AP Cybersecurity technical skills are the hands-on command and configuration tasks that appear directly on the exam, especially in the free-response Device Security Analysis question. This page brings together focused guides on the specific artifacts and commands the course expects you to work with: firewall ACL rules, file permissions, command-line syntax, network diagrams, and cryptography commands. Each guide is built around what the exam actually asks you to do, whether that means tracing a packet through a rule set, writing a chmod command, or reading a network diagram as evidence about risk and controls.
AP Cybersecurity is built around doing, not just knowing. The technical skills on this page are the hands-on layer of the course: reading firewall rules, tracing packets, interpreting file permissions, running commands, and making sense of network diagrams. These are the skills that show up directly in exam questions, especially in the free-response Device Security Analysis, where you analyze real artifacts from a device and explain what they mean for security.
This page collects the guides that help you build that applied fluency. Each one focuses on a specific technical area, explains where it appears on the exam, and walks you through the reasoning process the exam actually rewards.
The AP Cybersecurity course is organized around five units, from foundational security concepts in Unit 1 through application and data security in Unit 5. Along the way, the course asks you to work with concrete technical artifacts: firewall access control lists, file-permission strings, command-line syntax, network diagrams, and cryptography commands.
These are not background knowledge items. They are things you are expected to read, interpret, and sometimes write on the exam. The free-response Device Security Analysis question gives you a set of sources from a single device and asks you to identify problems, explain effects, and recommend or write fixes. That task is almost entirely built on technical artifact literacy.
Firewalls appear in Unit 3 (Securing Networks) and Unit 4 (Securing Devices), and ACL rules are one of the artifact types explicitly used in exam questions. The firewall and ACL guide teaches you how to read a rule set, trace a packet through it in order, and determine whether traffic is allowed or denied. You will also learn how to write or modify rules to meet a scenario's specifications.
The key skill is not memorizing what a firewall is. It is following the logic of a rule set and explaining the effect of a configuration on specific traffic and users, which is exactly what the exam asks.
File permissions control who can read, modify, or execute files on a Linux system. They appear in the multiple-choice section as scenario items and in the Device Security Analysis as one of the sources you analyze. The file permissions guide walks you through reading ls -l and getfacl output, then changing permissions using both symbolic and numeric chmod syntax.
On the exam, you may be asked to identify a permission problem, describe how a change affects different users, or write a correct command. This guide prepares you for all three.
Several exam tasks use the verb "Write," which means you must produce a syntactically correct command that achieves a specified effect. The command-line guide collects the patterns you need for the exam: setting file permissions with chmod, encrypting and decrypting files, generating keys, and verifying file integrity with hashes.
These commands map directly to defensive tasks from Units 4 and 5. The guide focuses on exact syntax and what each command produces, so you can write confidently rather than approximate.
Network diagrams are central to Unit 3. They show device placement, traffic flow, firewall positions, segmentation choices, and trust boundaries. The network diagram guide teaches you to read a diagram as evidence about risk and controls, not just as a labeled picture.
You will learn to identify where firewalls sit relative to different zones, what a DMZ means for traffic flow, and how segmentation decisions affect which devices can reach which. These skills apply to scenario-based multiple-choice questions and to the network-focused scenarios in Unit 3.
Unit 5 covers symmetric encryption, asymmetric cryptography, and file hash verification. The cryptography commands guide focuses on the command patterns the exam expects you to apply: encrypting and decrypting with symmetric keys, generating and using RSA key pairs, and running hash verification. The emphasis is on what each command does and when to use it, so you can apply the right tool to a given scenario.
These technical skill guides are not a separate track from the unit content. They are the applied layer of what the units teach.
If you are working through the units and want to build the applied skills alongside the concepts, these guides are the right place to do that. If you are preparing for the exam and want to make sure you can handle the technical artifact questions, start with whichever artifact type feels least familiar and work through the reasoning process each guide models.
AP Cybersecurity tests your ability to read and write firewall ACL rules, interpret file permissions, run command-line tools like chmod and openssl, analyze network diagrams, and apply cryptography commands. These skills appear in both multiple-choice scenario items and the free-response Device Security Analysis question.
The Device Security Analysis is a free-response question that gives you several sources from one device, such as firewall configurations, file-permission strings, and log files. You analyze those sources to identify security problems, explain how configurations affect users, and write proper commands or rule changes to fix the issues.
Firewall ACL rules are evaluated in order from top to bottom. Each rule specifies a source IP, destination IP, port, protocol, and an allow or deny action. The first rule that matches a packet applies, and most rule sets end with a default deny that blocks any traffic not explicitly permitted.
The key commands are chmod for setting file permissions, ls -l and getfacl for reading permissions, and openssl for encrypting, decrypting, generating RSA key pairs, and verifying file hashes. Free-response Write tasks require exact syntax, so practicing the full command structure matters more than memorizing definitions.
Linux file permissions control read, write, and execute access for three groups: the owner, the group, and all other users. The ls -l command displays a permission string like -rwxr, r, and chmod changes those permissions using either symbolic notation (u+x) or numeric notation (755).
AP Cybersecurity covers symmetric encryption with shared keys, asymmetric encryption using RSA key pairs, and hash-based file integrity verification. The focus is on applying openssl commands correctly: knowing which flags to use, what input each command expects, and when to choose symmetric versus asymmetric encryption for a given scenario.
