AP Cybersecurity 4.1 Lab: Device Risk Triage Desk
Lab: Device Risk Triage Desk
Applied analysis · 3 triage cases · Simulated SOC shift · 35–45 min
You are on a SOC shift. Three device tickets are queued. For each, write your three answers in the boxes — CED risk level + justification, primary exploitation vector, and the matching CED defense — then click Reveal to compare against the expected analysis.
Case 1: The Exposed Server
Reporter: Automated vulnerability scan
Description: A public-facing web server hosting the customer portal has not received OS or web-server patches in three months. A critical remote-code-execution advisory for its software version was published last week. The server holds session data for every logged-in customer.
1. CED risk level (High / Moderate / Low) and one-line justification:
2. Primary exploitation vector:
3. Recommended CED defense:
(1) Risk: High — a public-facing device with a known, published vulnerability and no patch is the highest-exposure combination; a compromise affects every customer depending on it.
(2) Vector: Unpatched software — adversaries develop exploits for known vulnerabilities, and a published advisory makes the weakness public.
(3) Defense: Patch management / prompt updates (LO 4.3.C). Interim compensating controls: a web-application firewall and tighter segmentation until patched.
Rubric: 1 pt risk + justification, 1 pt vector, 1 pt defense. 2+/3 = passing.
Case 2: The Quiet Controller
Reporter: Network inventory audit
Description: An IoT building-automation controller still uses its factory-default credentials, cannot run anti-malware, and sits on the same flat network as HR and finance systems. It manages physical access doors.
1. CED risk level (High / Moderate / Low) and one-line justification:
2. Primary exploitation vector:
3. Recommended CED defense:
(1) Risk: High — an embedded/IoT device with default credentials, no anti-malware capability, and flat-network reach to sensitive systems; compromise carries physical (door) consequences.
(2) Vector: Weak authentication (default credentials), compounded by no anti-malware software.
(3) Defense: Replace defaults with strong credentials/MFA where supported; because anti-malware is not possible, use compensating controls — segment the controller onto its own VLAN and firewall it off from HR/finance.
Rubric: 1 pt risk + justification, 1 pt vector, 1 pt defense. 2+/3 = passing.
Case 3: The Shared Laptop
Reporter: Mei T., IT support
Description: A staff laptop used daily in a shared coworking space has autorun enabled for USB media and no BIOS/UEFI password. It stores cached credentials and customer spreadsheets. It is frequently left unattended at the desk.
1. CED risk level (High / Moderate / Low) and one-line justification:
2. Primary exploitation vector:
3. Recommended CED defense:
(1) Risk: High — repeated physical access plus autorun and no firmware password allow both removable-media execution and boot-level bypass on a personal computer holding credentials.
(2) Vector: Autorun enabled and no BIOS/UEFI protection (both physical-access vectors).
(3) Defense: Disable autorun and restrict external drives via acceptable-use policy; set a BIOS/UEFI password; add full-disk encryption so an unattended device cannot be booted around.
Rubric: 1 pt risk + justification, 1 pt vector, 1 pt defense. 2+/3 = passing.
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]