In AP Cybersecurity, a virus is a type of malware that must be activated by a user, meaning someone has to execute or open an infected file before it can run and spread (EK 4.1.B.2).
A virus is malicious software (malware) that needs a human to set it off. Until someone executes a program or opens an infected file, the virus just sits there doing nothing. That's the defining trait: a virus requires user activation (EK 4.1.B.2). Think of it like a booby trap that only goes off when you step on it.
Once activated, a virus does what malware does. Per EK 4.1.B.1, malware can damage or destroy a device or network, or hand an adversary access to the device and the data on it. Viruses are one of several malware types the CED lists alongside worms, Trojans, and others, and they usually serve as a tool inside a bigger attack plan rather than the adversary's end goal.
Virus lives in Unit 4: Securing Devices, specifically topic 4.1 Device Vulnerabilities and Attacks. It directly supports AP Cybersecurity 4.1.B, where you identify the type of malware used in a cyberattack. Knowing the exact definition matters because the whole point of 4.1.B is telling malware types apart, and the line between a virus, a worm, and a Trojan comes down to small but testable details about how each one spreads and activates.
It also feeds into 4.1.C and 4.1.D, where you explain and assess the risk a malware infection creates. A virus can be the delivery mechanism that lets an adversary remotely control a device, encrypt a drive for ransom, or wipe data entirely (EK 4.1.D.1).
Keep studying AP Cybersecurity Unit 4
Visual cheatsheet
view galleryWorm (Unit 4)
A worm is the virus's self-driving cousin. Both are malware, but a worm spreads computer to computer with no human interaction, while a virus needs you to open or run the infected file first. That single difference is the most common thing the exam tests.
Trojan (Unit 4)
A Trojan hides inside software that looks harmless, so when you run that 'safe' program you also run the malware. Like a virus, it relies on you taking an action, but the trick is disguise rather than just an infected file.
Anti-malware (Unit 4)
Anti-malware is the defense built to catch viruses (and other malware) before they activate. When the CED asks you to assess and document risk in 4.1.D, missing or outdated anti-malware is exactly the kind of gap that raises a device's risk level.
Software vulnerabilities and exploits (Unit 4)
EK 4.1.C.1 explains that unpatched software gives adversaries a way in. A virus often rides on top of that, exploiting a known weakness to crash a system, spy through a webcam, or take control of the device.
Expect virus to show up in multiple-choice questions that ask you to identify malware or pick which type fits a scenario. Several practice questions simply ask "Which of the following is an example of malware?" and a virus is a textbook correct answer. The trickier stems describe how something spreads and make you choose between a virus, a worm, and a Trojan, so read for the activation detail: if a human has to open or run a file, it's a virus; if it spreads on its own, it's a worm. No released FRQ has used the term verbatim, but virus supports the risk-assessment writing the CED rewards in 4.1.C and 4.1.D, where you explain how malware leads to loss, damage, disruption, or destruction.
Both are malware, and that's why they get mixed up. The CED draws one clean line: a virus must be activated by a user opening or executing a file, while a worm spreads from computer to computer with no human interaction. If a question says someone clicked or ran something, lean virus; if it spreads by itself, lean worm.
A virus is malware that only runs after a user executes or opens an infected file (EK 4.1.B.2).
The defining difference between a virus and a worm is human activation: viruses need it, worms don't.
Viruses fall under AP Cybersecurity 4.1.B, where you identify the type of malware used in a cyberattack.
Once activated, a virus can damage or destroy a device, steal data, or give an adversary control (EK 4.1.B.1 and 4.1.D.1).
On the exam, watch for words like 'opened,' 'clicked,' or 'ran a file' as signals pointing to a virus rather than a worm.
It's a type of malware that must be activated by a user, meaning someone has to execute or open an infected file before it can run (EK 4.1.B.2). It's one of the malware types you identify under learning objective 4.1.B.
No. Both are malware, but a virus needs a user to open or run a file to activate, while a worm spreads from computer to computer on its own with no human interaction. That activation detail is the key distinction the exam tests.
A virus is malware tied to an infected file that you have to run, while a Trojan is malware hidden inside software that looks harmless. Both depend on a user taking action, but a Trojan's whole strategy is disguise.
Yes. Virus appears in Unit 4 under topic 4.1, and multiple-choice questions ask you to identify malware or distinguish a virus from a worm or Trojan based on how it spreads.
Per EK 4.1.B.1 and 4.1.D.1, an activated virus can damage or destroy a device, steal data, encrypt a drive for ransom, or give an adversary remote control. It's often just one step in a larger attack plan.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.