AP Cybersecurity Unit 2 Lesson 3 Exercise 2
Unit 2 • 2.3 • Exercise 2
Exercise 2 — Physical Security Design for Schools
3 parts, 24 points — Design physical security upgrades for Sycamore School District
Score: 0 / 24Complete all 3 parts
Client Organization
Sycamore School District
Sycamore School District’s 8 schools have inconsistent physical security. Some buildings have badge-controlled entrances while others use only mechanical locks. The server closets at 3 schools are unlocked storage rooms. After a theft of 6 laptops from an unlocked classroom, the superintendent requests a district-wide physical security plan.
Part 1
Scenario: Server Closet Security
Three schools store network switches, a file server, and student information system (SIS) backup drives in unlocked storage closets. These closets are accessible to janitorial staff, substitute teachers, and in one case, students (the closet doubles as a supply room). The closets have no cameras, no environmental monitoring, and no inventory log.
8 points
1a. Identify three specific risks created by this configuration.
Key terms: unauthorized access, theft, tamper, student data, backup, FERPA, no audit, environmental, temperature, water, accidental, unmonitored
1b. Design a physical security upgrade plan for these server closets. Include at least 4 specific controls.
Key terms: lock, badge, camera, log, temperature, dedicated room, restrict, key, inventory, monitor, alert, fire, suppression
Model Response: Risks: (1) Unauthorized physical access to network infrastructure — anyone entering the closet can tamper with switches, disconnect cables, or plant rogue devices. (2) Theft of SIS backup drives containing FERPA-protected student data — no access log means theft may go undetected. (3) Environmental damage — no temperature monitoring means a heating failure could damage server hardware, and shared closet use increases risk of accidental damage from cleaning supplies or stored materials.
Upgrade plan: (1) Dedicate each closet exclusively to IT equipment — remove all non-IT storage. (2) Install electronic badge locks with access limited to IT staff only, with all entries logged. (3) Mount a security camera with 30-day footage retention covering the closet entrance. (4) Deploy temperature and humidity sensors with automated alerts to IT staff. (5) Create an equipment inventory log checked monthly to detect missing or unauthorized devices.
Upgrade plan: (1) Dedicate each closet exclusively to IT equipment — remove all non-IT storage. (2) Install electronic badge locks with access limited to IT staff only, with all entries logged. (3) Mount a security camera with 30-day footage retention covering the closet entrance. (4) Deploy temperature and humidity sensors with automated alerts to IT staff. (5) Create an equipment inventory log checked monthly to detect missing or unauthorized devices.
Part 2
Scenario: Classroom Device Security
6 laptops were stolen from a ground-floor classroom over a weekend. The room has no lock on the door, windows without security film, and no device tracking or inventory system. The laptops contain student work, teacher grade data, and cached SIS credentials.
8 points
2a. Classify the data exposed by this theft and identify the regulatory implications.
Key terms: student data, grades, PII, FERPA, credentials, notification, breach, regulatory, compliance, protected
2b. Recommend physical and technical controls that would prevent or mitigate a similar theft in the future.
Key terms: lock, cable, anchor, encrypt, disk, full, remote wipe, tracking, inventory, window, film, alarm, cabinet, cart
Model Response: Exposed data: student work, teacher grade data (FERPA-protected educational records), and cached SIS credentials (which could provide ongoing unauthorized access to the district’s student information system). Under FERPA, the district must notify affected families and the Department of Education of the breach. If credentials are not revoked, the attacker has ongoing digital access even without the physical laptops.
Physical: Door locks on all classrooms, cable locks anchoring laptops to desks or a locked charging cart, security film on ground-floor windows, alarm sensors on classroom doors. Technical: Full-disk encryption (so stolen laptops’ data is unreadable), remote wipe capability, asset tracking (MDM), forced SIS credential reset after theft detection, automatic screen lock with short timeout.
Physical: Door locks on all classrooms, cable locks anchoring laptops to desks or a locked charging cart, security film on ground-floor windows, alarm sensors on classroom doors. Technical: Full-disk encryption (so stolen laptops’ data is unreadable), remote wipe capability, asset tracking (MDM), forced SIS credential reset after theft detection, automatic screen lock with short timeout.
Part 3
Scenario: Visitor Management Overhaul
Currently, school visitors sign a paper log at the front office and receive a handwritten “VISITOR” sticker. There is no ID verification, no background check integration, and no system to alert staff if a restricted individual (e.g., a person with a custody order) enters a building. The district wants to modernize.
8 points
3a. Design a modern visitor management system that addresses the current gaps. Include at least 3 components.
Key terms: digital, ID scan, photo, badge, print, background, check, restrict, alert, custody, sex offender, database, expiration, escort, notify
3b. Explain why this is a physical security priority for a school district specifically, beyond general office visitor management.
Key terms: children, minor, vulnerable, custody, safety, duty of care, restricted, threat, parent, guardian, legal, protection
Model Response: Components: (1) Digital check-in kiosk that scans visitor driver’s license or state ID, captures a photo, and prints a visitor badge with photo, name, destination, and expiration time. (2) Automated screening against sex offender registries and school-specific restricted individual lists (custody orders, trespass notices). (3) Real-time alert system that immediately notifies the principal and security staff if a flagged individual attempts to check in. (4) Visitor badge expiration — badges are time-limited and must be returned at checkout; unreturned badges trigger end-of-day alerts.
Schools have a heightened duty of care because they are responsible for minors who cannot protect themselves. Visitor management must screen for individuals who pose specific threats to children: non-custodial parents violating court orders, registered sex offenders, and individuals with active trespass orders. The consequences of a physical security failure in a school — a child being taken by a restricted individual — are fundamentally more severe than an unauthorized visitor in a corporate office.
Schools have a heightened duty of care because they are responsible for minors who cannot protect themselves. Visitor management must screen for individuals who pose specific threats to children: non-custodial parents violating court orders, registered sex offenders, and individuals with active trespass orders. The consequences of a physical security failure in a school — a child being taken by a restricted individual — are fundamentally more severe than an unauthorized visitor in a corporate office.
AP Cybersecurity 2.3 Exercise 2 | APCSExamPrep.com
AP® is a registered trademark of the College Board.
AP® is a registered trademark of the College Board.
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Typically responds within 24 hours
✓
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]