| Security Concepts — CIA triad, AAA, malware types, social engineering, DoS/DDoS | chapter-5---security-fundamentals/security-concepts | | Access Control Lists — standard vs. extended, wildcard masks, implicit deny, VTY | chapter-5---security-fundamentals/access-control-lists | | Device Access and Passwords — enable secret vs. password, SSH 6-step sequence | chapter-5---security-fundamentals/device-access-and-passwords | | Layer 2 Security — port security violation modes, DHCP snooping, DAI, 802.1X | chapter-5---security-fundamentals/layer-2-security | | VPN Fundamentals — site-to-site vs. remote-access, IPsec (AH/ESP), GRE, SSL | chapter-5---security-fundamentals/vpn-fundamentals | | Security Best Practices — defense in depth, MFA, segmentation, least privilege | chapter-5---security-fundamentals/security-best-practices | | Security Threat Mitigation — attack-to-countermeasure mapping, WPA3, anti-spoof ACLs | chapter-5---security-fundamentals/security-threat-mitigation |

Priority: SSH config sequence + ACL wildcard masks + port security violation modes = simulation and MCQ core.

---