5.2 Quiz: Symmetric Cryptography

AP Cybersecurity · Unit 5 · Topic 5.2 · Quiz

5.2 Checkpoint: Symmetric Cryptography

Five exam-style questions. Each tests a distinction the AP exam loves: algorithm vs mode, symmetric vs asymmetric, confidentiality vs integrity, strong algorithm + weak key management.

5 Questions~10 minScored · Exam-style

How to Approach

Predict-first: read the scenario, commit to a category (algorithm / mode / IV / key management), then look at options.

Remember: ECB never for bulk. AES + right mode + separate keys is the recipe. 3DES/DES/RC4/MD5/SHA-1 in modern contexts = deprecated.

Score0 / 5
Question 1
An organization still uses 3DES-CBC for encrypting payment data at rest. Their security consultant flags this. Why is 3DES flagged despite running DES three times?
✎ Predict before reading options. Commit to your answer first.
Exam Tip3DES, DES, RC4, MD5, SHA-1 in modern scenarios = formal deprecation = vulnerability.
Question 2
Consider the following four statements about modes of operation. Which is TRUE?
✎ Predict before reading options. Commit to your answer first.
Exam TipGCM = AEAD = confidentiality + integrity. Canonical modern default.
Question 3
A developer proposes encrypting all user Social Security numbers in the database with AES-256-ECB. A colleague says, 'AES-256 is unbreakable — that's secure enough.' What is the correct response?
✎ Predict before reading options. Commit to your answer first.
Exam TipECB for fields = value equality leaks between records. Use GCM or CBC with random IVs.
Question 4
Which statement most accurately describes the relationship between symmetric and asymmetric cryptography in modern TLS?
✎ Predict before reading options. Commit to your answer first.
Exam TipAsymmetric for key exchange. Symmetric for bulk data. This is why both exist and why 5.2 and 5.4 connect.
Question 5
A service encrypts large data files with AES-256-GCM. The team notices that they occasionally get decryption failures where GCM reports that the authentication tag doesn't match. A developer suggests, 'let's ignore the tag mismatch and return the decrypted data anyway for better user experience.' What is the correct response and why?
✎ Predict before reading options. Commit to your answer first.
Exam TipAEAD tag mismatch = fail closed. Never return 'decrypted' data from a failed tag verification. That's what the tag is for.

Quiz Complete

— / 5

AP Cybersecurity · Unit 5 · Lesson 5.2 · Quiz

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]