Computing Systems and the Internet — AP CS Principles CSP Study Guide

For: AP CS Principles candidates sitting AP Computer Science Principles.

Covers: all required subtopics for the Computing Systems and the Internet unit: computer hardware components, core internet protocols and packet switching, common cybersecurity threats, and both beneficial and harmful real-world impacts of computing systems.

You should already know: No prior CS required.

A note on the practice questions: All worked questions in the "Practice Questions" section below are original problems written by us in the AP CS Principles style for educational use. They are not reproductions of past College Board papers and may differ in wording, numerical values, or context. Use them to practise the technique; cross-check with official College Board mark schemes for grading conventions.

1. What Is Computing Systems and the Internet?

This unit covers the physical, logical, and social components of digital infrastructure that powers all modern computing activity, from personal phone use to global business operations. It accounts for 10-13% of your total AP CSP exam score per the official College Board CED, and content appears in both multiple-choice questions and the written response section of the Create performance task. Common synonyms for this topic include digital infrastructure, networked computing systems, and internet technology fundamentals.

2. Computer systems hardware

All modern computing devices follow the von Neumann architecture, a standard design that splits hardware into four core functional categories, each with a defined role in processing digital data:

1. Input devices: Convert real-world analog data (sound, light, physical movement) to binary digital data. Common examples include keyboards, touchscreens, camera sensors, microphones, and temperature sensors.
2. Processing unit (CPU): The "brain" of the device that executes program instructions. It contains two sub-components: the Arithmetic Logic Unit (ALU) that runs math and logical operations, and the Control Unit (CU) that manages data flow between components.
3. Storage: Split into two types:

• Primary storage (RAM): Volatile (loses all data when power is turned off) high-speed temporary storage for active running programs and open files.
• Secondary storage (SSD, HDD, flash drives): Non-volatile (retains data when power is off) long-term storage for user files, installed software, and operating system files.

4. Output devices: Convert binary digital data to human-readable or usable formats. Common examples include screens, speakers, printers, and haptic feedback motors.

Worked Example

When you record a voice note on your smartphone:

1. Input: The microphone converts your voice (analog sound waves) to binary audio data.
2. Process: The CPU runs a voice recording app, compresses the audio data to reduce file size, and checks for audio quality errors.
3. Storage: The compressed audio file is saved to your phone’s SSD for long-term access.
4. Output: The screen displays a notification confirming the recording is saved, and you can play the note back via the speaker.

Exam tip: Examiners frequently test component-function matching, so make sure you can distinguish RAM (volatile, temporary) from secondary storage (non-volatile, long-term) — this is a common 1-point easy question.

3. The Internet — protocols and packets

The internet is a global, decentralized network of interconnected computing devices, with no single governing body that owns or controls all network traffic. Its design prioritizes fault tolerance: if one network path fails, data can be routed through alternative paths to reach its destination.

Packets

All data sent over the internet (webpages, emails, video streams, messages) is split into small, standardized chunks called packets before transmission. Each packet includes:

• A payload: A small segment of the original full data
• A header containing the source IP address, destination IP address, packet sequence number, and error-checking code

Protocols

Protocols are standardized, agreed-upon rules that define how devices communicate over a network. You are required to know these core protocols for the exam:

1. Internet Protocol (IP): Assigns a unique numeric address to every device connected to the internet, and routes packets across networks to their destination.
2. Transmission Control Protocol (TCP): A reliable, connection-oriented protocol that establishes a formal connection between sender and receiver, checks for lost or corrupted packets, requests retransmissions of missing data, and reassembles packets in the correct order. It is used for use cases where data accuracy is more important than speed: email, file transfers, and web browsing.
3. User Datagram Protocol (UDP): A fast, connectionless protocol that does not check for lost packets or request retransmissions. It is used for use cases where speed is more important than perfect accuracy: live video streaming, online gaming, and video calls.
4. Domain Name System (DNS): Translates human-readable domain names (e.g., collegeboard.org) to numeric IP addresses (e.g., 142.250.190.142) that devices use to locate servers on the internet.
5. HTTPS: An encrypted version of the Hypertext Transfer Protocol (HTTP) that uses TLS/SSL encryption to protect data transmitted between a user’s browser and a web server.

