Five exam-style questions. Each tests a distinction the AP exam loves: algorithm vs mode, symmetric vs asymmetric, confidentiality vs integrity, strong algorithm + weak key management.
5 Questions~10 minScored · Exam-style
How to Approach
Predict-first: read the scenario, commit to a category (algorithm / mode / IV / key management), then look at options.
Remember: ECB never for bulk. AES + right mode + separate keys is the recipe. 3DES/DES/RC4/MD5/SHA-1 in modern contexts = deprecated.
Score0 / 5
Question 1
An organization still uses 3DES-CBC for encrypting payment data at rest. Their security consultant flags this. Why is 3DES flagged despite running DES three times?
✎ Predict before reading options. Commit to your answer first.
Exam Tip3DES, DES, RC4, MD5, SHA-1 in modern scenarios = formal deprecation = vulnerability.
Question 2
Consider the following four statements about modes of operation. Which is TRUE?
✎ Predict before reading options. Commit to your answer first.
A developer proposes encrypting all user Social Security numbers in the database with AES-256-ECB. A colleague says, 'AES-256 is unbreakable — that's secure enough.' What is the correct response?
✎ Predict before reading options. Commit to your answer first.
Exam TipECB for fields = value equality leaks between records. Use GCM or CBC with random IVs.
Question 4
Which statement most accurately describes the relationship between symmetric and asymmetric cryptography in modern TLS?
✎ Predict before reading options. Commit to your answer first.
Exam TipAsymmetric for key exchange. Symmetric for bulk data. This is why both exist and why 5.2 and 5.4 connect.
Question 5
A service encrypts large data files with AES-256-GCM. The team notices that they occasionally get decryption failures where GCM reports that the authentication tag doesn't match. A developer suggests, 'let's ignore the tag mismatch and return the decrypted data anyway for better user experience.' What is the correct response and why?
✎ Predict before reading options. Commit to your answer first.
Exam TipAEAD tag mismatch = fail closed. Never return 'decrypted' data from a failed tag verification. That's what the tag is for.
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed.
Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Typically responds within 24 hours
✓
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.