---
title: "AP Cybersecurity Unit 5 Review: Data | Fiveable"
description: "Review AP Cybersecurity Unit 5: application and data attacks, access controls, cryptography, asymmetric encryption, stored data, and app security."
canonical: "https://fiveable.me/ap-cybersecurity/unit-5"
type: "unit"
subject: "AP Cybersecurity"
unit: "Unit 5 – Securing Applications and Data"
---

# AP Cybersecurity Unit 5 Review: Data | Fiveable

## Overview

Unit 5 focuses on protecting the data and applications that adversaries most want to compromise. You will learn how attacks like SQL injection, XSS, and directory traversal exploit weak input handling, how access control models like RBAC and MAC limit damage, how symmetric and asymmetric cryptography protect data at rest and in transit, and how log analysis, honeypots, and cryptographic hashes help defenders detect attacks after they happen.

## AP CED Alignment

This unit hub is organized around AP Course and Exam Description topics, skills, and exam task types when they are available in the source data.
- Topic 5.1: Application and Data Vulnerabilities and Attacks
- Topic 5.2: Protecting Applications and Data: Managerial Controls and Access Controls
- Topic 5.3: Protecting Stored Data with Cryptography
- Topic 5.4: Asymmetric Cryptography
- Topic 5.5: Protecting Applications
- Topic 5.6: Detecting Attacks on Data and Applications
- Topic 5.2: Data States, Managerial Controls, and Access Control Models
- Topic 5.3: Symmetric Encryption and Protecting Stored Data
- Topic 5.4: Asymmetric Cryptography and Key Length
- Topic 5.5: Protecting Applications: Secure by Design and Input Sanitization
- Skill Category 3 - Detect Attacks

## Topics

- [Topic 5.1: Application and Data Vulnerabilities and Attacks](/ap-cybersecurity/unit-5/application-and-data-vulnerabilities-and-attacks/study-guide/T25I7qaDw4w4XT1rkAYr): Covers how SQL injection, XSS, buffer overflow, and directory traversal exploit weak input handling, plus how to assess data vulnerability risk using confidentiality, integrity, and availability.
- [Topic 5.2: Protecting Applications and Data: Managerial Controls and Access Controls](/ap-cybersecurity/unit-5/protecting-applications-and-data-managerial-controls-and-access-controls/study-guide/tZFME9LjYUHiIc9fHQE2): Covers data states (at rest, in transit, in use), regulated data categories (PII, PHI, PCI), cryptography and web app security policies, access control models (RBAC, RuBAC, MAC, DAC), and Linux chmod file permissions.
- [Topic 5.3: Protecting Stored Data with Cryptography](/ap-cybersecurity/unit-5/protecting-stored-data-with-cryptography/study-guide/pVI6SOT7HBVhSMIqKTXG): Covers how symmetric encryption works, the role of plaintext, ciphertext, and keyspace, AES as the standard symmetric algorithm, and how to encrypt files using OpenSSL on the command line.
- [Topic 5.4: Asymmetric Cryptography](/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2): Covers public and private key pairs, when to use each key for encryption versus decryption, how key length affects keyspace and brute-force resistance, and how RSA and ECC are applied including digital signatures.
- [Topic 5.5: Protecting Applications](/ap-cybersecurity/unit-5/protecting-applications/study-guide/NlU1CUWEo8RNupZqXUMH): Covers the secure by design and secure by default principles, how input sanitization removes control characters to block injection attacks, and how data validation prevents malformed input from reaching application logic.
- [Topic 5.6: Detecting Attacks on Data and Applications](/ap-cybersecurity/unit-5/detecting-attacks-on-data-and-applications/study-guide/sHDJEWboTNQbNsGPNiq5): Covers log analysis (accounting), honeypots, cryptographic hash verification, and DLP services as detective controls, including how to read logs for SQL injection, XSS, buffer overflow, and directory traversal signatures.

## Review Notes

### Topic 5.1: Application and Data Vulnerabilities and Attacks

Adversaries exploit three main weaknesses: unencrypted files readable by anyone with device access, overly permissive account privileges that give elevated access when a user account is compromised, and applications that fail to validate user input. The four major injection-style attacks all stem from that last failure.