Worked Example

When you access the AP CSP exam schedule on collegeboard.org:

1. Your browser sends a DNS query to translate collegeboard.org to its public IP address.
2. TCP establishes a reliable connection between your laptop and the College Board web server.
3. An HTTPS request for the exam schedule page is sent to the server.
4. The server splits the page content into ~1200 individual packets, which are routed across different internet paths to your laptop.
5. TCP confirms all packets are received, retransmits any missing packets, and reassembles them in the correct order.
6. Your browser decrypts the HTTPS data and renders the exam schedule page on your screen.

4. Cybersecurity threats

Cybersecurity is the practice of protecting computing systems, networks, and data from unauthorized access, damage, or theft. These are the most common threats tested on the AP CSP exam:

1. Phishing: A type of social engineering attack that uses fraudulent emails, text messages, or fake websites pretending to be from a trusted source (bank, school, employer) to trick users into sharing sensitive data (passwords, credit card numbers, social security numbers).
2. Malware: Malicious software designed to damage or gain unauthorized access to a device. Common types include viruses (attach to legitimate programs and spread when the program is run), ransomware (encrypts a user’s data and demands payment in cryptocurrency to unlock it), and spyware (secretly collects user data such as keystrokes, browsing history, and location).
3. DDoS (Distributed Denial of Service) Attack: An attacker uses a botnet (a network of infected devices called bots) to send millions of fake requests to a target server, overwhelming it so legitimate users cannot access the service.
4. Data Breach: An incident where an unauthorized user gains access to confidential user data stored by a company or organization, often leading to identity theft, credit card fraud, or financial loss for affected users.

Worked Example

A school administrator receives an email pretending to be from the district’s IT team, asking them to click a link and enter their admin password to resolve a supposed student data system outage. The administrator enters their password, and the attacker gains access to 5,000 student records including addresses and health information. This is a phishing/social engineering attack that results in a data breach.

Exam tip: You will almost always be asked to identify the type of threat from a real-world scenario, so memorize the defining feature of each threat to avoid losing easy marks.

5. Impact of computing — beneficial and harmful

All computing innovations have both positive and negative real-world impacts, and the exam will frequently ask you to evaluate both sides of a given use case.

Beneficial Impacts

1. Equitable access to resources: The internet makes educational content, healthcare information, government services, and employment opportunities accessible to people in remote or low-income communities who would not have access otherwise.
2. Accessibility: Computing systems include features like screen readers, voice control, closed captioning, and text-to-speech that make digital content accessible to people with disabilities.
3. Scientific progress: High-performance computing systems power climate modeling, drug development, genome sequencing, and space exploration, leading to faster breakthroughs that benefit public health and global safety.
4. Global connection: Low-cost instant communication tools (video calls, messaging apps) connect families across borders, enable remote work and online learning, and support global collaborative projects.

Harmful Impacts

1. Digital Divide: Unequal access to high-speed internet and computing devices creates gaps in educational and economic opportunity for low-income households, rural communities, and marginalized groups.
2. Privacy risks: Companies collect large volumes of user data (browsing history, location, purchase habits, social media activity) often without explicit informed consent, which can be misused for targeted advertising, surveillance, or sold to third parties.
3. Misinformation: The internet allows false or misleading content to spread rapidly, leading to public health harms (anti-vaccine content), election interference, and social polarization.
4. Environmental harm: Data centers consume large amounts of electricity, contributing to carbon emissions, and discarded electronic devices (e-waste) contain toxic materials that contaminate soil and water supplies.

Worked Example

A state government launches a free telehealth program that lets low-income rural residents consult with doctors via video call instead of driving 2+ hours to the nearest hospital. Beneficial impact: Improves access to healthcare for people in rural areas, leading to earlier diagnosis of chronic conditions. Harmful impact: The telehealth platform collects sensitive patient health data, which could be exposed in a data breach.

