4.5 Exercise 2: Applied IoT Challenge

🎯 Before You Start

Exercise 1 drilled structural-constraint identification. Exercise 2 pushes into realistic architecture reasoning: breach fixes, firmware integrity, regulatory frameworks, and the casino aquarium revisited.

Strategy: Several distractors here will sound like valid device hardening — they are wrong because they rely on the device’s cooperation. The correct answer almost always works without the device’s help.

✎ Applied Challenge — 4 Questions
Question 1 of 4 — Multi-Select Breach-Fix Evaluation Reread the 2017 casino aquarium-thermometer scenario from Lesson 4.5 (default-credentialed smart thermometer on the main corporate LAN, unfiltered outbound, used as a pivot to exfiltrate a high-roller customer database). Which of the following defensive changes would have independently stopped or materially contained the attack? Select ALL that apply. No credit for selecting incorrect options.
Question 2 of 4 — Firmware Integrity A factory automation vendor is designing a new generation of industrial controllers. They want to prevent an attacker with network access to a factory from pushing a malicious firmware image to the controllers — even if the attacker can intercept the update in transit. Which combination of controls PRIMARILY addresses this risk?
Question 3 of 4 — Which Law Applies? A U.S. federal agency is purchasing 4,000 networked sensors for a new weather-monitoring program. The agency’s procurement office states that any IoT device purchased must meet specific NIST cybersecurity standards for default configuration, patching support, and vulnerability disclosure. Which law is the procurement office applying?
Question 4 of 4 — Decommission Priority A hospital is decommissioning 200 old MRI workstations that contained patient images for 10 years. Each workstation had internet connectivity and sat on a clinical VLAN. Which action should be the HIGHEST priority during decommission?
0 / 4 Questions correct — review any incorrect answers, then move to the Lab.
🚀 Extension Challenge

Pick ONE IoT device in your home or school (smart TV, camera, thermostat, printer, speaker, fitness tracker). Write a mini threat model using the lesson structure: (1) which of the four structural constraints applies to this device, (2) what network segment is it currently on and what could a compromise reach, (3) what one architectural change would most reduce risk, and (4) which AP Cyber lesson concept (segmentation, egress filtering, inventory, PKI, secure boot) does that change map to.

This builds the “threat-model an unfamiliar device in four steps” habit AP FRQ-style questions reward.

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]