Tech+ · Week 5 · Applied Labs

Security Fundamentals

Labs

Five hands-on labs with instant feedback. Work in order or jump around — activities can be retried until you crack them. Nothing is saved when the page closes, so finish a lab in one sitting.

Lab 1 · Phishing Triage

Objective: recognize social engineering and phishing clues, then choose safer next steps.

Lab complete
ScenarioCharlie receives three messages. For each one: tap the underlined phrases you think are clues, check your flags, then deliver a verdict — safe, suspicious, or dangerous.

AMessage A

Tap every phrase that looks like a red flag. Careful — one underlined phrase is harmless.

From: Account Services <no-reply@school-login-reset.example.ru>
Subject: URGENT: account deletion
Your school account will be deleted in 1 hour. Click http://school-login-reset.example.ru and enter your password to keep access.

Verdict for Message A

BMessage B

Tap every phrase that looks like a red flag. One underlined phrase is a distraction.

From: Parcel Alerts <status@pkg-delivery-alerts.example.com>
Subject: Delivery attempt failed
We attempted delivery today at 2:14 PM. Your package delivery failed. Open the attached file to reschedule.
📎 reschedule_form.zip

Verdict for Message B

CMessage C

Different job this time: tap the green flags — the evidence that this message is legitimate. One underlined phrase proves nothing.

From: Mrs. Johnson <mjohnson@yourschool.edu>
Subject: Study guide for Friday
Hi Charlie — here is the study guide I mentioned in class: docs.yourschool.edu/share/study-guide

Verdict for Message C

Debrief

1. For the most dangerous message, what should the user do instead of clicking?

2. A family member asks why phishing works on smart people. Which explanation nails it?

Lab 2 · Secure the Laptop

Objective: apply device security best practices to a realistic laptop setup.

Lab complete
ScenarioA student uses a laptop for school files, email, web browsing, and online accounts — and sometimes takes it to coffee shops. You are the technician setting it up.

1Build the checklist

Select every action that belongs on a security checklist — and leave the bad habits behind. Then check your picks.

2Name the defense

Every protection has a category. Tap a card, then tap the category it belongs to. Cards in a bin can be tapped to send them back.

Authentication
Anti-malware & firewall
Updating
Physical security
Least privilege

3What comes first?

You only have five minutes with this laptop today. Pick the two actions you would do first, then compare with how working technicians usually call it. (There is no single right answer — the reasoning is the point.)

Debrief

1. Why is using a standard account safer than using an administrator account all day?

2. Why are updates and patches part of security?

3. Which of these is a physical security risk for a laptop?

Lab 3 · Source Detective

Objective: choose safer software sources and recognize licensing and security risks.

Lab complete
ScenarioA user needs a printer driver, a PDF reader, and a screen recorder. For each one, pick the safest source. Wrong picks are not wasted — each one tells you exactly why it is risky.

1Printer driver

2PDF reader

3Screen recorder

Debrief

1. What is the security risk of pirated or cracked software?

2. What is the difference between open-source and proprietary software?

Lab 4 · Encryption Map

Objective: distinguish plaintext, ciphertext, data at rest, and data in transit.

Lab complete
ScenarioOne laptop, one busy afternoon: it stores a report, sends a password to a website, backs files up to the cloud, and browses on public Wi-Fi. Map where each piece of data lives — then armor it.

1Resting or moving?

Tap a card, then tap the state it belongs to. Stored data is at rest; data crossing a network is in transit.

🗃 At rest — stored data
🛰 In transit — moving data

2Armor each item

Now match each situation to the protection that fits it. Each protection takes exactly one card.

Full-disk / file encryption
HTTPS (TLS)
Cloud storage encryption + strong sign-in
VPN tunnel

Debrief

1. Plaintext vs. ciphertext — which statement gets it right?

2. Which of these is encryption in transit?

Lab 5 · Wireless Plan

Objective: choose safer settings for a home or small office wireless network.

Lab complete
ScenarioA family just plugged in a brand-new router. Network name: Router_1234. Admin password: admin. Security: none. You have the admin console — lock it down, then run the security check. (Demo only — nothing here touches a real router.)

1Router admin console

ACMENET AC-1200 · Admin Console Secured
Signs in to these router settings. Factory default: admin.
Broadcast to everyone in range — keep names and addresses out of it.
Invent a fresh example — never type a password you actually use.
Firmware
Version 1.0.2 · last checked: never
Guest network

Debrief

1. Why must the default admin password be changed?

2. Why is open Wi-Fi risky?

3. What is the difference between the SSID and the Wi-Fi password?

✓ Clearance granted

All five labs complete. You triaged phishing, hardened a laptop, vetted software sources, mapped encryption, and locked down a wireless network — the full Week 5 security toolkit, applied.