---
title: "AP Cybersecurity Unit 1 Review: Security | Fiveable"
description: "Review AP Cybersecurity Unit 1: social engineering, suspicious logins, public networks, AI-based cyber attacks, cyber defense, and security basics."
canonical: "https://fiveable.me/ap-cybersecurity/unit-1"
type: "unit"
subject: "AP Cybersecurity"
unit: "Unit 1 – Introduction to Security"
---

# AP Cybersecurity Unit 1 Review: Security | Fiveable

## Overview

Unit 1 introduces the three core attack surfaces students encounter throughout the course: human behavior, authentication, and network access. You will learn how adversaries exploit psychology through social engineering, crack weak passwords, hijack public Wi-Fi sessions, and now use AI tools to make attacks faster and more convincing. You will also learn how defenders use AI to detect and respond to threats at scale.

## AP CED Alignment

This unit hub is organized around AP Course and Exam Description topics, skills, and exam task types when they are available in the source data.
- Topic 1.1: Understanding Social Engineering
- Topic 1.2: Suspicious Website Logins
- Topic 1.3: Best Practices for Public Networks
- Topic 1.4: AI-Based Cybersecurity Attacks
- Topic 1.5: Leveraging AI in Cyber Defense
- Topic 1.2: Suspicious Website Logins and Authentication
- Skill Category 2 - Mitigate Risk
- Skill Category 1 - Analyze Risk

## Topics

- [Topic 1.1: Understanding Social Engineering](/ap-cybersecurity/unit-1/understanding-social-engineering/study-guide/TBmFY733Y9zYkD80i0py): Covers how adversaries use intimidation, urgency, authority, familiarity, and scarcity to manipulate targets into revealing information, clicking malicious links, or downloading malware. Includes impacts such as impersonation, account takeover, and malware installation.
- [Topic 1.2: Suspicious Website Logins](/ap-cybersecurity/unit-1/suspicious-website-logins/study-guide/zppDvyHLHIUFzT3MNwAN): Covers how adversaries exploit weak passwords and predictable patterns through online password attacks and dictionary attacks. Explains how to recognize attack signs in authentication logs and how strong passwords, passphrases, password managers, and MFA strengthen authentication.
- [Topic 1.3: Best Practices for Public Networks](/ap-cybersecurity/unit-1/best-practices-for-public-networks/study-guide/nli0fCFfA8OIiMHEGsBP): Covers adversary skill levels and motivations, and three wireless attack types: evil twin, jamming, and war driving. Explains protective actions including verifying SSIDs, relying on HTTPS, and using a VPN on untrusted networks.
- [Topic 1.4: AI-Based Cybersecurity Attacks](/ap-cybersecurity/unit-1/ai-based-cybersecurity-attacks/study-guide/f3ZMXhsLGaHVUDgQUpge): Covers how adversaries use AI tools including LLMs, voice cloning, and deepfakes to enhance phishing, impersonation, reconnaissance, and malware development. Explains defenses including shared secrets, MFA, keeping sensitive data out of AI tools, and verifying AI output.
- [Topic 1.5: Leveraging AI in Cyber Defense](/ap-cybersecurity/unit-1/leveraging-ai-in-cyber-defense/study-guide/uvMQfHoviL6tgFrEstZ8): Covers how defenders use AI-powered tools to review security configurations, scan application code, suggest detection rules, and analyze large volumes of network events to detect threats. Emphasizes that human experts must review all AI recommendations before implementation.

## Review Notes

### Topic 1.1: Understanding Social Engineering

Social engineering attacks manipulate people rather than exploiting technical vulnerabilities. Adversaries use psychological principles to get targets to reveal sensitive information (elicitation), click malicious links, or download malicious files. Attacks arrive by email, text (smishing), phone (vishing), social media, or in person.

- **Intimidation**: Threatening a target with negative consequences to pressure compliance, such as claiming an account will be closed unless the user acts immediately.
- **Urgency**: Creating artificial time pressure so the target acts before thinking critically about whether the request is legitimate.
- **Elicitation**: Subtly drawing out sensitive information from a target through seemingly normal conversation or requests.
- **Impact: personal info**: Victims may hand over names, birthdates, pet names, or addresses that adversaries use to answer security challenge questions or impersonate the victim.
- **Impact: malware**: Clicking a malicious link or downloading a malicious file can install malware that steals browser credentials or gives an adversary remote access.