- **SQL injection**: Adversary inserts SQL control words (WHERE, OR 1=1, --) into an input field to manipulate a database query and read, modify, or delete records.
- **Cross-site scripting (XSS)**: Adversary injects a <script> tag into a web application so malicious code runs in another user's browser, stealing session data or redirecting the user.
- **Buffer overflow**: Adversary sends more data than an input field can hold, overwriting adjacent memory and potentially executing arbitrary code.
- **Directory traversal**: Adversary uses ../ sequences in a file path to navigate outside the intended directory and access restricted files on the server.
- **Risk assessment (CIA)**: Data vulnerability risk is rated by combining the sensitivity of the data with the likelihood of exploit, measured against confidentiality, integrity, and availability impacts.

**Checkpoint:** Can you explain why an application that does not validate user input is vulnerable to all four attack types listed above?

Attack | What it exploits | Primary CIA impact
--- | --- | ---
SQL injection | Unvalidated input passed to a database | Confidentiality / Integrity
XSS | Unvalidated input rendered in a browser | Confidentiality
Buffer overflow | Input field with no size limit | Integrity / Availability
Directory traversal | Unvalidated file path input | Confidentiality

### Topic 5.2: Data States, Managerial Controls, and Access Control Models

Protecting data starts with knowing what state it is in and what regulations apply. Organizations then layer managerial policies and access control models on top to limit who can do what to which files.

- **Data at rest / in transit / in use**: At rest: stored on a drive, protected by encryption and physical security. In transit: moving over a network, protected by encryption and secure channels. In use: being processed, protected by access controls.
- **PII / PHI / PCI**: Regulated data categories. PII is personally identifiable information; PHI is protected health information (HIPAA); PCI is payment card information (PCI-DSS). Each carries legal requirements for how data must be protected.
- **Role-based access control (RBAC)**: Assigns subjects to roles (e.g., accountant) and grants roles access to objects (e.g., payroll software). Simple to manage at scale.
- **Rule-based access control (RuBAC)**: Checks a set of rules to allow or deny access dynamically, such as time-of-day restrictions.
- **Linux file permissions (chmod)**: Three permission types (read r, write w, execute x) set for three entities (owner, group, others). Example: chmod 750 grants rwx to owner, r-x to group, and no access to others.

**Checkpoint:** Given a Linux permission string like rw-r--r--, identify what each segment means and which entity it applies to.

Access Control Model | How access is determined | Best used when
--- | --- | ---
RBAC | Subject's assigned role | Large organizations with defined job functions
RuBAC | Evaluation of a rule set | Time-based or context-based restrictions are needed
MAC (Mandatory) | Data classification labels matched to subject clearance | High-security environments like government systems
DAC (Discretionary) | File owner sets permissions | Small teams where owners manage their own files

### Topic 5.3: Symmetric Encryption and Protecting Stored Data

Cryptography hides information by transforming plaintext into ciphertext using an algorithm and a key. Symmetric encryption uses the same key to encrypt and decrypt, making it fast but requiring a secure way to share that key in advance.

- **Plaintext / ciphertext**: Plaintext is the original readable data. Ciphertext is the scrambled output after encryption. Decryption reverses the process using the correct key.
- **Keyspace**: The total number of possible keys for an algorithm. An n-bit key has a keyspace of 2^n. Larger keyspaces make brute-force attacks slower.
- **AES (Advanced Encryption Standard)**: The most common symmetric algorithm. Encrypts data in 128-bit blocks with key lengths of 128, 192, or 256 bits. Used for Wi-Fi, HTTPS, and file encryption.
- **OpenSSL (symmetric use)**: Command-line tool for encrypting and decrypting files with AES. Syntax follows the pattern: openssl enc -aes-256-cbc -in file -out file.enc.
- **Block vs. stream cipher**: Block ciphers like AES encrypt fixed-size chunks of data. Stream ciphers encrypt data one bit or byte at a time. AES is a block cipher.

**Checkpoint:** Why does a longer AES key length increase security, and what is the trade-off?

### Topic 5.4: Asymmetric Cryptography and Key Length

Asymmetric encryption solves the key-sharing problem by using a mathematically linked key pair. The public key encrypts; only the matching private key decrypts. This makes secure communication possible between parties who have never met.

