---
title: "AP Cybersecurity Unit 2 Review: Spaces | Fiveable"
description: "Review AP Cybersecurity Unit 2: cyber foundations, physical vulnerabilities, physical attacks, protecting spaces, and detecting physical attacks."
canonical: "https://fiveable.me/ap-cybersecurity/unit-2"
type: "unit"
subject: "AP Cybersecurity"
unit: "Unit 2 – Securing Spaces"
---

# AP Cybersecurity Unit 2 Review: Spaces | Fiveable

## Overview

Unit 2 focuses on physical security as the first layer of defense. You will identify social engineering tactics and adversary types, analyze how physical attacks like tailgating and shoulder surfing work, select and place controls like locks and cameras, and apply risk assessment to physical vulnerabilities.

## AP CED Alignment

This unit hub is organized around AP Course and Exam Description topics, skills, and exam task types when they are available in the source data.
- Topic 2.1: Cyber Foundations
- Topic 2.2: Physical Vulnerabilities and Attacks
- Topic 2.3: Protecting Physical Spaces
- Topic 2.4: Detecting Physical Attacks
- Topic 2.1: Social Engineering, Adversaries, and Cyberattack Phases
- Topic 2.1: Risk Assessment, Risk Management, and Security Controls
- Topic 2.2: Physical Attacks and Vulnerabilities
- Topic 2.4: Detecting Physical Attacks and Placement Strategies
- Skill Category 3 - Detect Attacks
- Skill Category 2 - Mitigate Risk

## Topics

- [Topic 2.1: Cyber Foundations](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh): Covers social engineering tactics (pretexting, authority, urgency, scarcity, familiarity, consensus, intimidation), adversary types (script kiddies, hacktivists, insider threats, cyberterrorists), the six phases of a cyberattack, risk assessment using likelihood and severity, the four risk management strategies, security control types, and defense in depth.
- [Topic 2.2: Physical Vulnerabilities and Attacks](/ap-cybersecurity/unit-2/physical-vulnerabilities-and-attacks/study-guide/ZcvQYEyowkyIYrjESpUp): Covers common physical attacks including piggybacking, tailgating, shoulder surfing, dumpster diving, and card cloning; how threats exploit physical vulnerabilities such as power disruption and unauthorized access; and how to assess and document risk levels from physical weaknesses in a space.
- [Topic 2.3: Protecting Physical Spaces](/ap-cybersecurity/unit-2/protecting-physical-spaces/study-guide/PhHFFwPlXGtEWL781jEc): Covers managerial controls like security awareness training, workstation security policies, and clean desk policies, as well as physical controls including fencing, bollards, locks, card readers, access control vestibules, turnstiles, disabled USB ports, and uninterruptible power supplies.
- [Topic 2.4: Detecting Physical Attacks](/ap-cybersecurity/unit-2/detecting-physical-attacks/study-guide/Kb72LoynxAj68H4P71eN): Covers detection controls including cameras, security guards, motion sensors, and alert employees; how to determine effective placement for each control based on traffic patterns and coverage needs; and how to apply detection techniques such as pairing motion sensors with cameras and reviewing door-open logs to identify tailgating.

## Review Notes

### Topic 2.1: Social Engineering, Adversaries, and Cyberattack Phases

Social engineering manipulates people psychologically rather than exploiting technical flaws. Adversaries use tactics like pretexting to create a believable cover story, authority to impersonate someone with power, urgency to force quick decisions, and scarcity to suggest limited time or resources. Familiarity and consensus round out the toolkit by building false trust or social pressure. Adversary types matter because they shape the likely threat: script kiddies use existing tools with little skill, hacktivists are driven by causes, insider threats already have legitimate access, and cyberterrorists target critical infrastructure. Cyberattacks move through phases: reconnaissance using open source intelligence (OSINT), initial access often via social engineering, persistence through command and control (C2), lateral movement to reach more systems, taking action on objectives, and evading detection.