**Checkpoint:** Can you explain why urgency is effective as a psychological tactic and give one example of how an adversary would use it in a phishing email?

Tactic | Psychological Principle | Example Delivery
--- | --- | ---
Intimidation | Fear of negative consequences | Email threatening account suspension
Urgency | Pressure to act before thinking | Text claiming a package will be returned in 2 hours
Familiarity | Trust in known entities | Message appearing to come from a coworker
Authority | Deference to figures of power | Impersonating IT support or a manager
Scarcity | Fear of missing out | Offer expiring in minutes to force a quick click

### Topic 1.2: Suspicious Website Logins and Authentication

Online password attacks involve adversaries submitting login guesses to a live account using common passwords, predictable patterns, or stolen credentials. Weak passwords built on personal information make these attacks easier. Strong passwords and MFA are the primary defenses.

- **Signs of a password attack**: Many failed logins in a short window, login attempts at unusual hours, and attempts from unrecognized devices all appear in authentication logs.
- **Dictionary attack**: An adversary builds a list of likely passwords from personal information about the target, such as birthdays, pet names, and anniversaries, then uses an automated tool to submit them.
- **Weak password patterns**: Common patterns include a word plus a two-digit year plus a special character at the end, or names of family members and pets.
- **Strong password practices**: Passwords should be long, random, and unique per account. A password manager can generate and store them, or users can create long passphrases.
- **Multifactor authentication (MFA)**: Requires a second proof of identity, such as a one-time password (OTP) sent to a phone, in addition to the password, so a stolen password alone is not enough to gain access.

**Checkpoint:** What three signs in an authentication log suggest an online password attack is underway, and what two defenses most directly reduce the risk?

Attack Type | How It Works | Key Defense
--- | --- | ---
Online password attack | Submits guesses directly to a live login page | Account lockout policies and MFA
Dictionary attack | Uses a custom list built from target's personal info | Avoid personal info in passwords
Credential stuffing | Replays username/password pairs stolen from other breaches | Unique password per account

### Topic 1.3: Best Practices for Public Networks

Public Wi-Fi is a convenient attack surface. Adversaries range from low-skilled users running downloaded tools to high-skilled operators who build custom exploits and discover zero-day vulnerabilities. Three wireless attack types appear on the exam: evil twin, jamming, and war driving.

- **Evil twin attack**: An adversary sets up a wireless access point (WAP) with an SSID identical or similar to a legitimate network. Victims who connect unknowingly send their traffic through the adversary's network.
- **Jamming attack**: An adversary floods the wireless frequency with electromagnetic signals, blocking legitimate traffic between users and the access point. This is a denial of service (DoS) attack.
- **War driving**: An adversary drives or walks through an area scanning for wireless network beacons to map available networks and identify vulnerable targets.
- **VPN**: A virtual private network encrypts all traffic from the user to the VPN operator's servers, preventing a rogue access point from reading the content, though the VPN provider itself can see the traffic.
- **HTTPS**: An encrypted protocol that protects the content of web traffic even on an untrusted network; an evil twin adversary cannot read HTTPS traffic.

**Checkpoint:** Describe how an evil twin attack works and identify two actions a user can take to reduce their risk on public Wi-Fi.

Attack | Mechanism | Effect on Victim
--- | --- | ---
Evil twin | Rogue WAP mimics legitimate SSID | Traffic captured by adversary
Jamming | EM signal floods wireless frequency | Users lose network access (DoS)
War driving | Scanning for network beacons while mobile | Adversary maps vulnerable networks for later targeting

### Topic 1.4: AI-Based Cybersecurity Attacks

AI does not create entirely new attack categories. It makes existing attacks, such as phishing, impersonation, and malware development, faster, cheaper, and more convincing. Adversaries use large language models (LLMs) to write polished phishing messages in any language and use voice cloning and deepfake technology to impersonate real people on calls or video.

- **Voice cloning and deepfakes**: AI tools use existing voice and image samples to create a digital avatar that can impersonate someone on a phone call or video call, enabling financial fraud or credential theft.
- **LLM-generated phishing**: Generative AI removes the grammatical errors that once helped users spot phishing messages, making AI-crafted messages harder to distinguish from legitimate communication.
- **Shared secrets**: A pre-agreed word or phrase known only to two trusted parties can verify identity in high-stakes situations where voice or video impersonation is possible.
- **Prompt injection**: An adversary embeds malicious instructions in content that an AI tool processes, causing the AI to take unintended actions or leak information.
- **Training data poisoning**: Adversaries corrupt the data used to train an AI model so the model produces incorrect or harmful outputs.