- **Public key / private key**: Generated together as mathematical inverses. The public key is shared openly. The private key is kept secret. If the private key is compromised, the entire key pair must be discarded and regenerated.
- **RSA**: Common asymmetric algorithm. Key pairs are generated with openssl genrsa. Typical key lengths are 2048 or 4096 bits. Used for digital signatures and certificates.
- **ECC (Elliptic Curve Cryptography)**: Asymmetric algorithm that achieves equivalent security to RSA with shorter key lengths, making it faster and more efficient on constrained devices.
- **Keyspace and brute force**: An n-bit key has a keyspace of 2^n. On average, a brute-force attack finds the key in 2^(n-1) guesses. Key-length comparisons are only valid within the same algorithm.
- **Digital signatures**: Asymmetric keys are used to sign data: the sender encrypts a hash of the message with their private key. The receiver decrypts it with the sender's public key to verify authenticity and integrity.

**Checkpoint:** A sender wants to encrypt a message so only the receiver can read it. Which key does the sender use, and why?

Property | Symmetric (AES) | Asymmetric (RSA / ECC)
--- | --- | ---
Number of keys | One shared key | Key pair: public and private
Key sharing required? | Yes, must share secret key securely | No, public key can be distributed openly
Speed | Faster for large data | Slower; typically used for small data or key exchange
Common use | File encryption, Wi-Fi, HTTPS bulk data | Digital signatures, certificates, key exchange
Example algorithm | AES-256 | RSA-2048, ECC

### Topic 5.5: Protecting Applications: Secure by Design and Input Sanitization

Application security begins before a single line of code is written. Secure by design embeds security into every phase of product development. Input sanitization is the technical mechanism that stops injection attacks at the point of entry.

- **Secure by design**: Security is a design principle built into all phases of development, not a feature added after launch. Includes three principles: take ownership of customer security outcomes, embrace radical transparency, and build organizational leadership around security.
- **Secure by default**: Products ship with security protections already enabled. Users should not have to opt in to basic security settings.
- **Input sanitization**: A function that removes or rejects control characters (single quote, double quote, semicolon) from user input before the application processes it. Blocks SQL injection, XSS, and directory traversal.
- **Data validation**: Verifying that user input matches expected criteria (e.g., a number field only accepts digits) before processing. Applications that skip validation are vulnerable to injection attacks.
- **Control characters**: Characters like ' " ; that applications use to structure commands. Adversaries embed these in input to break out of expected processing and inject malicious instructions.

**Checkpoint:** How does input sanitization specifically prevent a SQL injection attack?

### Topic 5.6: Detecting Attacks on Data and Applications

Detective controls identify attacks that preventive controls missed. The main tools are log analysis, honeypots, cryptographic hash verification, and DLP services. Each has different costs, detection speeds, and blind spots that defenders must understand.

- **Accounting (log analysis)**: Recording and monitoring user activity. Logs reveal suspicious patterns like accessing unusual files, activity outside normal hours, or attempts to copy or delete sensitive data.
- **Honeypot**: A fake file containing realistic-looking but false data (credit card numbers, passwords). Any access attempt triggers an alert because there is no legitimate reason to open it.
- **Cryptographic hash function**: Produces a fixed-length output (hash) for any input. If a file's hash changes between two measurements, the file was altered. SHA-256 is the standard; MD5 and SHA-1 are considered weak.
- **DLP (Data Loss Prevention)**: Third-party services that monitor data access, usage, and transmission across an organization. High detection capability at higher cost than honeypots or hashing.
- **Detection blind spots**: Hash functions cannot detect read-only data theft because the file is not altered. Honeypots cannot detect adversaries who never access them. False negatives are a real risk in every detection method.

**Checkpoint:** An adversary reads a sensitive file but does not modify it. Which detection tools would catch this, and which would not?

