "category": "Core Concepts", "question": "What is adversarial thinking, and why does it matter?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Adversarial Thinking"], "keywords": ["adversarial", "mindset", "attacker", "habit"], "source_links": ["docs/chapters/01-security-foundations/index.md"], "has_example": true }, { "id": "faq-015", "category": "Core Concepts", "question": "What is defense in depth?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Defense in Depth"], "keywords": ["defense in depth", "layers", "controls"], "source_links": ["docs/chapters/01-security-foundations/index.md"], "has_example": true }, { "id": "faq-016", "category": "Core Concepts", "question": "What is least privilege?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Least Privilege"], "keywords": ["least privilege", "permissions", "blast radius"], "source_links": ["docs/chapters/10-system-security/index.md", "docs/chapters/11-cloud-and-ops-monitoring/index.md", "docs/chapters/12-human-security/index.md"], "has_example": true }, { "id": "faq-017", "category": "Core Concepts", "question": "What is a threat model?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Threat Modeling", "STRIDE", "PASTA", "Attack Trees"], "keywords": ["threat model", "STRIDE", "trust boundaries"], "source_links": ["docs/chapters/01-security-foundations/index.md"], "has_example": false }, { "id": "faq-018", "category": "Core Concepts", "question": "What is the difference between a threat, a vulnerability, and a risk?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Threat", "Vulnerability", "Risk"], "keywords": ["threat", "vulnerability", "risk", "likelihood", "impact"], "source_links": ["docs/chapters/02-threats-and-controls/index.md"], "has_example": true }, { "id": "faq-019", "category": "Core Concepts", "question": "What is the AAA framework?", "bloom_level": "Remember", "difficulty": "easy", "concepts": ["AAA Framework", "Authentication", "Authorization", "Accounting"], "keywords": ["AAA", "authentication", "authorization", "accounting", "RADIUS"], "source_links": ["docs/chapters/01-security-foundations/index.md", "docs/chapters/12-human-security/index.md"], "has_example": true }, { "id": "faq-020", "category": "Core Concepts", "question": "What is an attack surface?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Attack Surface"], "keywords": ["attack surface", "exposure", "ports", "endpoints"], "source_links": ["docs/chapters/02-threats-and-controls/index.md", "docs/chapters/05-software-vulnerabilities/index.md"], "has_example": false }, { "id": "faq-021", "category": "Core Concepts", "question": "What is the blast radius of an incident?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Blast Radius"], "keywords": ["blast radius", "containment", "scope", "incident"], "source_links": ["docs/chapters/02-threats-and-controls/index.md", "docs/chapters/15-security-operations/index.md"], "has_example": false }, { "id": "faq-022", "category": "Core Concepts", "question": "How do symmetric and asymmetric cryptography differ?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Symmetric Cryptography", "Asymmetric Cryptography", "TLS"], "keywords": ["symmetric", "asymmetric", "public key", "session key", "TLS"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md", "docs/chapters/04-crypto-in-practice/index.md"], "has_example": true }, { "id": "faq-023", "category": "Core Concepts", "question": "Why is hashing not the same as encryption?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Hash Function", "Encryption", "Password Hashing"], "keywords": ["hash", "encryption", "one-way", "password"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": true }, { "id": "faq-024", "category": "Core Concepts", "question": "What is a digital signature?