AP Cybersecurity Unit 2 Lesson 2 Exercise 2

Unit 2 • 2.2 • Exercise 2

Exercise 2 — Layered Security Architecture Design

3 parts, 24 points — Design defense-in-depth for Ironclad Distribution Center

Score: 0 / 24Complete all 3 parts
Client Organization
Ironclad Distribution Center

Ironclad operates a 24/7 distribution center shipping 50,000 packages daily. The facility uses an inventory management system, automated conveyor controls, barcode scanners, and a shipping label network. A recent ransomware attack shut down operations for 36 hours, costing $2.1 million. The CEO demands a defense-in-depth overhaul.

Part 1
Scenario: Mapping the Attack Chain
The ransomware attack followed this chain: (1) Phishing email reached a warehouse supervisor’s inbox. (2) The supervisor clicked a link and entered credentials on a fake login page. (3) The attacker used stolen credentials to VPN into the network. (4) From the VPN, the attacker moved laterally to the inventory server (no segmentation). (5) Ransomware was deployed, encrypting inventory data and halting conveyor operations.
8 points
1a. For each step in the attack chain, identify one defense-in-depth layer that could have stopped it. Name the layer and explain how it would have disrupted that specific step.
Key terms: email filter, training, MFA, segmentation, endpoint, backup, IDS, privilege, network, detect, block, contain, recover
Model Response: Step 1: Email gateway filter with anti-phishing ML detection — would have blocked the phishing email before it reached the supervisor. Step 2: Security awareness training — would have taught the supervisor to recognize the fake login page and not enter credentials. Step 3: MFA on VPN — even with stolen password, the attacker could not log in without the second factor. Step 4: Network segmentation (VLANs) — would have prevented the attacker from moving from the VPN landing zone to the inventory server. Step 5: Endpoint detection + offline backups — EDR could have detected ransomware behavior; offline backups would enable recovery without paying ransom.
Part 2
Scenario: Budget Prioritization
Ironclad has a $150,000 security budget for the first year. The options: (A) MFA implementation: $20K, (B) Network segmentation: $45K, (C) Employee security training program: $15K, (D) Endpoint detection and response (EDR): $35K, (E) Offsite backup system: $25K, (F) Next-gen firewall upgrade: $50K.
8 points
2a. Select the best combination of layers that fits within the $150K budget and provides maximum defense-in-depth coverage. Justify your selections.
Key terms: MFA, segmentation, training, EDR, backup, firewall, layer, diverse, independent, cost, coverage, gap, attack chain
2b. Explain why your selection provides better defense-in-depth than spending the entire $150K on the most expensive single option.
Key terms: single point of failure, diverse, multiple, layers, bypass, redundant, different, types, compensate, catch
Model Response: Selected: MFA ($20K) + Segmentation ($45K) + Training ($15K) + EDR ($35K) + Backup ($25K) = $140K, leaving $10K reserve. This covers 5 of 5 attack chain steps from Part 1. Dropping the NGFW is justified because Ironclad already has a firewall; the other 5 layers fill gaps that the existing firewall cannot address.

Five diverse layers outperform one expensive device because no single control protects against every attack vector. An NGFW alone would not have prevented the credential theft (training gap), would not have required MFA, would not have segmented the network, and would not have provided backup recovery. Multiple independent layers ensure that the failure of any one does not leave the entire organization exposed.
Part 3
Scenario: Measuring Effectiveness
Six months after deploying the new layers, Ironclad’s SOC reports: (1) Email filter blocked 4,200 phishing attempts, (2) MFA prevented 12 unauthorized login attempts using stolen credentials, (3) Network segmentation contained a malware outbreak to 3 devices instead of the full network, (4) EDR detected and quarantined ransomware on 2 workstations before it could spread.
8 points
3a. For each of the four data points, explain which defense-in-depth layer produced the result and what would have happened without it.
Key terms: email filter, MFA, segmentation, EDR, without, breach, compromise, spread, entire, network, encrypt, access, prevent
Model Response: (1) Email filter layer: blocked 4,200 phishing emails. Without it, some would have reached employees, potentially leading to credential theft. (2) MFA layer: stopped 12 login attempts with valid stolen passwords. Without MFA, those 12 accounts would have been compromised. (3) Segmentation layer: contained malware to 3 devices. Without segmentation, the malware could have spread to every device on the flat network (potentially hundreds). (4) EDR layer: caught ransomware on 2 workstations before encryption. Without EDR, the ransomware could have encrypted those workstations and potentially spread further before detection. Each layer independently prevented incidents that other layers missed, proving the value of the defense-in-depth strategy.
Total Points
Lab 2.2 →Course Hub
AP Cybersecurity 2.2 Exercise 2 | APCSExamPrep.com | Built by Tanner Crow, AP CS Teacher (11+ years)
AP® is a registered trademark of the College Board, which was not involved in the production of this content.
AP Cybersecurity · Unit 2 · Lesson 2.2 · Exercise 2
LessonExercise 1Exercise 2Quiz

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]