5.4 Quiz: Asymmetric Cryptography & PKI

AP Cybersecurity · Unit 5 · Topic 5.4 · Quiz

5.4 Checkpoint: Asymmetric Cryptography & PKI

Five exam-style questions on the highest-tested distinctions in this lesson: which key does what, PKI chain of trust, certificate pinning, lifecycle management, and the post-quantum transition.

5 Questions~10 minScored · Exam-style

How to Approach

Predict first: For each scenario, decide what the question is really testing (which key / which validation step / which operational control).

Remember the four truths: (1) public keys are public, (2) hybrid crypto is standard, (3) PKI trust fails at any broken link, (4) post-quantum migration is hybrid and ongoing.

Score0 / 5
Question 1
A web developer explains: 'We use asymmetric cryptography for everything in our session — it's more secure than symmetric.' Evaluate this statement.
✎ Predict before reading options. Commit to your answer first.
Exam TipAsymmetric: identity, signatures, key exchange. Symmetric: bulk data. The hybrid is fundamental.
Question 2
A server's TLS certificate was signed by a Certificate Authority. Which of the following statements about this are TRUE?

I. The CA signed the certificate with its own private key.
II. The browser verifies the CA signature using the CA's public key.
III. The CA's public key must be pre-trusted by the browser (via OS/browser root store) for the chain to be valid.
✎ Predict before reading options. Commit to your answer first.
Exam TipPKI chain: CA private signs cert. CA public verifies. Root CA public pre-trusted by OS/browser. All three must hold.
Question 3
A mobile app connects to its backend API over HTTPS. The developer wants to prevent any MITM attack — even one using a legitimate certificate from a compromised CA or a corporate TLS-inspection proxy. Which control achieves this?
✎ Predict before reading options. Commit to your answer first.
Exam TipCertificate pinning defeats rogue-CA MITM. You control both ends of a mobile app, so pin the expected backend cert.
Question 4
An organization's certificate expired yesterday, causing an outage. The security team asks: 'How do we prevent this from happening again?' Which recommendation best addresses the root cause?
✎ Predict before reading options. Commit to your answer first.
Exam TipCertificate expiration outages = always preventable via automation. ACME / ACM / monitoring at 30 days. Manual processes will fail.
Question 5
A security architect is designing for 'harvest now, decrypt later' attacks by future quantum computers. Data must remain confidential for at least 20 years. Which approach is most appropriate?
✎ Predict before reading options. Commit to your answer first.
Exam TipLong-term data: hybrid classical + post-quantum + AES-256. Don't wait; don't rush. Harvest-now-decrypt-later is already a real threat.

Quiz Complete

— / 5

AP Cybersecurity · Unit 5 · Lesson 5.4 · Quiz

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]