---
title: "DoS Attack — AP Cybersecurity Definition & Exam Guide"
description: "A DoS attack floods a network with malicious traffic so legitimate users can't get through, attacking availability. Learn how it shows up in AP Cybersecurity Unit 3."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/dos-attack"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 3"
---

# DoS Attack — AP Cybersecurity Definition & Exam Guide

## Definition

A denial of service (DoS) attack is when an adversary sends malicious traffic to flood a network or device, overwhelming it so legitimate users can't access it. It targets the availability leg of the CIA triad.

## What It Is

A **[denial of service](/ap-cybersecurity/key-terms/denial-of-service "fv-autolink") (DoS) attack** is exactly what the name says: the adversary denies you access to a service. They do it by flooding a network or device with so much traffic that it can't keep up, and legitimate requests get drowned out. Think of one ticket window with a thousand fake customers crammed in front of it. The real customers can't reach the counter.

In the AP CED, a DoS attack is one of the things an adversary can do with **[malicious traffic](/ap-cybersecurity/unit-3/network-vulnerabilities-and-attacks/study-guide/9lJpNM0eCHQ1M3XgFL97 "fv-autolink")** sent into a network (EK 3.1.B.1). The same flood of traffic can also be used to map a network's internal structure or spoof a device, but a DoS specifically aims to disrupt. A classic example is sending thousands of [ICMP requests](/ap-cybersecurity/unit-3/detecting-network-attacks/study-guide/5kYH3dgJpqFp57SUnjEX "fv-autolink") to a network's broadcast address so every connected device responds at once toward a victim, burying it in replies. Networks without firewalls, or with badly configured firewalls, are wide open to this.

## Why It Matters

DoS attacks live in **[Unit 3](/ap-cybersecurity/unit-3 "fv-autolink"): Securing Networks**, under topic 3.1 Network Vulnerabilities and Attacks. They support **[AP Cybersecurity](/ap-cybersecurity "fv-autolink") 3.1.B** (explaining how adversaries exploit network vulnerabilities to steal, disrupt, or destroy communication) and **AP Cybersecurity 3.1.C** (assessing the risk those vulnerabilities create). The big theme here is the CIA triad. Most attacks you study threaten confidentiality or integrity, but a DoS is the textbook attack on **availability** (EK 3.1.C.1). If you can name which leg of the triad an attack hits, a DoS is your go-to example for availability.

## Connections

### [ICMP Traffic (Unit 3)](/ap-cybersecurity/key-terms/icmp-traffic)

ICMP is the [protocol](/ap-cybersecurity/key-terms/protocol "fv-autolink") behind ping, and it's a common DoS delivery method. Flooding a broadcast address with ICMP requests makes every device reply at once toward one victim, turning normal network chatter into a weapon.

### Firewalls and Network Configuration (Unit 3)

EK 3.1.B.1 says networks without [firewalls](/ap-cybersecurity/key-terms/firewall "fv-autolink"), or with poorly configured ones, are vulnerable to flooding. The defense against a DoS is the same control that filters other malicious traffic, so a misconfigured firewall puts availability at risk.

### [MAC Flooding (Unit 3)](/ap-cybersecurity/key-terms/mac-flooding)

[MAC flooding](/ap-cybersecurity/key-terms/mac-flooding "fv-autolink") overwhelms a switch's address table instead of a whole network, but the logic is identical: bury a target in more than it can handle until it stops working normally. Both are flood-style disruption attacks.

## On the AP Exam

Expect DoS attacks in multiple-choice questions about network attacks and malicious traffic. A common stem describes the symptom (an adversary floods a network so legitimate users can't get access) and asks you to name the attack, or describes a flood of ICMP requests to a broadcast address and asks what it accomplishes. You should be able to identify a DoS as an attack on availability and contrast it with a distributed denial of service (DDoS). No released FRQ has used this term verbatim, but the CED connects it directly to risk assessment under 3.1.C, so be ready to explain how a network vulnerability could let an adversary launch one.

## DoS attack vs DDoS attack

A DoS attack comes from a single source, one machine flooding the target. A distributed denial of service (DDoS) comes from many machines at once, usually a botnet of compromised devices. DDoS is harder to block because you can't just cut off one IP address. Same goal (deny availability), different scale and number of attackers.

