AP Cybersecurity › PLTW Unit 2

Unit 2 System Security

CIA triad, server vulnerabilities, malware analysis, and the e-commerce architecture that ties it all together. The heaviest AP unit in the course. Ends with the E-Commerce Enrichment cyber case.

📋 PLTW Unit 2 · Tri 1🕐 ~5 weeks📺 10 Activities + Projects🎯 Problem: 2.4.1📝 AP Topics: 2.1 · 3.1 · 4.1–4.4 · 5.1–5.6
Bikes, Boards & Beyond wants to launch an online store. Before they go live, they need a cyber team to secure it. Read the full case →
Activity — builds the skill
Project — applies it in a lab
Problem — capstone cyber case (do last)
2.1 — Information Architecture
Activity2.1.1

Confidentiality, Integrity, and Availability

The CIA triad in full. Risk assessment process, management strategies (accept/transfer/mitigate/avoid), control types, and defense-in-depth. Data classification and law names introduced here: HIPAA, COPPA, PCI-DSS.

CIA triadRisk assessmentControl typesDefense-in-depthAP 2.1.D–GAP 5.2.A
🕐 2–3 class daysOpen Activity →
Activity2.1.2

Passive Analysis

Wireshark lives here. Baseline traffic capture, protocol identification, and network attack patterns — ARP poisoning, MAC flooding, DNS poisoning — observed in actual packet data.

WiresharkBaseline trafficARP poisoningDNS poisoningAP 3.1.A–BAP 2.1.B–C
🕐 2–3 class daysOpen Activity →
Project2.1.3

E-Commerce Architecture

Project: Design a defense-in-depth network architecture for an e-commerce business. Students label every layer, justify every control, and apply network segmentation — DMZ and VLANs — to the Bikes, Boards & Beyond scenario.

Network diagramDMZVLANsDefense-in-depthAP 2.1.GAP 3.3.A–B
🕐 2–3 class daysOpen Project →
2.2 — Server Vulnerabilities
Activity2.2.1

More on Malware

WannaCry. Stuxnet. ILOVEYOU. Historical malware cases teach modern threat evaluation — the same mechanisms resurface in new attacks. Know all the AP malware type names cold; MCQs will use them specifically.

RansomwareWormTrojanLogic bombRootkitAP 4.1.B–CAP 4.3.B
🕐 2 class daysOpen Activity →
Activity2.2.2

Server Vulnerabilities

SQL injection, buffer overflow, privilege escalation, path traversal, XSS. The full AP 5.1 application attack vocabulary — applied to the e-commerce server context students are building toward.

SQL injectionBuffer overflowPrivilege escalationXSSAP 4.1.C–DAP 5.1.A–B
🕐 2–3 class daysOpen Activity →
Activity2.2.3

Server Analysis

Reading server logs for IOCs. Signature vs. behavioral detection introduced. File hash verification. The first full log-to-IOC workflow in the course — the foundation for all log analysis that follows.

Log analysisIOC detectionHash verificationAP 4.4.A–CAP 5.6.AAP 5.6.D
🕐 2–3 class daysOpen Activity →
Project2.2.4

Secure the Server

Project: Full server hardening. Anti-malware, OS patching, host-based firewall configuration, and Linux file permissions. AP Scenarios 4B (lockout policy) and 5A (Linux chmod) both fit naturally here.

Server hardeningAnti-malwareHost firewallchmod / chownAP 4.3.A–DAP 5.2.C–D
🕐 2–3 class daysOpen Project →
2.3 — Server Exploits
Activity2.3.1

Security E-Commerce

Web application vulnerabilities in a real e-commerce context — XSS, CSRF, path traversal. Secure by design and security by default introduced as actual design principles, not just definitions.

XSSCSRFSecure by designSecurity by defaultAP 5.1.A–BAP 5.5.A–B
🕐 2 class daysOpen Activity →
Activity2.3.2

Stopping the Spread of Malware

How each malware type propagates — and how managerial controls stop the spread before anti-malware gets a chance. Connects Unit 1 malware vocabulary to active containment strategy.

Malware propagationContainmentManagerial controlsAP 4.1.BAP 4.3.A–B
🕐 2 class daysOpen Activity →
Activity2.3.3

Server Attacks

Active attack analysis. Windows Event IDs 4624, 4625, 4740, 4688, 4672, 1102 introduced for the first time. Authentication log IOC patterns — the vocabulary that Problem 2.4.1 will demand students use under pressure.

Event IDsAuth log IOCs4624 / 4625 / 4740AP 4.1.C–DAP 4.4.D
🕐 2–3 class daysOpen Activity →
Project2.3.4

Find the Exploits

Project: Ethical hacking recon and scanning. Students discover vulnerabilities and document findings in AP Skill 1.D format — evidence first, conclusions after, justified in writing.

Ethical hackingReconVulnerability scanningAP 4.1.B–DAP 5.1.A–CAP Skill 1.D
🕐 2–3 class daysOpen Project →
2.4 — E-Commerce Enrichment (Problem)
⚡ Problem2.4.1

E-Commerce Enrichment

The Unit 2 capstone cyber case. A full security engagement for Bikes, Boards & Beyond — risk assessment, server hardening, malware analysis, log investigation, and a professional incident report. Requires all 10 preceding activities and projects.

AP Skills 1–3Risk assessmentIncident reportAP 4.1–4.4AP 5.1–5.6FRQ format
🕐 3–4 class daysOpen Case →
⛔ Problem 2.4.1 — Dependency Warning
All 10 activities and projects (2.1.1 → 2.3.4) must be complete before attempting the E-Commerce Enrichment cyber case. Do not skip steps.
Open Case →
🎓 AP Classroom — Progress Check
Unit 2 covers AP Topics 2.1, 3.1, 3.3, and the majority of Units 4 and 5. Complete the relevant AP Classroom progress checks after Problem 2.4.1.
AP Classroom →
Built with v0