4.5 Lab: IoT Architecture Triage Desk

🎯 Lab Scenario

You are the IoT architect on a security engineering team. Three IoT or embedded deployments have come across your desk for pre-deployment review. For each deployment you will: (1) identify the TWO most serious architecture gaps, (2) map each gap to the structural constraint it represents, and (3) recommend the specific compensating control that addresses each gap without requiring the device’s cooperation.

Commit your answer BEFORE clicking Reveal. That is the point of the lab.

Case 1: The Smart-Campus Cameras

Deployment #IoT-2041 — Campus Security Cameras

Organization: Large public university

Deployment summary:

Device:          IP security cameras (model "SafeWatch-Pro 1000")
Fleet size:      620 cameras across 42 buildings
Firmware:        v3.1 (released 2017); vendor confirmed no further updates
Admin account:   "admin" / "safewatch1000" (model default in manuals)
Network:         Connected to the main campus-office VLAN
                 so facilities staff can view any camera from any workstation
Auth to NVR:     Cameras push video to central recorder via HTTP (not HTTPS)
Inventory:       Managed in a shared spreadsheet; "mostly accurate"
                 according to facilities; last full audit 2 years ago
Ports open:      80 (web UI), 554 (RTSP), 23 (Telnet, "for vendor support")
Your Analysis (Case 1) Commit your three answers before clicking Reveal.

1. Two most serious architecture gaps:

2. Which structural constraint does each gap represent:

3. Compensating control for each gap:

Case 2: The Greenfield Smart Factory

Deployment #IoT-2047 — New Industrial IoT Fleet

Organization: Tier-1 automotive parts supplier

Situation: Breaking ground on a new factory; 180 networked industrial controllers (PLCs, robotic-arm controllers, vision systems) are being purchased and installed. The security team has a clean slate and wants to build the IoT architecture correctly from day one.

Architect’s proposed baseline architecture:

1. All 180 controllers placed on dedicated OT VLAN 300.
2. No direct internet access from VLAN 300;
   outbound traffic traverses a jump-host on an
   adjacent management VLAN.
3. Every controller provisioned at manufacture with
   a unique cryptographic certificate from the
   vendor's PKI; no shared administrative password.
4. Secure boot enabled on every controller;
   signed firmware updates required.
5. Device inventory: every controller registered in
   the CMDB at deployment with firmware version,
   cert fingerprint, support end date, and owner.
6. SIEM alerts configured for: unexpected outbound
   destinations from VLAN 300, unsigned firmware
   attempts, certificate revocations.
Your Analysis (Case 2) This deployment is largely well-designed. Commit your three answers before clicking Reveal.

1. Which Lesson 4.5 concepts are already addressed in the baseline (name at least three):

2. What is the MOST important remaining gap the design does not mention:

3. Over a 30-year controller lifetime, which single risk will this design struggle with MOST:

Case 3: The School-District Smart Locks

Deployment #IoT-2052 — Network-Connected Classroom Door Locks

Organization: Mid-size K-12 school district

Situation: After a district-wide threat assessment, the school board approved installing 4,200 networked smart locks on classroom doors so that administrators can initiate a district-wide lockdown from a central console. The vendor requires each lock to have internet access for firmware updates and to receive lockdown commands from their cloud service.

Key facts:

- Each lock runs an embedded Linux OS on a small
  ARM microcontroller (limited CPU / RAM).
- Vendor supports firmware updates for 7 years,
  then warranty and patches end.
- Each lock authenticates to the vendor cloud via
  a unique per-device certificate.
- The vendor will NOT support on-premises
  command-and-control; the cloud is mandatory.
- If the cloud is unreachable, locks fall back
  to local keypad / keycard operation.
- Local school IT has no direct network access
  to the locks or to the vendor cloud.
- The district's insurance requires documented
  lockdown capability with a 5-second response time.
Your Analysis (Case 3) Commit your three answers before clicking Reveal.

1. Which two IoT constraints create the MOST tension in this deployment:

2. The insurer requires lockdown capability; the vendor requires cloud connectivity. Describe the architectural tradeoff and ONE recommended middle-ground control:

3. What specific planning item should be in place BEFORE the 7-year firmware support window ends:

📚 How This Prepares You for the AP Exam

Each case reinforces a different AP Cyber question archetype: Case 1 is the classic “find the gaps in a sloppy IoT rollout.” Case 2 is the harder “evaluate a strong design and identify what’s still missing,” which AP FRQ-style questions increasingly favor. Case 3 tests your ability to reason about tradeoffs rather than “pick the one right answer,” which is a skill the AP exam rewards on its higher-complexity items.

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]