In AP Cybersecurity, a port is a numbered logical endpoint that identifies a specific network service on a device (like port 22 for SSH or 80 for HTTP), and firewalls use it as one of the criteria for permitting or denying traffic.
A port is a number that tells network traffic which service it's trying to reach on a device. An IP address gets data to the right computer; the port gets it to the right program on that computer. Think of the IP address as the building's street address and the port as the specific apartment number inside.
Ports matter for the AP exam because firewalls use them to filter traffic. A stateless firewall reads the packet header and checks the port number (along with IP addresses and protocols) to decide what to do (EK 3.4.A.2). Network admins write access control list (ACL) rules that name a port as one filtering criterion (EK 3.4.B.3). Certain ports are standardized for specific services, which is why a rule like Allow inbound TCP port 22 from ALL; works as written, port 22 is the designated port for SSH (EK 3.4.D.2).
Port lives in Unit 3: Securing Networks, specifically Topic 3.4 on firewalls. It directly supports AP Cybersecurity 3.4.B (explaining how a firewall uses an ACL to allow or deny traffic) and AP Cybersecurity 3.4.D (configuring a firewall to manage traffic flow). When you write or read a firewall rule, the port is often the piece that pins the rule to a specific service. Without understanding ports, you can't reason about why one rule blocks web traffic and another opens a remote login session.
Keep studying AP Cybersecurity Unit 3
Visual cheatsheet
view galleryAccess Control List (ACL) Rules (Unit 3)
A port is one of the criteria an ACL rule can filter by, alongside IP address, protocol, service, or application. ACL rules are checked top to bottom, so the first rule that matches a packet's port (and other fields) is the one that fires.
Stateless Firewall and Packet Headers (Unit 3)
A stateless firewall doesn't track connections; it just reads each packet's header. The port number sits in that header, so it's one of the few pieces of info a stateless firewall actually uses to make a decision.
Protocol (Unit 3)
Ports and protocols travel together in firewall rules. A rule like Allow inbound TCP port 22 pairs the protocol (TCP) with the port (22) because the same port number can mean different things under different transport protocols.
Open Port (Unit 3)
An open port is one actively accepting connections, which is exactly what a firewall rule decides to allow or deny. Leaving the wrong ports open is a security risk, which is why ACLs explicitly permit only the ports a service needs.
Port shows up in multiple-choice questions about how firewalls filter traffic. Expect stems describing a stateless firewall examining packet headers and asking what info it inspects, ports are one of the correct answers alongside IP addresses and protocols. You may also see firewall-rule questions where you read a rule like Deny inbound TCP port 80 from 192.168.1.0/24; and explain what it does. No released FRQ has used the term verbatim, but you should be ready to read, interpret, or write ACL rules that reference ports as part of configuring a firewall under AP Cybersecurity 3.4.D.
An IP address identifies which device on the network; a port identifies which service or program on that device. A firewall rule can use both: the IP says who, the port says what they're trying to reach. Port 22 on a server is SSH no matter which IP is talking to it.
A port is a numbered endpoint that identifies a specific service on a device, like port 22 for SSH or port 80 for HTTP.
Firewalls use ports as one filtering criterion in ACL rules, alongside IP addresses, protocols, services, and applications.
A stateless firewall reads the port number directly from the packet header to make its allow-or-deny decision.
Firewall rules pair a port with a protocol (like TCP port 22) because the same port number can mean different things under different protocols.
ACL rules are checked in order, so the first rule that matches a packet's port and other fields is the one that executes.
A port is a number that identifies a specific service or program on a networked device, such as port 22 for SSH or port 80 for web traffic. Firewalls use ports to decide whether to permit or deny traffic to that service.
No. An IP address tells traffic which device to reach; a port tells it which service on that device. A firewall rule can filter by both, the IP for who and the port for what they want.
A firewall checks the port number listed in an ACL rule against the port in the packet, then permits or denies the traffic. For example, Deny inbound TCP port 80 from 192.168.1.0/24; blocks web traffic from that subnet.
The destination port is the service the traffic is trying to reach (like port 22 for SSH on the server), while the source port is the temporary port the sender uses. Firewall rules usually filter on the destination port because that's what identifies the targeted service.
Yes. A stateless firewall filters based on packet header info, and the port number is part of that header, along with IP addresses and protocols (EK 3.4.A.2).
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.