---
title: "Cybersecurity Technical Skills"
description: "Cybersecurity Technical Skills - Ap Cybersecurity unit content"
canonical: "https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills"
type: "unit"
subject: "AP Cybersecurity"
unit: "Cybersecurity Technical Skills"
---

# Cybersecurity Technical Skills

## Overview

Technical skills on AP Cybersecurity require you to work with real command-line syntax, permission strings, ACL rule sets, and network diagrams as evidence. The free-response Device Security Analysis question is the primary place these skills are scored, but multiple-choice items also present command output, permission strings, and diagram scenarios.

## AP CED Alignment

This unit hub is organized around AP Course and Exam Description topics, skills, and exam task types when they are available in the source data.
- Topic Guide: Command Line Guide
- Topic Guide: Cryptography Commands Guide
- Topic Guide: File Permissions and chmod Guide
- Topic Guide: Firewall and ACL Configuration Guide
- Topic Guide: Network Diagram Guide
- Command-Line Syntax: Reading and Writing Commands on the Exam
- File Permissions: Interpreting and Changing File Permissions
- Firewall ACL Rules: Tracing Packets Through Firewall Rule Sets
- Network Diagrams: Reading Diagrams as Security Evidence
- Cryptography Commands: Applying Encryption and Hashing Commands

## Topics

- [Topic Guide: Command Line Guide](/ap-cybersecurity/cybersecurity-technical-skills/ap-cybersecurity-command-line-guide/study-guide/eY4okE2ColzkVRURBK7E): Covers chmod, openssl, hashing, ls -l, and getfacl with exact syntax. Use this guide to practice both reading command output as evidence and writing commands that produce a required effect.
- [Topic Guide: Cryptography Commands Guide](/ap-cybersecurity/cybersecurity-technical-skills/cryptography-commands-guide/study-guide/iuvaN4Myhc410muNkePq): Walks through symmetric encryption, RSA key generation, and hash verification with worked examples. Focuses on what each command does, what input and output to expect, and when each is the right tool.
- [Topic Guide: File Permissions and chmod Guide](/ap-cybersecurity/cybersecurity-technical-skills/file-permissions-chmod-guide/study-guide/Oi3rgnbnQ0dri3gn5BnX): Teaches you to read ls -l and getfacl output, apply symbolic and numeric chmod, and connect permission analysis to the Device Security Analysis free-response question.
- [Topic Guide: Firewall and ACL Configuration Guide](/ap-cybersecurity/cybersecurity-technical-skills/firewall-acl-configuration-guide/study-guide/rPN9mXE24pKmdos8fyRn): Explains how to trace a packet through an ordered ACL, identify which rule applies, and write or modify rules to meet a scenario's traffic requirements. Covers default deny and rule order logic.
- [Topic Guide: Network Diagram Guide](/ap-cybersecurity/cybersecurity-technical-skills/cybersecurity-network-diagram-guide/study-guide/I4fVlFRXAoVETBMKWrEK): Teaches you to read diagrams as security evidence: firewall placement, DMZ structure, segmentation, and trust boundaries. Connects layout decisions to specific risks and controls.

## Review Notes

### Command-Line Syntax: Reading and Writing Commands on the Exam

The exam distinguishes between two command tasks. Read tasks give you a command or its output and ask you to interpret what it does or what it reveals about a device's security state. Write tasks require you to produce a syntactically correct command that achieves a stated effect. Both appear in free-response and multiple-choice contexts.

- **chmod (symbolic)**: Uses letters and operators to set permissions, for example chmod g-w filename removes write from the group.
- **chmod (numeric)**: Uses three-digit octal notation where each digit represents owner, group, and other permissions, for example chmod 644 sets rw-r--r--.
- **ls -l**: Lists files with a permission string, owner, group, size, and timestamp. The first ten characters encode file type and rwx permissions for owner, group, and other.
- **getfacl**: Displays access control list entries for a file, showing named user and group permissions beyond the standard owner/group/other model.
- **openssl enc**: Encrypts or decrypts a file using a symmetric cipher. Requires specifying the algorithm, input file, output file, and key or passphrase.
- **openssl genrsa / rsa**: Generates an RSA private key and extracts the corresponding public key for asymmetric encryption tasks.
- **sha256sum**: Generates or verifies a SHA-256 hash of a file to confirm integrity. A mismatch between stored and computed hashes indicates tampering or corruption.