- **Pretexting**: Creating a believable false reason to contact a target, such as posing as IT support to request credentials.
- **Urgency**: Pressuring a target with a deadline so they act before thinking critically, such as claiming an account will be locked in minutes.
- **Insider threat**: An adversary with legitimate credentials and access who may be motivated by greed, revenge, or recruitment by outside parties.
- **Reconnaissance**: The first attack phase, where adversaries gather information about a target using OSINT and other freely available sources.
- **Persistence**: Maintaining access after initial entry, often through C2 protocols, so the adversary does not need to regain a foothold.

**Checkpoint:** Can you name four social engineering tactics and explain what psychological lever each one pulls? Can you place reconnaissance, initial access, and persistence in the correct order and describe what happens in each phase?

Adversary Type | Primary Motivation | Skill Level | Example Target
--- | --- | --- | ---
Script kiddie | Greed or recognition | Low | Any accessible system
Hacktivist | Social or political cause | Varies | Organizations they oppose
Insider threat | Greed or revenge | High (has access) | Employer's data or systems
Cyberterrorist | Politics or ideology | High | Power grids, water plants

### Topic 2.1: Risk Assessment, Risk Management, and Security Controls

Risk exists when a threat can exploit a vulnerability to harm an asset. Assets include data, physical property, intellectual property, reputation, and digital infrastructure. Risk assessment weighs two factors: the likelihood that a vulnerability will be exploited and the severity of the resulting damage. Likelihood depends on target value, exploit difficulty, and adversary motivation. Once assessed, organizations choose one of four responses: avoid the risky activity, transfer the risk to an insurer or third party, mitigate it with security controls, or accept the residual risk that remains after other strategies are applied. Security controls are classified by what they protect (CIA triad: confidentiality, integrity, availability) and by type: physical controls like locks and cameras, technical controls like firewalls and encryption, and managerial controls like policies and training. Defense in depth layers all three types so no single failure exposes the whole system.

- **CIA triad**: Confidentiality (only authorized access), integrity (data is accurate and unaltered), and availability (systems are accessible when needed).
- **Risk mitigation**: Implementing security controls to reduce the likelihood or impact of a risk.
- **Residual risk**: The risk that remains after avoidance, transference, and mitigation have been applied; the level an organization accepts.
- **Defense in depth**: A layered security strategy using multiple control types so that bypassing one layer does not expose the entire system.
- **Managerial control**: Policies, procedures, and training that govern how people behave to support security, such as an acceptable use policy.

**Checkpoint:** Given a scenario, can you identify the asset, the threat, and the vulnerability? Can you recommend whether to avoid, transfer, mitigate, or accept a described risk and justify your choice?

Risk Response | What It Does | When It Applies
--- | --- | ---
Avoid | Stops the risky activity entirely | Activity is not essential to the mission
Transfer | Shifts financial burden to insurer or third party | Risk cannot be eliminated but cost can be shared
Mitigate | Adds controls to reduce likelihood or impact | Activity must continue; controls are feasible
Accept | Acknowledges residual risk without further action | Remaining risk is within tolerable limits

### Topic 2.2: Physical Attacks and Vulnerabilities

Physical attacks let adversaries reach devices directly, often bypassing technical controls entirely. Piggybacking uses social engineering to get an authorized person to grant access, such as holding a door open for someone carrying boxes. Tailgating is similar but the authorized person is unaware they are being followed. Shoulder surfing means watching a user enter credentials or view sensitive data. Dumpster diving recovers discarded documents or hardware that contain useful information. Card cloning copies the data from an access card to create a duplicate. Physical vulnerabilities arise when sensitive systems are in spaces with insufficient access controls. High-risk scenarios include an unlocked server room in an unmonitored hallway. Moderate-risk scenarios include a reception computer with exposed USB ports connected to the internal network. Natural disasters also count as threats because they can destroy hardware and disrupt services.

