BIOS (Basic Input/Output System) is the low-level firmware that starts a computer's hardware and loads the operating system at boot. In AP Cybersecurity, an unprotected BIOS is a device vulnerability adversaries can exploit for deep, persistent control (Topic 4.1).
BIOS stands for Basic Input/Output System. It's the firmware baked into a chip on the motherboard that runs first when you power on a computer, before the operating system even exists in memory. Think of it as the device's wake-up routine: it checks the hardware, then hands control to the OS so Windows, macOS, or Linux can load.
Why does AP Cybersecurity care about a boot program? Because BIOS sits below the operating system. If an adversary tampers with it or it has no password protection, they can plant malware that loads before any anti-malware software wakes up. That makes it a textbook example of the device vulnerabilities described in Topic 4.1: weaknesses an attacker exploits to crash a system, control a device, or steal data.
BIOS lives in Unit 4: Securing Devices, specifically Topic 4.1 (Device Vulnerabilities and Attacks). It directly supports AP Cybersecurity 4.1.C, which is about how adversaries exploit common device vulnerabilities to cause loss, damage, disruption, or destruction. An unprotected BIOS is exactly the kind of weak point EK 4.1.C describes, where an adversary can take deep control of a device.
It also feeds into AP Cybersecurity 4.1.D (assessing and documenting risk). Because BIOS controls the boot process for any computing device identified in 4.1.A (servers, personal computers, handhelds), a compromised BIOS scores high on risk. The attacker gets a foothold that survives reboots and even OS reinstalls.
Keep studying AP Cybersecurity Unit 4
Visual cheatsheet
view galleryUEFI (Unit 4)
UEFI is the modern replacement for traditional BIOS. It does the same job (start hardware, load the OS) but adds security features like Secure Boot that check whether boot code has been tampered with. If you understand why an unprotected BIOS is risky, UEFI is basically the patched-up answer to that risk.
Malware (Unit 4)
Malware that infects the BIOS loads before the operating system, which means it runs before your anti-malware ever gets a chance. That's what makes BIOS-level infection so dangerous compared to a regular file-based virus.
Anti-malware (Unit 4)
Anti-malware scans inside the running operating system, but BIOS firmware sits below that layer. This is the key insight: an unprotected BIOS is a blind spot your antivirus can't reach, which is why a BIOS password is a separate control.
On the multiple-choice section, BIOS shows up as one item in a list of device weaknesses. A real practice stem describes a computer with no firewall, no anti-malware, and an unprotected BIOS, then asks which term describes these weaknesses. The answer is vulnerabilities. So you need to recognize an unprotected BIOS as a vulnerability, not as a type of malware or an attack. Expect BIOS to appear inside broader questions on exploiting device vulnerabilities (aligned to 4.1.C) rather than as a standalone topic. No released FRQ has used the term verbatim, but it supports the kind of risk-assessment reasoning 4.1.D rewards: explaining why a deep, pre-OS weakness raises the criticality of the risk.
BIOS is the older, traditional boot firmware. UEFI is its modern successor and includes built-in security features like Secure Boot that BIOS lacks. They both boot the computer, but UEFI is the upgraded, more secure version, so don't treat them as interchangeable on the exam.
BIOS (Basic Input/Output System) is the firmware that starts a computer's hardware and loads the operating system at boot.
An unprotected BIOS is a device vulnerability, not a piece of malware, and the AP exam tests that distinction directly.
Because BIOS runs before the operating system, malware that infects it loads before anti-malware can stop it.
BIOS maps to Topic 4.1 and supports learning objective AP Cybersecurity 4.1.C on exploiting device vulnerabilities.
UEFI is the modern, more secure replacement for BIOS and adds protections like Secure Boot.
BIOS is the Basic Input/Output System, the firmware that runs first when you turn on a computer to start the hardware and load the operating system. In Topic 4.1, an unprotected BIOS counts as a device vulnerability an adversary can exploit.
No. BIOS is legitimate firmware that every computer needs to boot. The security concern is an unprotected BIOS, which is a vulnerability that malware could exploit, not malware itself.
Both boot the computer by starting hardware and loading the OS, but UEFI is the modern replacement for the older BIOS. UEFI adds security features like Secure Boot that check for tampering, which traditional BIOS lacks.
Because BIOS loads before the operating system, malware planted there runs before your anti-malware software ever starts. That gives an adversary deep, persistent control that can survive reboots and OS reinstalls.
It appears in multiple-choice questions listing device weaknesses, where an unprotected BIOS alongside no firewall or anti-malware is identified as a vulnerability. You should be able to name it as a vulnerability tied to learning objective 4.1.C.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.