AP Computer Science Principles Midterm
UPDATED ACTUAL Exam Questions and
CORRECT Answers
d - CORRECT ANSWER - Internet users need to be able to transfer private data online,
like credit card numbers and social security numbers. Some cryptographic algorithms help
ensure this safety.
What makes cryptographic algorithms secure?
a. The algorithms used for cryptography are a secret.
b. The algorithms used for cryptography have been used for such a long time that we they are
secure.
c. The algorithms used for cryptography are solvable, but the solutions are kept under a secure
government protection service.
d. The algorithms used for cryptography are based on intractable (or unsolvable) problems,
making them extremely difficult to break.
d - CORRECT ANSWER - Alice posts a key for encrypting that anyone can access. Bob
uses that key to encrypt a message, then sends it to Alice. When Alice receives the message, she
decrypts it using a private key.
What kind of encryption process is this?
a. Vigenere cipher
b. Symmetric encryption
c. Certificate authority process
d. Public key encryption
b - CORRECT ANSWER - What is a Distributed Denial of Service (DDoS) attack?
a. A coordinated effort by a group to simultaneously attempt to gain entry to foreign
government's servers or systems
,b. An attempt to compromise a single target by flooding it with requests from multiple systems.
c. An attempt to harass or extort all customers of one or more Internet Service Providers (ISPs).
d. An effort by network engineers to focus all systems on catching a user or computer that has
illegally gained access.
a - CORRECT ANSWER - When storing data digitally, whether through cloud computing
or locally, there is an increased risk of theft due to the relative ease of accessing the information.
Which of the following is NOT an example of security and privacy concerns that arise from
storing data digitally?
a. A manager looks up an employee's birthday in the online company directory in order to plan a
surprise birthday party for them at the office.
b. An insurance company has a breach in their server that was accessed through stolen user
credentials and more than 80 million records were compromised.
c. A company pays for a Distributed Denial of Service (DDoS) attack that shuts down a
competitors website for an extended period of time.
d. A celebrity's phone is remotely accessed and photos are downloaded and sold to a magazine
company.
b - CORRECT ANSWER - Not all uses of data are for the greater good. One of the ways
that hackers are able to abuse the system is to infiltrate systems and collect large data-sets that
they are not supposed to have access to. This began with phone numbers and access to long
distance calling and has transformed into a criminal environment where user identities are
bought and sold on the black market.
Why might a hacker want to extract a user profile from an innocent site that has not financial
connections?
a. Site data usually includes other sites visited in their search history.
b. Users might use similar passwords on other sites.
c. All sites are connected on the internet.
d. A user's name is all that is needed to breach a bank.
,d - CORRECT ANSWER - Which of the following scenarios is most characteristic of a
phishing attack.
a. You get an unwanted email trying to sell you a low quality product or service that seems
"fishy."
b. You accidentally install a piece of software that monitors your activity to steal personal
information like your passwords, date of birth, social security number, etc.
c. You accidentally run a piece of code that automatically spreads from one computer to another,
exploiting a common vulnerability
d. You get an email from the IT support desk that asks you to send a reply email with your
username and password to verify your account
c - CORRECT ANSWER - Caesar Cipher is an older and since outdated encryption
technique used by Julius Caesar to "hide" messages he sent to his troops. Using Caesar Cipher,
each letter in the alphabet is translated to a letter with the same given offset from the original
letter. Characters that are not A-Z remain as is.
For example, if the message is HI ZOE and the shift is 2, the the encrypted message is: JK BQG
since the letter "J" is two letters after "H" in the alphabet, and "K" is two letters after the "I" in
the alphabet, etc. Notice that since the "Z" is at the end of the alphabet and the shift is 2, the
algorithm has to wrap back around to the beginning of the alphabet so that "Z" translates to "B".
Suppose that you want to encrypt the following message: REMAIN HOME. Of the following,
which would be a potential encrypted message using Caesar Cipher?
a. TGPBKP JPQG
b. SFNCKO IPNF
c. UHPDLQ KRPH
d. PFLBHO INND
a - CORRECT ANSWER - Fill in the blank of the following statement: "______
encryption is a method of encryption involving one key for both encryption and decryption."
, a. Symmetric
b. SSL
c. Asymetric
d. Public Key
d - CORRECT ANSWER - Ransomware is a relatively new form of attack on a computer
system. A ransomware attack is when an individual or group of individuals targets an
organization's server and is able to use a sophisticated form of enryption to lock down the
organization's files. Effectively, the organization cannot gain access to their own data, causing
major disruptions. The term "Ransomware" comes from the fact that the organization is asked for
money in exchange for being granted access to their files.
Of the following, which is the LEAST effective way for an organization to protect against
Ransomware?
a. Install anti-virus software on its servers.
b. Make sure that its operating system software updates are implemented on a frequent basis.
c. Educate its employees about cybersecurity concerns and how to proactively address them.
d. Make frequent backups of its data and store the backups online on the same server as the
original data.
b - CORRECT ANSWER - A coffee shop is considering accepting orders and payments
through their phone app and have decided to use public key encryption to encrypt their
customers' credit card information. Is this a secure form of payment?
a. No, public key encryption allows the credit card information to be read by the public.
b. Yes, public key encryption is built upon computationally hard problems that even powerful
computers cannot easily solve.
c. No, the internet protocols are open standards and thus everything sent over the internet is sent
"in the clear".
d. Yes, public key encryption is secure because it transmits credit card information in binary.
