🎯 Before You Start
Exercise 1 drilled structural-constraint identification. Exercise 2 pushes into realistic architecture reasoning: breach fixes, firmware integrity, regulatory frameworks, and the casino aquarium revisited.
Strategy: Several distractors here will sound like valid device hardening — they are wrong because they rely on the device’s cooperation. The correct answer almost always works without the device’s help.
🚀 Extension Challenge
Pick ONE IoT device in your home or school (smart TV, camera, thermostat, printer, speaker, fitness tracker). Write a mini threat model using the lesson structure: (1) which of the four structural constraints applies to this device, (2) what network segment is it currently on and what could a compromise reach, (3) what one architectural change would most reduce risk, and (4) which AP Cyber lesson concept (segmentation, egress filtering, inventory, PKI, secure boot) does that change map to.
This builds the “threat-model an unfamiliar device in four steps” habit AP FRQ-style questions reward.