**Checkpoint:** Explain why LLM-generated phishing messages are harder to detect than traditional phishing, and name two defenses against AI-augmented impersonation attacks.

### Topic 1.5: Leveraging AI in Cyber Defense

Defenders use AI-powered tools to handle the scale of modern network activity that humans cannot review manually. AI assists with hardening configurations, finding code vulnerabilities, suggesting detection rules, and sorting millions of daily network events to surface likely malicious activity. Human review of AI recommendations is always required before implementation.

- **Configuration review**: AI tools analyze firewall rules and access controls and recommend more secure settings; a qualified security technician must verify recommendations before applying them.
- **Code vulnerability scanning**: AI-powered tools scan application code to identify security flaws and suggest fixes; a knowledgeable programmer reviews findings before changes are made.
- **Automated detection systems**: AI can suggest and apply detection rules that flag suspicious events; a detection engineer reviews rules before they go live.
- **Threat detection at scale**: AI sorts millions of daily network events to separate likely malicious activity from harmless events, then alerts human analysts or triggers automated responses.
- **Human oversight requirement**: AI assists but does not replace expert judgment. Every AI recommendation in a security context must be reviewed by a qualified human before it is acted on.

**Checkpoint:** Name three specific tasks where AI-powered tools assist cyber defenders, and explain why human review is required in each case.

Defensive Use Case | What AI Does | Who Reviews
--- | --- | ---
Configuration hardening | Recommends stronger firewall and access control settings | Security technician
Code vulnerability scanning | Identifies flaws and suggests mitigations | Programmer
Detection rule creation | Suggests rules for automated detection systems | Detection engineer
Threat detection | Sorts network events and flags likely malicious activity | Cybersecurity analyst

## Study Guides

- [1.5 Leveraging AI in Cyber Defense](/ap-cybersecurity/unit-1/leveraging-ai-in-cyber-defense/study-guide/uvMQfHoviL6tgFrEstZ8)
- [1.3 Best Practices for Public Networks](/ap-cybersecurity/unit-1/best-practices-for-public-networks/study-guide/nli0fCFfA8OIiMHEGsBP)
- [1.2 Suspicious Website Logins](/ap-cybersecurity/unit-1/suspicious-website-logins/study-guide/zppDvyHLHIUFzT3MNwAN)
- [1.1 Understanding Social Engineering](/ap-cybersecurity/unit-1/understanding-social-engineering/study-guide/TBmFY733Y9zYkD80i0py)
- [1.4 AI-Based Cybersecurity Attacks](/ap-cybersecurity/unit-1/ai-based-cybersecurity-attacks/study-guide/f3ZMXhsLGaHVUDgQUpge)

## Practice Preview

### Multiple-choice practice

- **AP-style practice question**: Skill Category 2 - Mitigate Risk | An AI-powered detection system at a financial institution identifies a user account downloading ten times its normal daily file volume at 2 a.m. The system is configured with two response options: alert a human analyst or automatically disable the account. Which configuration decision best reflects a layered security approach for this scenario?
- **AP-style practice question**: Skill Category 1 - Analyze Risk | A security analyst discovers that an adversary successfully bypassed a company's voice-based login system and also extracted confidential project details that an employee had previously typed into a public AI assistant. Which combination of defenses would have addressed both vulnerabilities simultaneously?
- **AP-style practice question**: Skill Category 1 - Analyze Risk | A hospital uses voice authentication as the sole method for staff to access patient records remotely. An adversary obtains audio clips of a nurse's voice from a public hospital video and uses AI to clone it, then calls the system and gains access. Which defense would have most directly prevented this breach?
- **AP-style practice question**: Skill Category 1 - Analyze Risk | A student asks an AI chatbot for the official steps to reset a password on a banking app. The chatbot confidently gives a fabricated procedure. Which adversarial technique most likely caused this, and what is the best protection?
- **AP-style practice question**: Skill Category 1 - Analyze Risk | An employee at a financial firm uses a public AI chatbot to draft a report and pastes in a spreadsheet containing client account numbers and balances to help format the data. Which vulnerability does this action most directly exploit, and what is the recommended protection?
- **AP-style practice question**: Skill Category 1 - Analyze Risk | A family establishes a shared secret word after learning about AI voice-cloning scams. A few weeks later, a parent receives a call from someone using a perfect clone of their child's voice, claiming to be in danger and asking for money. What is the primary reason the shared secret is an effective defense in this scenario?

