---
title: "AP Cybersecurity Exam"
description: "AP Cybersecurity Exam - Ap Cybersecurity unit content"
canonical: "https://fiveable.me/ap-cybersecurity/ap-cybersecurity-exam"
type: "unit"
subject: "AP Cybersecurity"
unit: "AP Cybersecurity Exam"
---

# AP Cybersecurity Exam

## Overview

AP Cybersecurity is a fully digital exam with two sections. Section I is 60 multiple-choice questions in 80 minutes and counts for 70% of your score. Section II is one Device Security Analysis free-response question with a suggested 50 minutes and counts for 30%. The FRQ gives you several simulated sources about a single digital device and asks you to identify security issues, cite evidence, and evaluate controls.

## AP CED Alignment

This unit hub is organized around AP Course and Exam Description topics, skills, and exam task types when they are available in the source data.
- Section I: Multiple-Choice Strategy
- Section II: Device Security Analysis FRQ
- FRQ skills: Task Verbs and Response Models
- Exam context: Is AP Cybersecurity Hard?
- guide: AP Cybersecurity FRQ Guide
- Exam format: Section I: MCQ structure and pacing
- Exam format: Section II: Device Security Analysis FRQ
- Preparation sequence: Where to start your review

## Topics

- [Section I: Multiple-Choice Strategy](/ap-cybersecurity/ap-cybersecurity-exam/ap-cybersecurity-mcq-guide/study-guide/9z2vd2P2kBYClcrjwAXE): 60 questions in 80 minutes across all five course units. The MCQ guide covers official skill weighting, unit scope, and a reading approach for scenario-driven questions so you can identify the tested concept quickly and eliminate wrong answers efficiently.
- [Section II: Device Security Analysis FRQ](/ap-cybersecurity/ap-cybersecurity-exam/device-security-analysis-frq-guide/study-guide/XTqAuLYs3z5GBKVnNrJB): One question, 50 minutes suggested, 30% of your score. You analyze simulated sources such as firewall configs, permission lists, and system logs to identify issues, cite evidence, and evaluate security controls. The FRQ guide and Device Security Analysis guide both walk through this task in detail.
- [FRQ skills: Task Verbs and Response Models](/ap-cybersecurity/ap-cybersecurity-exam/ap-cybersecurity-task-verbs/study-guide/UnktKP8PvGhKwuCizJGc): The five task verbs on the AP Cybersecurity FRQ are identify, explain, describe, determine, and write. Each verb signals a different response type. The task verbs guide gives evidence-based response models for each so you know exactly what a full-credit answer looks like.
- [Exam context: Is AP Cybersecurity Hard?](/ap-cybersecurity/ap-cybersecurity-exam/ap-cybersecurity-is-it-hard/study-guide/ap-cybersecurity-is-it-hard): AP Cybersecurity is new, with no official exam context yet. The difficulty guide explains what is known about the exam so far, what skills the format rewards, and a two-week study path based on the official exam structure.
- [guide: AP Cybersecurity FRQ Guide](/ap-cybersecurity/ap-cybersecurity-exam/ap-cybersecurity-frq-guide/study-guide/fBH5I876PZ1vVNGHGmc4): Prepare for the AP Cybersecurity Device Security Analysis FRQ. Learn how to use policies, permissions, logs, configs, and evidence in a 50-minute response.

## Review Notes

### Exam format: Section I: MCQ structure and pacing

Section I is 60 questions in 80 minutes, worth 70% of your score. Questions are scenario-driven across all five course units. At about 80 seconds per question, you need a reading method that is fast but accurate: read the scenario, identify the security concept being tested, then evaluate choices. Skip and return to questions that require long re-reads.

- **60 questions**: Total multiple-choice items in Section I
- **80 minutes**: Time allotted for the full MCQ section
- **70%**: Portion of your total exam score from Section I
- **All 5 units**: Every course unit is assessed in Section I, so no unit is safe to skip

**Checkpoint:** Can you identify which course unit a scenario-based MCQ is testing within the first two sentences of the prompt? That recognition speed is what keeps your pacing on track.

Section | Questions | Time | Score Weight
--- | --- | --- | ---
Section I (MCQ) | 60 | 80 minutes | 70%
Section II (FRQ) | 1 | 50 minutes suggested | 30%

### Exam format: Section II: Device Security Analysis FRQ

Section II is one Device Security Analysis question with a suggested time of 50 minutes. You receive several simulated sources about a single digital device and answer multiple parts. Each part uses a specific task verb that tells you exactly what kind of response is expected. Reading all sources before writing is strongly recommended because evidence from one source often supports a part that seems to be about a different source.