- **Piggybacking**: An adversary uses social engineering to convince an authorized person to grant them access to a restricted area.
- **Tailgating**: An adversary follows an authorized person into a restricted area without that person's knowledge.
- **Shoulder surfing**: Watching a user enter credentials or view sensitive information to capture that data.
- **Dumpster diving**: Searching discarded materials for documents, hardware, or data that can be used in an attack.
- **Card cloning**: Copying the data stored on an access card to create a duplicate that can be used to gain unauthorized entry.

**Checkpoint:** Can you distinguish piggybacking from tailgating? Can you classify a described physical scenario as high, moderate, or low risk and explain what makes it that level?

Attack | Requires Social Engineering? | Authorized Person Aware?
--- | --- | ---
Piggybacking | Yes | Yes
Tailgating | No | No
Shoulder surfing | No | Usually not
Dumpster diving | No | N/A
Card cloning | Sometimes | No

### Topic 2.3: Protecting Physical Spaces

Protecting a physical space requires both managerial and physical controls working together. Managerial controls include security awareness training (teaching employees to spot social engineering, not badge others in, and prevent device theft), workstation security policies (locking screens when stepping away, clean desk policies, privacy screen filters), acceptable use policies, and software installation policies. Physical controls create barriers and checkpoints: fencing and bollards deter vehicle and foot access at the perimeter, locks on doors and server cabinets prevent unauthorized entry, card readers log and restrict badge access, access control vestibules and turnstiles stop piggybacking by allowing only one person through at a time, and disabling USB ports prevents unauthorized data transfer. Uninterruptible power supplies (UPS) protect against power disruption attacks by keeping systems running during outages.

- **Clean desk policy**: A workstation rule requiring employees to clear sensitive documents from their workspace before leaving it unattended.
- **Access control vestibule**: A small entry chamber that allows only one person through at a time, preventing piggybacking and tailgating.
- **Bollard**: A physical post installed around a building perimeter to prevent vehicles from ramming into the structure.
- **Badge access**: An electronic system where employees use credential-encoded cards to unlock restricted areas, creating an entry log.
- **Workstation security policy**: An organizational policy specifying how employees must secure their physical workspace, including screen locking and clean desk requirements.

**Checkpoint:** Can you match a described physical vulnerability to a specific managerial or physical control that mitigates it? Can you explain why an access control vestibule is more effective than a standard locked door for preventing piggybacking?

### Topic 2.4: Detecting Physical Attacks and Placement Strategies

Detection controls identify a breach after or as it happens. Cameras provide a visual record and can be paired with facial recognition to alert defenders when an unauthorized person enters. Security guards can observe and respond in real time. Motion sensors alert security to unexpected movement but generate false alarms in high-traffic areas, so they work best in low-traffic spaces like server rooms. Employees are often the first to notice an unfamiliar person and should know how to report it. Placement matters as much as the control itself. Cameras should cover all ingress and egress points, be angled to capture useful detail, and be positioned where they cannot easily be tampered with. Motion sensors belong in areas where movement is unexpected. Locks should secure every entry to a sensitive area, and for the most sensitive spaces, an access control vestibule adds a second barrier. Door sensors that log how long an entry stays open can flag potential tailgating when a door is open longer than a single badge swipe normally requires.

- **Surveillance camera**: A camera that records and monitors activity in a space; most effective when footage is actively monitored and stored for review.
- **Motion sensor**: A device that detects movement and triggers an alert; most useful in low-traffic areas to reduce false alarms.
- **Security guard**: A human control that monitors an area and can respond immediately to detected suspicious activity.
- **Detective control**: A security control that identifies and records a breach or suspicious event, such as a camera or motion sensor.
- **Preventative control**: A security control that stops an attack before it succeeds, such as a locked door or access control vestibule.

**Checkpoint:** Can you explain why a motion sensor should not be placed in a busy hallway? Can you describe how pairing a motion sensor with a camera improves detection compared to using either control alone?

