AP Cybersecurity 2.2: Physical Vulnerabilities and Attacks

Score0 / 10
📅 Last Updated: June 2026 ~60 min 📚 Lesson 2 of 4 — Unit 2
AP Cybersecurity — Unit 2: Securing Spaces

Topic 2.2: Physical Vulnerabilities and Attacks

Piggybacking, tailgating, shoulder surfing, dumpster diving, card cloning, and physical exploitation mechanisms — the attack vectors that bypass every digital control. Learn to classify, map to CIA violations, assess risk level, and select the correct defense.

Lesson 2 of 4 ~60 min LO 2.2.A–2.2.C ~5 class periods Skill: Analyze Risk
College Board Essential Knowledge Coverage

Topic 2.2 — What Is Testable

CED Ref Essential Knowledge Covered In
2.2.A.2 Piggybacking: social engineering to get authorized person to grant access (boxes, maintenance pretext, forgotten token) Section 3
2.2.A.3 Tailgating: following authorized individual without their awareness Section 3
2.2.A.4 Shoulder surfing: watching user access sensitive info; may use camera Section 3
2.2.A.5 Dumpster diving: searching target’s trash for useful information Section 3
2.2.A.6 Card cloning: copying authorized user’s access card Section 3
2.2.B.1 Threats = human adversaries AND natural disasters; natural disasters cause physical damage and service disruption Section 5
2.2.B.2 Four compromises: unauthorized access • disruption of services • theft/destruction • unauthorized modification of data Section 5
2.2.B.3 Power disruption via electrical box, wiring, substations, transformers → Availability violation Section 5
2.2.B.4–B.5 Sensitive area access; keylogger/malware drive; physical destruction → CIA violations Section 5
2.2.C.2 High: sensitive info exposed without restricted access (server, no lock, unmonitored hallway) Section 6
2.2.C.3 Moderate: foothold access (reception computer + USB + internal network) Section 6
2.2.C.4 Low: low-value + unlikely exploitation (unsecured laptops in badge-access office, no sensitive data) Section 6

Source: AP Cybersecurity CED, Effective Fall 2026. AP Skills: 1.C Evaluate likelihood/impact • 1.D Document risks

In This Lesson
  • 2.2.1 — Learning Objectives (3 min)
  • 2.2.2 — Why Physical Security Is Foundational (5 min)
  • 2.2.3 — The Six Physical Attack Types (15 min)
  • 2.2.4 — Piggybacking vs. Tailgating: The Critical Distinction (5 min)
Continued
  • 2.2.5 — How Threats Exploit Vulnerabilities (8 min)
  • 2.2.6 — Physical Risk Assessment: High/Moderate/Low (8 min)
  • 2.2.7 — Worked Scenarios (10 min)
  • 2.2.8 — Quick Reference & FAQ (6 min)
♡ Bellringer — 3 Questions, 5 Minutes

Students answer independently before the lesson. No notes.

  1. An employee holds a secure door open for a person carrying a large box who says “Thanks, maintenance sent me.” Is this piggybacking or tailgating? What is the single fact that determines your answer?
  2. An attacker cuts power to a building’s server room. Which CIA property is most directly violated? Defend your answer in one sentence.
  3. A security assessment finds a printer in the reception area with USB ports and a network connection. The printer stores no sensitive data. Rate it: High, Moderate, or Low risk? Why?

Answers: (1) Piggybacking — employee knowingly held door. (2) Availability — systems become inaccessible. (3) Moderate — network connection = foothold.

12.2.1 — Learning Objectives

  • Identify and precisely distinguish piggybacking, tailgating, shoulder surfing, dumpster diving, and card cloning (2.2.A)
  • Explain how threats exploit physical vulnerabilities through power disruption, port access, and keylogger installation (2.2.B)
  • Assess and document physical risks using the high/moderate/low classification framework with CED criteria (2.2.C)
  • Map each physical attack type to the CIA property or properties it violates
  • Select the most effective physical control for each attack vector and explain why it directly addresses the mechanism

22.2.2 — Why Physical Security Is Foundational

The Physical Security Paradox Every digital security control — firewalls, encryption, MFA — assumes physical security already exists. An attacker with physical access to hardware can bypass most digital controls. Physical access is the highest privilege level. Defenses in this topic include both Preventative controls (mantraps, locks) and Detective controls (cameras, access logs).
What Physical Access Enables Against "Secure" Digital Systems

Full-disk encryption bypassed: Attacker boots from USB drive, mounts the encrypted drive using a live OS, extracts encryption key from RAM via cold boot attack. 30 seconds of physical access defeats industry-standard encryption.

