AP Cybersecurity Unit 5 Exam: Securing Applications & Data
Unit 5 Exam: Securing Applications & Data
20 Questions · All Six Lessons · 25–35 min · Instant feedback
- 20 multiple-choice questions spanning all six lessons in Unit 5 (3 or 4 questions per lesson).
- Click Check Answer after each question to see feedback.
- Your total score and a per-lesson breakdown appear at the bottom once you have answered all 20.
- Target: 16 of 20 (80%) or better. Below 14 of 20, revisit the weakest lessons before the real AP exam.
00:00
5.1 Application & Data Vulnerabilities (Q1–Q3) · 5.2 Symmetric Cryptography (Q4–Q7) · 5.3 Hashing for Data Integrity (Q8–Q10) · 5.4 Asymmetric Cryptography & PKI (Q11–Q14) · 5.5 Protecting Applications (Q15–Q17) · 5.6 Detecting Attacks on Data & Applications (Q18–Q20)
def authenticate(username, password):
sql = "SELECT id FROM users WHERE name='" + username + "'"
row = db.execute(sql).fetchone()
if row and verify_hash(password, row.pw_hash):
return row.id
return NoneWhich single statement BEST identifies the most severe vulnerability in this code?
I. An attacker posts a comment containing
that executes when any visitor loads the page.II. An attacker crafts a link containing JavaScript in a URL parameter; users who click it from a phishing email run the script in the context of the vulnerable site.
III. An attacker brute-forces the application's administrator login via repeated HTTP POST requests.
Which of these attacks does the described vulnerability (missing output encoding) ENABLE?
const KEY = loadSecretKey();
const IV = Buffer.alloc(16, 0); // all zeros, reused for every record
function encryptRecord(plaintext) {
const cipher = crypto.createCipheriv('aes-256-cbc', KEY, IV);
return Buffer.concat([cipher.update(plaintext), cipher.final()]);
}Which of the following BEST describes the most serious cryptographic flaw in this implementation?
I. The browser verifies that the certificate was signed by a Certificate Authority (CA) whose root certificate is already installed in the browser's trust store.
II. The browser performs a DNS lookup to verify that the certificate's listed hostname resolves to the same IP address as the server presenting the certificate.
III. The browser checks that the certificate has not expired and has not been revoked.
Which of these statements accurately describe steps that a modern browser performs during TLS certificate validation?
ALL PRIVILEGES on every table, including administrative permissions to create and drop tables. Which of the following principles is MOST DIRECTLY violated by this configuration?
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]