Safe Computing (College Board AP® Computer Science Principles): Exam Questions

44 mins44 questions
1
1 mark

What is personally identifiable information (PII)?

  • Any data stored on a public web server

  • Information that identifies, links to, relates to, or describes an individual

  • Information that has been fully encrypted

  • Data that contains no reference to any person

2
1 mark

What is authentication?

  • The process of verifying that a user is who they claim to be before granting access

  • The process of encoding data so it cannot be read

  • The process of copying a file to a backup server

  • The process of compressing data to save space

3
1 mark

What is encryption?

  • Reducing the size of a file so it transfers faster

  • Permanently deleting data so no one can recover it

  • Copying data to several servers for backup

  • Encoding data so that only authorized parties with the correct key can read it

4
1 mark

What is social engineering?

  • An attack that tricks people into revealing information or taking actions that compromise security

  • The process of designing a social media platform

  • A method of encrypting messages between friends

  • A way of speeding up a slow network

5
1 mark

A fitness app records the GPS coordinates of every route a user runs and stores them on the company's servers. Which type of data collection does this describe?

  • Location tracking

  • Symmetric encryption

  • Multi-factor authentication

  • Data compression

6
1 mark

An online store uses a shopper's past browsing and purchase history to suggest products they might like. Which statement best explains why many users accept this kind of data collection?

  • It permanently deletes the user's personal data

  • It enhances the user experience by offering relevant, convenient recommendations

  • It guarantees the user can never be identified

  • It encrypts every message the user sends

7
1 mark

In a shared document, some team members can only read the file while others are allowed to edit it. Which security concept controls what each user is allowed to do?

  • Data aggregation

  • Access control through permissions

  • Symmetric encryption

  • Keylogging

8
1 mark

Why is it recommended to use a different password for each online account?

  • It makes each password shorter and easier to type

  • It allows the same password to be shared safely

  • So that if one account is compromised, the others remain protected

  • It removes the need to remember any passwords

9
1 mark

Multi-factor authentication uses factors from different categories. Which of the following is an example of 'something the user has'?

  • A memorized password

  • A fingerprint scan

  • An answer to a security question

  • A one-time code sent to the user's phone

10
1 mark

How does anti-malware software typically detect threats on a device?

  • By scanning files and comparing them against known malware patterns

  • By deleting every file on the device

  • By sharing the user's password with a certificate authority

  • By increasing the network's bandwidth

11
1 mark

What is the specific purpose of a security patch within a software update?

  • To increase the amount of storage on the device

  • To fix a recently discovered security vulnerability

  • To permanently delete the user's files

  • To change the color scheme of the program

12
1 mark

Which of the following user practices makes a person more vulnerable to attack?

  • Reusing the same password across many accounts

  • Verifying the sender before clicking a link

  • Installing security updates when they are released

  • Downloading software only from official sources

13
1 mark

A user installs a free video editor from an unofficial website, and it secretly installs malware on their computer. Which unsafe practice most directly led to this?

  • Using multi-factor authentication

  • Downloading software from an untrusted source

  • Verifying the website's certificate

  • Choosing a long, unique password

1
1 mark

Which two of the following are examples of personally identifiable information (PII)? Select two answers.

  • Today's weather forecast

  • A public bus timetable

  • A person's home address and phone number

  • A person's medical records

2
1 mark

Individually, a person's app downloads, their daily step count, and their music playlist seem harmless. Combined, they can build a detailed profile revealing habits and health. What privacy concept does this describe?

  • Multi-factor authentication

  • Encryption

  • Data aggregation

  • Open access

3
1 mark

Which two reasons make it difficult to fully remove content once it has been posted publicly online? Select two answers.

  • Copies may be stored on multiple servers and backup systems

  • Posting content permanently encrypts it

  • The Internet has unlimited bandwidth

  • Other users may have screenshotted or downloaded it

4
1 mark

A free mobile game quietly records its users' location and sells it to a data broker. This is best described as:

  • A reduction of the digital divide

  • An example of strong encryption protecting the user

  • Multi-factor authentication in action

  • Data being used in a way the user did not originally intend

5
1 mark

Which of the following best describes a strong password?

  • A short, common word that is easy to remember

  • Long, mixing letters, numbers, and symbols, and avoiding common words or dates

  • The same password reused on every account

  • A person's own name and year of birth

6
1 mark

To log in to a work email account, a user enters a password and then approves a prompt sent to their registered phone. This combines something they know with something they have, which is:

  • A certificate authority

  • Symmetric encryption

  • Multi-factor authentication

  • Data aggregation

7
1 mark

Multi-factor authentication combines evidence from different categories. Which two of the following are valid MFA factors? Select two answers.

  • The brand of your laptop

  • Something you know, such as a password

  • Something you are, such as a fingerprint

  • The current time of day

8
1 mark

How does public key encryption differ from symmetric encryption?

  • Public key encryption uses a pair of keys (public to encrypt, private to decrypt), while symmetric uses the same key for both

  • Public key encryption uses no keys at all

  • Symmetric encryption uses a public and a private key

  • They are two names for exactly the same method

9
1 mark

What is the role of a certificate authority?

  • A program that spreads malware between computers

  • A trusted organization that issues certificates verifying a public key belongs to the entity claiming it

  • A device that boosts a network's bandwidth

  • A tool that guesses passwords by brute force

10
1 mark

What is a computer virus?