MFA bypassed: Attacker with physical server access resets the OS administrator password directly. MFA never activates — the authentication system is bypassed at a lower level.

Network segmentation bypassed: A rogue network device plugged into an interior switch creates an unmonitored wireless access point inside the segmented network. All firewall rules become irrelevant.

AP Exam Principle

When a scenario describes an attacker with physical access to a device, the correct answer about their capabilities is always: they can bypass most or all digital controls.

32.2.3 — The Six Physical Attack Types (LO 2.2.A)

The AP CED defines specific physical attack techniques. Know each one: precise definition, distinguishing feature, CIA property violated, and the direct defense. Classification accuracy on exam scenarios depends on knowing these exactly.

Attack 1Piggybacking
An adversary uses social engineering to manipulate an authorized individual into knowingly granting them access. The authorized person is aware someone is following — they held the door, scanned their badge, or cooperated after being asked or tricked.
Scenario: A person carrying a large box says "Could you scan your badge? My hands are full." The employee scans in and holds the door. The attacker enters.
Key distinguisher: The authorized person knows and cooperates. This makes piggybacking a social engineering attack requiring training as the primary defense — mantraps help but can still be circumvented if the authorized person authenticates for the attacker. CIA: All three (unauthorized physical access enables any CIA violation).
Attack 2Tailgating
An adversary gains access to a restricted area by following close behind an authorized individual without that person's awareness. No social engineering of the authorized person is required — the attacker simply times their entry to coincide with the door opening.
Scenario: An employee badges into the server corridor and walks through. The attacker steps in right behind them before the door closes. The employee never turns around.
Key distinguisher: The authorized person has NO knowledge of the attacker's entry. Mantraps (access control vestibules) are the primary defense — they mechanically prevent following by requiring one-person-at-a-time authentication. CIA: All three.
Attack 3Shoulder Surfing
An adversary positions themselves to directly observe someone entering sensitive information — a PIN at an ATM, a password at a login screen, a door code at an access panel. May use a camera or mirror to extend observation range.
Scenario: In a coffee shop, someone sits at the next table and watches carefully as a remote employee logs into the company VPN, capturing their password.
CIA: Confidentiality — attacker learns information they should not have. Primary defense: privacy screen filters, keypad hoods at ATMs and access panels, screen positioning awareness training.
Attack 4Dumpster Diving
An adversary searches physical trash for sensitive information — discarded documents, old hardware, sticky notes with passwords, org charts, decommissioned storage media with unwiped data. The attacker often never enters the target building.
Scenario: Before a penetration test, the security consultant retrieves an org chart, a network diagram, two unwiped hard drives, and a sticky note with network credentials — all from the dumpster.
CIA: Confidentiality. Primary defenses: cross-cut shredding mandate for all sensitive documents (strip shredders can be reassembled), secure media destruction policy (degaussing or physical destruction for drives), clean desk policy.
Attack 5Card Cloning
An adversary copies an authorized user's access card data to a blank card, creating a functional duplicate. Cloning can happen via skimming devices placed near card readers, or RFID readers that capture card data wirelessly from close proximity — the legitimate card never leaves the owner's possession.
Scenario: An attacker places a skimmer over a building's exterior card reader. Over two weeks, they capture data from 23 employee badges without anyone noticing. They create clones and use them after hours.
CIA: All three (cloned access enables data theft, tampering, and disruption). Defense: card + PIN two-factor (clone alone insufficient), RFID-blocking sleeves, access log monitoring for impossible-travel indicators (same badge at two locations simultaneously). Card cloning ≠ badge theft — the original card is never taken.
Check for UnderstandingMatching
Q 1 of 10

✎ Before matching — which attack requires authorized-person cooperation? Which requires absolutely no cooperation? Which targets discarded materials?

Match each physical attack type to its most precise defining characteristic.

