UEFI (Unified Extensible Firmware Interface) is the low-level firmware that starts up a computer and hands control to the operating system; in AP Cybersecurity it's a device component you secure to stop adversaries from booting malicious software before the OS even loads.
UEFI stands for Unified Extensible Firmware Interface. Think of it as the very first software that runs when you press the power button. Before your operating system loads, UEFI wakes up the hardware, checks that everything's there, and then hands the keys over to the OS. It's the modern replacement for the older BIOS firmware.
Why does AP Cybersecurity care about firmware? Because firmware lives below the operating system, so whoever controls it controls everything that loads after it. Under topic 4.1, UEFI shows up as a device component that adversaries target and that defenders harden. If an attacker can change boot settings, they can force a computer to boot from an external drive and load a malicious OS instead of yours. Locking down UEFI (for example, with a firmware password or Secure Boot) blocks that move and keeps the boot process trustworthy.
UEFI lives in Unit 4: Securing Devices, specifically topic 4.1 Device Vulnerabilities and Attacks. It connects to learning objective AP Cybersecurity 4.1.C, which asks you to explain how adversaries exploit common device vulnerabilities. EK 4.1.C.1 says adversaries can take control of a device, and controlling the firmware is one of the deepest forms of that control. It also touches AP Cybersecurity 4.1.D on assessing risk, because a compromised boot process is high-risk: it can sit beneath your anti-malware and survive an OS reinstall.
Keep studying AP Cybersecurity Unit 4
Visual cheatsheet
view galleryBIOS (Unit 4)
UEFI is basically the modern upgrade to BIOS. They do the same job (boot the machine and start the OS), but UEFI adds features like Secure Boot and supports bigger drives. If a question mentions either one as the firmware you password-protect, the security logic is identical.
Malware (Unit 4)
EK 4.1.B.1 defines malware as software that can take over a device. Attacking UEFI lets malware load before the OS and before your defenses, which is why firmware-level threats are so hard to detect and remove.
Autorun (Unit 4)
Both autorun and an unsecured UEFI are about a device automatically running code you didn't choose. Autorun launches files off a plugged-in drive; an open UEFI lets an adversary boot an entire malicious OS off that drive. Same exploit family, different layer.
Expect UEFI in multiple-choice stems about firmware and boot security. A classic version: an administrator wants to stop an adversary from booting into recovery mode and loading a malicious OS from an external drive, and you pick the firmware component to protect with a password. The answer is the boot firmware (UEFI or BIOS). What you need to do is recognize that UEFI sits below the operating system, explain why that makes it a high-value target under topic 4.1, and identify securing it (firmware password, Secure Boot, disabling boot from external media) as the mitigation. No released FRQ has used this term verbatim, but it fits the kind of device-hardening reasoning Unit 4 rewards.
BIOS is the older firmware standard; UEFI is the newer one that replaced it on modern machines. They both boot the computer and both can be locked with a password, so on the exam the security concept is the same. UEFI just supports more features like Secure Boot and larger storage.
UEFI is the firmware that runs first at power-on and hands control to the operating system, making it the modern replacement for BIOS.
Because UEFI loads before the OS, an attacker who controls it controls everything that loads afterward, which makes it a high-risk target under EK 4.1.D.
Securing UEFI with a firmware password or Secure Boot stops adversaries from booting a malicious OS off an external drive.
On the AP exam, UEFI and BIOS are treated as the same kind of bootable firmware you harden in Unit 4.
UEFI-level threats can survive an operating system reinstall, so they're harder to detect and remove than ordinary OS-level malware.
UEFI (Unified Extensible Firmware Interface) is the low-level firmware that boots a computer and starts the operating system. In Unit 4 it's a device component you secure so adversaries can't boot malicious software before the OS loads.
Essentially yes for exam purposes. UEFI is the modern replacement for BIOS and does the same boot job, but adds features like Secure Boot and support for larger drives. Both can be locked with a firmware password to block boot-based attacks.
Because UEFI runs before the operating system and before your anti-malware, controlling it lets an adversary load a malicious OS or stay hidden even after a system reinstall. That's why EK 4.1.C and 4.1.D treat firmware compromise as a serious risk.
Set a firmware password, enable Secure Boot, and disable booting from external drives. This stops an adversary from forcing the computer into recovery mode and loading their own operating system from a USB or external disk.
UEFI is legitimate firmware that ships with the device; a RAT is malicious software an adversary installs to control a machine remotely. The connection is that attacking UEFI can be a way to deliver or hide malware below where defenses normally look.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.