AP Cybersecurity Unit 4: Securing Devices

Hands-On Case FileUnit 4 Case File: Lock the EndpointStep into the analyst's chair and put this unit to work on a real scenario. Examine the evidence, make the calls, and write up your findings.Open the Case File →
AP Cybersecurity · Unit 4

Securing Devices

Device vulnerabilities and attacks, authentication, protecting devices, and detecting attacks on devices — the four CED topics for Unit 4. Four lessons with exercises, labs, quizzes, and a capstone exam.

4 Lessons
16 Exercises, Labs, Quizzes
1 Unit Exam (20 Q)
95+ Practice Questions
📚 What This Unit Covers

Unit 4 is about the devices themselves — everything from the laptop you’re reading this on to the medical infusion pump that keeps a patient alive. You’ll learn why different device categories have different security profiles, how attackers compromise them, and how defenders systematically reduce risk through policies, patching, and detection.

The unit follows the four CED topics in order: 4.1 covers all four device types, all eight malware categories, common exploitation vectors, and risk assessment. 4.2 covers authentication — how passwords are stored as hashes, how password attacks work, and how to configure login settings securely. 4.3 covers protecting devices through managerial policies, anti-malware, patching, and host-based firewalls. 4.4 covers detecting attacks by analyzing authentication logs for indicators of compromise (IoCs).

Course Outline

4.1

Device Vulnerabilities and Attacks

The four CED device types (server, personal computer, handheld/mobile, embedded/IoT), all eight malware categories (virus, worm, trojan, ransomware, spyware, adware, rootkit, botnet), common exploitation vectors (open ports, malicious data, malware installation), and risk assessment across device criticality levels.

Start Lesson 4.1 →
Key terms

Server, personal computer, handheld/mobile device, embedded system, IoT, malware, virus, worm, trojan, ransomware, spyware, adware, rootkit, botnet, attack surface, open port, vulnerability, risk assessment, firmware.

4.2

Authentication

Why passwords are stored as hashes (not plaintext), the four properties of cryptographic hash functions, how salting prevents rainbow table attacks, how password attacks work (brute force, dictionary, credential stuffing, pass-the-hash), the three authentication factors (know/have/are), and how to configure login settings securely (CED 4.2.A–D).

Start Lesson 4.2 →
Exercises, Lab, and Quiz (4 pages)
Key terms

Hash / digest / checksum, collision resistance, one-way function, salting, rainbow table, brute-force attack, dictionary attack, credential stuffing, pass-the-hash, authentication factor (know/have/are), multi-factor authentication, account lockout, password policy.

4.3

Protecting Devices

The three CED managerial policies (acceptable use, password, software installation), how anti-malware signature scanning works and its limits against fileless malware, why keeping operating systems and software updated matters, and how to configure a host-based firewall to reduce attack surface (CED 4.3.A–D).

Start Lesson 4.3 →
Exercises, Lab, and Quiz (4 pages)
Key terms

Acceptable use policy, password policy, software installation policy, anti-malware, signature-based detection, behavioral detection, patch management, operating system update, host-based firewall, firewall rule, allow list, deny list, attack surface reduction.

4.4

Detecting Attacks on Devices

What system logs record and how to read them, the three IoC types (host-based, file-based, behavior-based) with examples of each, detection controls (EDR, SIEM, integrity monitoring, behavioral analytics), and applying detection techniques to identify indicators of password attacks in authentication log files (CED 4.4.A–D).

Start Lesson 4.4 →
Exercises, Lab, and Quiz (4 pages)
Key terms

Indicator of compromise (IoC), system log, authentication log, host-based IoC, file-based IoC, behavior-based IoC, EDR, SIEM, file integrity monitoring, behavioral analytics, failed login threshold, log analysis.

Enrichment — Beyond CED Scope

Securing IoT and Embedded Devices

IoT structural constraints, network segmentation as primary defense, firmware integrity, and emerging standards. This content goes beyond the four CED topics but provides useful context for the AP exam’s device vulnerability questions.

Explore Enrichment Lesson →
✒ Capstone Assessment

Unit 4 Final Exam

20 multiple-choice questions spanning all four CED topics (five questions per topic). Timer, instant feedback, and a per-topic score breakdown so you can see exactly which topics to review. Target: 16 of 20 (80%) or better.

Take the Unit 4 Exam →
📚 Study Strategy

Work one topic at a time: read the lesson → do Exercise 1 (guided scenarios) → do Exercise 2 (harder applied challenges) → work the Lab in writing before revealing answers → take the Quiz. When all four topics are at 80%+, take the Unit 4 Exam. The per-topic breakdown will tell you exactly where to focus.

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]