5.4 Lab: PKI Incident Response

AP Cybersecurity · Unit 5 · Topic 5.4 · Lab

PKI Incident Response

Six tickets. Private keys leaked, certificates expired, rogue issuance, code-signing compromise, post-quantum questions. For each one, identify the correct triage and response.

6 Tickets~20 minApplied · Scored

Triage Rules

Private key compromise: Always severity 1. Revoke + rotate + check forward secrecy + disclose.

Certificate expiration: Always automate. Never rely on manual renewal reminders.

Suspicious CT log entries: Revoke + CAA tightening + internal audit. This is what CT is for.

Score0 / 6
Question 1
Ticket #P-4001 — Priority: Critical

Monitoring alerts that your company's server private key appeared on a paste site. Services affected: customer-facing HTTPS for app.company.com. What's the complete triage?
✎ Predict before reading options. Commit to your answer first.
Exam TipPrivate key leak = severity 1. Revoke + rotate + check forward secrecy + disclose. No waiting.
Question 2
Ticket #P-4002 — Priority: High

Customer reports that one of your internal tools shows a certificate warning in the browser: 'this certificate has expired.' Service is still accessible but users see warnings. Development team says: 'no big deal, users can click through.' What's wrong with this attitude?
✎ Predict before reading options. Commit to your answer first.
Exam TipExpired certs = operational failure + security culture problem. Automate renewal. Never train users to ignore warnings.
Question 3
Ticket #P-4003 — Priority: Medium

Security team notices a certificate for internal-admin.company.com was issued by a public CA you don't normally use. You discover via Certificate Transparency logs that the cert was issued yesterday. No one on the team requested it. Triage?
✎ Predict before reading options. Commit to your answer first.
Exam TipUnauthorized cert in CT = possible rogue issuance. Revoke + CAA restriction + investigate. This is what CT is for.
Question 4
Ticket #P-4004 — Priority: Urgent

A developer committed an RSA private key to a public GitHub repository six hours ago. The key is used by the company's API-signing service. CI detected it 20 minutes ago but it's been publicly visible for ~6 hours. Triage?
✎ Predict before reading options. Commit to your answer first.
Exam TipPrivate key in public repo = permanently compromised. Rotate. Audit. Improve process. Assume it was scraped.
Question 5
Ticket #P-4005 — Priority: Critical

Code-signing certificate for a Windows application was stolen. The attacker has already signed a malicious binary with it and distributed it. Thousands of users received a 'legitimate' installer that was actually malware. Triage?
✎ Predict before reading options. Commit to your answer first.
Exam TipStolen code-signing key = users unknowingly run malware. Revoke + CA/vendor coordination + disclose. Time-critical.
Question 6
Ticket #P-4006 — Priority: Medium

Infosec leadership asks: 'We hear about post-quantum cryptography. Should we start migrating now?' Your recommendation, with reasoning.
✎ Predict before reading options. Commit to your answer first.
Exam TipPost-quantum: hybrid deployment for long-lived data today, monitor and plan for full migration. Don't wait; don't rush.

Lab Complete

— / 6

AP Cybersecurity · Unit 5 · Lesson 5.4 · Lab

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]