5.2 Exercise 2: Applied Mode Selection

AP Cybersecurity · Unit 5 · Topic 5.2 · Exercise 2

Applied Mode Selection

Mode of operation matters more than algorithm choice. For each scenario, identify the correct mode or diagnose the specific mode-level failure.

6 Questions~14 minApplied · Scored

How This Exercise Works

For each scenario: Identify which mode (ECB, CBC, CTR, GCM, XTS) fits the constraints, or diagnose the specific failure (nonce reuse, deterministic IV, pattern leakage, missing integrity).

Remember the rules: ECB never for bulk data. CBC needs random IVs. CTR/GCM need unique nonces. GCM = AEAD. XTS = disk. AES-256-GCM is the modern default.

Score0 / 6
Question 1
Scenario: You are designing an encryption scheme for a database column that stores users' Social Security numbers. The application needs to encrypt on insert, decrypt on read, and be able to verify that the ciphertext hasn't been tampered with. Which algorithm + mode should you select?
✎ Predict before reading options. Commit to your answer first.
Exam TipField encryption with tamper detection = AES-GCM. AEAD modes solve both confidentiality and integrity.
Question 2
Scenario: Your application needs to encrypt 50 GB of sequential log files before archival to cold storage. The encryption can be parallelized across CPU cores. No network adversary will see the ciphertext mid-stream. Which mode best balances speed and security?
✎ Predict before reading options. Commit to your answer first.
Exam TipLarge bulk data + parallel + integrity = AES-GCM or ChaCha20-Poly1305. Both are AEAD.
Question 3
Scenario: You're implementing full-disk encryption for company laptops. The encryption must work at the block device layer, meaning the cipher encrypts every 4KB disk sector independently, and the OS can read/write any sector at random. Which mode is designed for this use case?
✎ Predict before reading options. Commit to your answer first.
Exam TipFull-disk encryption = AES-XTS. Random-access block device + per-sector uniqueness. Memorize this.
Question 4
Scenario: A developer proposes encrypting user API tokens stored in a database. She writes: 'I'll use AES-256-CBC. For the IV, I'll use the user's ID padded with zeros.' Identify the problem.
✎ Predict before reading options. Commit to your answer first.
Exam TipCBC IVs must be random and unpredictable. Deterministic or predictable IVs break CBC's guarantees.
Question 5
Scenario: A team encrypts files with AES-256-CTR. For performance, they use the same key for a year and generate nonces from an incrementing counter that occasionally wraps around when the service restarts. Identify the catastrophic risk.
✎ Predict before reading options. Commit to your answer first.
Exam TipCTR/GCM nonce reuse under same key = catastrophic. Never. Use a cryptographically random nonce or strict monotonic counter with persistent state.
Question 6
Scenario: Your company's threat model includes advanced adversaries who may have access to quantum computing in 10-15 years. For archival data that must remain confidential for 20 years, which symmetric cipher choice provides the most future-proof margin?
✎ Predict before reading options. Commit to your answer first.
Exam TipLong-term data + post-quantum margin = AES-256. CNSA 2.0 alignment.

Exercise Complete

— / 6

AP Cybersecurity · Unit 5 · Lesson 5.2 · Exercise 2
LessonExercise 1Exercise 2Quiz

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]