  • A type of strong password

  • A trusted program that speeds up a computer

  • Malicious software that can copy itself and gain unauthorized access, often attaching to legitimate programs

  • A digital certificate issued by a browser

11
1 mark

Why is it important to install software security updates promptly?

  • They are only about changing the program's appearance

  • They always make the program run more slowly

  • They delete the user's personal files

  • They patch known vulnerabilities that attackers could otherwise exploit

12
1 mark

A user receives an urgent email claiming to be from a parcel delivery company, with a link to a page asking them to enter their account login. What kind of attack is this?

  • A rogue access point

  • Phishing

  • Symmetric encryption

  • Keylogging

13
1 mark

Which is the best way to avoid falling for a phishing email?

  • Reply with your password to confirm your identity

  • Click every link quickly before the offer expires

  • Verify the sender and avoid clicking unexpected links, hovering to inspect where they lead

  • Open all attachments to check what they contain

14
1 mark

Malware secretly records every key a user types, capturing their passwords as they log in. What is this technique called?

  • A software update

  • Phishing

  • Crowdsourcing

  • Keylogging

15
1 mark

In a hotel lobby, a user connects to a Wi-Fi network that looks official but is actually controlled by an attacker who monitors and redirects their traffic. What is this attack?

  • A rogue access point

  • Phishing

  • Multi-factor authentication

  • A certificate authority

16
1 mark

A criminal obtains a person's stolen personal information and uses it to open credit accounts in that person's name. Which privacy risk does this describe?

  • Data aggregation

  • The digital divide

  • Identity theft

  • Multi-factor authentication

17
1 mark

Someone uses another person's public location check-ins and social media posts to work out their daily routine and follow their movements. Which privacy risk does this best describe?

  • Encryption

  • A certificate authority

  • Reducing the digital divide

  • Stalking

18
1 mark

A user deletes an old social media post, but a potential employer still finds it years later because it had been screenshotted and re-shared. Which property of online information does this illustrate?

  • Persistence, because information is difficult to fully delete once shared

  • Encryption, because the post was encoded with a key

  • Authentication, because the employer verified their identity

  • Compression, because the post was reduced in size

19
1 mark

A company combines several harmless-looking pieces of data to build a detailed profile of a user. Which two of the following are examples of disparate data that can be aggregated in this way?

Select two answers.

  • A publicly posted weather forecast

  • A published train timetable

  • A user's geolocation history

  • A user's browsing history

20
1 mark

Which statement correctly describes symmetric encryption?

  • It uses a public key to encrypt and a separate private key to decrypt

  • It uses the same key to encrypt and decrypt, so the key must be shared securely beforehand

  • It requires no key at all to decode the data

  • It is only used to verify the identity of a website

21
1 mark

When a browser connects to a website over a secure (HTTPS) connection, how does it confirm that the website is genuine before exchanging encrypted data?

  • It compresses the website's files to check their size

  • It reuses the same password on every site

  • It records the user's keystrokes for verification

  • It checks a digital certificate issued by a certificate authority

22
1 mark

Which two of the following actions help protect a device against malware?

Select two answers.

  • Reusing one password for every account

  • Running anti-malware software to scan for threats

  • Opening every email attachment to check it

  • Keeping software up to date so known vulnerabilities are patched

23
1 mark

An old smartphone no longer receives security updates from its manufacturer. Why does this make the device less secure over time?

  • The device will run out of storage space immediately

  • Its screen will stop displaying certificates

  • Newly discovered vulnerabilities will no longer be patched, leaving it exposed to known attacks

  • All of its data will be automatically encrypted

24
1 mark

Which two of the following are tactics commonly used in phishing attacks?

Select two answers.

  • Urgent or threatening language that pressures the user to act quickly

  • A digital certificate issued by a certificate authority

  • A link to a fake login page designed to capture credentials

  • A software update that patches a vulnerability

25
1 mark

A text message says, 'Your bank account will be locked in one hour unless you confirm your details here,' with a link. Which social engineering technique is being used?

  • Symmetric encryption

  • Keeping software up to date

  • A certificate authority

  • Creating a sense of urgency to make the user act quickly

26
1 mark

While using free open Wi-Fi in a cafe, a user's data is read by an attacker connected to the same network before it reaches its destination. Which technical exploitation method is this?

  • Phishing

  • Multi-factor authentication

  • Network interception

  • A software patch

27
1 mark

A small hardware device is secretly attached to the keyboard cable of a public library computer and records everything that users type. Which technique is being used?

  • A rogue access point

  • Symmetric encryption

  • A certificate authority

  • Keylogging

1
1 mark

An attack succeeds without the user noticing anything, by targeting a weakness in the network rather than tricking the person. This is best classified as:

  • Social engineering

  • A technical exploitation method

  • Phishing

  • Attribution

2
1 mark

An attacker correctly guesses a user's password but still cannot log in, because the system also requires a code from an app on the user's phone. Which security measure prevented the attacker's access?

  • Multi-factor authentication

  • Symmetric encryption

  • A certificate authority

  • Data compression

3
1 mark

Using public key encryption, one person wants to send a private message that only the intended recipient can read. Which key should be used to encrypt the message?

  • The sender's private key

  • A shared symmetric key known to everyone

  • The recipient's public key

  • The recipient's private key

4
1 mark

Which of the following is a technical exploitation method rather than a form of social engineering?

  • Setting up a rogue access point to intercept users' traffic

  • Sending a disguised email to trick a user into revealing a password

  • Phoning someone and pretending to be their bank to obtain details

  • Creating a fake login page to capture entered credentials