The Device Security Analysis task gives you several simulated sources about one device and asks you to identify security issues, classify attacks using digital evidence, and recommend mitigations. Strong responses treat the sources as a connected set: a firewall rule that allows unexpected traffic, a log entry showing that traffic arriving, and a policy document that prohibits it all point to the same finding. These guides teach you to make those connections and write them up clearly.
Read all sources before writing anything. Find where two or more sources confirm the same issue, cite the specific log field or policy line that proves it, and structure your response as finding, evidence, risk, impact, mitigation, and follow-up.
Log Analysis Guide
Covers auth, network, application, and nginx access logs. Teaches you which fields matter (timestamps, source IPs, status codes, user agents), how to spot indicators of compromise, and how to turn raw log lines into evidence-based explanations for the FRQ. Directly tied to detection skills 3.D, 4.4.D, and 5.6.E.
Source Analysis Guide
Teaches the cross-checking workflow for the Device Security Analysis task. You will learn how to read policies, firewall configurations, permissions, and logs as a connected set, identify where they contradict or confirm each other, and cite evidence in a way that actually earns points rather than just restating the source.
Incident Report Guide
Shows you how to organize raw scenario evidence into a structured report: findings, evidence, risk, impact, recommended mitigation, and follow-up. This is the format the FRQ expects and the format used in workplace-style scenarios across Units 3, 4, and 5.
Why cross-referencing is the core skillThe Device Security Analysis FRQ is designed so that no single source tells the whole story. A log entry alone does not prove an attack; a firewall rule alone does not prove a misconfiguration. The exam rewards students who connect evidence across sources and explain what the combination means for the device and its users. Every guide in this collection builds toward that skill.