6. Common Pitfalls (and how to avoid them)

• Wrong move: Calling RAM non-volatile, or mixing up RAM and SSD functions. Why students do it: They confuse short-term and long-term storage definitions. Correct move: Remember RAM loses all data when power is off (volatile, for active programs), while SSD/HDD retains data when power is off (non-volatile, for long-term file storage).
• Wrong move: Stating that the internet has a central governing body that controls all traffic. Why students do it: They assume large networks have central control. Correct move: The internet is decentralized, no single entity owns or controls it, and its fault tolerance comes from this distributed structure.
• Wrong move: Claiming TCP is always better than UDP, or selecting TCP for live streaming use cases. Why students do it: They associate "reliable" with better for all uses. Correct move: TCP is for accuracy-critical use cases (email, file transfer), UDP is for speed-critical use cases (gaming, live streams).
• Wrong move: Only listing beneficial impacts when asked to evaluate a computing innovation. Why students do it: They forget the question requires balanced analysis. Correct move: Every innovation has both positive and negative impacts, always address at least one of each if asked for evaluation.
• **Wrong move: Using "virus" as a catch-all term for all cyber threats, including phishing. Why students do it: They use common non-technical definitions of cyber threats. Correct move: Viruses are a type of malware (software), phishing is a social engineering attack that manipulates users to share data.

7. Practice Questions (AP Computer Science Principles Style)

Question 1

Which of the following correctly pairs a computer hardware component with its core function? A) RAM: Long-term non-volatile storage of user files B) CPU: Executes program instructions and processes data C) SSD: Temporary volatile storage for running applications D) Input device: Converts binary data to human-readable form

Worked Solution: Correct answer is B.

• A is incorrect: RAM is volatile temporary storage for active programs, long-term non-volatile storage is provided by SSD/HDD.
• C is incorrect: SSD is non-volatile long-term storage.
• D is incorrect: Output devices convert binary data to human-readable form, input devices convert analog data to binary. This is a common 1-point multiple-choice question, so memorizing component functions will guarantee you these easy marks.

Question 2

A user is joining a live international soccer stream, where minimal delay is critical to avoid spoilers from social media. Which transport protocol is most appropriate for the stream, and why? A) TCP, because it ensures all video packets are received without loss B) TCP, because it encrypts all video data to prevent unauthorized access C) UDP, because it does not retransmit lost packets, reducing lag D) UDP, because it translates the stream’s domain name to an IP address

Worked Solution: Correct answer is C. For live streaming, speed is more important than 100% packet accuracy: if one packet is lost (a single frame of video), it is better to skip it and continue the stream than wait for a retransmission that causes lag and exposes the user to spoilers.

• A is incorrect: TCP’s retransmission of lost packets increases latency, which is bad for live streams.
• B is incorrect: TCP does not handle encryption (that is done by TLS/SSL for HTTPS) and has high latency.
• D is incorrect: DNS translates domain names to IP addresses, not UDP.

Question 3

A small town launches a free public Wi-Fi program in all community centers to give low-income residents access to online job applications and adult education courses. Describe one beneficial impact, one harmful impact, and one step the town could take to reduce the harmful impact.

Worked Solution (Full Credit 3-point response):

1. Beneficial impact (1 point): The program reduces the digital divide by providing internet access to residents who cannot afford home internet, giving them equal access to employment and educational opportunities that require online access.
2. Harmful impact (1 point): Unsecured public Wi-Fi can expose users to cybersecurity risks, such as attackers intercepting sensitive data (like social security numbers entered on job application sites) transmitted over the network.
3. Mitigation step (1 point): The town can enable end-to-end encryption for the Wi-Fi network, and post signs advising users to only access sites with HTTPS and use a free virtual private network (VPN) when entering sensitive personal information.

8. Quick Reference Cheatsheet

9. What's Next

This unit forms the foundation for two other core AP CSP units: Big Idea 3 (Algorithms and Programming) where you will learn how software runs on the hardware systems covered here, and Big Idea 5 (Impact of Computing) where you will dive deeper into ethical and social impact frameworks for the Create performance task. Understanding internet protocols and cybersecurity is also required for the Create performance task, where you will need to document any security or privacy considerations for the program you build. Questions about network design and computing impact also appear frequently in the multiple-choice section of the exam, so mastering this content will directly boost your overall score.

If you have any questions about hardware components, protocol use cases, or impact evaluation for your exam practice, you can ask Ollie for personalized explanations, additional practice questions, or feedback on your performance task responses at any time on the homepage. You can also move on to our next study guide for the Algorithms and Programming unit to continue your structured AP CSP prep.