Detective Control | Cost | Detection timing | Key limitation
--- | --- | --- | ---
Log analysis (manual) | Low | Retrospective | Requires human review; slow without automation
Automated log analysis | Medium | Real-time | Requires configuration; can produce false positives
Honeypot | Low | Near-instant | Only detects adversaries who access the honeypot
Cryptographic hash | Low | Retrospective | Cannot detect read-only theft; only detects modification
DLP service | High | Real-time | Cost may be prohibitive for smaller organizations

## Study Guides

- [5.1 Application and Data Vulnerabilities and Attacks](/ap-cybersecurity/unit-5/application-and-data-vulnerabilities-and-attacks/study-guide/T25I7qaDw4w4XT1rkAYr)
- [5.3 Protecting Stored Data with Cryptography](/ap-cybersecurity/unit-5/protecting-stored-data-with-cryptography/study-guide/pVI6SOT7HBVhSMIqKTXG)
- [5.2 Protecting Applications and Data: Managerial Controls and Access Controls](/ap-cybersecurity/unit-5/protecting-applications-and-data-managerial-controls-and-access-controls/study-guide/tZFME9LjYUHiIc9fHQE2)
- [5.4 Asymmetric Cryptography](/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2)
- [5.5 Protecting Applications](/ap-cybersecurity/unit-5/protecting-applications/study-guide/NlU1CUWEo8RNupZqXUMH)
- [5.6 Detecting Attacks on Data and Applications](/ap-cybersecurity/unit-5/detecting-attacks-on-data-and-applications/study-guide/sHDJEWboTNQbNsGPNiq5)

## Practice Preview

### Multiple-choice practice

- **AP-style practice question**: Skill Category 3 - Detect Attacks | A hospital's IT team discovers that a billing clerk accessed and exported patient diagnosis records, which the clerk's job function does not require. The team wants to implement an access control model that restricts each employee to only the data their specific job requires. Which model best addresses this gap, and why?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A healthcare company stores patient medical records in a database encrypted with a 40-bit key, and access to the database is restricted only to employees in the billing department. A security auditor flags this configuration. Which risk level and rationale best describe this vulnerability?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A defense contractor stores unclassified but export-controlled technical blueprints for a military aircraft component on a network drive with no encryption. Any authenticated employee, including interns, can access and download the files. A security team is documenting this finding. Which assessment correctly captures both the risk level and the CIA property at stake?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A security analyst reviewing logs notices that a web application's database is returning entire user tables in response to login attempts, even when incorrect credentials are entered. Which CIA triad property is most directly compromised, and how should this vulnerability be classified?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A security analyst is comparing two vulnerabilities found during an audit. Vulnerability A: a hospital's patient billing records are stored in a database encrypted with a 56-bit key, accessible only to billing staff. Vulnerability B: a retail company's internal employee scheduling spreadsheet is unencrypted and readable by all staff. Which assessment correctly ranks these two vulnerabilities?
- **AP-style practice question**: Skill Category 3 - Detect Attacks | A hospital's security team detects that an attacker intercepted network packets containing patient test results and doctor visit notes as they were transmitted between two internal systems. Which data classification applies to the intercepted information, and which federal law governs its protection?

## Key Terms

- **SQL injection**: An attack where an adversary inserts SQL control words or symbols into an input field to manipulate a database query, potentially reading, modifying, or deleting records.
- **XSS**: Cross-site scripting. An attack where malicious script tags are injected into a web application and execute in another user's browser, stealing session data or redirecting the user.
- **encryption**: The process of transforming plaintext into ciphertext using a cryptographic algorithm and key so that unauthorized parties cannot read the data.
- **symmetric encryption**: An encryption method that uses the same key to both encrypt and decrypt data. AES is the standard symmetric algorithm.
- **asymmetric encryption**: An encryption method that uses a mathematically linked key pair: a public key to encrypt and a private key to decrypt, eliminating the need to share a secret key in advance.
- **keyspace**: The total number of possible keys for a given encryption algorithm. An n-bit key has a keyspace of 2^n; larger keyspaces make brute-force attacks slower.
- **public key**: The key in an asymmetric key pair that is shared openly. A sender uses the receiver's public key to encrypt data that only the receiver's private key can decrypt.
- **private key**: The key in an asymmetric key pair that must be kept secret. If compromised, the entire key pair must be discarded and a new pair generated.
- **AES**: Advanced Encryption Standard. The most widely used symmetric block cipher, encrypting data in 128-bit blocks with key lengths of 128, 192, or 256 bits.
- **RSA**: A common asymmetric encryption algorithm used for secure key exchange, digital signatures, and certificates. Typical key lengths are 2048 or 4096 bits.
- **cryptographic hash function**: A function that produces a fixed-length output (hash) for any input. The same input always produces the same hash, so a changed hash indicates a file was modified.
- **honeypot**: A fake file containing realistic-looking but false sensitive data. Any access attempt triggers an alert because no legitimate user has reason to open it.
- **data loss prevention**: A service or tool that monitors data access, usage, and transmission across an organization to detect suspicious activity. Provides strong detection at higher cost than hashing or honeypots.
- **input sanitization**: A process that removes or escapes control characters (single quote, double quote, semicolon) from user input before the application processes it, blocking injection attacks.
- **directory traversal**: An attack where an adversary uses ../ sequences in a file path to navigate outside the intended directory and access restricted files on a server.

