AP Cybersecurity Unit 2 Lesson 5 Exercise 2
Unit 2 • 2.5 • Exercise 2
Exercise 2 — Access Control Policy Design
3 parts, 24 points — Design access control policies for Pinnacle Wealth Advisors
Score: 0 / 24Complete all 3 parts
Client Organization
Pinnacle Wealth Advisors
Pinnacle’s new CISO needs you to design an access control framework for the firm’s trading platform, client portal, and internal systems. The firm has 4 roles: Financial Advisor, Analyst, Compliance Officer, and IT Administrator.
Part 1
Scenario: RBAC Role Design
Pinnacle needs RBAC roles for 4 positions. The trading platform, client portfolio viewer, compliance audit log, and IT admin console each require different access levels.
8 points
1a. Design an RBAC permission matrix showing which roles should have access to which systems. Use Allow/Deny for each cell.
Key terms: allow, deny, trading, portfolio, audit, admin, advisor, analyst, compliance, IT, least privilege, need to know
1b. Explain why the IT Administrator should NOT have access to the trading platform, even though they have technical ability to grant themselves access.
Key terms: separation of duties, least privilege, conflict of interest, insider threat, audit, accountability, abuse, trust
Model Response: Financial Advisor: Trading=Allow, Portfolio=Allow, Audit Log=Deny, Admin Console=Deny. Analyst: Trading=Deny (read-only market data), Portfolio=Allow (read-only), Audit Log=Deny, Admin Console=Deny. Compliance: Trading=Deny, Portfolio=Allow (read-only for review), Audit Log=Allow, Admin Console=Deny. IT Admin: Trading=Deny, Portfolio=Deny, Audit Log=Allow (system logs only), Admin Console=Allow.
IT Admins should not have trading access because it creates a conflict of interest and insider threat vector. An admin with both system access AND trading capability could manipulate systems to benefit their trades, alter audit logs to hide misconduct, or execute unauthorized transactions. Separation of duties ensures that the person who controls the system cannot also use it for business transactions — this is a core SEC and FINRA compliance requirement.
IT Admins should not have trading access because it creates a conflict of interest and insider threat vector. An admin with both system access AND trading capability could manipulate systems to benefit their trades, alter audit logs to hide misconduct, or execute unauthorized transactions. Separation of duties ensures that the person who controls the system cannot also use it for business transactions — this is a core SEC and FINRA compliance requirement.
Part 2
Scenario: MFA and Authentication Policy
Pinnacle currently uses password-only authentication for all systems. The CISO wants MFA but faces pushback: advisors say MFA “slows them down” and the IT team says MFA is “too complex to deploy.”
8 points
2a. Write a risk-based MFA policy that applies stronger authentication to higher-risk systems. Not all systems need the same MFA level.
Key terms: MFA, trading, client, email, VPN, hardware token, app, SMS, biometric, risk-based, high, medium, conditional
2b. Address the advisors’ objection (“MFA slows us down”) with a specific technical solution that balances security with usability.
Key terms: conditional, adaptive, risk-based, trusted device, location, step-up, session, remember, biometric, seamless
Model Response: Trading platform: Hardware token MFA required for every transaction (highest risk — financial). Client portal: App-based MFA on login (high risk — client PII). Internal email: App-based MFA on first login per device, then trusted device for 30 days (medium risk). VPN remote access: MFA required for every connection (high risk — external entry point).
Solution: Deploy adaptive/conditional MFA that evaluates risk factors (device, location, time, behavior) and only triggers the full MFA challenge when risk is elevated. Example: an advisor logging in from their office computer during business hours on a registered device = trusted (no extra prompt). The same advisor logging in from a new device at 2 AM from another country = step-up MFA required. This provides strong security without slowing down normal operations.
Solution: Deploy adaptive/conditional MFA that evaluates risk factors (device, location, time, behavior) and only triggers the full MFA challenge when risk is elevated. Example: an advisor logging in from their office computer during business hours on a registered device = trusted (no extra prompt). The same advisor logging in from a new device at 2 AM from another country = step-up MFA required. This provides strong security without slowing down normal operations.
Part 3
Scenario: Offboarding and Access Revocation
A senior financial advisor who managed $200M in client portfolios is terminated for misconduct. She has access to the trading platform, client data, internal communications, and her work laptop contains cached credentials and downloaded client files.
8 points
3a. Write a step-by-step offboarding checklist for immediate execution. Include at least 5 specific actions in priority order.
Key terms: disable, account, revoke, VPN, badge, laptop, collect, wipe, session, terminate, trading, email, forward, transfer, client, notify
3b. Explain why disabling the account is preferred over deleting it during offboarding.
Key terms: audit trail, forensic, investigation, compliance, regulatory, preserve, log, history, evidence, reconstruct, delete destroys
Model Response: 1. [Immediately] Disable all accounts (AD, trading platform, email, VPN) to prevent access. 2. [Immediately] Terminate all active sessions and revoke OAuth/API tokens. 3. [Same hour] Revoke physical badge access and collect office keys. 4. [Same day] Collect work laptop and mobile devices; preserve for forensic review (do NOT wipe yet). 5. [Same day] Transfer client portfolio management to another advisor and notify affected clients. 6. [Within 48 hours] Forward her email to her manager for 30 days to catch client communications. 7. [Within 1 week] Review her access logs for the past 90 days for any suspicious activity prior to termination.
Disabling is preferred over deleting because disabled accounts preserve the complete audit trail: login history, file access records, email archives, and trading activity. If the termination leads to a regulatory investigation, SEC inquiry, or client lawsuit, the firm needs this evidence to reconstruct what the advisor did. Deleting the account destroys this forensic history permanently.
Disabling is preferred over deleting because disabled accounts preserve the complete audit trail: login history, file access records, email archives, and trading activity. If the termination leads to a regulatory investigation, SEC inquiry, or client lawsuit, the firm needs this evidence to reconstruct what the advisor did. Deleting the account destroys this forensic history permanently.
AP Cybersecurity 2.5 Exercise 2 | APCSExamPrep.com
AP® is a registered trademark of the College Board.
AP® is a registered trademark of the College Board.
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Typically responds within 24 hours
✓
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]