## Key Terms

- **social engineering**: Attacks that use psychological manipulation rather than technical exploits to trick targets into revealing information, clicking malicious links, or downloading malicious files.
- **intimidation**: A social engineering tactic that threatens a target with negative consequences to pressure them into complying with an adversary's request.
- **urgency**: A social engineering tactic that creates artificial time pressure, preventing targets from thinking critically before acting.
- **elicitation**: Subtly drawing sensitive information out of a target through seemingly normal conversation or requests.
- **phishing**: A social engineering attack delivered by email that tricks recipients into revealing credentials, clicking malicious links, or downloading malware.
- **online password attack**: An attack in which an adversary submits login guesses directly to a live account using common passwords, predictable patterns, or stolen credentials.
- **dictionary attack**: A password attack that uses a custom list of likely passwords built from personal information about the target, submitted by an automated tool.
- **multifactor authentication**: An authentication method requiring two or more proofs of identity, such as a password plus a one-time code, so a stolen password alone cannot grant access.
- **evil twin attack**: An attack in which an adversary sets up a rogue wireless access point with an SSID matching a legitimate network to capture victim traffic.
- **jamming attack**: An attack that floods a wireless frequency with electromagnetic signals to block legitimate network traffic, creating a denial of service condition.
- **war driving**: The practice of scanning for wireless network beacons while moving through an area to map available networks and identify vulnerable targets.
- **VPN**: A virtual private network that encrypts all user traffic to the VPN operator's servers, preventing a rogue access point from reading traffic content.
- **deepfake**: AI-generated audio or video that realistically impersonates a real person, used by adversaries to commit fraud or extract sensitive information.
- **large language model**: A generative AI system that adversaries can use to craft convincing, grammatically correct phishing messages in any language at scale.
- **zero day**: An undocumented vulnerability that has not been publicly disclosed or patched, discoverable only by high-skilled adversaries.

## Common Mistakes

- **Confusing intimidation and urgency**: Intimidation threatens negative consequences to force compliance. Urgency creates time pressure to prevent careful thinking. They often appear together in the same attack, but they are distinct psychological mechanisms and the exam may ask you to identify each separately.
- **Thinking HTTPS makes an evil twin harmless**: HTTPS does protect the content of web traffic even on a rogue network, but an evil twin can still capture unencrypted traffic, DNS queries, and metadata. Verifying the SSID before connecting is still necessary.
- **Assuming a VPN makes public Wi-Fi fully safe**: A VPN encrypts traffic between the user and the VPN provider, blocking the rogue access point from reading it. However, the VPN provider itself can see the traffic. A VPN shifts trust, it does not eliminate it.
- **Treating AI recommendations as automatically correct**: AI-powered tools can suggest stronger configurations, flag code vulnerabilities, and propose detection rules, but every recommendation must be reviewed by a qualified human before implementation. AI assists; it does not replace expert judgment.
- **Overlooking MFA as a defense against AI impersonation**: Voice cloning can defeat voice-based authentication alone. MFA adds a second factor that a cloned voice cannot satisfy, making it an effective layer of defense even when AI impersonation is convincing.

## Exam Connections

- **Scenario-based identification tasks**: Expect questions that present a short attack scenario and ask you to identify the attack type, the psychological tactic used, or the adversary skill level. Practice reading scenarios carefully to distinguish, for example, an evil twin from a jamming attack, or intimidation from urgency in a phishing message.
- **Explain and justify defense choices**: Questions may ask you to explain why a specific defense, such as MFA, a VPN, or a strong passphrase, addresses a particular threat. Be ready to connect the mechanism of the attack to the mechanism of the defense rather than just naming the tool.
- **AI attack versus AI defense reasoning**: Because AI appears on both sides of Unit 1, questions may ask you to compare how AI is used offensively versus defensively, or to explain why human oversight is required even when AI tools are used for defense. Practice articulating the limits of AI recommendations in security contexts.

