AP Cybersecurity Unit 3 Lesson 6 Exercise 1
Exercise 1 — Secure Protocol Analysis
6 questions — Evaluate protocol choices and encryption implementations
Brightpath University is upgrading its network infrastructure to eliminate insecure protocols. The IT security team has audited all network services and found that several departments still use legacy protocols that transmit data in plaintext. You are reviewing six protocol decisions and recommending secure alternatives.
(A) Incorrect — HTTPS does not replace authentication; students still need credentials. HTTPS protects those credentials in transit.
(C) Incorrect — HTTPS provides encryption, not compression. HTTP/2 includes compression features, but that is independent of TLS.
(D) Incorrect — HTTPS encrypts the transport layer; it does not perform malware scanning on file content.
I. Telnet transmits all data, including passwords, in plaintext that can be captured by anyone on the network path.
II. SSH (port 22) provides the same remote terminal functionality as Telnet but encrypts the entire session.
III. Replacing Telnet with SSH requires replacing all the Linux servers with newer hardware.
(A) Incomplete — Statement II is also correct.
(C) Incorrect — includes the false Statement III.
(D) Incorrect — Statement III is false; SSH is a software upgrade, not a hardware requirement.
(A) Incorrect — certificate expiration does not affect server data; it affects trust verification.
(B) Incorrect — expired certificates do not disable browser security or trigger automatic downloads.
(D) Incorrect — certificate status has no effect on device visibility on the network.
(A) Valid reason — FTP plaintext transmission of SSNs is a critical vulnerability.
(B) Valid reason — SFTP encrypts the entire session using SSH.
(D) Valid reason — FERPA requires protection of student educational records, including during transmission.
(A) Incorrect — full-tunnel does not encrypt faster; it actually increases bandwidth load on the VPN concentrator.
(C) Incorrect — perimeter security does not replace endpoint protection; defense in depth requires both.
(D) Incorrect — geographic content access is a side effect, not a security advantage.
(B) Incorrect — DoH is supported natively by Chrome, Firefox, Edge, and Safari.
(C) Incorrect — DoH still resolves domains; it just encrypts the query transport.
(D) Incorrect — DoH encrypts DNS inside HTTPS; it does NOT send plaintext.
AP® is a registered trademark of the College Board, which was not involved in the production of this content.
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]