A LAN (local area network) is a group of connected devices in a single physical location, like an office or building. In AP Cybersecurity, the LAN matters because once an adversary compromises one device, they often try to spread to others on the same LAN.
A LAN (local area network) is the network that links devices together in one place, like a single building, office, or campus. Computers, switches, printers, and servers on the same LAN can talk to each other directly. That's the whole point of a LAN: fast, local communication between trusted devices.
For AP Cybersecurity, the security angle is what counts. Devices on a LAN usually trust each other more than they trust the outside internet, and that trust is exactly what attackers abuse. If an adversary gets a foothold on one machine, the LAN gives them a path to reach everything else nearby. This is also why physical access matters. Someone who plugs a device into an open data port can land directly on the LAN through the switch unless port security is turned on (EK 3.1.B.3).
The LAN lives in Unit 3: Securing Networks, specifically topic 3.1 Network Vulnerabilities and Attacks. It anchors learning objective AP Cybersecurity 3.1.B, which asks you to explain how adversaries exploit network vulnerabilities to steal, disrupt, or destroy communication. EK 3.1.B.2 spells it out: an adversary who compromises one device tries to leverage that access to compromise other devices on the LAN. That's the idea of lateral movement, and it ties straight into AP Cybersecurity 3.1.C, where you assess risks to confidentiality, integrity, and availability. A poorly protected LAN is a risk to all three, because once an attacker is inside, they can intercept data, launch DoS attacks, or pivot to more sensitive systems.
Keep studying AP Cybersecurity Unit 3
Visual cheatsheet
view galleryNetwork Segmentation and VLANs (Unit 3)
If the danger of a LAN is that one compromised device can reach all the others, segmentation is the fix. Splitting a flat LAN into separate VLANs or subnets walls off sections so an attacker can't freely roam from one machine to the next.
ARP Poisoning and MAC Spoofing (Unit 3)
These on-path (man-in-the-middle) attacks happen inside the LAN. An adversary fakes a MAC address or feeds false ARP packets to the default gateway so traffic meant for a target gets redirected to them, all on the local network.
Port Security on Switches (Unit 3)
A LAN is only as safe as its physical ports. EK 3.1.B.3 says someone who plugs into an open data port lands on the LAN through the switch unless port security is enabled, which limits which devices a port will accept.
DoS Attacks and Firewalls (Unit 3)
Adversaries flood a LAN to overwhelm it, map its internal structure, or spoof legitimate devices. A network without firewalls, or with badly configured ones, leaves the LAN wide open to all three (EK 3.1.B.1).
Expect the LAN to show up as the setting for an attack scenario rather than as a standalone definition question. Multiple-choice stems describe a device communicating "on a local network" and then ask you to identify the protocol (ARP) or the attack (ARP poisoning, MAC spoofing, on-path attack). The key skill is recognizing lateral movement: when a question says an adversary already compromised one device and is reaching for others, that's EK 3.1.B.2 in action. For risk-assessment questions tied to 3.1.C, connect LAN weaknesses to confidentiality, integrity, and availability. No released FRQ has used "LAN" verbatim, but the term underpins the network-attack reasoning the exam rewards.
A LAN is the physical local network connecting devices in one place. A VLAN (virtual LAN) is a logical division of that network. VLANs let you split one physical LAN into separate, isolated groups so devices that shouldn't talk to each other can't, which is a core segmentation defense.
A LAN (local area network) connects devices in a single physical location, like an office or building.
The big LAN risk is lateral movement: once an adversary compromises one device, they try to reach the rest of the devices on the same LAN (EK 3.1.B.2).
Plugging into an open switch port can hand an attacker LAN access unless port security is enabled (EK 3.1.B.3).
Attacks like ARP poisoning and MAC spoofing are on-path (man-in-the-middle) attacks that happen inside the LAN.
Segmenting a LAN with VLANs and subnets limits how far an attacker can spread and protects confidentiality, integrity, and availability.
A LAN, or local area network, is a group of connected devices in one physical location, such as a building or office. In Unit 3 it matters because attackers who compromise one device often move laterally to others on the same LAN (EK 3.1.B.2).
A LAN is the actual physical network linking devices in one place. A VLAN is a logical subdivision of that network. VLANs are a segmentation tool that splits one LAN into isolated groups so a compromised device can't freely reach everything.
Not by itself, but the trust between LAN devices is the problem. Devices on a LAN tend to trust each other, so once an attacker is inside, they can intercept data, launch DoS attacks, or pivot to more sensitive systems unless segmentation and firewalls are in place.
Two common ways tested in 3.1: compromising an existing device and using it as a foothold, or physically plugging into an open data port, which grants switch access to the LAN unless port security is enabled (EK 3.1.B.3).
Yes. Both are on-path (man-in-the-middle) attacks that operate inside the local network. The adversary fakes a MAC address or sends falsified ARP packets to redirect LAN traffic meant for a target to their own device.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.