## Common Mistakes

- **Confusing which asymmetric key encrypts versus decrypts**: To send an encrypted message to a receiver, you use the receiver's public key. Only their private key can decrypt it. Students often reverse this. For digital signatures the logic flips: the sender signs with their private key, and anyone with the public key can verify.
- **Comparing key lengths across different algorithms**: An AES 256-bit key and an RSA 256-bit key are not equivalent in security. Key-length comparisons are only valid within the same algorithm. RSA requires much longer keys than AES to achieve comparable security because the underlying math is different.
- **Assuming cryptographic hashes detect all data theft**: Hash functions only detect whether a file was modified. If an adversary reads or copies a file without changing it, the hash stays the same and no alert is triggered. This is a critical blind spot that DLP services or log analysis must cover.
- **Treating input validation and input sanitization as the same thing**: Validation checks whether input meets expected criteria (e.g., is it a number?). Sanitization removes or escapes dangerous characters from input. Both are needed, and the exam may ask you to distinguish which technique addresses a specific attack scenario.
- **Misreading Linux permission strings**: The nine characters after the file-type indicator always follow the order owner-group-others, each with rwx. A dash means that permission is absent. Students frequently misassign which segment belongs to which entity, especially when some permissions are missing.

## Exam Connections

- **Scenario-based attack identification**: Expect questions that describe a situation, such as a user entering unexpected characters into a web form or an application returning database records it should not, and ask you to name the attack type, explain the vulnerability being exploited, and identify which CIA pillar is affected. Being able to connect the adversary's action to the specific technical weakness is the core skill tested.
- **Selecting and justifying security controls**: Questions may present an organization's data type, regulatory environment, or risk level and ask which access control model, encryption method, or detective control is most appropriate. You will need to justify your choice by explaining why it fits the scenario, not just name the control. Trade-offs such as cost versus detection speed or key length versus performance are common reasoning tasks.
- **Reading and interpreting technical artifacts**: Unit 5 includes hands-on skills: reading Linux permission strings, interpreting log file entries for attack signatures, and understanding command-line syntax for OpenSSL and hash tools. Exam tasks may present a permission string, a log excerpt, or a command and ask you to explain what it shows, what access it grants, or whether it indicates an attack.

## Final Review Checklist

- **Explain the four major application attacks**: For each of SQL injection, XSS, buffer overflow, and directory traversal, describe what the adversary sends, what vulnerability they exploit, and which CIA pillar is most affected.
- **Classify data by state and regulation**: Distinguish data at rest, in transit, and in use, and identify which security controls apply to each. Know what PII, PHI, and PCI mean and why each category carries legal obligations.
- **Apply access control models**: Compare RBAC, RuBAC, MAC, and DAC. Given a scenario, select the appropriate model and justify the choice. Read and interpret Linux permission strings like rwxr-x--- and apply chmod to set permissions.
- **Work through symmetric and asymmetric encryption**: Explain how AES encrypts data in 128-bit blocks using a shared key. Explain how RSA and ECC use key pairs. Calculate keyspace as 2^n and estimate average brute-force guesses as 2^(n-1). Know that key-length comparisons only apply within the same algorithm.
- **Describe secure by design and input sanitization**: State the three secure by design principles and explain what secure by default means. Explain how removing control characters (single quote, double quote, semicolon) through input sanitization blocks injection attacks.
- **Select and evaluate detective controls**: Compare log analysis, honeypots, cryptographic hashes, and DLP on cost, detection timing, and limitations. Know that hash functions detect modification but not read-only theft, and that honeypots only catch adversaries who access them.
- **Read attack signatures in logs**: Identify SQL injection indicators (OR 1=1, --, SQL keywords), XSS indicators (<script> tags), buffer overflow indicators (oversized URL or request fields), and directory traversal indicators (../ sequences) in log file entries.