Detection Control | Best Placement | Works Best When Paired With
--- | --- | ---
Camera | Ingress/egress points, server rooms | Facial recognition software, security guard monitoring
Motion sensor | Low-traffic areas, server rooms | Camera to visually verify the alert
Security guard | Entry points, reception areas | Camera feeds and badge access logs
Door sensor | All restricted-area entries | Badge access logs to detect tailgating

## Study Guides

- [2.3 Protecting Physical Spaces](/ap-cybersecurity/unit-2/protecting-physical-spaces/study-guide/PhHFFwPlXGtEWL781jEc)
- [2.2 Physical Vulnerabilities and Attacks](/ap-cybersecurity/unit-2/physical-vulnerabilities-and-attacks/study-guide/ZcvQYEyowkyIYrjESpUp)
- [2.4 Detecting Physical Attacks](/ap-cybersecurity/unit-2/detecting-physical-attacks/study-guide/Kb72LoynxAj68H4P71eN)
- [2.1 Cyber Foundations](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh)

## Practice Preview

### Multiple-choice practice

- **AP-style practice question**: Skill Category 3 - Detect Attacks | A security analyst reviews an incident report showing that an unauthorized person entered a server room by walking in directly behind a badged employee. Which managerial control, if properly enforced, would most directly address the employee behavior that enabled this breach?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A cybersecurity analyst is investigating a suspected physical intrusion at a research laboratory. Badge logs show that an authorized researcher badged into the genomics data room at 11:47 p.m., and the door-open sensor recorded the door remaining open for 38 seconds—more than six times the 6-second baseline. Camera footage from the hallway outside the room shows two individuals entering the doorway at 11:47 p.m. The researcher claims to have entered alone. Evaluating all three data sources together, what conclusion is best supported?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A security team reviews badge entry logs for a server room and notices that one door remained open for 45 seconds on three separate occasions, while the average open time for that door is 4 seconds. What does this pattern most likely indicate?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A hospital security team is evaluating two proposed camera upgrades for its restricted medication dispensing area. Option 1 adds standard cameras with no additional software. Option 2 adds cameras paired with facial recognition software linked to the hospital's authorized-personnel database. An unauthorized individual attempts to enter the area during a busy shift change. Which outcome best describes the advantage Option 2 provides over Option 1 in detecting this physical attack?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A motion detector in a pharmaceutical company's restricted chemical storage room triggers an alert at 2:00 a.m. on a Saturday. A security analyst wants to verify whether a physical breach has occurred before dispatching a guard. Which action best applies the paired-detection approach to confirm the alert?
- **AP-style practice question**: Skill Category 2 - Mitigate Risk | A security team reviews badge entry logs for a server room and notices that on three separate occasions last week, the door sensor recorded the door staying open for 18–22 seconds, while the normal open duration is 3–5 seconds. No additional badge swipes were logged during those extended openings. What does this pattern most likely indicate, and what detection technique is being applied?

## Key Terms

- **CIA triad**: The three core security principles: confidentiality (restrict access to authorized users), integrity (keep data accurate and unaltered), and availability (keep systems accessible when needed).
- **defense in depth**: A layered security strategy that uses multiple control types so that when one layer is bypassed, others still limit damage.
- **pretexting**: A social engineering tactic where an adversary creates a believable false reason to contact a target, such as posing as IT support.
- **risk**: The potential for harm that exists when a threat can exploit a vulnerability to compromise an asset.
- **residual risk**: The risk that remains after an organization has applied avoidance, transference, and mitigation strategies; the level the organization accepts.
- **piggybacking**: A physical attack where an adversary uses social engineering to get an authorized person to knowingly grant them access to a restricted area.
- **tailgating**: A physical attack where an adversary follows an authorized person into a restricted area without that person's awareness.
- **shoulder surfing**: Watching a user enter credentials or view sensitive data to capture that information.
- **dumpster diving**: Searching discarded materials for documents, hardware, or data useful to an attacker.
- **access control vestibule**: An entry chamber that allows only one person through at a time, preventing piggybacking and tailgating.
- **managerial control**: A policy, procedure, or training program that shapes human behavior to support security, such as a workstation security policy or acceptable use policy.
- **physical control**: A tangible security measure in the physical space, such as a lock, fence, bollard, or camera.
- **surveillance camera**: A camera that records and monitors a space; most effective when footage is actively monitored and stored for post-incident review.
- **motion sensor**: A device that detects movement and triggers an alert; most effective in low-traffic areas where any movement is unexpected.
- **open source intelligence**: Freely available information gathered during the reconnaissance phase of an attack to learn about a target.

