AP Cybersecurity Unit 4: Securing Devices

AP Cybersecurity  ·  Unit 4

Securing Devices

Device types and vulnerabilities, malware, authentication and access control, hardening and configuration, and the unique architectural problem of IoT and embedded devices. Five full lessons with exercises, labs, quizzes, and a capstone exam.

5 Lessons
20 Exercises, Labs, Quizzes
1 Unit Exam (20 Q)
95+ Practice Questions
📚 What This Unit Covers

Unit 4 is about the devices themselves — everything from the laptop you’re reading this on to the medical infusion pump that keeps a patient alive. You’ll learn why different device categories have different security profiles, how attackers compromise them, and how defenders systematically reduce risk through hardening and architecture.

The unit builds in a specific order: 4.1 introduces the devices and their generic vulnerabilities, 4.2 covers the malware that targets them, 4.3 covers authentication and access control, 4.4 teaches the six pillars of hardening as a systematic discipline, and 4.5 shows how IoT and embedded devices invert the usual hardening playbook by forcing network-architecture defenses instead.

Course Outline

4.1

Device Types and Vulnerabilities

Endpoints, mobile, IoT, and embedded devices. Attack surface, why IoT and embedded are hardest to secure, and the common device vulnerabilities that lead to breaches.

Start Lesson 4.1 →

Support pages for 4.1 are part of the legacy 1.x wireless-security support set; they will be refreshed in a future rebuild.

Key terms

Attack surface, endpoint device, mobile device, IoT, embedded system, default credentials, hardening, vulnerability assessment, firmware.

4.2

Malware and Malicious Software

Eight malware categories (virus, worm, trojan, ransomware, spyware, adware, rootkit, botnet), fileless and living-off-the-land attacks, delivery vectors, and signature vs. behavioral detection.

Start Lesson 4.2 →
Exercises, Lab, and Quiz (4 pages)
Key terms

Malware, virus, worm, trojan, ransomware, spyware, rootkit, botnet, fileless malware, payload, zero-day, signature-based detection, behavioral detection, sandbox analysis, EDR.

4.3

Authentication and Access Control

Three authentication factors (know/have/are), multi-factor authentication strength ordering, SSO and federation, passwordless and passkeys, access control models (DAC, MAC, RBAC, ABAC), principle of least privilege, separation of duties, and common auth attacks (phishing, MFA fatigue, SIM swap, pass-the-hash).

Start Lesson 4.3 →
Exercises, Lab, and Quiz (4 pages)
Key terms

Authentication, authorization, MFA, factor (know/have/are), SSO, federation, passkey, DAC, MAC, RBAC, ABAC, principle of least privilege, separation of duties, MFA fatigue, SIM swap.

4.4

Device Hardening and Configuration

The six pillars of hardening (secure baseline, patch management, service reduction, account hardening, logging, endpoint protection), CIS Benchmarks and DISA STIGs, endpoint protection ladder (AV, NGAV, EDR, XDR), mobile device management (MDM / COPE / BYOD / MAM), and configuration drift with configuration-management defenses.

Start Lesson 4.4 →
Exercises, Lab, and Quiz (4 pages)
Key terms

Device hardening, secure baseline, patch management, CIS Benchmark, DISA STIG, antivirus, NGAV, EDR, XDR, host-based firewall, MDM, BYOD, MAM, COPE, configuration drift, configuration management.

4.5

Securing IoT and Embedded Devices

The four structural constraints of IoT (limited resources, long lifecycles, no patch channel, default credentials), network segmentation and VLAN isolation as the primary defense, device inventory and lifecycle management, firmware integrity via signed updates and secure boot, certificate-based authentication with PKI, and emerging standards (IoT Cybersecurity Improvement Act, EU Cyber Resilience Act, Matter).

Start Lesson 4.5 →
Exercises, Lab, and Quiz (4 pages)
Key terms

IoT, embedded system, operational technology, VLAN, network segmentation, egress filtering, firmware, secure boot, signed firmware update, PKI, device certificate, device inventory, Matter, IoT Cybersecurity Improvement Act.

✎ Capstone Assessment

Unit 4 Final Exam

20 multiple-choice questions spanning all five lessons (four questions per lesson). Timer, instant feedback, and a per-lesson score breakdown so you can see exactly which topics to review. Target: 16 of 20 (80%) or better.

Take the Unit 4 Exam →
📚 Study Strategy

Work one lesson at a time: read the lesson → do Exercise 1 (predict-first scenarios) → do Exercise 2 (harder applied challenges) → work the Lab in writing before revealing answers → take the Quiz. When all five lessons are at 80%+, take the Unit 4 Exam. The per-lesson breakdown will tell you where to focus for the real AP exam.

← Course Hub Start with Lesson 4.1 →

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]