## Final Review Checklist

- **Identify social engineering tactics**: Be able to name and explain intimidation, urgency, authority, familiarity, and scarcity, and describe how each manipulates a target's behavior.
- **Explain social engineering impacts**: Know the three main outcomes: giving up personal information that enables impersonation, surrendering an OTP that enables account takeover, and downloading malware that compromises the device.
- **Recognize password attack signs and defenses**: List the three signs of an online password attack visible in authentication logs, and explain how long unique passwords, password managers, passphrases, and MFA each reduce risk.
- **Describe wireless attack types**: Explain how evil twin, jamming, and war driving attacks work, including the role of SSIDs, WAPs, and electromagnetic signals, and identify the correct defense for each.
- **Classify adversaries by skill and motivation**: Distinguish low-skilled adversaries who use existing tools from high-skilled adversaries who create new tools and discover zero-day vulnerabilities. Know the range of motivations including greed, ideology, and revenge.
- **Explain AI-augmented attack types**: Describe how LLMs improve phishing quality, how voice cloning and deepfakes enable impersonation, and how prompt injection and training data poisoning target AI systems themselves.
- **Explain AI in cyber defense with human oversight**: Name the four defensive use cases for AI tools (configuration review, code scanning, detection rules, threat detection) and state why a qualified human must review AI output before it is implemented.

## Study Plan

- **Step 1: Social engineering tactics and impacts**: Read the Topic 1.1 guide and review the key terms for intimidation, urgency, elicitation, phishing, smishing, and vishing. Practice explaining how each tactic works and what happens to a victim who falls for it, focusing on the three impact categories: personal info, OTP theft, and malware.
- **Step 2: Password attacks and authentication defenses**: Read the Topic 1.2 guide and review the key terms for online password attack, dictionary attack, credential stuffing, MFA, OTP, passphrase, and password manager. Use the comparison table in the review notes to distinguish attack types and their specific defenses.
- **Step 3: Public Wi-Fi threats and wireless attack types**: Read the Topic 1.3 guide and review the key terms for evil twin attack, jamming attack, war driving, SSID, WAP, VPN, and zero day. Practice classifying adversaries by skill level and matching each wireless attack to its mechanism and the correct defensive action.
- **Step 4: AI-augmented attacks and defenses**: Read the Topic 1.4 guide and review the key terms for deepfake, voice cloning, LLM, generative AI attack, prompt injection, and training data poisoning. For each AI attack type, write out the specific defense that counters it, including shared secrets and MFA for impersonation.
- **Step 5: AI in cyber defense and human oversight**: Read the Topic 1.5 guide and review the key terms for AI-powered cyber defense, automated detection system, and threat detection. Use the comparison table to connect each defensive use case to the correct human reviewer, then work through available practice questions to check your understanding across all five topics.

## More Ways To Review

- [Topic study guides](/ap-cybersecurity/unit-1#topics)
- [Key terms](/ap-cybersecurity/key-terms)

## FAQs

### What topics are covered in AP Cyber Unit 1?

AP Cyber Unit 1 covers 5 topics: 1.1 Understanding Social Engineering, 1.2 Suspicious Website Logins, 1.3 Best Practices for Public Networks, 1.4 AI-Based Cybersecurity Attacks, and 1.5 Leveraging AI in Cyber Defense. Together they build a foundation in how adversaries attack systems and how to defend against them. See the full topic breakdown at [/ap-cybersecurity/unit-1](/ap-cybersecurity/unit-1).

### What's on the AP Cyber Unit 1 progress check (MCQ and FRQ)?

The AP Cyber Unit 1 progress check includes both MCQ and FRQ parts drawn from all five unit topics: social engineering, suspicious website logins, public network safety, AI-based attacks, and AI in cyber defense. MCQ questions test recognition of attack types and defensive strategies. FRQ questions ask you to explain or analyze a scenario using those same concepts. For matched practice questions that mirror the progress check format, visit [/ap-cybersecurity/unit-1](/ap-cybersecurity/unit-1).

### How do I practice AP Cyber Unit 1 FRQs?

AP Cyber Unit 1 FRQs most often come from topics like Understanding Social Engineering (1.1), Suspicious Website Logins (1.2), and AI-Based Cybersecurity Attacks (1.4). These questions typically ask you to identify an attack type, explain how it works, or recommend a defensive measure for a given scenario. To practice, write out short scenario-based responses, then check whether you named the specific attack or defense and explained the reasoning clearly. You can find Unit 1 FRQ practice at [/ap-cybersecurity/unit-1](/ap-cybersecurity/unit-1).