## Study Plan

- **Start with attacks (Topic 5.1)**: Read the Topic 5.1 guide and list all four attack types with a one-sentence explanation of what each adversary does and what vulnerability they exploit. Then practice rating a scenario as high, moderate, or low risk using the CIA framework.
- **Work through data classification and access controls (Topic 5.2)**: Review the three data states and the PII, PHI, and PCI categories. Then compare the four access control models in a table. Finish by practicing Linux permission strings: read a permission string, then write the chmod command that would produce it.
- **Build up cryptography from symmetric to asymmetric (Topics 5.3 and 5.4)**: Study symmetric encryption first: how AES works, what keyspace means, and the 2^n formula. Then move to asymmetric: draw a diagram of a key pair exchange showing which key is used at each step. Practice the keyspace math with sample bit lengths.
- **Review application protection principles (Topic 5.5)**: State the three secure by design principles from memory. Then trace how a SQL injection attack would be stopped at each stage: validation rejects unexpected input, sanitization strips control characters. Connect this back to the attacks from Topic 5.1.
- **Practice detection and log reading (Topic 5.6)**: Compare the four detective controls on cost, timing, and limitations using the comparison table in the review notes. Then practice identifying attack signatures: given a sample log entry, determine whether it shows SQL injection, XSS, buffer overflow, or directory traversal.

## More Ways To Review

- [Topic study guides](/ap-cybersecurity/unit-5#topics)
- [Key terms](/ap-cybersecurity/key-terms)

## FAQs

### What topics are covered in AP Cyber Unit 5?

AP Cyber Unit 5 covers 6 topics: Application and Data Vulnerabilities and Attacks (5.1), Managerial Controls and Access Controls (5.2), Protecting Stored Data with Cryptography (5.3), Asymmetric Cryptography (5.4), Protecting Applications (5.5), and Detecting Attacks on Data and Applications (5.6). The unit focuses on how adversaries target data and how to defend against those attacks. See the full topic list at [/ap-cybersecurity/unit-5](/ap-cybersecurity/unit-5).

### What's on the AP Cyber Unit 5 progress check (MCQ and FRQ)?

The AP Cyber Unit 5 progress check includes both MCQ and FRQ parts drawn from all 6 topics in the unit. MCQ questions test concepts like access controls, cryptographic methods, and common application vulnerabilities. FRQ prompts typically ask you to analyze an attack scenario or explain a mitigation strategy using topics from 5.1 through 5.6. Practice with matched questions at [/ap-cybersecurity/unit-5](/ap-cybersecurity/unit-5).

### How do I practice AP Cyber Unit 5 FRQs?

AP Cyber Unit 5 FRQs most often draw from topics on access controls (5.2), cryptography (5.3 and 5.4), and detecting attacks (5.6). These questions ask you to explain a concept, analyze a vulnerability, or recommend a mitigation for a given scenario. To practice, write out full responses to scenario-based prompts and check that you name specific controls or cryptographic techniques. Find practice prompts at [/ap-cybersecurity/unit-5](/ap-cybersecurity/unit-5).

### Where can I find AP Cyber Unit 5 practice questions?

The best place to find AP Cyber Unit 5 practice questions, including multiple-choice and practice test sets, is [/ap-cybersecurity/unit-5](/ap-cybersecurity/unit-5). You'll find MCQ questions covering application vulnerabilities, cryptography, and access controls, plus scenario-based questions that mirror the format of the real exam. Practicing by topic first, then mixing question types, builds the most confidence before test day.

