AP exam review verified for 2027

AP Cybersecurity Exam Review

The AP Cybersecurity Exam tests your ability to analyze real device scenarios using policies, logs, firewall configs, and permissions, not just recall definitions. Use the guides here to understand exactly what each section asks and how to respond efficiently.

This page covers exam format, section strategy, task verb expectations, and a review sequence to help you prepare for both the MCQ and FRQ sections.

What is the AP Cybersecurity Exam?

AP Cybersecurity launched nationally for the 2026-27 school year, with the first exam in 2027. Because no official exam context exists yet, the best preparation evidence comes from the official exam format and the published course framework. Both sections reward applying cybersecurity concepts to scenarios over memorizing isolated definitions.

The exam is 2 hours and 10 minutes. Section I has 60 MCQ in 80 minutes worth 70% of your score. Section II has 1 Device Security Analysis FRQ with a suggested 50 minutes worth 30%. Every question, in both sections, is scenario-driven and asks you to reason with evidence rather than recall a term.

Section I: Multiple Choice

60 questions, 80 minutes, 70% of your score. That is roughly 80 seconds per question. All five course units appear here. Questions are scenario-based, so you need to read quickly and identify what security concept or skill the scenario is testing before you evaluate the answer choices.

Section II: Device Security Analysis FRQ

1 question, suggested 50 minutes, 30% of your score. You receive multiple simulated sources about one digital device, such as a firewall configuration, permission list, or system log, and respond to several parts using task verbs like identify, explain, describe, determine, and write.

What the Exam Rewards

Both sections prioritize analysis over memorization. On the MCQ, you apply concepts to novel scenarios. On the FRQ, you cite specific evidence from the provided sources and explain your reasoning. Vague answers that name a concept without connecting it to the source material will not earn full credit.

Evidence is the core skill on both sections

Whether you are eliminating a wrong MCQ answer or writing an FRQ response, the exam expects you to ground your reasoning in specific details: a log entry, a firewall rule, a permission setting, or a policy statement. Practicing how to read and cite simulated sources is the highest-leverage preparation move for this exam.

Exam review study guides

1

Multiple-Choice Strategy

60 questions in 80 minutes across all five course units. The MCQ guide covers official skill weighting, unit scope, and a reading approach for scenario-driven questions so you can identify the tested concept quickly and eliminate wrong answers efficiently.

open guide
2

Device Security Analysis FRQ

One question, 50 minutes suggested, 30% of your score. You analyze simulated sources such as firewall configs, permission lists, and system logs to identify issues, cite evidence, and evaluate security controls. The FRQ guide and Device Security Analysis guide both walk through this task in detail.

open guide
3

Task Verbs and Response Models

The five task verbs on the AP Cybersecurity FRQ are identify, explain, describe, determine, and write. Each verb signals a different response type. The task verbs guide gives evidence-based response models for each so you know exactly what a full-credit answer looks like.

open guide
4

Is AP Cybersecurity Hard?

AP Cybersecurity is new, with no official exam context yet. The difficulty guide explains what is known about the exam so far, what skills the format rewards, and a two-week study path based on the official exam structure.

open guide
5

AP Cybersecurity FRQ Guide

Prepare for the AP Cybersecurity Device Security Analysis FRQ. Learn how to use policies, permissions, logs, configs, and evidence in a 50-minute response.

open guide

AP Cybersecurity Exam review notes

Exam format

Section I: MCQ structure and pacing

Section I is 60 questions in 80 minutes, worth 70% of your score. Questions are scenario-driven across all five course units. At about 80 seconds per question, you need a reading method that is fast but accurate: read the scenario, identify the security concept being tested, then evaluate choices. Skip and return to questions that require long re-reads.

  • 60 questions: Total multiple-choice items in Section I
  • 80 minutes: Time allotted for the full MCQ section
  • 70%: Portion of your total exam score from Section I
  • All 5 units: Every course unit is assessed in Section I, so no unit is safe to skip
Can you identify which course unit a scenario-based MCQ is testing within the first two sentences of the prompt? That recognition speed is what keeps your pacing on track.
SectionQuestionsTimeScore Weight
Section I (MCQ)6080 minutes70%
Section II (FRQ)150 minutes suggested30%
Exam format

Section II: Device Security Analysis FRQ

Section II is one Device Security Analysis question with a suggested time of 50 minutes. You receive several simulated sources about a single digital device and answer multiple parts. Each part uses a specific task verb that tells you exactly what kind of response is expected. Reading all sources before writing is strongly recommended because evidence from one source often supports a part that seems to be about a different source.