**Checkpoint:** Can you write a chmod command that sets a file to owner read-write, group read-only, and no permissions for others, using both symbolic and numeric notation?

Task verb | What you must do | Where it appears
--- | --- | ---
Write | Produce exact command syntax that achieves the stated effect | Free-response Device Security Analysis
Read | Interpret a command or its output as evidence about security state | Multiple-choice and free-response
Modify | Change an existing command or rule to meet new requirements | Free-response firewall and permission tasks

### File Permissions: Interpreting and Changing File Permissions

File permissions on Linux control read (r), write (w), and execute (x) access for three categories: owner, group, and other. The exam tests whether you can read a permission string, identify a security problem, and apply the correct chmod command to fix it. Both ls -l and getfacl output appear as evidence in Device Security Analysis scenarios.

- **Permission string**: The ten-character output from ls -l, such as -rwxr-xr--, where positions 2-4 are owner, 5-7 are group, and 8-10 are other permissions.
- **Principle of least privilege**: Users and processes should have only the permissions they need. Overly permissive settings like 777 are a security finding you must identify and correct.
- **Execute bit on scripts**: A script file needs the execute bit set for the intended user or group. Missing execute permission is a common scenario where you must write a chmod fix.
- **setuid / setgid**: Special permission bits that run a file with the owner's or group's privileges. These appear in security analysis as potential privilege escalation risks.

**Checkpoint:** Given the output -rwxrwxrwx for a sensitive configuration file, what security problem does this represent and what chmod command corrects it?

Notation | Example | Meaning
--- | --- | ---
Symbolic | chmod o-rwx file | Remove all permissions from other
Numeric | chmod 640 file | Owner rw, group r, other none
getfacl output | user:alice:r-- | Named user alice has read-only access via ACL entry

### Firewall ACL Rules: Tracing Packets Through Firewall Rule Sets

Firewall ACL rules are evaluated in order, and the first matching rule wins. The exam gives you a rule set and a packet description, then asks whether the packet is allowed or denied and why. You may also need to write a new rule or identify which existing rule is causing an unintended effect. Default deny means any packet not matched by an explicit allow rule is blocked.

- **Rule order**: ACLs are processed top to bottom. A packet matches the first rule whose source IP, destination IP, port, and protocol all match, then stops. Order determines outcome.
- **Default deny**: An implicit or explicit deny-all rule at the end of an ACL blocks any traffic not matched by a prior allow rule. This is the secure baseline.
- **Port and protocol specificity**: Rules must specify the correct port number and protocol (TCP or UDP). A rule allowing TCP port 443 does not affect UDP traffic on the same port.
- **Inbound vs. outbound**: ACL direction matters. An inbound rule on an interface filters traffic entering that interface. Misidentifying direction is a common source of misconfiguration.

**Checkpoint:** A rule set allows TCP 443 from any source to a web server, then denies all traffic. A client sends a UDP request to port 443. What happens and which rule applies?

Rule component | What to check | Common error
--- | --- | ---
Source IP | Does the packet's source match the rule's source range? | Using the wrong subnet mask or confusing source and destination
Destination port | Does the packet's destination port match exactly? | Allowing port 80 when the scenario requires 443
Protocol | Is the protocol TCP or UDP as specified? | Writing a TCP rule when the service uses UDP
Rule position | Is a more specific rule placed before a broader one? | Placing a deny-all before the intended allow rules

### Network Diagrams: Reading Diagrams as Security Evidence

Network diagrams on the exam are not decoration. Each device placement, connection, and boundary communicates something about risk and controls. You need to identify where firewalls sit relative to traffic flow, what a DMZ isolates and why, how segmentation limits lateral movement, and what trust boundaries separate zones. Then you connect those observations to specific security implications.

