How Unit 2 Concepts Connect
Every security decision at Vantex Financial Group involves multiple Unit 2 concepts simultaneously. A ransomware attack violates the CIA Triad (Availability primary), spans multiple defense-in-depth layers (Host: infected endpoint, Data: encrypted files), is quantified through risk assessment (ALE = SLE × ARO), is mitigated through access controls (least privilege limits lateral movement), and requires physical security to prevent an insider from directly plugging in the malware payload.
Integration PrincipleThe AP Cybersecurity exam frequently presents multi-concept scenarios. Identifying ALL relevant frameworks (CIA property + defense-in-depth layer + risk response + control type) demonstrates mastery.
Unit 2 Integration Scenario Table
For each Vantex Financial Group scenario below, every Unit 2 concept is applied:
| Scenario |
CIA Property |
DiD Layer |
Risk Response |
Control |
| Ransomware encrypts all Vantex servers for 72 hours |
Availability |
Host / Data |
Mitigate |
Backup + EDR + patch management |
| A contractor copies client SSNs to a personal USB drive |
Confidentiality |
Physical / Data |
Mitigate |
USB port blocking + DLP + badge access |
| An attacker changes wire transfer amounts in the database |
Integrity |
Application / Data |
Mitigate |
SHA-256 hashing + WAF + audit logs |
| An employee tailgates into the server room |
Confidentiality |
Physical |
Mitigate |
Mantrap + security awareness training |
| Help desk account with Domain Admin is compromised |
CIA all three |
Host / Network |
Mitigate |
Least privilege + RBAC + MFA |
Unit 2 Synthesis Exercise
Vantex’s board requests a one-page executive summary of their security posture based on your Network Security Audit Report findings (Phases 1-5). Write a summary that:
- 1. Identifies the TOP three risks by ALE from Phase 4 (Risk Assessment)
- 2. Maps each risk to the CIA property it MOST directly threatens
- 3. Identifies which defense-in-depth layer has the most critical gap
- 4. Recommends one physical security improvement and one access control improvement with justification
- 5. States the recommended risk response (mitigate/transfer/accept/avoid) for each top risk and justifies the cost-effectiveness decision
AP Exam PrepThis synthesis exercise mirrors the style of AP Cybersecurity free-response questions that ask you to analyze a scenario, identify controls, and justify security decisions using standard frameworks.
AP Cybersecurity Course | APCSExamPrep.com | Built by Tanner Crow, AP CS Teacher (11+ years)