- **Identify**: Point to a specific security issue or piece of evidence in the sources without extended explanation
- **Explain**: State what is happening and why it matters, connecting the evidence to a security concept
- **Describe**: Give enough detail about a process, setting, or behavior that someone unfamiliar could understand it
- **Determine**: Reach a conclusion based on the evidence and show the reasoning that led there
- **Write**: Produce a specific artifact such as a rule, policy line, or configuration entry in correct syntax or format

**Checkpoint:** Before you write your first sentence on the FRQ, underline or annotate the specific evidence in the sources you plan to cite for each part. Responses that name a concept without quoting or referencing source details rarely earn full credit.

Task Verb | What It Asks For | Common Error
--- | --- | ---
Identify | Name the specific issue or evidence | Describing instead of pointing directly
Explain | State what and why with source evidence | Stating what without the why
Describe | Detail a process or setting clearly | Being too vague to show understanding
Determine | Reach a conclusion with reasoning | Giving a conclusion without showing the logic
Write | Produce a rule, config, or policy entry | Using natural language instead of correct syntax

### Preparation sequence: Where to start your review

Because no official exam context exists yet, prioritize the areas the exam format signals most clearly. The FRQ is one question worth 30% of your score, so understanding the Device Security Analysis task and the five task verbs is high-priority work. For the MCQ, review all five units and practice reading scenarios quickly to identify the concept being tested. Use the topic guides available on this page to work through FRQ strategy and MCQ scope.

- **FRQ guide**: Covers the Device Security Analysis task, source types, and how to cite evidence and explain reasoning
- **MCQ guide**: Covers Section I skill weighting, all five units, and a reading approach for scenario-driven questions
- **Task verbs guide**: Breaks down identify, explain, describe, determine, and write with response models for each
- **Device Security Analysis guide**: Walks through the FRQ source types including policies, firewall configs, permissions, and logs

**Checkpoint:** Have you read at least one simulated Device Security Analysis source set and practiced annotating it before writing? That workflow is the core FRQ skill this exam tests.

Priority | Task | Resource
--- | --- | ---
First | Understand the FRQ format and source types | Device Security Analysis FRQ Guide
Second | Learn the five task verbs and response models | AP Cybersecurity Task Verbs Guide
Third | Review all five units for MCQ scope | AP Cybersecurity MCQ Guide
Fourth | Practice reading and annotating simulated sources | AP Cybersecurity FRQ Guide

## Study Guides

- [AP Cybersecurity FRQ Guide](/ap-cybersecurity/ap-cybersecurity-exam/ap-cybersecurity-frq-guide/study-guide/fBH5I876PZ1vVNGHGmc4)
- [Device Security Analysis FRQ Guide](/ap-cybersecurity/ap-cybersecurity-exam/device-security-analysis-frq-guide/study-guide/XTqAuLYs3z5GBKVnNrJB)
- [AP Cybersecurity MCQ Guide](/ap-cybersecurity/ap-cybersecurity-exam/ap-cybersecurity-mcq-guide/study-guide/9z2vd2P2kBYClcrjwAXE)
- [AP Cybersecurity Task Verbs Guide](/ap-cybersecurity/ap-cybersecurity-exam/ap-cybersecurity-task-verbs/study-guide/UnktKP8PvGhKwuCizJGc)
- [Is AP Cybersecurity Hard? Difficulty and Worth It Guide](/ap-cybersecurity/ap-cybersecurity-exam/ap-cybersecurity-is-it-hard/study-guide/ap-cybersecurity-is-it-hard)

## Common Mistakes

- **Writing about a concept instead of citing the source**: On the FRQ, a response that explains what a firewall does in general will not earn the same credit as one that references the specific rule or entry in the provided firewall configuration. Always tie your answer to the actual source material.
- **Misreading the task verb**: Explain and describe are not the same thing, and neither is the same as identify. If a part says identify and you write three sentences of explanation, you may be doing extra work without earning extra credit. Read the verb first, then write exactly what it asks for.
- **Spending too long on hard MCQ questions**: At 80 seconds per question, lingering on one difficult scenario can cost you time on several easier ones. Mark uncertain questions, move on, and return if time allows.
- **Skipping units when reviewing for the MCQ**: All five course units appear in Section I. Focusing only on the units you find most interesting or most familiar leaves gaps that scenario questions will expose. The MCQ guide covers the full unit scope so you can review proportionally.
- **Using natural language where the write verb asks for syntax**: When an FRQ part uses the write task verb, it expects a correctly formatted rule, configuration entry, or policy line, not a sentence describing what the rule should do. Practice producing the actual format, not a description of it.