- **Trust boundary**: A line in the diagram where traffic transitions from one trust level to another, typically enforced by a firewall or router. Traffic crossing a trust boundary should be filtered.
- **DMZ (demilitarized zone)**: A network segment that sits between the internet and the internal network, hosting public-facing services like web servers while isolating them from internal resources.
- **Segmentation**: Dividing a network into separate zones so that a compromise in one zone does not automatically give access to others. Limits lateral movement by attackers.
- **Firewall placement**: A firewall placed between the internet and a server provides perimeter defense. A firewall placed between internal segments provides internal segmentation. Position determines what traffic it can filter.
- **Attack path**: The sequence of hops an attacker would take through the diagram to reach a target. Identifying attack paths helps you evaluate whether controls are placed correctly.

**Checkpoint:** A diagram shows a web server connected directly to the internet with no firewall between it and the internal database. What risk does this layout create and what change would reduce it?

Diagram feature | Security implication | Exam question type
--- | --- | ---
Firewall between internet and DMZ | Filters inbound traffic before it reaches public-facing servers | Identify the control and explain its effect
No firewall between DMZ and internal LAN | A compromised DMZ server can reach internal resources directly | Identify the vulnerability and recommend a fix
Flat network with no segmentation | Lateral movement is unrestricted once an attacker is inside | Explain the risk and describe a segmentation solution

### Cryptography Commands: Applying Encryption and Hashing Commands

Cryptography command tasks require you to know which tool to use for which purpose, what the correct syntax looks like, and what the output means. Symmetric encryption uses a shared key and is faster but requires secure key exchange. Asymmetric encryption uses a key pair and solves the key distribution problem. Hashing verifies integrity but does not encrypt data.

- **Symmetric encryption (openssl enc)**: Both parties use the same key to encrypt and decrypt. Faster than asymmetric but requires a secure channel to share the key. Used for bulk data encryption.
- **Asymmetric encryption (RSA)**: Uses a public key to encrypt and a private key to decrypt. Solves key distribution because the public key can be shared openly. Used for key exchange and digital signatures.
- **Hash function (sha256sum)**: Produces a fixed-length digest from input data. Any change to the file produces a different hash. Used to verify that a file has not been altered.
- **Key generation (openssl genrsa)**: Creates an RSA private key of a specified bit length. The corresponding public key is extracted separately. Key length affects security strength.
- **Hash verification workflow**: Store the hash of a known-good file, then recompute the hash later and compare. A mismatch is evidence of tampering or corruption.

**Checkpoint:** You need to send a large encrypted file to a colleague and also prove the file was not altered in transit. Which two commands do you use and in what order?

Goal | Tool | Key concept
--- | --- | ---
Encrypt a file with a shared password | openssl enc with a symmetric cipher | Both parties must already share the key securely
Encrypt so only the recipient can decrypt | openssl with recipient's RSA public key | Recipient decrypts with their private key
Verify a file has not been modified | sha256sum and compare to stored hash | Hash mismatch means the file changed

## Study Guides

- [AP Cybersecurity Firewall and ACL Configuration Guide](/ap-cybersecurity/cybersecurity-technical-skills/firewall-acl-configuration-guide/study-guide/rPN9mXE24pKmdos8fyRn)
- [AP Cybersecurity File Permissions and chmod Guide](/ap-cybersecurity/cybersecurity-technical-skills/file-permissions-chmod-guide/study-guide/Oi3rgnbnQ0dri3gn5BnX)
- [AP Cybersecurity Command Line Guide](/ap-cybersecurity/cybersecurity-technical-skills/ap-cybersecurity-command-line-guide/study-guide/eY4okE2ColzkVRURBK7E)
- [AP Cybersecurity Network Diagram Guide](/ap-cybersecurity/cybersecurity-technical-skills/cybersecurity-network-diagram-guide/study-guide/I4fVlFRXAoVETBMKWrEK)
- [AP Cybersecurity Cryptography Commands Guide](/ap-cybersecurity/cybersecurity-technical-skills/cryptography-commands-guide/study-guide/iuvaN4Myhc410muNkePq)