UPDATED ACTUAL Exam Questions and
CORRECT Answers
d - CORRECT ANSWER - Internet users need to be able to transfer private data online,
like credit card numbers and social security numbers. Some cryptographic algorithms help
ensure this safety.
What makes cryptographic algorithms secure?
a. The algorithms used for cryptography are a secret.
b. The algorithms used for cryptography have been used for such a long time that we they are
secure.
c. The algorithms used for cryptography are solvable, but the solutions are kept under a secure
government protection service.
d. The algorithms used for cryptography are based on intractable (or unsolvable) problems,
making them extremely difficult to break.
d - CORRECT ANSWER - Alice posts a key for encrypting that anyone can access. Bob
uses that key to encrypt a message, then sends it to Alice. When Alice receives the message, she
decrypts it using a private key.
What kind of encryption process is this?
a. Vigenere cipher
b. Symmetric encryption
c. Certificate authority process
d. Public key encryption
b - CORRECT ANSWER - What is a Distributed Denial of Service (DDoS) attack?
a. A coordinated effort by a group to simultaneously attempt to gain entry to foreign
government's servers or systems
,b. An attempt to compromise a single target by flooding it with requests from multiple systems.
c. An attempt to harass or extort all customers of one or more Internet Service Providers (ISPs).
d. An effort by network engineers to focus all systems on catching a user or computer that has
illegally gained access.
a - CORRECT ANSWER - When storing data digitally, whether through cloud computing
or locally, there is an increased risk of theft due to the relative ease of accessing the information.
Which of the following is NOT an example of security and privacy concerns that arise from
storing data digitally?
a. A manager looks up an employee's birthday in the online company directory in order to plan a
surprise birthday party for them at the office.
b. An insurance company has a breach in their server that was accessed through stolen user
credentials and more than 80 million records were compromised.
c. A company pays for a Distributed Denial of Service (DDoS) attack that shuts down a
competitors website for an extended period of time.
d. A celebrity's phone is remotely accessed and photos are downloaded and sold to a magazine
company.
b - CORRECT ANSWER - Not all uses of data are for the greater good. One of the ways
that hackers are able to abuse the system is to infiltrate systems and collect large data-sets that
they are not supposed to have access to. This began with phone numbers and access to long
distance calling and has transformed into a criminal environment where user identities are
bought and sold on the black market.
Why might a hacker want to extract a user profile from an innocent site that has not financial
connections?
a. Site data usually includes other sites visited in their search history.
b. Users might use similar passwords on other sites.
c. All sites are connected on the internet.
d. A user's name is all that is needed to breach a bank.
,d - CORRECT ANSWER - Which of the following scenarios is most characteristic of a
phishing attack.
a. You get an unwanted email trying to sell you a low quality product or service that seems
"fishy."
b. You accidentally install a piece of software that monitors your activity to steal personal
information like your passwords, date of birth, social security number, etc.
c. You accidentally run a piece of code that automatically spreads from one computer to another,
exploiting a common vulnerability
d. You get an email from the IT support desk that asks you to send a reply email with your
username and password to verify your account
c - CORRECT ANSWER - Caesar Cipher is an older and since outdated encryption
technique used by Julius Caesar to "hide" messages he sent to his troops. Using Caesar Cipher,
each letter in the alphabet is translated to a letter with the same given offset from the original
letter. Characters that are not A-Z remain as is.
For example, if the message is HI ZOE and the shift is 2, the the encrypted message is: JK BQG
since the letter "J" is two letters after "H" in the alphabet, and "K" is two letters after the "I" in
the alphabet, etc. Notice that since the "Z" is at the end of the alphabet and the shift is 2, the
algorithm has to wrap back around to the beginning of the alphabet so that "Z" translates to "B".
Suppose that you want to encrypt the following message: REMAIN HOME. Of the following,
which would be a potential encrypted message using Caesar Cipher?
a. TGPBKP JPQG
b. SFNCKO IPNF
c. UHPDLQ KRPH
d. PFLBHO INND
a - CORRECT ANSWER - Fill in the blank of the following statement: "______
encryption is a method of encryption involving one key for both encryption and decryption."
, a. Symmetric
b. SSL
c. Asymetric
d. Public Key
d - CORRECT ANSWER - Ransomware is a relatively new form of attack on a computer
system. A ransomware attack is when an individual or group of individuals targets an
organization's server and is able to use a sophisticated form of enryption to lock down the
organization's files. Effectively, the organization cannot gain access to their own data, causing
major disruptions. The term "Ransomware" comes from the fact that the organization is asked for
money in exchange for being granted access to their files.
Of the following, which is the LEAST effective way for an organization to protect against
Ransomware?
a. Install anti-virus software on its servers.
b. Make sure that its operating system software updates are implemented on a frequent basis.
c. Educate its employees about cybersecurity concerns and how to proactively address them.
d. Make frequent backups of its data and store the backups online on the same server as the
original data.
b - CORRECT ANSWER - A coffee shop is considering accepting orders and payments
through their phone app and have decided to use public key encryption to encrypt their
customers' credit card information. Is this a secure form of payment?
a. No, public key encryption allows the credit card information to be read by the public.
b. Yes, public key encryption is built upon computationally hard problems that even powerful
computers cannot easily solve.
c. No, the internet protocols are open standards and thus everything sent over the internet is sent
"in the clear".
d. Yes, public key encryption is secure because it transmits credit card information in binary.
