BIOS in AP Cybersecurity

BIOS (Basic Input/Output System) is the low-level firmware that starts a computer's hardware and loads the operating system at boot. In AP Cybersecurity, an unprotected BIOS is a device vulnerability adversaries can exploit for deep, persistent control (Topic 4.1).

Verified for the 2027 AP Cybersecurity examLast updated June 2026

What is BIOS?

BIOS stands for Basic Input/Output System. It's the firmware baked into a chip on the motherboard that runs first when you power on a computer, before the operating system even exists in memory. Think of it as the device's wake-up routine: it checks the hardware, then hands control to the OS so Windows, macOS, or Linux can load.

Why does AP Cybersecurity care about a boot program? Because BIOS sits below the operating system. If an adversary tampers with it or it has no password protection, they can plant malware that loads before any anti-malware software wakes up. That makes it a textbook example of the device vulnerabilities described in Topic 4.1: weaknesses an attacker exploits to crash a system, control a device, or steal data.

Why BIOS matters in AP Cybersecurity

BIOS lives in Unit 4: Securing Devices, specifically Topic 4.1 (Device Vulnerabilities and Attacks). It directly supports AP Cybersecurity 4.1.C, which is about how adversaries exploit common device vulnerabilities to cause loss, damage, disruption, or destruction. An unprotected BIOS is exactly the kind of weak point EK 4.1.C describes, where an adversary can take deep control of a device.

It also feeds into AP Cybersecurity 4.1.D (assessing and documenting risk). Because BIOS controls the boot process for any computing device identified in 4.1.A (servers, personal computers, handhelds), a compromised BIOS scores high on risk. The attacker gets a foothold that survives reboots and even OS reinstalls.

Keep studying AP Cybersecurity Unit 4

How BIOS connects across the course

UEFI (Unit 4)

UEFI is the modern replacement for traditional BIOS. It does the same job (start hardware, load the OS) but adds security features like Secure Boot that check whether boot code has been tampered with. If you understand why an unprotected BIOS is risky, UEFI is basically the patched-up answer to that risk.

Malware (Unit 4)

Malware that infects the BIOS loads before the operating system, which means it runs before your anti-malware ever gets a chance. That's what makes BIOS-level infection so dangerous compared to a regular file-based virus.

Anti-malware (Unit 4)

Anti-malware scans inside the running operating system, but BIOS firmware sits below that layer. This is the key insight: an unprotected BIOS is a blind spot your antivirus can't reach, which is why a BIOS password is a separate control.

Is BIOS on the AP Cybersecurity exam?

On the multiple-choice section, BIOS shows up as one item in a list of device weaknesses. A real practice stem describes a computer with no firewall, no anti-malware, and an unprotected BIOS, then asks which term describes these weaknesses. The answer is vulnerabilities. So you need to recognize an unprotected BIOS as a vulnerability, not as a type of malware or an attack. Expect BIOS to appear inside broader questions on exploiting device vulnerabilities (aligned to 4.1.C) rather than as a standalone topic. No released FRQ has used the term verbatim, but it supports the kind of risk-assessment reasoning 4.1.D rewards: explaining why a deep, pre-OS weakness raises the criticality of the risk.

BIOS vs UEFI

BIOS is the older, traditional boot firmware. UEFI is its modern successor and includes built-in security features like Secure Boot that BIOS lacks. They both boot the computer, but UEFI is the upgraded, more secure version, so don't treat them as interchangeable on the exam.

Key things to remember about BIOS

  • BIOS (Basic Input/Output System) is the firmware that starts a computer's hardware and loads the operating system at boot.

  • An unprotected BIOS is a device vulnerability, not a piece of malware, and the AP exam tests that distinction directly.

  • Because BIOS runs before the operating system, malware that infects it loads before anti-malware can stop it.

  • BIOS maps to Topic 4.1 and supports learning objective AP Cybersecurity 4.1.C on exploiting device vulnerabilities.

  • UEFI is the modern, more secure replacement for BIOS and adds protections like Secure Boot.

Frequently asked questions about BIOS

What is BIOS in AP Cybersecurity?

BIOS is the Basic Input/Output System, the firmware that runs first when you turn on a computer to start the hardware and load the operating system. In Topic 4.1, an unprotected BIOS counts as a device vulnerability an adversary can exploit.

Is BIOS a type of malware?

No. BIOS is legitimate firmware that every computer needs to boot. The security concern is an unprotected BIOS, which is a vulnerability that malware could exploit, not malware itself.

What is the difference between BIOS and UEFI?

Both boot the computer by starting hardware and loading the OS, but UEFI is the modern replacement for the older BIOS. UEFI adds security features like Secure Boot that check for tampering, which traditional BIOS lacks.

Why is an unprotected BIOS dangerous?

Because BIOS loads before the operating system, malware planted there runs before your anti-malware software ever starts. That gives an adversary deep, persistent control that can survive reboots and OS reinstalls.

How is BIOS tested on the AP Cybersecurity exam?

It appears in multiple-choice questions listing device weaknesses, where an unprotected BIOS alongside no firewall or anti-malware is identified as a vulnerability. You should be able to name it as a vulnerability tied to learning objective 4.1.C.

Keep studying AP Cybersecurity

Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.