## Common Mistakes

- **Confusing piggybacking with tailgating**: Piggybacking requires social engineering: the authorized person knowingly (if mistakenly) lets the adversary in. Tailgating means the authorized person has no idea they are being followed. The distinction matters when identifying which attack occurred in a scenario.
- **Treating risk acceptance as doing nothing**: Risk acceptance is a deliberate decision made after avoidance, transference, and mitigation have been considered. It acknowledges that absolute security is unattainable and that the residual risk falls within tolerable limits. It is not the same as ignoring a risk.
- **Placing motion sensors in high-traffic areas**: Motion sensors in busy hallways generate constant false alarms, which causes staff to stop responding seriously to alerts. Motion sensors are most effective in low-traffic spaces like server rooms where any movement is unexpected.
- **Assuming technical controls make physical controls unnecessary**: Physical access to a device often lets an adversary bypass firewalls, encryption, and other technical controls entirely. Defense in depth requires physical controls as a foundational layer, not an optional add-on.
- **Mixing up control types when answering scenario questions**: A workstation security policy is a managerial control. A lock is a physical control. A firewall is a technical control. Exam scenarios often ask you to identify the type of control being described or to recommend the correct type for a given situation.

## Exam Connections

- **Scenario-based control selection**: AP Cybersecurity exam questions frequently describe a physical space or incident and ask you to identify the attack that occurred, classify the vulnerability, or recommend a specific control. Practice reading a scenario and quickly naming the attack type (piggybacking vs. tailgating), the control type (managerial vs. physical vs. technical), and the CIA principle at risk.
- **Risk assessment reasoning**: Expect questions that ask you to evaluate a described risk using likelihood and severity, then justify a risk response. You may need to explain why mitigation is preferred over acceptance in one scenario, or why avoidance is not possible when an activity is central to an organization's mission.
- **Placement and defense-in-depth justification**: Questions may present a building diagram or description and ask where to place cameras, motion sensors, or locks, and why. Strong answers explain the reasoning behind placement choices, such as why a motion sensor in a server room is more effective than one in a lobby, and how layering controls creates resilience when one is bypassed.

## Final Review Checklist

- **Identify all seven social engineering tactics**: Name and explain pretexting, authority, intimidation, consensus, scarcity, familiarity, and urgency. For each, describe the psychological lever the adversary is pulling.
- **Classify adversary types and attack phases**: Match each adversary type to its motivation and skill level. Place reconnaissance, initial access, persistence, lateral movement, taking action, and evading detection in order and describe what happens in each phase.
- **Apply the risk assessment process**: Given a scenario, identify the asset, threat, and vulnerability. Estimate likelihood and severity, then recommend one of the four risk responses (avoid, transfer, mitigate, accept) with a justification.
- **Distinguish physical attacks from one another**: Explain the difference between piggybacking and tailgating, and between shoulder surfing and dumpster diving. Know which attacks rely on social engineering and which do not.
- **Match controls to vulnerabilities**: For a described physical vulnerability, select an appropriate managerial control (training, workstation policy) or physical control (lock, vestibule, bollard, card reader) and explain how it prevents, detects, or corrects the threat.
- **Justify detection control placement**: Explain why cameras belong at ingress and egress points, why motion sensors should avoid high-traffic areas, and how pairing a motion sensor with a camera reduces false-alarm problems.
- **Explain defense in depth using Unit 2 examples**: Describe how layering a perimeter fence, a card reader, a camera, and a motion sensor creates resilience so that bypassing one control does not expose the entire space.