## Common Mistakes

- **Writing chmod with the wrong octet order**: Numeric chmod digits go owner, group, other in that order. Writing 467 instead of 764 reverses the intended permissions. Always map each digit to its category before writing the command.
- **Stopping at the wrong ACL rule**: Students often match a packet to a rule that shares one attribute (same port) but does not match all required fields (source IP, protocol). A rule only matches when every field in that rule matches the packet. Keep checking until all fields align.
- **Confusing encryption and hashing**: Hashing is not encryption. A hash cannot be reversed to recover the original file, and it does not protect confidentiality. Using sha256sum when the task requires confidentiality, or using openssl enc when the task requires integrity verification, will not earn credit.
- **Describing a diagram instead of analyzing it**: Saying a firewall is between the internet and the DMZ describes the diagram. Explaining that this placement filters inbound traffic before it reaches public-facing servers analyzes it. Exam responses that only describe layout without stating the security implication score lower.
- **Ignoring default deny when tracing ACLs**: If a packet does not match any explicit rule, it hits the default deny and is blocked. Students who conclude a packet is allowed because no deny rule explicitly names it are missing the implicit deny-all at the end of the rule set.

## Exam Connections

- **Device Security Analysis free-response question**: This is the primary location where technical skills are scored. You will be given a scenario that may include a network diagram, file permission output, firewall ACL, or command to interpret. Tasks use verbs like Write, Identify, Explain, and Modify. Exact syntax and specific security reasoning are required for full credit.
- **Multiple-choice items with command output and diagrams**: Multiple-choice questions present permission strings, ACL rule sets, network diagrams, or command outputs as the stimulus. You must interpret the technical evidence to select the correct answer. These items test the same read skills as the free-response question but in a selected-response format.
- **Units 3, 4, and 5 content connections**: Network diagrams and firewall rules map to Unit 3 (Securing Networks) and Unit 4 (Securing Devices). File permissions and cryptography commands map to Unit 4 and Unit 5 (Securing Applications and Data). Technical skill tasks on the exam are always grounded in these unit contexts, so knowing which skill belongs to which defensive domain helps you interpret scenario prompts correctly.

## Final Review Checklist

- **Write chmod in both notations**: Given a target permission state, produce the correct symbolic command (chmod g-w file) and the equivalent numeric command (chmod 640 file). Verify you can convert between the two without a reference.
- **Trace a packet through an ACL**: Given a rule set and a packet description, identify the first matching rule and state whether the packet is allowed or denied. Confirm you are checking source IP, destination IP, port, and protocol against each rule in order.
- **Identify the right cryptography tool**: For each scenario, decide whether symmetric encryption, asymmetric encryption, or hashing is the correct tool. Know the openssl command structure for each and what the output looks like.
- **Read a network diagram for risk**: Look at a diagram and identify at least one trust boundary, one segmentation decision, and one potential attack path. Explain what each firewall placement does and does not protect.
- **Interpret ls -l and getfacl output**: Read a permission string and identify the owner, group, and other permissions. Spot overly permissive settings and state which principle they violate. Read a getfacl output and identify any named-user ACL entries.
- **Connect technical findings to security implications**: For every command output, permission string, ACL, or diagram you analyze, practice stating the security implication in one sentence. The exam rewards responses that explain why a finding matters, not just what it shows.

## Study Plan

- **Start with file permissions**: Read the File Permissions and chmod Guide. Practice converting permission strings to chmod commands in both symbolic and numeric notation until you can do it without looking up the octet values. This skill appears in both multiple-choice and free-response contexts.
- **Work through firewall ACL tracing**: Read the Firewall and ACL Configuration Guide. Take a sample rule set and trace several different packets through it, writing down which rule matches and why. Practice writing a new rule that allows or denies a specific traffic type without disrupting existing rules.
- **Practice cryptography commands with worked examples**: Read the Cryptography Commands Guide and the Command Line Guide together. For each command type, write out the full syntax from memory, then check it against the guide. Focus on knowing when to use symmetric versus asymmetric encryption and how hash verification works step by step.
- **Analyze network diagrams for security implications**: Read the Network Diagram Guide. Find or draw a simple network diagram with a DMZ, internal LAN, and internet connection. Identify every trust boundary, label what each firewall filters, and write one sentence about the risk created by each design choice.
- **Simulate a Device Security Analysis response**: Combine all four skill areas into a single practice session. Given a scenario with a network diagram, a permission string, an ACL, and a command output, write a response that identifies findings, states their security implications, and recommends specific technical fixes using correct command syntax.

