An unencrypted drive is a storage device whose files are saved in plain, readable form, meaning an adversary who gains physical access to the device or drive can read any file on it (EK 5.1.A.1).
An unencrypted drive is exactly what it sounds like: a storage device (hard drive, SSD, USB stick) where files sit in plain, readable form. There's no scrambling, no key required. If someone gets their hands on the drive, they can read everything on it.
The CED states this directly in EK 5.1.A.1: an adversary can read any unencrypted files if they have access to the device or drive storing the files. That's the whole vulnerability in one sentence. Encryption is what flips that switch. With encryption, even someone holding the physical drive sees scrambled garbage without the key. Without it, your login password is basically a sticky note on a door that someone just walked around by pulling the drive out and plugging it into their own machine.
This lives in Unit 5: Securing Applications and Data, specifically topic 5.1 on application and data vulnerabilities. It directly supports AP Cybersecurity 5.1.A, which asks you to explain how adversaries exploit application and file vulnerabilities to cause loss or damage. The unencrypted drive is the cleanest example of that idea: the file itself is the weak point. It also feeds into 5.1.C, where you assess and document risk, because an unencrypted drive is a confidentiality risk (EK 5.1.C.1). The bigger theme is that protecting data isn't only about passwords and access control. The data itself has to be protected, and encryption is how you do that for data at rest.
Keep studying AP Cybersecurity Unit 5
Visual cheatsheet
view galleryData at Rest (Unit 5)
An unencrypted drive is the textbook case of unprotected data at rest. Data at rest means files just sitting in storage, not moving anywhere. Encrypting the drive is the standard defense, so these two terms are two sides of the same coin.
Confidentiality in the CIA Triad (Unit 5)
EK 5.1.C.1 ties data vulnerabilities to the CIA triad. An unencrypted drive is a pure confidentiality problem: unauthorized people can read sensitive data. The integrity and availability of the files might be fine, but anyone can still see them.
Administrative Privileges (Unit 5)
EK 5.1.A.2 covers how an adversary with elevated privileges can reach files on a running system. The unencrypted drive shows the flip side: an attacker can skip the OS entirely by pulling the drive out, so access controls inside the system never even come into play.
PII, PHI, and PCI (Unit 5)
These are the high-value, regulated data types from EK 5.1.C.2. Storing PII or PHI on an unencrypted drive is exactly the high-risk scenario the CED flags, because a single stolen laptop can leak data governed by law.
Expect this as a confidentiality scenario. A multiple-choice stem might describe a stolen laptop or a found USB drive and ask which security goal was compromised (the answer leans toward confidentiality) or which control would have prevented it (encryption of data at rest). On a free-response, you may need to assess and document risk per 5.1.C: name the vulnerability (data stored unencrypted), the threat (physical access to the device), and the impact (an adversary reads sensitive files). No released FRQ has used the exact phrase "unencrypted drive," but the underlying idea, EK 5.1.A.1, is core risk-assessment material. When you answer, say WHY it's a risk: the files are readable to anyone with the drive, so login passwords and access controls don't protect them.
Data at rest is the category (any stored, non-moving data), while an unencrypted drive is the vulnerable version of it. All data on an unencrypted drive is data at rest, but data at rest can also be encrypted and protected. Don't treat the terms as interchangeable: one names the state of the data, the other names the specific weakness.
An unencrypted drive stores files in plain, readable form, so anyone with physical access to the drive can read everything on it (EK 5.1.A.1).
This is a confidentiality failure under the CIA triad, not an integrity or availability one, because the data isn't altered or destroyed, just exposed.
Login passwords and access controls don't protect an unencrypted drive, since an attacker can pull the drive out and read it on another machine.
Encryption is the fix: it scrambles the files so the physical drive is useless without the key.
Storing regulated data like PII or PHI on an unencrypted drive is a high-risk scenario the CED specifically flags (EK 5.1.C.2).
It's a storage device that saves files in plain, readable form with no encryption. Per EK 5.1.A.1, an adversary with access to the device or drive can read any unencrypted file on it.
No. A login password only guards the running operating system. An attacker can remove the drive and read its files on their own computer, bypassing the password entirely. Encryption is what actually protects the data.
Data at rest is any stored data that isn't moving; it's the broad category. An unencrypted drive is the unprotected version of data at rest. The data can also be at rest AND encrypted, which is the secure state.
Confidentiality. Unauthorized people can read sensitive data (EK 5.1.C.1). Integrity and availability aren't directly affected because the files aren't being changed or destroyed, just exposed.
Because PII is highly sensitive and often regulated by law, and an unencrypted drive makes it readable to anyone who gets the device. EK 5.1.C.2 flags exactly this combination of sensitive data plus a likely exploit as high risk.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.