Click an attack on the left, then click its defining characteristic on the right. Click a matched pair to undo it.
Attack Type
1Piggybacking
2Tailgating
3Shoulder Surfing
4Dumpster Diving
5Card Cloning
Defining Characteristic
AThe authorized user's card is never taken — a duplicate is made from captured data, enabling the attacker to appear as a legitimate user in access logs.
BThe authorized person has zero awareness of the unauthorized entry — no social engineering of the victim is required.
CThe attacker searches physical waste for sensitive information — the attack often requires no building entry.
DThe authorized person knowingly cooperates with the attacker's entry, whether willingly or after being socially engineered.
EThe attacker positions themselves to directly observe credentials being entered, targeting the moment of authentication.

42.2.4 — Piggybacking vs. Tailgating: The Critical Distinction

⚠ Most Commonly Confused Attack Pair on the AP Exam

The single question to ask: Does the authorized person know someone is following them? YES = Piggybacking. NO = Tailgating. Everything else is secondary to this distinction.

Factor Piggybacking Tailgating
Authorized person awareness ✓ YES — they know ✗ NO — they don't know
Authorized person cooperation ✓ YES — they cooperate (even if tricked) ✗ NO — no cooperation needed
Social engineering required ✓ YES — victim must be manipulated ✗ NO — timing-based entry
Primary defense Security awareness training (human behavior change) Access control vestibule/mantrap (mechanical prevention)
Why mantraps help/don't fully solve it Mantrap helps but attacker can still be authenticated by the cooperative authorized person inside the vestibule Mantrap completely prevents it — mechanical door sequence requires individual authentication
Check for UnderstandingClassification
Q 2 of 10

A contractor at Xtensr Labs stands near the entrance with a large equipment case. When an employee badges in, the contractor says: "Thanks — maintenance sent me to check the server cooling." The employee holds the door open. The contractor enters. What attack type is this, and what is the primary defense?

ATailgating — the contractor entered behind the employee; the primary defense is a mantrap.
BPiggybacking — the employee knowingly held the door after being asked (social engineering via pretexting); the primary defense is security awareness training teaching employees to never hold doors regardless of stated authority or urgency.
CCard cloning — the contractor captured the employee's badge data while standing near the reader.
DTailgating — the contractor used pretexting, which is a subset of tailgating.

52.2.5 — How Threats Exploit Physical Vulnerabilities (LO 2.2.B)

The CED (2.2.B) defines the threats and resulting compromises from physical vulnerabilities. These are distinct testable concepts beyond the six attack types.

CED 2.2.B.1 — Threats Include Natural Disasters Threats include human adversaries seeking to cause harm and natural disasters. Natural disasters can cause physical damage or destruction to computers and data, as well as disruption of digital services provided by computers. On the AP exam, natural disasters are explicitly categorized as physical threats alongside adversarial attacks.
⚠ CED 2.2.B.2 — Four Types of Compromise

Physical vulnerabilities can result in four distinct types of compromise — all four are testable:
(1) Unauthorized access to sensitive data or restricted physical spaces
(2) Disruption of services — systems become unavailable
(3) Theft or destruction of digital or physical resources
(4) Unauthorized modification of data — integrity violation

Exploitation Method What It Enables CIA Impact Defense
Power Disruption (2.2.B.3) Adversary damages fuses or breakers in an electrical box, unplugs or cuts electrical wiring, or damages power distribution systems like substations and transformers Availability — devices and services become inaccessible UPS, generators, redundant power, physical security of electrical infrastructure
Port Access — Keylogger (2.2.B.5) Attacker inserts a hardware keylogger between keyboard and computer, capturing all keystrokes including credentials Confidentiality — credentials captured covertly over extended periods Disable USB ports; physical USB port blockers; device tamper inspection policy
Port Access — Malware Drive (2.2.B.5) Attacker inserts USB drive preloaded with malware, establishing backdoor access or exfiltrating data All three — malware enables data theft, tampering, and disruption Disable USB auto-run and external storage; endpoint detection; USB drop awareness training
Physical Destruction (2.2.B.5) Attacker destroys hardware, cutting cables, smashing servers, disabling systems Availability — services become permanently unavailable until hardware replaced Physical access controls, redundant systems, geographic distribution of critical infrastructure
⚠ AP Exam Trap — Power Disruption CIA Mapping

Power disruption attacks violate Availability, not Confidentiality. When power is cut, devices become inaccessible — that is an availability violation. The attack does not inherently expose data to unauthorized access. Always map the CIA violation to the consequence (what the attack achieves), not the method used.

Check for UnderstandingSpot the Error
Q 3 of 10

A security textbook states: "Power disruption attacks are primarily a threat to data Confidentiality because when power is cut, an attacker can more easily access unprotected systems before backup power activates." Which response correctly identifies the error?