## More Ways To Review

- [Topic study guides](/ap-cybersecurity/cybersecurity-technical-skills#topics)

## FAQs

### What technical skills does AP Cybersecurity test on the exam?

AP Cybersecurity tests your ability to read and write firewall ACL rules, interpret file permissions, run command-line tools like chmod and openssl, analyze network diagrams, and apply cryptography commands. These skills appear in both multiple-choice scenario items and the free-response Device Security Analysis question.

### What is the Device Security Analysis free-response question in AP Cybersecurity?

The Device Security Analysis is a free-response question that gives you several sources from one device, such as firewall configurations, file-permission strings, and log files. You analyze those sources to identify security problems, explain how configurations affect users, and write proper commands or rule changes to fix the issues.

### How do firewall ACL rules work in AP Cybersecurity?

Firewall ACL rules are evaluated in order from top to bottom. Each rule specifies a source IP, destination IP, port, protocol, and an allow or deny action. The first rule that matches a packet applies, and most rule sets end with a default deny that blocks any traffic not explicitly permitted.

### What Linux commands do you need to know for AP Cybersecurity?

The key commands are chmod for setting file permissions, ls -l and getfacl for reading permissions, and openssl for encrypting, decrypting, generating RSA key pairs, and verifying file hashes. Free-response Write tasks require exact syntax, so practicing the full command structure matters more than memorizing definitions.

### How do file permissions work in AP Cybersecurity?

Linux file permissions control read, write, and execute access for three groups: the owner, the group, and all other users. The ls -l command displays a permission string like -rwxr, r, and chmod changes those permissions using either symbolic notation (u+x) or numeric notation (755).

### What cryptography commands are covered in AP Cybersecurity?

AP Cybersecurity covers symmetric encryption with shared keys, asymmetric encryption using RSA key pairs, and hash-based file integrity verification. The focus is on applying openssl commands correctly: knowing which flags to use, what input each command expects, and when to choose symmetric versus asymmetric encryption for a given scenario.

## Structured Data

```json
{"@context":"https://schema.org","@type":"FAQPage","inLanguage":"en","mainEntity":[{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills#what-technical-skills-does-ap-cybersecurity-test-on-the-exam","name":"What technical skills does AP Cybersecurity test on the exam?","acceptedAnswer":{"@type":"Answer","text":"AP Cybersecurity tests your ability to read and write firewall ACL rules, interpret file permissions, run command-line tools like chmod and openssl, analyze network diagrams, and apply cryptography commands. These skills appear in both multiple-choice scenario items and the free-response Device Security Analysis question."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills#what-is-the-device-security-analysis-free-response-question-in-ap-cybersecurity","name":"What is the Device Security Analysis free-response question in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"The Device Security Analysis is a free-response question that gives you several sources from one device, such as firewall configurations, file-permission strings, and log files. You analyze those sources to identify security problems, explain how configurations affect users, and write proper commands or rule changes to fix the issues."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills#how-do-firewall-acl-rules-work-in-ap-cybersecurity","name":"How do firewall ACL rules work in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"Firewall ACL rules are evaluated in order from top to bottom. Each rule specifies a source IP, destination IP, port, protocol, and an allow or deny action. The first rule that matches a packet applies, and most rule sets end with a default deny that blocks any traffic not explicitly permitted."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills#what-linux-commands-do-you-need-to-know-for-ap-cybersecurity","name":"What Linux commands do you need to know for AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"The key commands are chmod for setting file permissions, ls -l and getfacl for reading permissions, and openssl for encrypting, decrypting, generating RSA key pairs, and verifying file hashes. Free-response Write tasks require exact syntax, so practicing the full command structure matters more than memorizing definitions."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills#how-do-file-permissions-work-in-ap-cybersecurity","name":"How do file permissions work in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"Linux file permissions control read, write, and execute access for three groups: the owner, the group, and all other users. The ls -l command displays a permission string like -rwxr, r, and chmod changes those permissions using either symbolic notation (u+x) or numeric notation (755)."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills#what-cryptography-commands-are-covered-in-ap-cybersecurity","name":"What cryptography commands are covered in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"AP Cybersecurity covers symmetric encryption with shared keys, asymmetric encryption using RSA key pairs, and hash-based file integrity verification. The focus is on applying openssl commands correctly: knowing which flags to use, what input each command expects, and when to choose symmetric versus asymmetric encryption for a given scenario."}}]}
```