## Key Takeaways

- A DoS attack floods a network or device with traffic so legitimate users can't access it, attacking the availability leg of the CIA triad.
- It's one use of malicious traffic an adversary can send into a network, alongside mapping the network or spoofing a device (EK 3.1.B.1).
- Networks without firewalls, or with misconfigured firewalls, are especially vulnerable to flooding attacks.
- A DoS comes from one source, while a DDoS uses many compromised machines at once, making it harder to stop.
- Flooding a broadcast address with ICMP requests is a classic DoS technique because every device responds toward the victim.

## FAQs

### What is a DoS attack in AP Cybersecurity?

It's a denial of service attack, where an adversary floods a network or device with malicious traffic so legitimate users can't access it. In the CED it falls under topic 3.1 and is the main example of an attack on availability.

### What's the difference between a DoS and a DDoS attack?

A DoS attack floods the target from a single source, while a DDoS (distributed denial of service) attack floods it from many sources at once, usually a network of compromised devices. The DDoS is harder to defend against because you can't just block one IP address.

### Does a DoS attack steal data?

No. A DoS attack disrupts access, it doesn't steal or read data. That's the key distinction: it targets availability, not confidentiality, so the goal is to take a service down rather than spy on it.

### How does a DoS attack use ICMP?

ICMP is the ping protocol, and an adversary can abuse it by sending thousands of ICMP requests to a network's broadcast address. Every connected device responds at once toward the victim, and that flood of replies overwhelms the target.

### How do you defend against a DoS attack?

A properly configured firewall is the core defense, since EK 3.1.B.1 notes that networks without firewalls or with badly set up ones are the ones most vulnerable to flooding traffic.

## Related Study Guides

- [3.1 Network Vulnerabilities and Attacks](/ap-cybersecurity/unit-3/network-vulnerabilities-and-attacks/study-guide/9lJpNM0eCHQ1M3XgFL97)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/dos-attack#resource","name":"DoS Attack — AP Cybersecurity Definition & Exam Guide","url":"https://fiveable.me/ap-cybersecurity/key-terms/dos-attack","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/dos-attack#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:28.530Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/dos-attack#term","name":"DoS attack","description":"A denial of service (DoS) attack is when an adversary sends malicious traffic to flood a network or device, overwhelming it so legitimate users can't access it. It targets the availability leg of the CIA triad.","url":"https://fiveable.me/ap-cybersecurity/key-terms/dos-attack","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 3, Topic 3.1, LO 3.1.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 3, Topic 3.1, LO 3.1.B"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 3, Topic 3.1, LO 3.1.C"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is a DoS attack in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"It's a denial of service attack, where an adversary floods a network or device with malicious traffic so legitimate users can't access it. In the CED it falls under topic 3.1 and is the main example of an attack on availability."}},{"@type":"Question","name":"What's the difference between a DoS and a DDoS attack?","acceptedAnswer":{"@type":"Answer","text":"A DoS attack floods the target from a single source, while a DDoS (distributed denial of service) attack floods it from many sources at once, usually a network of compromised devices. The DDoS is harder to defend against because you can't just block one IP address."}},{"@type":"Question","name":"Does a DoS attack steal data?","acceptedAnswer":{"@type":"Answer","text":"No. A DoS attack disrupts access, it doesn't steal or read data. That's the key distinction: it targets availability, not confidentiality, so the goal is to take a service down rather than spy on it."}},{"@type":"Question","name":"How does a DoS attack use ICMP?","acceptedAnswer":{"@type":"Answer","text":"ICMP is the ping protocol, and an adversary can abuse it by sending thousands of ICMP requests to a network's broadcast address. Every connected device responds at once toward the victim, and that flood of replies overwhelms the target."}},{"@type":"Question","name":"How do you defend against a DoS attack?","acceptedAnswer":{"@type":"Answer","text":"A properly configured firewall is the core defense, since EK 3.1.B.1 notes that networks without firewalls or with badly set up ones are the ones most vulnerable to flooding traffic."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 3","item":"https://fiveable.me/ap-cybersecurity/unit-3"},{"@type":"ListItem","position":4,"name":"DoS attack"}]}]}
```
