In AP Cybersecurity, an adversary is the person or group conducting a cyberattack. The CED classifies adversaries by skill level (low-skilled vs. high-skilled) and by motivation, such as greed, revenge, or dedication to a cause.
An adversary is whoever is on the other side of an attack, the threat actor trying to break into, disrupt, or steal from a system. In AP Cybersecurity, you don't just label someone "a hacker." You classify them, and the CED gives you two ways to do it.
First, by skill level. A low-skilled adversary doesn't write their own tools. They buy or download malicious software made by others and point it at known vulnerabilities, the ones already documented and (ideally) patched. A high-skilled adversary can build new tools, modify existing ones to dodge defenses, and even discover undocumented holes called zero days (flaws nobody has fixed yet because nobody knew they existed). Second, by motivation. Adversaries act out of greed, a desire for recognition, dedication to a cause, revenge, or politics. Same attack, very different reasons behind it, and the reason often hints at who the adversary is.
This term lives in Unit 1: Introduction to Security, specifically topic 1.3 Best Practices for Public Networks. Learning objective AP Cybersecurity 1.3.A asks you to identify the type of adversary conducting a cyberattack, which is exactly the classify-by-skill-and-motivation move described above. The same adversary then shows up in 1.3.B as the actor behind specific wireless attacks like the evil twin and jamming. So "adversary" is the connective thread: it names the WHO, while the rest of 1.3 explains the WHAT (the attacks) and the HOW-to-defend (VPNs, checking SSIDs, encrypted protocols).
Keep studying AP Cybersecurity Unit 1
Visual cheatsheet
view galleryHigh-skilled vs. low-skilled adversary (Unit 1)
These are the two skill buckets the CED hands you. The fast tell: if the attacker exploits a known, already-documented vulnerability with a bought tool, think low-skilled. If they discover a zero day or build custom malware, think high-skilled.
Evil twin attack (Unit 1)
An adversary sets up a fake wireless access point with an SSID nearly identical to a real one, so you connect by mistake. The adversary is the WHO; the evil twin is the trap they build. They still can't read your HTTPS traffic, though.
Jamming attack (Unit 1)
Here the adversary floods the area with a strong electromagnetic signal on the network's frequency to knock everyone offline. It's a denial-of-service move, no data theft, just disruption, which often points to a revenge or cause-driven motivation.
VPN as a defense against the adversary (Unit 1)
Topic 1.3 pairs every attacker with a countermeasure. A VPN encrypts all your traffic to the VPN operator, so even if an adversary captures it on a sketchy public Wi-Fi, the data is unreadable. Knowing the adversary helps you pick the right defense.
On multiple-choice questions, "adversary" is usually the word the stem uses for the attacker while asking you to name the attack or classify the actor. You'll see scenarios like an adversary flooding the area with electromagnetic signals (jamming), or an attacker controlling a lookalike company network to intercept unencrypted data (evil twin). For 1.3.A specifically, expect to be handed a description of someone's tools or behavior and asked whether they're low-skilled or high-skilled. The key skill is reading the clues: bought tools and known vulnerabilities mean low-skilled; custom malware and zero days mean high-skilled. No released FRQ has used this term verbatim, but recognizing the adversary's type and motivation is exactly the framing these questions reward.
An adversary is the attacker (a person or group). A vulnerability is the weakness in a system they exploit. Don't mix them up: low-skilled adversaries go after KNOWN vulnerabilities with prebuilt tools, while high-skilled adversaries can find UNKNOWN ones (zero days). The adversary is the who; the vulnerability is the opening.
An adversary is the person or group conducting a cyberattack, and the CED wants you to classify them, not just name them.
Classify by skill level: low-skilled adversaries use bought tools against known vulnerabilities, while high-skilled adversaries build custom tools and find zero days.
A zero day is an undocumented vulnerability that only high-skilled adversaries can typically discover.
Adversaries have motivations including greed, recognition, dedication to a cause, revenge, and politics, and the motive often hints at who they are.
Learning objective AP Cybersecurity 1.3.A is specifically about identifying the TYPE of adversary behind an attack.
An adversary is the threat actor conducting a cyberattack. The CED classifies adversaries two ways: by skill level (low-skilled vs. high-skilled) and by motivation (greed, recognition, dedication to a cause, revenge, or politics).
No. The adversary is the attacker, the who. A vulnerability is the weakness in the system they exploit. Low-skilled adversaries target known vulnerabilities with prebuilt tools, while high-skilled adversaries can discover unknown ones called zero days.
Read the clues in the stem. If the attacker buys or downloads tools and exploits already-documented vulnerabilities, they're low-skilled. If they create or modify malware, adapt to defenses, or find zero days, they're high-skilled.
A zero day is an undocumented vulnerability that hasn't been patched because nobody knew it existed. Finding one takes the ability to dig up flaws no one has reported yet, which is why the CED ties zero days to high-skilled adversaries.
In topic 1.3, an adversary might run an evil twin attack (a fake access point with a lookalike SSID to capture your traffic) or a jamming attack (flooding the area with an electromagnetic signal to knock the network offline). Using a VPN and verifying network names are key defenses.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.