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Digital Signature", "Asymmetric Cryptography", "Non-Repudiation"], "keywords": ["signature", "private key", "verify", "non-repudiation"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-025", "category": "Core Concepts", "question": "What does TLS actually protect, and what does it not?", "bloom_level": "Analyze", "difficulty": "medium", "concepts": ["TLS", "TLS Handshake", "Data in Transit"], "keywords": ["TLS", "transport security", "endpoint", "certificate"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": true }, { "id": "faq-026", "category": "Core Concepts", "question": "What is Zero Trust architecture?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Zero Trust Architecture", "Micro-Segmentation"], "keywords": ["Zero Trust", "perimeter", "explicit verification"], "source_links": ["docs/chapters/09-advanced-network-defense/index.md"], "has_example": false }, { "id": "faq-027", "category": "Core Concepts", "question": "What is the shared responsibility model in cloud security?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Shared Responsibility Model", "IaaS Security", "PaaS Security", "SaaS Security"], "keywords": ["shared responsibility", "cloud", "IaaS", "PaaS", "SaaS"], "source_links": ["docs/chapters/11-cloud-and-ops-monitoring/index.md"], "has_example": true }, { "id": "faq-028", "category": "Core Concepts", "question": "What is the difference between authentication and authorization?", "bloom_level": "Understand", "difficulty": "easy", "concepts": ["Authentication", "Authorization", "IAM System"], "keywords": ["authentication", "authorization", "identity", "permissions"], "source_links": ["docs/chapters/12-human-security/index.md"], "has_example": false }, { "id": "faq-029", "category": "Core Concepts", "question": "What is the PICERL incident response lifecycle?", "bloom_level": "Remember", "difficulty": "easy", "concepts": ["PICERL Lifecycle", "Incident Response"], "keywords": ["PICERL", "incident response", "phases"], "source_links": ["docs/chapters/15-security-operations/index.md"], "has_example": false }, { "id": "faq-030", "category": "Core Concepts", "question": "What does the NIST Cybersecurity Framework do?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["NIST CSF"], "keywords": ["NIST CSF", "Govern", "Identify", "Protect", "Detect", "Respond", "Recover"], "source_links": ["docs/chapters/13-organizational-security/index.md"], "has_example": false }, { "id": "faq-031", "category": "Core Concepts", "question": "What is the difference between IDS and IPS?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Intrusion Detection", "Intrusion Prevention", "Signature-Based Detection", "Anomaly-Based Detection"], "keywords": ["IDS", "IPS", "detect", "prevent", "in-line"], "source_links": ["docs/chapters/08-network-foundations/index.md"], "has_example": false }, { "id": "faq-032", "category": "Core Concepts", "question": "What is a CVE, and what is CVSS?", "bloom_level": "Remember", "difficulty": "easy", "concepts": ["CVE", "CVSS"], "keywords": ["CVE", "CVSS", "vulnerability", "scoring"], "source_links": ["docs/chapters/02-threats-and-controls/index.md", "docs/chapters/15-security-operations/index.md"], "has_example": true }, { "id": "faq-033", "category": "Core Concepts", "question": "What are the OWASP Top Ten and the CWE Top 25?", "bloom_level": "Remember", "difficulty": "easy", "concepts": ["OWASP Top Ten", "CWE Top 25"], "keywords": ["OWASP", "CWE", "vulnerabilities", "weaknesses"], "source_links": ["docs/chapters/05-software-vulnerabilities/index.md"], "has_example": false }, { "id": "faq-034", "category": "Core Concepts", "question": "What is MITRE ATT&CK, and how is it used?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["MITRE ATT&CK", "TTP"], "keywords": ["MITRE", "ATT&CK", "TTPs", "tactics", "techniques"], "source_links": ["docs/chapters/15-security-operations/index.md"], "has_example": false }, { "id": "faq-035", "category": "Core Concepts", "question": "What is a kill chain?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Kill Chain", "Cyber Kill Chain", "Diamond Model"], "keywords": ["kill chain", "phases", "Lockheed", "Diamond"], "source_links": ["docs/chapters/02-threats-and-controls/index.md", "docs/chapters/15-security-operations/index.md"], "has_example": false }, { "id": "faq-036", "category": "Core Concepts", "question": "What does \"fail secure by default\" mean?