AP Cybersecurity Unit 3 Lesson 6 Exercise 1

Unit 3 • 3.6 • Exercise 1

Exercise 1 — Secure Protocol Analysis

6 questions — Evaluate protocol choices and encryption implementations

Score: 0 / 0 Predict the answer before selecting an option
Client Organization
Brightpath University

Brightpath University is upgrading its network infrastructure to eliminate insecure protocols. The IT security team has audited all network services and found that several departments still use legacy protocols that transmit data in plaintext. You are reviewing six protocol decisions and recommending secure alternatives.

Q1 HTTP vs HTTPS
Brightpath’s student portal currently runs on HTTP (port 80). Students log in with their university credentials to view grades, register for classes, and pay tuition. The IT team proposes migrating to HTTPS (port 443). Which of the following BEST describes what HTTPS adds that HTTP does not provide?
Q2 Telnet vs SSH
The Computer Science department uses Telnet (port 23) to remotely manage Linux lab servers. A security audit flags this as a critical vulnerability. Which of the following statements about this risk are correct?

I. Telnet transmits all data, including passwords, in plaintext that can be captured by anyone on the network path.
II. SSH (port 22) provides the same remote terminal functionality as Telnet but encrypts the entire session.
III. Replacing Telnet with SSH requires replacing all the Linux servers with newer hardware.
Q3 TLS Certificates
A student visiting the Brightpath library website sees a browser warning: “Your connection is not private — the certificate for library.brightpath.edu has expired.” The student clicks “Proceed anyway.” Which risk does this action introduce?
Q4 FTP vs SFTP
The Admissions Office transfers applicant files to a partner institution using FTP (port 21). The files contain Social Security numbers, transcripts, and financial aid data. The partner suggests switching to SFTP. Which of the following is NOT a valid reason to make this switch?
Q5 VPN Protocols
Brightpath offers VPN access for faculty working remotely. The IT team is choosing between two configurations: (1) split-tunnel VPN that only routes university-bound traffic through the encrypted tunnel, or (2) full-tunnel VPN that routes ALL traffic through the university network. Which of the following BEST describes a security advantage of full-tunnel over split-tunnel?
Q6 DNS Security
Brightpath’s DNS queries are currently sent in plaintext over UDP port 53. A network administrator proposes implementing DNS over HTTPS (DoH). Which of the following is a LEGITIMATE concern about deploying DoH on the campus network?
Questions Correct
Exercise 2 → Course Hub
AP Cybersecurity Unit 3 • 3.6 • Exercise 1 | APCSExamPrep.com | Built by Tanner Crow, AP CS Teacher (11+ years)
AP® is a registered trademark of the College Board, which was not involved in the production of this content.
AP Cybersecurity · Unit 3 · Lesson 3.6 · Exercise 1
LessonExercise 1LabQuiz

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]