### Where can I find AP Cyber Unit 1 practice questions?

The best place to find AP Cyber Unit 1 practice questions, including multiple-choice and practice test sets, is [/ap-cybersecurity/unit-1](/ap-cybersecurity/unit-1). That page has MCQ practice covering all five topics: social engineering, suspicious website logins, public network safety, AI-based attacks, and AI in cyber defense. Working through unit-specific MCQs before a full practice test helps you spot which topics need more review.

### How should I study AP Cyber Unit 1?

Start AP Cyber Unit 1 by learning the attack types first: social engineering (1.1), weak authentication exploits (1.2), and public Wi-Fi threats (1.3). Once those feel solid, move to the AI topics (1.4 and 1.5), which build on the same attacker-vs-defender framework. For each topic, try to explain the attack in plain language, then name one concrete defense. That pattern shows up in both MCQ and FRQ questions. Find study guides and practice for all five topics at [/ap-cybersecurity/unit-1](/ap-cybersecurity/unit-1).

## Structured Data

```json
{"@context":"https://schema.org","@type":"FAQPage","inLanguage":"en","mainEntity":[{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-1#what-topics-are-covered-in-ap-cyber-unit-1","name":"What topics are covered in AP Cyber Unit 1?","acceptedAnswer":{"@type":"Answer","text":"AP Cyber Unit 1 covers 5 topics: 1.1 Understanding Social Engineering, 1.2 Suspicious Website Logins, 1.3 Best Practices for Public Networks, 1.4 AI-Based Cybersecurity Attacks, and 1.5 Leveraging AI in Cyber Defense. Together they build a foundation in how adversaries attack systems and how to defend against them. See the full topic breakdown at <a href=\"/ap-cybersecurity/unit-1\">/ap-cybersecurity/unit-1</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-1#whats-on-the-ap-cyber-unit-1-progress-check-mcq-and-frq","name":"What's on the AP Cyber Unit 1 progress check (MCQ and FRQ)?","acceptedAnswer":{"@type":"Answer","text":"The AP Cyber Unit 1 progress check includes both MCQ and FRQ parts drawn from all five unit topics: social engineering, suspicious website logins, public network safety, AI-based attacks, and AI in cyber defense. MCQ questions test recognition of attack types and defensive strategies. FRQ questions ask you to explain or analyze a scenario using those same concepts. For matched practice questions that mirror the progress check format, visit <a href=\"/ap-cybersecurity/unit-1\">/ap-cybersecurity/unit-1</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-1#how-do-i-practice-ap-cyber-unit-1-frqs","name":"How do I practice AP Cyber Unit 1 FRQs?","acceptedAnswer":{"@type":"Answer","text":"AP Cyber Unit 1 FRQs most often come from topics like Understanding Social Engineering (1.1), Suspicious Website Logins (1.2), and AI-Based Cybersecurity Attacks (1.4). These questions typically ask you to identify an attack type, explain how it works, or recommend a defensive measure for a given scenario. To practice, write out short scenario-based responses, then check whether you named the specific attack or defense and explained the reasoning clearly. You can find Unit 1 FRQ practice at <a href=\"/ap-cybersecurity/unit-1\">/ap-cybersecurity/unit-1</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-1#where-can-i-find-ap-cyber-unit-1-practice-questions","name":"Where can I find AP Cyber Unit 1 practice questions?","acceptedAnswer":{"@type":"Answer","text":"The best place to find AP Cyber Unit 1 practice questions, including multiple-choice and practice test sets, is <a href=\"/ap-cybersecurity/unit-1\">/ap-cybersecurity/unit-1</a>. That page has MCQ practice covering all five topics: social engineering, suspicious website logins, public network safety, AI-based attacks, and AI in cyber defense. Working through unit-specific MCQs before a full practice test helps you spot which topics need more review."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-1#how-should-i-study-ap-cyber-unit-1","name":"How should I study AP Cyber Unit 1?","acceptedAnswer":{"@type":"Answer","text":"Start AP Cyber Unit 1 by learning the attack types first: social engineering (1.1), weak authentication exploits (1.2), and public Wi-Fi threats (1.3). Once those feel solid, move to the AI topics (1.4 and 1.5), which build on the same attacker-vs-defender framework. For each topic, try to explain the attack in plain language, then name one concrete defense. That pattern shows up in both MCQ and FRQ questions. Find study guides and practice for all five topics at <a href=\"/ap-cybersecurity/unit-1\">/ap-cybersecurity/unit-1</a>."}}]}
```