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Fail Secure Default", "Open Design Principle", "Complete Mediation", "Economy of Mechanism"], "keywords": ["fail secure", "fail open", "default", "Saltzer Schroeder"], "source_links": ["docs/chapters/01-security-foundations/index.md"], "has_example": true }, { "id": "faq-037", "category": "Technical Detail", "question": "What is the difference between AES-CBC and AES-GCM?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["AES", "CBC Mode", "GCM Mode", "Block Cipher Modes"], "keywords": ["AES", "CBC", "GCM", "AEAD", "modes"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": false }, { "id": "faq-038", "category": "Technical Detail", "question": "What is an initialization vector, and why must it be unpredictable?", "bloom_level": "Understand", "difficulty": "hard", "concepts": ["Initialization Vector", "CBC Mode", "GCM Mode"], "keywords": ["IV", "nonce", "unpredictable", "reuse"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": true }, { "id": "faq-039", "category": "Technical Detail", "question": "What is HMAC, and when do I need it?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["HMAC", "Message Authentication Code"], "keywords": ["HMAC", "MAC", "integrity", "webhook", "tag"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": true }, { "id": "faq-040", "category": "Technical Detail", "question": "What is RSA, and when is it appropriate?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["RSA", "Asymmetric Cryptography", "PKI"], "keywords": ["RSA", "factoring", "hybrid encryption", "key size"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-041", "category": "Technical Detail", "question": "Why is elliptic curve cryptography preferred over RSA today?", "bloom_level": "Analyze", "difficulty": "medium", "concepts": ["Elliptic Curve Cryptography", "RSA"], "keywords": ["ECC", "RSA", "key size", "performance", "TLS 1.3"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": true }, { "id": "faq-042", "category": "Technical Detail", "question": "What is Diffie-Hellman key exchange?", "bloom_level": "Understand", "difficulty": "hard", "concepts": ["Diffie-Hellman", "Key Exchange", "Perfect Forward Secrecy"], "keywords": ["Diffie-Hellman", "ECDHE", "shared secret", "ephemeral"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-043", "category": "Technical Detail", "question": "What is perfect forward secrecy?", "bloom_level": "Understand", "difficulty": "hard", "concepts": ["Perfect Forward Secrecy", "TLS"], "keywords": ["PFS", "forward secrecy", "ephemeral", "TLS 1.3"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-044", "category": "Technical Detail", "question": "What is X.509, and how do certificate chains work?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["X.509 Certificate", "Certificate Chain", "Certificate Authority", "PKI"], "keywords": ["X.509", "certificate chain", "CA", "root", "intermediate"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-045", "category": "Technical Detail", "question": "What is OCSP, and what problem does it solve?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["OCSP", "Certificate Revocation"], "keywords": ["OCSP", "stapling", "revocation", "TLS"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-046", "category": "Technical Detail", "question": "What is the difference between SHA-2 and SHA-3?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["SHA-2", "SHA-3", "MD5", "Hash Function"], "keywords": ["SHA-2", "SHA-3", "Keccak", "Merkle-Damgard", "sponge"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": false }, { "id": "faq-047", "category": "Technical Detail", "question": "What is bcrypt or Argon2, and when do I use them?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["Bcrypt", "Argon2", "Password Hashing", "Salting"], "keywords": ["bcrypt", "Argon2", "password", "memory-hard", "salt"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": true }, { "id": "faq-048", "category": "Technical Detail", "question": "What is the difference between DAC, MAC, RBAC, and ABAC?