Five exam-style questions on the highest-tested distinctions in this lesson: which key does what, PKI chain of trust, certificate pinning, lifecycle management, and the post-quantum transition.
5 Questions~10 minScored · Exam-style
How to Approach
Predict first: For each scenario, decide what the question is really testing (which key / which validation step / which operational control).
Remember the four truths: (1) public keys are public, (2) hybrid crypto is standard, (3) PKI trust fails at any broken link, (4) post-quantum migration is hybrid and ongoing.
Score0 / 5
Question 1
A web developer explains: 'We use asymmetric cryptography for everything in our session — it's more secure than symmetric.' Evaluate this statement.
✎ Predict before reading options. Commit to your answer first.
Exam TipAsymmetric: identity, signatures, key exchange. Symmetric: bulk data. The hybrid is fundamental.
Question 2
A server's TLS certificate was signed by a Certificate Authority. Which of the following statements about this are TRUE?
I. The CA signed the certificate with its own private key. II. The browser verifies the CA signature using the CA's public key. III. The CA's public key must be pre-trusted by the browser (via OS/browser root store) for the chain to be valid.
✎ Predict before reading options. Commit to your answer first.
Exam TipPKI chain: CA private signs cert. CA public verifies. Root CA public pre-trusted by OS/browser. All three must hold.
Question 3
A mobile app connects to its backend API over HTTPS. The developer wants to prevent any MITM attack — even one using a legitimate certificate from a compromised CA or a corporate TLS-inspection proxy. Which control achieves this?
✎ Predict before reading options. Commit to your answer first.
Exam TipCertificate pinning defeats rogue-CA MITM. You control both ends of a mobile app, so pin the expected backend cert.
Question 4
An organization's certificate expired yesterday, causing an outage. The security team asks: 'How do we prevent this from happening again?' Which recommendation best addresses the root cause?
✎ Predict before reading options. Commit to your answer first.
Exam TipCertificate expiration outages = always preventable via automation. ACME / ACM / monitoring at 30 days. Manual processes will fail.
Question 5
A security architect is designing for 'harvest now, decrypt later' attacks by future quantum computers. Data must remain confidential for at least 20 years. Which approach is most appropriate?
✎ Predict before reading options. Commit to your answer first.
Exam TipLong-term data: hybrid classical + post-quantum + AES-256. Don't wait; don't rush. Harvest-now-decrypt-later is already a real threat.
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed.
Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Typically responds within 24 hours
✓
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.