  • Identify: Point to a specific security issue or piece of evidence in the sources without extended explanation
  • Explain: State what is happening and why it matters, connecting the evidence to a security concept
  • Describe: Give enough detail about a process, setting, or behavior that someone unfamiliar could understand it
  • Determine: Reach a conclusion based on the evidence and show the reasoning that led there
  • Write: Produce a specific artifact such as a rule, policy line, or configuration entry in correct syntax or format
Before you write your first sentence on the FRQ, underline or annotate the specific evidence in the sources you plan to cite for each part. Responses that name a concept without quoting or referencing source details rarely earn full credit.
Task VerbWhat It Asks ForCommon Error
IdentifyName the specific issue or evidenceDescribing instead of pointing directly
ExplainState what and why with source evidenceStating what without the why
DescribeDetail a process or setting clearlyBeing too vague to show understanding
DetermineReach a conclusion with reasoningGiving a conclusion without showing the logic
WriteProduce a rule, config, or policy entryUsing natural language instead of correct syntax
Preparation sequence

Where to start your review

Because no official exam context exists yet, prioritize the areas the exam format signals most clearly. The FRQ is one question worth 30% of your score, so understanding the Device Security Analysis task and the five task verbs is high-priority work. For the MCQ, review all five units and practice reading scenarios quickly to identify the concept being tested. Use the topic guides available on this page to work through FRQ strategy and MCQ scope.

  • FRQ guide: Covers the Device Security Analysis task, source types, and how to cite evidence and explain reasoning
  • MCQ guide: Covers Section I skill weighting, all five units, and a reading approach for scenario-driven questions
  • Task verbs guide: Breaks down identify, explain, describe, determine, and write with response models for each
  • Device Security Analysis guide: Walks through the FRQ source types including policies, firewall configs, permissions, and logs
Have you read at least one simulated Device Security Analysis source set and practiced annotating it before writing? That workflow is the core FRQ skill this exam tests.
PriorityTaskResource
FirstUnderstand the FRQ format and source typesDevice Security Analysis FRQ Guide
SecondLearn the five task verbs and response modelsAP Cybersecurity Task Verbs Guide
ThirdReview all five units for MCQ scopeAP Cybersecurity MCQ Guide
FourthPractice reading and annotating simulated sourcesAP Cybersecurity FRQ Guide

Common mistakes

Writing about a concept instead of citing the source

On the FRQ, a response that explains what a firewall does in general will not earn the same credit as one that references the specific rule or entry in the provided firewall configuration. Always tie your answer to the actual source material.

Misreading the task verb

Explain and describe are not the same thing, and neither is the same as identify. If a part says identify and you write three sentences of explanation, you may be doing extra work without earning extra credit. Read the verb first, then write exactly what it asks for.

Spending too long on hard MCQ questions

At 80 seconds per question, lingering on one difficult scenario can cost you time on several easier ones. Mark uncertain questions, move on, and return if time allows.

Skipping units when reviewing for the MCQ

All five course units appear in Section I. Focusing only on the units you find most interesting or most familiar leaves gaps that scenario questions will expose. The MCQ guide covers the full unit scope so you can review proportionally.

Using natural language where the write verb asks for syntax

When an FRQ part uses the write task verb, it expects a correctly formatted rule, configuration entry, or policy line, not a sentence describing what the rule should do. Practice producing the actual format, not a description of it.

How this exam guide helps with AP prep

The FRQ and MCQ test the same five units

Every concept that appears in the Device Security Analysis FRQ, such as firewall rules, file permissions, access controls, and log analysis, is also fair game in Section I MCQ scenarios. Studying the FRQ source types is not separate from MCQ prep; it reinforces the same unit content from a different angle.

Task verbs signal the depth of response the FRQ expects

The five task verbs used in the Device Security Analysis FRQ each correspond to a different level of response. Identify requires less elaboration than explain, and write requires a formatted artifact rather than prose. Matching your response depth to the verb is how you avoid losing credit on parts you actually understand.

Evidence-based reasoning connects both sections

On the MCQ, eliminating wrong answers depends on recognizing what the scenario evidence supports. On the FRQ, earning credit depends on citing specific source details. The core skill is the same: read the scenario or source carefully, identify the relevant evidence, and use it to support a precise conclusion.