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["DAC", "MAC", "RBAC", "ABAC", "Access Control"], "keywords": ["DAC", "MAC", "RBAC", "ABAC", "access control"], "source_links": ["docs/chapters/10-system-security/index.md"], "has_example": true }, { "id": "faq-049", "category": "Technical Detail", "question": "What is ASLR, and why does it matter?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["ASLR", "DEP", "Stack Canary", "Memory Protection"], "keywords": ["ASLR", "address space", "randomization", "memory defense"], "source_links": ["docs/chapters/10-system-security/index.md"], "has_example": false }, { "id": "faq-050", "category": "Technical Detail", "question": "What are stack canaries?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Stack Canary", "Buffer Overflow", "Stack Overflow"], "keywords": ["stack canary", "buffer overflow", "return address"], "source_links": ["docs/chapters/10-system-security/index.md"], "has_example": false }, { "id": "faq-051", "category": "Technical Detail", "question": "What is DEP / NX-bit?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["DEP", "Memory Protection"], "keywords": ["DEP", "NX", "no execute", "ROP"], "source_links": ["docs/chapters/10-system-security/index.md"], "has_example": false }, { "id": "faq-052", "category": "Technical Detail", "question": "What is OAuth 2.0 versus OIDC versus SAML?", "bloom_level": "Analyze", "difficulty": "hard", "concepts": ["OAuth 2.0", "OIDC", "SAML", "Federated Identity", "Single Sign-On"], "keywords": ["OAuth", "OIDC", "SAML", "SSO", "federation"], "source_links": ["docs/chapters/12-human-security/index.md"], "has_example": true }, { "id": "faq-053", "category": "Technical Detail", "question": "What is FIDO2, and what is a passkey?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["FIDO2", "Passkey", "Multi-Factor Authentication", "Biometric Authentication"], "keywords": ["FIDO2", "passkey", "WebAuthn", "phishing-resistant"], "source_links": ["docs/chapters/12-human-security/index.md"], "has_example": false }, { "id": "faq-054", "category": "Technical Detail", "question": "What is DNSSEC, and what does it protect?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["DNSSEC", "DNS Security"], "keywords": ["DNSSEC", "DNS", "spoofing", "cache poisoning"], "source_links": ["docs/chapters/09-advanced-network-defense/index.md"], "has_example": false }, { "id": "faq-055", "category": "Technical Detail", "question": "What is BGP, and what is RPKI?", "bloom_level": "Understand", "difficulty": "hard", "concepts": ["BGP Security", "RPKI"], "keywords": ["BGP", "RPKI", "route hijack", "AS"], "source_links": ["docs/chapters/09-advanced-network-defense/index.md"], "has_example": false }, { "id": "faq-056", "category": "Technical Detail", "question": "What is a TPM, and what is an HSM?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Trusted Platform Module", "Hardware Security Module", "Measured Boot"], "keywords": ["TPM", "HSM", "attestation", "key storage"], "source_links": ["docs/chapters/07-component-security/index.md"], "has_example": false }, { "id": "faq-057", "category": "Common Challenges", "question": "Why is ECB mode a footgun?", "bloom_level": "Analyze", "difficulty": "medium", "concepts": ["ECB Mode", "Block Cipher Modes", "AES"], "keywords": ["ECB", "footgun", "penguin", "patterns"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": true }, { "id": "faq-058", "category": "Common Challenges", "question": "What's wrong with hardcoding keys in source code?", "bloom_level": "Apply", "difficulty": "easy", "concepts": ["Key Management", "Secure Coding"], "keywords": ["hardcoded keys", "secrets management", "Vault", "KMS"], "source_links": ["docs/chapters/06-software-assurance/index.md"], "has_example": false }, { "id": "faq-059", "category": "Common Challenges", "question": "Why are mocked tests dangerous for security paths?", "bloom_level": "Analyze", "difficulty": "medium", "concepts": ["Static Analysis", "Dynamic Analysis", "Secure SDLC"], "keywords": ["mocked tests", "integration tests", "regression"], "source_links": ["docs/chapters/06-software-assurance/index.md"], "has_example": false }, { "id": "faq-060", "category": "Common Challenges", "question": "What makes SQL injection so common, and how do I prevent it?