AThe statement is correct — power disruption does allow easier physical access to unprotected systems during the outage window.
BThe statement is wrong — power disruption primarily violates Availability. When power is cut, devices and services become inaccessible to authorized users, which is the definition of an Availability violation. The attack does not inherently expose data to unauthorized viewing.
CThe statement is wrong because power disruption is not covered in the AP CED and should not be classified as a physical attack.
DThe statement is partially correct — power disruption affects Confidentiality and Availability equally and should be mapped to both properties.

62.2.6 — Physical Risk Assessment: High / Moderate / Low (LO 2.2.C)

The AP CED requires students to assess physical vulnerabilities using a specific three-level framework. These are not informal labels — the CED defines criteria for each level.

HIGH RISK
Direct Sensitive Exposure
Sensitive information or systems are exposed in physical spaces without sufficiently restricted and controlled access. The path from vulnerability to sensitive data is direct and short.
Server room with research data accessible via single keycard, no camera, no guard
MODERATE RISK
Foothold Opportunity
A noncritical or nonsensitive area is left unprotected in a way that could act as a foothold for an adversary to reach sensitive resources. The path requires an additional step.
Reception computer with exposed USB ports that connects to the internal network
LOW RISK
Low Value, Low Likelihood
The vulnerable asset is of low value and exploitation is unlikely given existing controls or difficulty of access. Both conditions must be true for Low classification.
Unsecured laptops in a badge-access office containing no sensitive data
💡 Key Concept — Foothold = Moderate

The "foothold" concept is explicitly tested. A vulnerability that doesn't directly expose sensitive data can still be Moderate risk if it enables an attacker to reach sensitive data. A printer with network access and document memory is not itself sensitive — but it's a foothold to the internal network and stored scanned documents. That combination = Moderate, not Low.

Check for UnderstandingRisk Classification
Q 4 of 10

✎ Predict first: A printer in an open area stores scanned documents and connects to the internal network. Is the printer itself sensitive, or is it a foothold? Which risk level applies?

During the Xtensr Labs physical security assessment, you discover the lobby printer is accessible to all visitors, retains scanned document images in internal memory, and has an active network connection. How do you classify this risk, and why?

ALow risk — printers are not primary security assets and printer memory attacks are rarely exploited in practice.
BHigh risk — the printer is in a public area with access to sensitive scanned documents, making it directly equivalent to exposed sensitive systems.
CModerate risk — the printer is not itself a sensitive system, but its network connection makes it a potential foothold for internal network access, and its document memory could expose sensitive scanned information, meeting the CED's foothold criteria for Moderate.
DCannot be determined without knowing what documents have been scanned and whether they contain sensitive information.

72.2.7 — Worked Scenarios

1Xtensr Labs — Multi-Stage Physical Attack
Scenario: Map each attacker action to the correct attack type and identify the CIA property violated at each stage.
1

Attacker watches a researcher enter their PIN at the server room keypad from a position 4 feet away

Attack: Shoulder Surfing. CIA: Confidentiality — the attacker learned credentials they should not know. This is the reconnaissance phase of a larger attack chain.

2

Attacker uses the observed PIN with a previously cloned badge copy to enter the server room at 2 AM

Attack: Card Cloning (for the card) + shoulder surfing result (for the PIN). CIA: All three. The attacker now has full physical access — enabling any CIA violation they choose.

3

Attacker inserts a hardware keylogger between a workstation keyboard and the computer

Attack: Port Access Exploitation (keylogger). CIA: Confidentiality — all future keystrokes including passwords are captured. The keylogger will operate silently for weeks.

4

Attacker disconnects the server room UPS backup battery

Attack: Power Disruption. CIA: Availability — the server room loses battery protection; any future power outage causes unplanned server downtime and potential data corruption.

Lesson

This scenario shows how physical attacks chain: Shoulder surfing enables card cloning completion → card + PIN enables physical access → access enables port exploitation + power disruption. Each prior attack enables the next. Defending at any point breaks the chain — which is why defense-in-depth at the physical layer is critical.

Check for UnderstandingI/II/III
Q 5 of 10

Which of the following statements about dumpster diving and card cloning are TRUE?

