4.5 Exercise 1: Architect Around the Device

🎯 How This Works

Each scenario describes an IoT or embedded device with a security problem. Type your prediction in the purple box — identify which structural constraint is at play AND which defense fits — then answer and check.

Why predict first? Most distractors are legitimate defenses for a DIFFERENT constraint. Naming the constraint BEFORE you read the options is the fastest way to slash the trash.

✎ Guided Practice — 5 Scenarios
Scenario 1 of 5 — The Unpatchable Monitor A pediatric ICU uses 80 bedside vital-signs monitors running an embedded OS. The manufacturer stopped shipping firmware updates in 2019, but the devices are FDA-cleared for clinical use through 2031. They cannot be replaced. Which defense gives the BEST protection for the remaining device lifetime?
Predict First Which structural constraint is at play here, and what does Lesson 4.5 say is the primary defense when you cannot harden the device?
Scenario 2 of 5 — Scaling Authentication A logistics company is deploying 12,000 GPS trackers to its truck fleet. Each tracker must authenticate to the central cloud platform so drivers’ location data is trusted. The security architect wants an approach that does NOT rely on a shared password printed in the manual. Which authentication approach scales BEST to 12,000 devices?
Predict First Which IoT authentication mechanism from Lesson 4.5 does not use shared secrets?
Scenario 3 of 5 — Spot the Weakness in the IoT Rollout A school district writes this rollout plan for 300 classroom smart-whiteboards. Which line represents the MOST serious IoT security weakness that should be fixed before deployment?
IoT ROLLOUT PLAN: Classroom Smart-Whiteboards (300 units)
(A) All whiteboards will be assigned to the main faculty/staff
    VLAN so teachers can cast their laptops to them directly.
(B) Admin passwords will be rotated from factory default to a
    unique per-device password stored in IT's password vault.
(C) Firmware will be updated at deployment, and a quarterly
    patch cycle has been scheduled.
(D) Each whiteboard will be added to the IT device inventory,
    with end-of-support date tracked automatically.
Predict First Which line violates the PRIMARY IoT defense from Lesson 4.5?
Scenario 4 of 5 — Multi-Select (Which are TRUE?) Consider the following statements about the Mirai botnet (2016) and how it compromised 600,000+ IoT devices. Select ALL that are TRUE. No credit for selecting incorrect options.
Predict First Which structural constraints from Lesson 4.5 did Mirai exploit?
Scenario 5 of 5 — Terminology Recall Fill in each blank with the correct term from Lesson 4.5.
Predict First Say the three terms aloud before typing.

1. The startup process in which each stage of the boot chain cryptographically verifies the next before transferring control is called .

2. The practice of restricting the set of outbound destinations an IoT device is permitted to contact is called .

3. The industry interoperability standard for smart-home IoT that requires device-certificate authentication and OTA update support is called .

0 / 5 Scenarios correct — review any missed answers, then move to Exercise 2.
📚 Pattern to Remember

Every AP Cyber IoT question reduces to one of three patterns: (1) identify which of the four structural constraints is at play, (2) pick the architecture-level defense that works without requiring the device’s cooperation, or (3) spot the segmentation failure hiding in an otherwise reasonable deployment plan. Predict-first works on all three.

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]