## Exam Connections

- **The FRQ and MCQ test the same five units**: Every concept that appears in the Device Security Analysis FRQ, such as firewall rules, file permissions, access controls, and log analysis, is also fair game in Section I MCQ scenarios. Studying the FRQ source types is not separate from MCQ prep; it reinforces the same unit content from a different angle.
- **Task verbs signal the depth of response the FRQ expects**: The five task verbs used in the Device Security Analysis FRQ each correspond to a different level of response. Identify requires less elaboration than explain, and write requires a formatted artifact rather than prose. Matching your response depth to the verb is how you avoid losing credit on parts you actually understand.
- **Evidence-based reasoning connects both sections**: On the MCQ, eliminating wrong answers depends on recognizing what the scenario evidence supports. On the FRQ, earning credit depends on citing specific source details. The core skill is the same: read the scenario or source carefully, identify the relevant evidence, and use it to support a precise conclusion.

## Final Review Checklist

- **Know the exam format cold**: Section I is 60 MCQ in 80 minutes at 70% of your score. Section II is 1 Device Security Analysis FRQ with a suggested 50 minutes at 30%. Knowing the structure before exam day removes decision-making pressure during the test.
- **Review all five course units for the MCQ**: Every unit is assessed in Section I. Use the MCQ guide to check which skill categories are weighted most heavily and make sure you can recognize the tested concept from the first two sentences of a scenario prompt.
- **Practice the FRQ source-reading workflow**: Before writing any FRQ response, read all provided sources and annotate the specific evidence you plan to cite for each part. This workflow prevents the most common FRQ error: writing about a concept without grounding it in the actual source material.
- **Match your response to the task verb**: Each FRQ part uses a specific task verb. Identify asks you to point, explain asks you to state what and why, describe asks for detail, determine asks for a reasoned conclusion, and write asks for a correctly formatted artifact. Misreading the verb is one of the most common ways to lose credit on a part you actually understand.
- **Read the Device Security Analysis guide before exam day**: The FRQ gives you multiple simulated sources about one device. The Device Security Analysis guide walks through the source types you will see, including policies, firewall configurations, permission lists, and logs, so none of them feel unfamiliar during the exam.
- **Use the task verbs guide to check your response models**: For each of the five task verbs, confirm you can write a response that matches what the verb asks. The task verbs guide includes evidence-based models for each one. If any verb still feels unclear, review that section before the exam.

## Study Plan

- **Days 1 to 3: Learn the exam format and FRQ task**: Read the AP Cybersecurity FRQ Guide and the Device Security Analysis FRQ Guide. Understand what sources the FRQ provides, what each part asks, and how the 50-minute suggested time maps to the number of parts. Then read the Task Verbs Guide and write one example response for each of the five verbs.
- **Days 4 to 7: Review all five units for MCQ scope**: Use the AP Cybersecurity MCQ Guide to work through the official skill weighting and unit coverage for Section I. For each unit, identify the core concepts and practice recognizing them in scenario descriptions. Focus on units where you feel least confident first.
- **Days 8 to 10: Practice the FRQ source-reading workflow**: Take any simulated source set, such as a sample firewall config, permission list, or log, and practice annotating it before writing. For each annotation, note which FRQ part the evidence supports. Then write a response for each part and check that every sentence references a specific source detail.
- **Days 11 to 13: Timed MCQ review and pacing check**: Work through MCQ scenarios under timed conditions. Aim for the 80-second-per-question pace. After each set, review which questions took too long and identify whether the delay was from reading the scenario, recognizing the concept, or evaluating the answer choices. Adjust your reading approach accordingly.
- **Day 14: Final format review and logistics**: Reread the exam format details: 2 hours 10 minutes total, Section I is 60 questions in 80 minutes at 70%, Section II is 1 FRQ in 50 minutes at 30%. Review your task verb response models one more time. Confirm you know what to do in the first five minutes of each section before you start writing.

## More Ways To Review

- [Topic study guides](/ap-cybersecurity/ap-cybersecurity-exam#topics)

## FAQs

### What does the AP Cybersecurity Exam look like?

The AP Cybersecurity Exam is 2 hours and 10 minutes long. Section I has 60 multiple-choice questions in 80 minutes, worth 70% of your score. Section II has one free-response question, the Device Security Analysis, with a suggested 50 minutes and worth 30% of your score.