### How should I study AP Cyber Unit 5?

Start AP Cyber Unit 5 by building a strong foundation in topic 5.1 (application and data vulnerabilities) before moving into defenses. Then work through access controls (5.2) and both cryptography topics (5.3 and 5.4) together, since symmetric and asymmetric methods connect directly. Finish with 5.5 and 5.6 to understand how to protect and monitor applications. Use scenario-based practice to connect attack types to their mitigations, and review logs and detection methods in 5.6 last since those questions often appear in FRQs. Get topic-by-topic resources at [/ap-cybersecurity/unit-5](/ap-cybersecurity/unit-5).

## Structured Data

```json
{"@context":"https://schema.org","@type":"FAQPage","inLanguage":"en","mainEntity":[{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5#what-topics-are-covered-in-ap-cyber-unit-5","name":"What topics are covered in AP Cyber Unit 5?","acceptedAnswer":{"@type":"Answer","text":"AP Cyber Unit 5 covers 6 topics: Application and Data Vulnerabilities and Attacks (5.1), Managerial Controls and Access Controls (5.2), Protecting Stored Data with Cryptography (5.3), Asymmetric Cryptography (5.4), Protecting Applications (5.5), and Detecting Attacks on Data and Applications (5.6). The unit focuses on how adversaries target data and how to defend against those attacks. See the full topic list at <a href=\"/ap-cybersecurity/unit-5\">/ap-cybersecurity/unit-5</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5#whats-on-the-ap-cyber-unit-5-progress-check-mcq-and-frq","name":"What's on the AP Cyber Unit 5 progress check (MCQ and FRQ)?","acceptedAnswer":{"@type":"Answer","text":"The AP Cyber Unit 5 progress check includes both MCQ and FRQ parts drawn from all 6 topics in the unit. MCQ questions test concepts like access controls, cryptographic methods, and common application vulnerabilities. FRQ prompts typically ask you to analyze an attack scenario or explain a mitigation strategy using topics from 5.1 through 5.6. Practice with matched questions at <a href=\"/ap-cybersecurity/unit-5\">/ap-cybersecurity/unit-5</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5#how-do-i-practice-ap-cyber-unit-5-frqs","name":"How do I practice AP Cyber Unit 5 FRQs?","acceptedAnswer":{"@type":"Answer","text":"AP Cyber Unit 5 FRQs most often draw from topics on access controls (5.2), cryptography (5.3 and 5.4), and detecting attacks (5.6). These questions ask you to explain a concept, analyze a vulnerability, or recommend a mitigation for a given scenario. To practice, write out full responses to scenario-based prompts and check that you name specific controls or cryptographic techniques. Find practice prompts at <a href=\"/ap-cybersecurity/unit-5\">/ap-cybersecurity/unit-5</a>."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5#where-can-i-find-ap-cyber-unit-5-practice-questions","name":"Where can I find AP Cyber Unit 5 practice questions?","acceptedAnswer":{"@type":"Answer","text":"The best place to find AP Cyber Unit 5 practice questions, including multiple-choice and practice test sets, is <a href=\"/ap-cybersecurity/unit-5\">/ap-cybersecurity/unit-5</a>. You'll find MCQ questions covering application vulnerabilities, cryptography, and access controls, plus scenario-based questions that mirror the format of the real exam. Practicing by topic first, then mixing question types, builds the most confidence before test day."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5#how-should-i-study-ap-cyber-unit-5","name":"How should I study AP Cyber Unit 5?","acceptedAnswer":{"@type":"Answer","text":"Start AP Cyber Unit 5 by building a strong foundation in topic 5.1 (application and data vulnerabilities) before moving into defenses. Then work through access controls (5.2) and both cryptography topics (5.3 and 5.4) together, since symmetric and asymmetric methods connect directly. Finish with 5.5 and 5.6 to understand how to protect and monitor applications. Use scenario-based practice to connect attack types to their mitigations, and review logs and detection methods in 5.6 last since those questions often appear in FRQs. Get topic-by-topic resources at <a href=\"/ap-cybersecurity/unit-5\">/ap-cybersecurity/unit-5</a>."}}]}
```