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["SQL Injection", "Injection Attack", "Parameterized Query", "Input Validation"], "keywords": ["SQL injection", "parameterized query", "ORM", "string concatenation"], "source_links": ["docs/chapters/05-software-vulnerabilities/index.md"], "has_example": true }, { "id": "faq-061", "category": "Common Challenges", "question": "What makes XSS hard to fully eradicate?", "bloom_level": "Analyze", "difficulty": "medium", "concepts": ["Cross-Site Scripting", "Stored XSS", "Reflected XSS", "DOM-Based XSS", "Output Encoding"], "keywords": ["XSS", "output encoding", "CSP", "context"], "source_links": ["docs/chapters/05-software-vulnerabilities/index.md"], "has_example": false }, { "id": "faq-062", "category": "Common Challenges", "question": "How do I avoid race conditions (TOCTOU) in security checks?", "bloom_level": "Apply", "difficulty": "hard", "concepts": ["TOCTOU", "Race Condition"], "keywords": ["TOCTOU", "race condition", "atomic", "openat"], "source_links": ["docs/chapters/05-software-vulnerabilities/index.md"], "has_example": true }, { "id": "faq-063", "category": "Common Challenges", "question": "Why does input validation alone not stop injection?", "bloom_level": "Analyze", "difficulty": "medium", "concepts": ["Input Validation", "Injection Attack", "Parameterized Query"], "keywords": ["input validation", "layer confusion", "injection", "boundary"], "source_links": ["docs/chapters/05-software-vulnerabilities/index.md"], "has_example": false }, { "id": "faq-064", "category": "Common Challenges", "question": "What's the most common mistake in cryptographic code?", "bloom_level": "Analyze", "difficulty": "medium", "concepts": ["Cryptography", "Initialization Vector", "GCM Mode", "Password Hashing"], "keywords": ["crypto mistakes", "wrong primitive", "nonce reuse", "high-level library"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": false }, { "id": "faq-065", "category": "Common Challenges", "question": "How do I handle key rotation without breaking production?", "bloom_level": "Apply", "difficulty": "hard", "concepts": ["Key Rotation", "Key Management"], "keywords": ["key rotation", "versioned keys", "key id"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-066", "category": "Common Challenges", "question": "Why do MFA SMS codes count as a weak factor?", "bloom_level": "Understand", "difficulty": "medium", "concepts": ["Multi-Factor Authentication", "FIDO2", "Passkey"], "keywords": ["SMS", "MFA", "SIM swap", "TOTP"], "source_links": ["docs/chapters/12-human-security/index.md"], "has_example": false }, { "id": "faq-067", "category": "Common Challenges", "question": "Why do social engineering attacks succeed against trained employees?", "bloom_level": "Analyze", "difficulty": "medium", "concepts": ["Social Engineering", "Phishing", "Spear Phishing", "Usable Security"], "keywords": ["social engineering", "training", "workflow", "phishing-resistant"], "source_links": ["docs/chapters/12-human-security/index.md"], "has_example": false }, { "id": "faq-068", "category": "Common Challenges", "question": "How do I tell whether a control is preventive, detective, corrective, or compensating?", "bloom_level": "Apply", "difficulty": "easy", "concepts": ["Preventive Control", "Detective Control", "Corrective Control", "Compensating Control"], "keywords": ["controls", "preventive", "detective", "compensating"], "source_links": ["docs/chapters/02-threats-and-controls/index.md"], "has_example": true }, { "id": "faq-069", "category": "Best Practices", "question": "What's the right way to encrypt application data at rest?