4.4 Exercise 2: Applied Hardening Challenge

🎯 Before You Start

Exercise 1 drilled single-pillar identification. Exercise 2 pushes you into audit-style reasoning: evaluate a device’s full hardening posture, find multiple gaps, reason about MDM policy, and critique tool recommendations.

Strategy: Every wrong choice here was written to sound plausible. Your job is to identify the single detail in the stem that eliminates each distractor.

✎ Applied Challenge — 4 Questions
Question 1 of 4 — Multi-Select Breach-Fix Evaluation Reread the 2019 default-password breach from Lesson 4.4 (public-facing app, default admin account still enabled at default password, no outbound DLP, 47-minute data theft). Which of the following defensive changes would have independently stopped or materially contained the attack? Select ALL that apply. No credit for selecting incorrect options.
Question 2 of 4 — Spot the Wrong Recommendation A security engineer is writing a memo titled “Five quick wins to harden our kiosk fleet.” Which of the following recommendations would be WRONG and should be removed from the memo?
Question 3 of 4 — MDM vs MAM Tradeoff A company allows BYOD. An employee refuses to enroll her personal iPhone in full MDM because she does not want IT to be able to wipe her personal photos and texts. IT needs her to access email and a custom internal CRM app. Which approach BEST satisfies both the employee’s privacy concern and the company’s security need?
Question 4 of 4 — What Defeats Drift? A regulated financial firm has 1,200 Linux servers. A quarterly audit reveals that 180 servers have drifted from the baseline — firewalls disabled, audit logging turned off, extra test accounts left behind from projects. Which approach MOST directly prevents this drift from recurring at scale, rather than just remediating the current findings?
0 / 4 Questions correct — review any incorrect answers, then move to the Lab.
🚀 Extension Challenge

Pick ONE type of device you use every day (laptop, phone, home router, smart speaker). Write a 6-pillar hardening audit for it, using one sentence per pillar: (1) baseline, (2) patch cadence, (3) service reduction, (4) account hardening, (5) logging, (6) endpoint protection. For each pillar, note whether you are ACTUALLY doing it and what the smallest next improvement would be.

This personalizes hardening and trains the “audit an unfamiliar device in 6 steps” habit AP FRQ-style questions ask for.

AP Cybersecurity · Unit 4 · Lesson 4.4 · Exercise 2
LessonExercise 1Exercise 2Quiz

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]