I. Dumpster diving primarily violates Confidentiality because the attacker gains unauthorized access to information they should not have.
II. Adding a PIN requirement entirely defeats card cloning as an attack vector.
III. A cross-cut shredder is more effective than a strip shredder for defending against dumpster diving because strip-shredded documents can be reconstructed.

AI only
BI and III only
CII and III only
DI, II, and III
Check for UnderstandingRisk Assessment
Q 6 of 10

You are completing the Xtensr Labs assessment. You identify two vulnerabilities:

A: Server room with research data — single keycard, no camera, no motion sensor.
B: Employee laptops in a badge-access office — not cable-locked to desks, contain no sensitive data.

Which risk classification correctly applies to each?

ABoth High risk — any physical vulnerability involving servers or computers is automatically High.
BA = High risk; B = Low risk — A directly exposes sensitive research data; B involves low-value assets in an area requiring additional access steps.
CA = Moderate risk; B = High risk — laptop theft is always High because devices can connect to company systems.
DBoth Moderate risk — both require physical access to exploit.
Check for UnderstandingMCQ
Q 7 of 10

An employee at a bank enters their PIN at an ATM. A person standing in line 3 feet behind watches the keypad. The bank wants to implement a control that most directly prevents this attack. Which control should they choose?

AInstall a mantrap at the ATM area entrance to prevent unauthorized persons from approaching.
BInstall a physical keypad hood that blocks line-of-sight to the PIN pad from any angle other than directly above, combined with a marked stand-back zone on the floor.
CInstall an RFID-blocking shield on the ATM to prevent card cloning.
DDeploy security awareness training reminding customers to shield keypads themselves.
Check for UnderstandingMCQ — Exploitation Mechanism
Q 8 of 10

Which scenario most directly illustrates the port access exploitation mechanism described in CED 2.2.B.5?

AAn adversary retrieves a decommissioned hard drive from a dumpster and uses data recovery software to extract research files.
BAn adversary cuts the power supply cable to a server rack, causing an unplanned service outage.
CAn adversary with brief physical access inserts a hardware keylogger between a workstation keyboard's USB cable and the computer port, enabling silent capture of all subsequent keystrokes.
DAn adversary places a skimming device over a building entrance card reader to clone employee badges.
Check for UnderstandingScenario — Attack Chain
Q 9 of 10

✎ Predict first: A security researcher searches the organization's trash. What does the attack type tell you about the organization's current document disposal practices?

Before a security assessment, a researcher reviews Xtensr Labs' trash bins and recovers: an org chart showing all security personnel and their access levels, a sticky note with a network administrator password, three hard drives labeled "Decommissioned — Wipe Pending," and a USB drive. What attack type, CIA violation, and most effective set of organizational controls apply?

AShoulder surfing; Confidentiality; install privacy screens on all workstations.
BCard cloning; All three CIA properties; implement card + PIN two-factor access.
CDumpster diving; Confidentiality; implement a cross-cut shredding mandate for all documents, a secure media destruction policy requiring physical destruction or degaussing before any hardware disposal, and a clean desk policy preventing sensitive materials from reaching general waste.
DTailgating; All three CIA properties; install mantraps at all entry points.
End of LessonAttack Chain Integration
Q 10 of 10
A bank's security team investigates a fraud incident. Forensic review reveals: (1) An external card reader skimmer was installed on the main branch ATM for 18 days. (2) A camera was placed near the ATM keypad, capturing PINs. (3) Cloned cards with captured PINs were used at another branch after hours. (4) The after-hours branch entry was achieved by slipping through the door when a cleaning crew member badged out.

Which sequence of attack types and corresponding defenses most accurately maps this incident?

ATailgating → Card Cloning → Shoulder Surfing → Physical access; defend with mantraps.
BCard Cloning + Dumpster Diving → Piggybacking → Physical access → Fraud.
CCard Cloning (ATM skimmer) + Shoulder Surfing (hidden camera for PINs) → Tailgating (slipping through door behind cleaning crew without their awareness) → ATM fraud; defend with: anti-skimmer ATM covers + PIN hood + access control vestibule at branch entrance.
DPiggybacking (skimmer installation) + Shoulder Surfing → Card Cloning → Physical access.