## Study Plan

- **Step 1: Build your social engineering and adversary vocabulary**: Read the Topic 2.1 guide and list all seven social engineering tactics with a one-sentence example for each. Then create a table of adversary types with their motivations and skill levels. Check your understanding against the key terms available for this unit.
- **Step 2: Work through risk assessment with practice scenarios**: Review the risk assessment process from Topic 2.1: asset, threat, vulnerability, likelihood, severity, and the four response options. Write out a risk assessment for two or three physical scenarios, such as an unlocked server room or a reception computer with exposed USB ports, and choose a risk response for each.
- **Step 3: Identify and distinguish physical attacks**: Review Topic 2.2 and practice telling piggybacking, tailgating, shoulder surfing, dumpster diving, and card cloning apart. Use the comparison table in your notes to check which attacks require social engineering and whether the authorized person is aware.
- **Step 4: Match controls to vulnerabilities**: Review Topic 2.3 and for each physical attack or vulnerability you studied, write down one managerial control and one physical control that mitigates it. Practice explaining why an access control vestibule stops piggybacking better than a standard locked door.
- **Step 5: Practice detection placement reasoning**: Review Topic 2.4 and work through placement scenarios: where would you put cameras, motion sensors, and locks in a described building layout and why? Use the practice questions available for this unit to test your reasoning on detection and placement problems.

## More Ways To Review

- [Topic study guides](/ap-cybersecurity/unit-2#topics)
- [Key terms](/ap-cybersecurity/key-terms)

## FAQs

### What topics are covered in AP Cyber Unit 2?

AP Cyber Unit 2: Securing Spaces covers 4 topics: 2.1 Cyber Foundations, 2.2 Physical Vulnerabilities and Attacks, 2.3 Protecting Physical Spaces, and 2.4 Detecting Physical Attacks. The unit builds adversarial thinking by focusing on how physical access to a device can bypass technical controls, and how to select and place security devices to stop it. See everything organized at [/ap-cybersecurity/unit-2](/ap-cybersecurity/unit-2).

### What's on the AP Cyber Unit 2 progress check (MCQ and FRQ)?

The AP Cyber Unit 2 progress check pulls questions from all four unit topics: Cyber Foundations, Physical Vulnerabilities and Attacks, Protecting Physical Spaces, and Detecting Physical Attacks. The MCQ portion tests recognition of attack types and mitigation strategies. The FRQ portion asks you to analyze a physical scenario, identify vulnerabilities, and justify security device placement. For matched practice questions that mirror the progress check format, visit [/ap-cybersecurity/unit-2](/ap-cybersecurity/unit-2).

### How do I practice AP Cyber Unit 2 FRQs?

AP Cyber Unit 2 FRQs typically draw from Physical Vulnerabilities and Attacks (2.2), Protecting Physical Spaces (2.3), and Detecting Physical Attacks (2.4). These questions give you a physical location scenario and ask you to identify threats, select appropriate security devices, and explain placement decisions. Practice by writing out your reasoning step by step, then checking whether you named a specific vulnerability, a specific mitigation, and a justification. Find practice prompts and worked examples at [/ap-cybersecurity/unit-2](/ap-cybersecurity/unit-2).

### Where can I find AP Cyber Unit 2 practice questions?

The best place to find AP Cyber Unit 2 practice questions, including multiple-choice and practice test sets, is [/ap-cybersecurity/unit-2](/ap-cybersecurity/unit-2). That page has MCQs covering all 4 topics: Cyber Foundations, Physical Vulnerabilities and Attacks, Protecting Physical Spaces, and Detecting Physical Attacks. Working through unit-specific MCQs before a full practice test helps you lock in the physical security concepts before mixing them with other units.

### How should I study AP Cyber Unit 2?

Start with topic 2.1 Cyber Foundations to get the vocabulary straight, then move through 2.2 Physical Vulnerabilities and Attacks so you can name specific attack types. From there, study 2.3 Protecting Physical Spaces and 2.4 Detecting Physical Attacks together, since they pair threat identification with the right countermeasures. A strong study habit for this unit is sketching a physical floor plan and labeling where each attack could happen and which device would stop or detect it. That kind of scenario practice is exactly what the FRQ asks you to do. Organized study materials for all four topics are at [/ap-cybersecurity/unit-2](/ap-cybersecurity/unit-2).

