AP Cybersecurity · Unit 5 · Topic 5.4 · Exercise 1
Public vs Private Key Triage
Eight scenarios. For each, identify which key does what: encrypt with public, decrypt with private, sign with private, verify with public. The AP exam loves to test whether you can keep these pairs straight.
8 Questions~15 minScored
How This Exercise Works
Predict first: For each scenario, decide which operation is happening (encryption for confidentiality, signature for authenticity, key exchange, certificate validation).
Then apply the rules: Encrypt with recipient's PUBLIC key. Decrypt with your own PRIVATE key. Sign with your own PRIVATE key. Verify with signer's PUBLIC key.
Score0 / 8
Question 1
Alice wants to send Bob a confidential message using asymmetric cryptography. Which key should Alice use to encrypt the message?
✎ Predict before reading options. Commit to your answer first.
Exam TipTo encrypt for someone: use their PUBLIC key. Only their private key decrypts. Memorize this one sentence.
Question 2
Alice wants to prove to the world that a document was signed by her. Which key does she use to create the signature, and which key does a verifier use to check it?
✎ Predict before reading options. Commit to your answer first.
Exam TipSign with PRIVATE, verify with PUBLIC. Encrypt with PUBLIC, decrypt with PRIVATE. These are the two fundamental patterns.
Question 3
Consider these statements about RSA and ECC. Which is TRUE?
I. A 256-bit ECC key provides roughly equivalent security to a 3072-bit RSA key. II. RSA is inherently more secure than ECC at any equivalent key size. III. ECC is typically faster and uses less bandwidth than RSA at equivalent security levels.
✎ Predict before reading options. Commit to your answer first.
Exam TipECC at 256 bits = RSA at 3072 bits. Faster, smaller, equivalent security. RSA is not 'inherently stronger.'
Question 4
A company's security team reports: 'our server's public key has been exposed.' Leadership panics. What is the correct response?
✎ Predict before reading options. Commit to your answer first.
Exam TipPublic key exposed = nothing happened (it's supposed to be public). Private key exposed = critical incident.
Question 5
A mobile banking app ships with the following TLS configuration: 'accept any server certificate signed by any trusted root CA.' A pen tester with a legitimate certificate for attacker-site.com routes the app's traffic through a malicious proxy. The app accepts the connection and sends credentials. Which validation step was missing?
✎ Predict before reading options. Commit to your answer first.
Exam TipTLS validates: (1) valid CA chain, (2) matching hostname, (3) not expired, (4) not revoked. Skipping any is a vulnerability.
Question 6
Which statement most accurately describes the TLS 1.3 handshake?
✎ Predict before reading options. Commit to your answer first.
Exam TipTLS 1.3: ECDHE key exchange (forward secrecy) + digital signature for identity + symmetric AEAD for data. The hybrid is fundamental.
Question 7
A 2011 incident: DigiNotar, a Dutch Certificate Authority, was compromised. Attackers used DigiNotar to issue fraudulent certificates for Google, Yahoo, and hundreds of other domains. Roughly 300,000 Iranians were subjected to man-in-the-middle attacks. What PKI principle did this violate, and what industry response followed?
✎ Predict before reading options. Commit to your answer first.
Exam TipRogue CA = scoped MITM. Detection via Certificate Transparency logs. DigiNotar is the canonical example.
Question 8
In the context of digital signatures, what does 'non-repudiation' mean, and which cryptographic property provides it?
✎ Predict before reading options. Commit to your answer first.
Exam TipNon-repudiation = can't deny signing. Provided by asymmetric signatures because only the private key holder could have signed. HMAC does NOT provide non-repudiation.
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed.
Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Typically responds within 24 hours
✓
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.