### What is the Device Security Analysis FRQ on the AP Cybersecurity Exam?

The Device Security Analysis is the single free-response question on the AP Cybersecurity Exam. It gives you several simulated sources about one digital device, such as firewall configs, file-system permissions, security policies, and log files, and asks you to identify security issues, find evidence of attacks, and evaluate security controls.

### How are the AP Cybersecurity MCQs weighted by skill?

The 60 MCQs cover all five course units and are organized around three assessed skill categories, each appearing at roughly 25 to 35 percent of the section. Questions test your ability to identify threats, mitigate risk, and detect attacks across scenarios involving networks, devices, and applications.

### What task verbs appear on the AP Cybersecurity FRQ?

The AP Cybersecurity Device Security Analysis FRQ uses five task verbs: identify, explain, describe, determine, and write. Each verb signals a different type of response. Matching your answer to the correct verb is one of the most reliable ways to earn full credit, even on parts you find straightforward.

### How should I prepare for the AP Cybersecurity Exam?

Focus on the five course units, then practice reading artifacts like logs, firewall configs, and permission tables quickly and accurately. Use the MCQ guide to learn skill weighting and trap patterns, and use the FRQ guide to build a repeatable workflow for the Device Security Analysis question before exam day.

### What sources are provided in the AP Cybersecurity Device Security Analysis FRQ?

The FRQ provides multiple simulated sources tied to a single digital device. These typically include firewall settings, file-system permissions, security policies, and log files such as auth logs, web server access logs, and application network logs. Your job is to cite specific evidence from these sources in your responses.

## Structured Data

```json
{"@context":"https://schema.org","@type":"FAQPage","inLanguage":"en","mainEntity":[{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/ap-cybersecurity-exam#what-does-the-ap-cybersecurity-exam-look-like","name":"What does the AP Cybersecurity Exam look like?","acceptedAnswer":{"@type":"Answer","text":"The AP Cybersecurity Exam is 2 hours and 10 minutes long. Section I has 60 multiple-choice questions in 80 minutes, worth 70% of your score. Section II has one free-response question, the Device Security Analysis, with a suggested 50 minutes and worth 30% of your score."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/ap-cybersecurity-exam#what-is-the-device-security-analysis-frq-on-the-ap-cybersecurity-exam","name":"What is the Device Security Analysis FRQ on the AP Cybersecurity Exam?","acceptedAnswer":{"@type":"Answer","text":"The Device Security Analysis is the single free-response question on the AP Cybersecurity Exam. It gives you several simulated sources about one digital device, such as firewall configs, file-system permissions, security policies, and log files, and asks you to identify security issues, find evidence of attacks, and evaluate security controls."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/ap-cybersecurity-exam#how-are-the-ap-cybersecurity-mcqs-weighted-by-skill","name":"How are the AP Cybersecurity MCQs weighted by skill?","acceptedAnswer":{"@type":"Answer","text":"The 60 MCQs cover all five course units and are organized around three assessed skill categories, each appearing at roughly 25 to 35 percent of the section. Questions test your ability to identify threats, mitigate risk, and detect attacks across scenarios involving networks, devices, and applications."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/ap-cybersecurity-exam#what-task-verbs-appear-on-the-ap-cybersecurity-frq","name":"What task verbs appear on the AP Cybersecurity FRQ?","acceptedAnswer":{"@type":"Answer","text":"The AP Cybersecurity Device Security Analysis FRQ uses five task verbs: identify, explain, describe, determine, and write. Each verb signals a different type of response. Matching your answer to the correct verb is one of the most reliable ways to earn full credit, even on parts you find straightforward."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/ap-cybersecurity-exam#how-should-i-prepare-for-the-ap-cybersecurity-exam","name":"How should I prepare for the AP Cybersecurity Exam?","acceptedAnswer":{"@type":"Answer","text":"Focus on the five course units, then practice reading artifacts like logs, firewall configs, and permission tables quickly and accurately. Use the MCQ guide to learn skill weighting and trap patterns, and use the FRQ guide to build a repeatable workflow for the Device Security Analysis question before exam day."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/ap-cybersecurity-exam#what-sources-are-provided-in-the-ap-cybersecurity-device-security-analysis-frq","name":"What sources are provided in the AP Cybersecurity Device Security Analysis FRQ?","acceptedAnswer":{"@type":"Answer","text":"The FRQ provides multiple simulated sources tied to a single digital device. These typically include firewall settings, file-system permissions, security policies, and log files such as auth logs, web server access logs, and application network logs. Your job is to cite specific evidence from these sources in your responses."}}]}
```