## Structured Data

```json
{"@context":"https://schema.org","@type":"FAQPage","inLanguage":"en","mainEntity":[{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-2#what-topics-are-covered-in-ap-cyber-unit-2","name":"What topics are covered in AP Cyber Unit 2?","acceptedAnswer":{"@type":"Answer","text":"AP Cyber Unit 2: Securing Spaces covers 4 topics: 2.1 Cyber Foundations, 2.2 Physical Vulnerabilities and Attacks, 2.3 Protecting Physical Spaces, and 2.4 Detecting Physical Attacks. The unit builds adversarial thinking by focusing on how physical access to a device can bypass technical controls, and how to select and place security devices to stop it. See everything organized at <a href=\"/ap-cybersecurity/unit-2\">/ap-cybersecurity/unit-2</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-2#whats-on-the-ap-cyber-unit-2-progress-check-mcq-and-frq","name":"What's on the AP Cyber Unit 2 progress check (MCQ and FRQ)?","acceptedAnswer":{"@type":"Answer","text":"The AP Cyber Unit 2 progress check pulls questions from all four unit topics: Cyber Foundations, Physical Vulnerabilities and Attacks, Protecting Physical Spaces, and Detecting Physical Attacks. The MCQ portion tests recognition of attack types and mitigation strategies. The FRQ portion asks you to analyze a physical scenario, identify vulnerabilities, and justify security device placement. For matched practice questions that mirror the progress check format, visit <a href=\"/ap-cybersecurity/unit-2\">/ap-cybersecurity/unit-2</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-2#how-do-i-practice-ap-cyber-unit-2-frqs","name":"How do I practice AP Cyber Unit 2 FRQs?","acceptedAnswer":{"@type":"Answer","text":"AP Cyber Unit 2 FRQs typically draw from Physical Vulnerabilities and Attacks (2.2), Protecting Physical Spaces (2.3), and Detecting Physical Attacks (2.4). These questions give you a physical location scenario and ask you to identify threats, select appropriate security devices, and explain placement decisions. Practice by writing out your reasoning step by step, then checking whether you named a specific vulnerability, a specific mitigation, and a justification. Find practice prompts and worked examples at <a href=\"/ap-cybersecurity/unit-2\">/ap-cybersecurity/unit-2</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-2#where-can-i-find-ap-cyber-unit-2-practice-questions","name":"Where can I find AP Cyber Unit 2 practice questions?","acceptedAnswer":{"@type":"Answer","text":"The best place to find AP Cyber Unit 2 practice questions, including multiple-choice and practice test sets, is <a href=\"/ap-cybersecurity/unit-2\">/ap-cybersecurity/unit-2</a>. That page has MCQs covering all 4 topics: Cyber Foundations, Physical Vulnerabilities and Attacks, Protecting Physical Spaces, and Detecting Physical Attacks. Working through unit-specific MCQs before a full practice test helps you lock in the physical security concepts before mixing them with other units."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-2#how-should-i-study-ap-cyber-unit-2","name":"How should I study AP Cyber Unit 2?","acceptedAnswer":{"@type":"Answer","text":"Start with topic 2.1 Cyber Foundations to get the vocabulary straight, then move through 2.2 Physical Vulnerabilities and Attacks so you can name specific attack types. From there, study 2.3 Protecting Physical Spaces and 2.4 Detecting Physical Attacks together, since they pair threat identification with the right countermeasures. A strong study habit for this unit is sketching a physical floor plan and labeling where each attack could happen and which device would stop or detect it. That kind of scenario practice is exactly what the FRQ asks you to do. Organized study materials for all four topics are at <a href=\"/ap-cybersecurity/unit-2\">/ap-cybersecurity/unit-2</a>."}}]}
```