82.2.8 — Quick Reference & FAQ

★ CED Must-Know — 5 Physical Attacks + 4 Compromises + Disasters

5 attacks (2.2.A): Piggybacking, Tailgating, Shoulder Surfing, Dumpster Diving, Card Cloning
4 compromise types (2.2.B.2): Unauthorized access • Disruption of services • Theft/destruction • Unauthorized modification
Physical threats include (2.2.B.1): Human adversaries and natural disasters
Power disruption (2.2.B.3): electrical box, substations, transformers → Availability violation
Risk levels (2.2.C): High = sensitive exposed • Moderate = foothold • Low = low value + unlikely

Attack Authorized Cooperation? CIA Violated Primary Defense
Piggybacking YES — knowingly All three Security awareness training; visitor escort policy
Tailgating NO — unaware All three Access control vestibule (mantrap); turnstiles; guards
Shoulder Surfing N/A — target unaware Confidentiality Privacy screens; keypad hoods; physical barriers
Dumpster Diving N/A — unknowingly discards Confidentiality Cross-cut shredding; secure media destruction; clean desk policy
Card Cloning N/A — covert capture All three Card + PIN two-factor; RFID-blocking; access log monitoring
Power Disruption N/A — infrastructure attack Availability UPS; generators; physical security of electrical systems
Port Access (Keylogger) N/A — brief physical access Confidentiality Disable/block USB ports; device tamper inspection
  • What is the single most important distinguishing factor between piggybacking and tailgating?

    Whether the authorized person is aware and cooperates. Piggybacking: they know someone is following and allow it. Tailgating: they have no idea. This determines the primary defense: training changes human behavior (piggybacking); mantraps change physical mechanics (tailgating).

  • Is card cloning the same as badge theft?

    No — they are fundamentally different. Badge theft physically takes the card. Card cloning copies the card's data without ever taking it — the legitimate user continues using their original card while the attacker uses a duplicate. Access logs can detect cloning by flagging the same badge ID appearing at two locations simultaneously — an impossible travel indicator for physical access.

  • Why is dumpster diving classified as a physical attack if the attacker never enters the building?

    Dumpster diving exploits a physical vulnerability — the failure to control the disposal of physical materials. The attack does not require building entry because the sensitive material has already left the building through the disposal process. This is why shredding policies and secure media destruction are classified as physical security controls: they prevent sensitive material from entering the physical disposal stream where it becomes publicly accessible.

Premium Feature

1-on-1 Expert Support

Get personalized help from an AP Cybersecurity instructor — 2,067+ verified hours, 5.0 rating, 499+ reviews.

2,067+ Verified Hours 5.0 Wyzant Rating
Learn About Expert Sessions →
TC
Tanner Crow
AP Computer Science Teacher — Blue Valley North High School

Tanner has taught AP Computer Science for 11+ years and built APCSExamPrep.com to give every student access to the same resources his own students use. He holds 2,067+ verified tutoring hours on Wyzant with a 5.0 rating from 499+ reviews.

11+ Years Teaching AP CS 2,067+ Verified Tutoring Hours 499+ Five-Star Reviews 5.0 Rating on Wyzant
Content last reviewed and updated: June 2026
📋 Exit Ticket — Topic 2.2 | 5 Questions | Ready for Canvas / Google Classroom

Students submit before leaving.

  1. Explain (a) the key distinguishing feature between piggybacking and tailgating, and (b) why this distinction matters for choosing a defense. (AP Skill: Analyze Risk)
  2. A flood destroys three servers and disrupts access to the customer database for two weeks. Is this a physical security threat? Which of the four CED compromise types occurred? (AP Skill: Analyze Risk)
  3. An adversary damages the electrical box, cutting power to all servers. (a) What CED mechanism? (b) Which CIA property? (c) What control prevents the availability impact? (AP Skill: Analyze Risk)
  4. Rate each: (a) Database server with 50,000 records in an unlocked room off an unmonitored hallway. (b) Photocopier in a badge-access office with network connection and document memory. (AP Skill: Analyze Risk)
  5. An attacker shoulder-surfs a badge PIN, then uses a cloned card with that PIN to enter the server room after hours. Map each action to the six cyberattack phases. (AP Skill: Analyze Risk)
Answer Key: (1a) Authorized person awareness/cooperation. (1b) Different defenses: training vs. mantraps. (2) Yes — CED 2.2.B.1 includes natural disasters; compromises = disruption of services + theft/destruction. (3a) Power disruption via electrical box; (3b) Availability; (3c) UPS/generator. (4a) High; (4b) Moderate (foothold). (5) Shoulder surfing = Reconnaissance; card entry = Initial Access.
← Topic 2.1 Exercise 1 →

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]