Review checklist

  • Know the exam format coldSection I is 60 MCQ in 80 minutes at 70% of your score. Section II is 1 Device Security Analysis FRQ with a suggested 50 minutes at 30%. Knowing the structure before exam day removes decision-making pressure during the test.
  • Review all five course units for the MCQEvery unit is assessed in Section I. Use the MCQ guide to check which skill categories are weighted most heavily and make sure you can recognize the tested concept from the first two sentences of a scenario prompt.
  • Practice the FRQ source-reading workflowBefore writing any FRQ response, read all provided sources and annotate the specific evidence you plan to cite for each part. This workflow prevents the most common FRQ error: writing about a concept without grounding it in the actual source material.
  • Match your response to the task verbEach FRQ part uses a specific task verb. Identify asks you to point, explain asks you to state what and why, describe asks for detail, determine asks for a reasoned conclusion, and write asks for a correctly formatted artifact. Misreading the verb is one of the most common ways to lose credit on a part you actually understand.
  • Read the Device Security Analysis guide before exam dayThe FRQ gives you multiple simulated sources about one device. The Device Security Analysis guide walks through the source types you will see, including policies, firewall configurations, permission lists, and logs, so none of them feel unfamiliar during the exam.
  • Use the task verbs guide to check your response modelsFor each of the five task verbs, confirm you can write a response that matches what the verb asks. The task verbs guide includes evidence-based models for each one. If any verb still feels unclear, review that section before the exam.

How to study AP cybersecurity exam

Days 1 to 3: Learn the exam format and FRQ taskRead the AP Cybersecurity FRQ Guide and the Device Security Analysis FRQ Guide. Understand what sources the FRQ provides, what each part asks, and how the 50-minute suggested time maps to the number of parts. Then read the Task Verbs Guide and write one example response for each of the five verbs.
Days 4 to 7: Review all five units for MCQ scopeUse the AP Cybersecurity MCQ Guide to work through the official skill weighting and unit coverage for Section I. For each unit, identify the core concepts and practice recognizing them in scenario descriptions. Focus on units where you feel least confident first.
Days 8 to 10: Practice the FRQ source-reading workflowTake any simulated source set, such as a sample firewall config, permission list, or log, and practice annotating it before writing. For each annotation, note which FRQ part the evidence supports. Then write a response for each part and check that every sentence references a specific source detail.
Days 11 to 13: Timed MCQ review and pacing checkWork through MCQ scenarios under timed conditions. Aim for the 80-second-per-question pace. After each set, review which questions took too long and identify whether the delay was from reading the scenario, recognizing the concept, or evaluating the answer choices. Adjust your reading approach accordingly.
Day 14: Final format review and logisticsReread the exam format details: 2 hours 10 minutes total, Section I is 60 questions in 80 minutes at 70%, Section II is 1 FRQ in 50 minutes at 30%. Review your task verb response models one more time. Confirm you know what to do in the first five minutes of each section before you start writing.

More ways to review

Topic study guides

Open the individual guides for AP Cybersecurity Exam when you want a closer review of one topic.

browse guides

Frequently Asked Questions

What does the AP Cybersecurity Exam look like?

The AP Cybersecurity Exam is 2 hours and 10 minutes long. Section I has 60 multiple-choice questions in 80 minutes, worth 70% of your score. Section II has one free-response question, the Device Security Analysis, with a suggested 50 minutes and worth 30% of your score.

What is the Device Security Analysis FRQ on the AP Cybersecurity Exam?

The Device Security Analysis is the single free-response question on the AP Cybersecurity Exam. It gives you several simulated sources about one digital device, such as firewall configs, file-system permissions, security policies, and log files, and asks you to identify security issues, find evidence of attacks, and evaluate security controls.

How are the AP Cybersecurity MCQs weighted by skill?

The 60 MCQs cover all five course units and are organized around three assessed skill categories, each appearing at roughly 25 to 35 percent of the section. Questions test your ability to identify threats, mitigate risk, and detect attacks across scenarios involving networks, devices, and applications.

What task verbs appear on the AP Cybersecurity FRQ?

The AP Cybersecurity Device Security Analysis FRQ uses five task verbs: identify, explain, describe, determine, and write. Each verb signals a different type of response. Matching your answer to the correct verb is one of the most reliable ways to earn full credit, even on parts you find straightforward.

How should I prepare for the AP Cybersecurity Exam?

Focus on the five course units, then practice reading artifacts like logs, firewall configs, and permission tables quickly and accurately. Use the MCQ guide to learn skill weighting and trap patterns, and use the FRQ guide to build a repeatable workflow for the Device Security Analysis question before exam day.

What sources are provided in the AP Cybersecurity Device Security Analysis FRQ?

The FRQ provides multiple simulated sources tied to a single digital device. These typically include firewall settings, file-system permissions, security policies, and log files such as auth logs, web server access logs, and application network logs. Your job is to cite specific evidence from these sources in your responses.

Ready to review AP Cybersecurity Exam?Start with the notes, check the topic cards, and use the practice or resource links when they are available for this course.