What is cybersecurity scenario practice?
AP Cybersecurity scenario prompts ask you to do more than recall definitions. You need to identify assets, spot vulnerabilities, evaluate threats, weigh likelihood and impact, recommend mitigations, and document your reasoning. These two guides give you a repeatable process for exactly that, whether the scenario involves a physical access control failure, a network intrusion, or an AI-assisted detection tool.
Use the Risk Assessment Guide first to lock in the core workflow: asset, vulnerability, threat, likelihood, impact, mitigation, documentation. Then use the AI in Scenario Practice Guide to handle any scenario where AI is part of the environment, either as a defender tool or an attacker advantage.
Risk Assessment Guide
Covers the Skill Category 1 workflow step by step. You move from identifying assets and vulnerabilities to writing a risk statement and recommending mitigations. The core logic, risk occurs when a threat exploits a vulnerability to compromise an asset, applies to every unit in the course.
AI in Scenario Practice Guide
Focuses on the decision-making layer that appears when AI is present in a scenario. Covers how AI assists with risk identification, mitigation recommendations, attack detection, and collaboration, and flags the common trap of treating AI output as automatically correct.
How the guides connect
The AI guide is explicitly built on top of the risk assessment workflow. It does not re-explain how adversaries use AI (Topic 1.4) or how defenders use AI tools (Topic 1.5). Instead, it shows you how to apply your risk reasoning when AI is a variable in the scenario.
Scenario reasoning is a transferable skillBoth guides are designed around the same insight: the specific domain of a scenario, physical security, network defense, data privacy, changes the details but not the reasoning structure. If you can work through the risk assessment workflow fluently and adjust for AI involvement when it appears, you can handle scenario prompts across all AP Cybersecurity units.
Cybersecurity scenario practice review notes
Workflow
Step-by-step risk assessment workflow
This guide walks you through the full Skill Category 1 process from scenario to documented risk statement. It is the foundational resource in this collection and the right starting point for any student who wants a repeatable method for scenario prompts.
- Asset identification: Pinpoint what has value in the scenario: data, systems, physical infrastructure, or personnel.
- Vulnerability analysis: Identify weaknesses that could be exploited, such as unpatched software, weak authentication, or misconfigured access controls.
- Threat identification: Name the actor or event that could exploit the vulnerability, distinguishing between internal, external, intentional, and accidental threats.
- Likelihood and impact: Estimate how probable exploitation is and how severe the consequences would be, which together determine risk level.
- Mitigation recommendation: Propose controls that reduce likelihood, impact, or both, and explain why they address the specific risk.
- Risk documentation: Summarize the full analysis in a structured risk statement that connects asset, vulnerability, threat, and recommended response.
Can you take a two-sentence scenario description and produce a complete risk statement with a justified mitigation recommendation? If not, work through the guide's workflow section before moving to the AI guide.
| Step | What you produce | Common error |
|---|
| Asset identification | Named asset with its value stated | Listing everything instead of the asset at risk in this scenario |
| Vulnerability analysis | Specific weakness, not a general category | Writing 'poor security' instead of naming the actual gap |
| Threat identification | Named threat actor or event | Confusing the threat with the vulnerability |
| Likelihood and impact | Justified ratings, not just high or low | Skipping justification and just labeling the risk |
| Mitigation recommendation | Control tied to the specific vulnerability | Recommending generic best practices unconnected to the scenario |
AI cases
Reasoning through AI-involved scenarios
This guide addresses the decision-making you need when a scenario includes AI tools on either side of a security situation. It is designed to be used after you have the core risk workflow down, adding a layer of critical evaluation for AI output and AI-assisted processes.
- AI-assisted risk identification: Using AI tools to surface vulnerabilities or anomalies, while recognizing that AI output requires human verification before acting on it.
- AI-assisted mitigation: Applying AI recommendations for controls or responses, with awareness that AI may miss context-specific constraints.
- AI-assisted detection: Leveraging AI for anomaly detection or threat classification, while accounting for false positives and the limits of training data.
- AI collaboration traps: The guide specifically flags treating AI output as automatically correct as the most common reasoning error in AI-involved scenarios.
Given a scenario where an AI tool flags a potential intrusion, can you explain what additional steps a security analyst should take before responding, and why AI output alone is not sufficient justification for action?
| Scenario element | What AI can assist with | What still requires human judgment |
|---|
| Risk identification | Surfacing patterns and anomalies at scale | Determining whether a flagged item is actually a risk in this context |
| Mitigation selection | Generating candidate controls based on known vulnerabilities | Evaluating whether a control fits the organization's constraints |
| Attack detection | Classifying traffic or behavior against trained models | Investigating alerts and ruling out false positives |
| Documentation | Drafting risk statements from structured inputs | Verifying accuracy and adding scenario-specific nuance |