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["Data at Rest", "GCM Mode", "Key Management", "Database Encryption"], "keywords": ["data at rest", "AEAD", "KMS", "TDE"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-070", "category": "Best Practices", "question": "How should I store user passwords?", "bloom_level": "Apply", "difficulty": "easy", "concepts": ["Password Hashing", "Bcrypt", "Argon2", "Salting"], "keywords": ["password storage", "bcrypt", "Argon2id", "cost factor"], "source_links": ["docs/chapters/03-crypto-fundamentals/index.md"], "has_example": false }, { "id": "faq-071", "category": "Best Practices", "question": "How do I configure TLS correctly on a web server?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["TLS", "HTTPS", "TLS Handshake", "OCSP"], "keywords": ["TLS 1.3", "HSTS", "OCSP stapling", "configuration"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": false }, { "id": "faq-072", "category": "Best Practices", "question": "How do I set up MFA the right way?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["Multi-Factor Authentication", "FIDO2", "Passkey"], "keywords": ["MFA", "passkey", "phishing-resistant", "step-up"], "source_links": ["docs/chapters/12-human-security/index.md"], "has_example": false }, { "id": "faq-073", "category": "Best Practices", "question": "How do I write a useful runbook?", "bloom_level": "Create", "difficulty": "medium", "concepts": ["Runbook", "Incident Response Plan"], "keywords": ["runbook", "playbook", "procedures", "on-call"], "source_links": ["docs/chapters/15-security-operations/index.md"], "has_example": false }, { "id": "faq-074", "category": "Best Practices", "question": "When should I accept, transfer, mitigate, or avoid a risk?", "bloom_level": "Evaluate", "difficulty": "medium", "concepts": ["Risk Mitigation", "Risk Transfer", "Risk Acceptance", "Risk Avoidance", "Risk Register"], "keywords": ["risk treatment", "accept", "transfer", "mitigate", "avoid"], "source_links": ["docs/chapters/13-organizational-security/index.md"], "has_example": false }, { "id": "faq-075", "category": "Best Practices", "question": "How do I write an effective threat model?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["Threat Modeling", "STRIDE", "Trust Boundary"], "keywords": ["threat model", "STRIDE", "scope", "data flow"], "source_links": ["docs/chapters/01-security-foundations/index.md"], "has_example": false }, { "id": "faq-076", "category": "Best Practices", "question": "How do I choose between RBAC and ABAC?", "bloom_level": "Evaluate", "difficulty": "medium", "concepts": ["RBAC", "ABAC", "Access Control"], "keywords": ["RBAC", "ABAC", "policy", "context"], "source_links": ["docs/chapters/10-system-security/index.md"], "has_example": true }, { "id": "faq-077", "category": "Best Practices", "question": "What does a defensible incident response plan look like?", "bloom_level": "Evaluate", "difficulty": "medium", "concepts": ["Incident Response Plan", "PICERL Lifecycle", "Tabletop Exercise"], "keywords": ["IR plan", "PICERL", "tabletop", "blameless postmortem"], "source_links": ["docs/chapters/15-security-operations/index.md"], "has_example": false }, { "id": "faq-078", "category": "Best Practices", "question": "How do I measure security program effectiveness?", "bloom_level": "Evaluate", "difficulty": "hard", "concepts": ["Security Metrics", "Security Program Mgmt", "NIST CSF"], "keywords": ["security metrics", "KPIs", "outcomes", "MTTR"], "source_links": ["docs/chapters/13-organizational-security/index.md"], "has_example": false }, { "id": "faq-079", "category": "Best Practices", "question": "How should I handle a third-party security questionnaire?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["Vendor Risk Management", "Third-Party Risk", "SOC 2"], "keywords": ["vendor risk", "questionnaire", "trust portal"], "source_links": ["docs/chapters/13-organizational-security/index.md"], "has_example": false }, { "id": "faq-080", "category": "Best Practices", "question": "What does responsible disclosure look like in practice?", "bloom_level": "Apply", "difficulty": "medium", "concepts": ["Responsible Disclosure", "Bug Bounty Program", "Cyber Ethics"], "keywords": ["responsible disclosure", "PSIRT", "CVE", "bug bounty"], "source_links": ["docs/chapters/14-societal-security/index.md"], "has_example": false }, { "id": "faq-081", "category": "Advanced Topics", "question": "What is post-quantum cryptography, and when should organizations migrate?", "bloom_level": "Evaluate", "difficulty": "hard", "concepts": ["Post-Quantum Cryptography", "Lattice-Based Crypto", "Quantum Threat"], "keywords": ["PQC", "Kyber", "Dilithium", "harvest-now-decrypt-later"], "source_links": ["docs/chapters/16-emerging-and-capstone/index.md"], "has_example": false }, { "id": "faq-082", "category": "Advanced Topics", "question": "What is confidential computing?", "bloom_level": "Understand", "difficulty": "hard", "concepts": ["Confidential Computing", "Trusted Execution Env", "Secure Enclave"], "keywords": ["confidential computing", "TEE", "SGX", "Nitro Enclaves"], "source_links": ["docs/chapters/16-emerging-and-capstone/index.md"], "has_example": false }, { "id": "faq-083", "category": "Advanced Topics", "question": "How do I defend an LLM application against prompt injection?", "bloom_level": "Create", "difficulty": "hard", "concepts": ["Prompt Injection", "AI Security", "Adversarial ML"], "keywords": ["prompt injection", "LLM", "tool use", "guardrails"], "source_links": ["docs/chapters/16-emerging-and-capstone/index.md"], "has_example": false }, { "id": "faq-084", "category": "Advanced Topics", "question": "What is adversarial machine learning?", "bloom_level": "Analyze", "difficulty": "hard", "concepts": ["Adversarial ML", "AI Security", "Model Evasion", "Data Poisoning", "Model Theft"], "keywords": ["adversarial ML", "evasion", "poisoning", "extraction"], "source_links": ["docs/chapters/16-emerging-and-capstone/index.md"], "has_example": false }, { "id": "faq-085", "category": "Advanced Topics", "question": "What is differential privacy?", "bloom_level": "Understand", "difficulty": "hard", "concepts": ["Differential Privacy", "Privacy Engineering"], "keywords": ["differential privacy", "noise", "epsilon", "privacy budget"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": true }, { "id": "faq-086", "category": "Advanced Topics", "question": "What is a zero-knowledge proof?", "bloom_level": "Understand", "difficulty": "hard", "concepts": ["Zero-Knowledge Proof", "Secure Computation"], "keywords": ["ZKP", "zk-SNARK", "zk-STARK", "prover", "verifier"], "source_links": ["docs/chapters/04-crypto-in-practice/index.md"], "has_example": true }, { "id": "faq-087", "category": "Advanced Topics", "question": "How does OT/ICS security differ from IT security?", "bloom_level": "Analyze", "difficulty": "hard", "concepts": ["OT Security", "ICS Security", "SCADA Security", "Operational Technology", "Critical Infrastructure"], "keywords": ["OT", "ICS", "SCADA", "availability", "physical"], "source_links": ["docs/chapters/16-emerging-and-capstone/index.md"], "has_example": true }, { "id": "faq-088", "category": "Advanced Topics", "question": "How do I design a Zero Trust architecture for a multi-cloud environment?", "bloom_level": "Create", "difficulty": "hard", "concepts": ["Zero Trust Architecture", "Micro-Segmentation", "Cloud IAM", "Federated Identity"], "keywords": ["Zero Trust", "multi-cloud", "identity", "micro-segmentation"], "source_links": ["docs/chapters/09-advanced-network-defense/index.md", "docs/chapters/11-cloud-and-ops-monitoring/index.md"], "has_example": false }, { "id": "faq-089", "category": "Advanced Topics", "question": "How do I evaluate a vendor's SOC 2 Type II report?", "bloom_level": "Evaluate", "difficulty": "hard", "concepts": ["SOC 2", "Vendor Risk Management", "Security Audit"], "keywords": ["SOC 2", "Type II", "Trust Services", "exceptions"], "source_links": ["docs/chapters/13-organizational-security/index.md"], "has_example": false }, { "id": "faq-090", "category": "Advanced Topics", "question": "How do I plan a red-team or purple-team engagement?", "bloom_level": "Create", "difficulty": "hard", "concepts": ["Red Team", "Blue Team", "Purple Team", "Penetration Testing", "MITRE ATT&CK"], "keywords": ["red team", "purple team", "rules of engagement", "scope"], "source_links": ["docs/chapters/15-security-operations/index.md"], "has_example": false } ] }