Safe Computing
Help Questions
AP Computer Science Principles › Safe Computing
To access a secure facility, an employee must swipe a keycard and also place their hand on a palm scanner. These two authentication factors fall into which of the following categories, respectively?
Possession and inherence
Inherence and possession
Knowledge and inherence
Possession and knowledge
Explanation
A keycard is an example of 'something you have,' which is the possession factor. A palm scan is an example of 'something you are,' which is the inherence factor. Therefore, the two factors are possession and inherence, respectively.
A user receives an email that appears to be from a popular social media site. The email warns that the user's account will be deactivated unless they click a link and enter their login credentials to confirm their identity. This is most likely an attempt at what type of attack?
A computer virus infection
A phishing attack
A keylogging attack
A rogue access point attack
Explanation
This is a classic example of a phishing attack, which uses deceptive emails and websites to trick users into providing sensitive personal information. Keylogging, rogue access points, and viruses are different types of security threats that do not match the described scenario.
A marketing company legally obtains data about a user's geolocation from a mapping app, their purchase history from an e-commerce site, and their stated interests from a social media profile. What is the primary privacy risk of combining these disparate data sets?
The user's device will perform more slowly due to the increased amount of data being tracked.
The aggregation of this information can create a detailed personal profile, revealing sensitive patterns about the user's life.
The user will receive less relevant advertisements, as the combined data will be too confusing for algorithms to process.
The data sets could be stored inefficiently, taking up a large amount of digital space.
Explanation
The aggregation of seemingly unrelated data can create a comprehensive profile of an individual's habits, preferences, and daily routines. This knowledge can be exploited in ways the user never intended, posing a significant privacy risk.
Even if an email appears to be from a known sender, what is the most significant security risk of opening an unexpected file attachment?
The file could be in a format that the user's computer is unable to open.
The sender's email account could have been compromised, and the attachment may contain malware.
The file could use a large amount of Internet bandwidth to download.
The file's contents might violate the sender's company policy on email usage.
Explanation
Email accounts can be compromised and used to send malware to contacts. Therefore, an unexpected attachment, even from a known sender, poses a significant risk of containing a virus or other malicious software.
After browsing a series of websites, a user starts seeing highly specific advertisements related to the content they viewed. This is primarily made possible by which of the following technologies?
A government program that requires all websites to show the same ads to users.
The user's Internet Service Provider slowing down access to certain sites.
The websites' use of cookies and other trackers to record browsing history.
A computer virus that randomly generates advertisements based on keywords.
Explanation
Targeted advertising relies on tracking technologies like cookies that websites place on a user's browser. These trackers record the user's activity, which is then used to create a profile for delivering specific, relevant ads. This data collection is a key aspect of online privacy.
Which of the following is a primary characteristic of a strong password?
It is the same password used for multiple online accounts for convenience.
It is a common word or phrase that is easy for the user to remember.
It is a long sequence of varied characters, including letters, numbers, and symbols.
It is directly related to the user's personal information, such as their birthdate.
Explanation
A strong password is difficult for others to guess and for computers to crack. This is best achieved by using a long password with a mix of character types. The other options describe practices that lead to weak, easily compromised passwords.
A person posts a photograph to their social media account but quickly deletes it. Which of the following statements best explains why the photograph might still be accessible online?
Deleting a post from one's own view does not always immediately remove it from the platform's servers or from the devices of others who may have saved it.
Social media platforms are required by law to make all deleted content publicly available for 30 days.
The photograph is automatically converted into a public domain image as soon as it is uploaded, making it impossible to delete.
Most social media platforms do not actually have a delete function; they only allow users to archive content.
Explanation
Once information is placed online, it can be difficult or impossible to remove completely. Data may persist on servers, in backups, or be copied and shared by other users before the original is deleted. The other options are factually incorrect.
Which of the following statements best distinguishes a computer virus from the broader category of malware?
A computer virus can only be spread through physical media like USB drives, unlike other malware.
A computer virus is the only type of malware that can steal financial information.
A computer virus is designed to attach to legitimate programs and replicate itself, while malware is a general term for any malicious software.
A computer virus is designed to be annoying but harmless, whereas other malware always causes system damage.
Explanation
A computer virus is a specific type of malware characterized by its ability to replicate and attach itself to other files or programs. Malware is the overarching term that includes viruses, spyware, ransomware, and other malicious software.
Based on the text, safe computing in a hospital billing office includes strong access control, timely updates, and careful handling of patient data. The office keeps insurance records on a shared drive, and only certain roles should open them. Privacy concerns grow when staff store files on personal devices, because control and auditing weaken. Security concerns grow when systems skip updates, because attackers exploit known weaknesses. The hospital adds data encryption, meaning files become unreadable without an authorized key. It also uses two-factor authentication, which requires a password plus a second check, such as a code. Ethical computing requires protecting vulnerable patients and avoiding unnecessary data collection. A breach occurs when an employee uses a simple password and reuses it on a social site. Attackers guess the password, enter the billing system, and expose thousands of records. The hospital pays notification costs, faces regulatory fines, and loses community trust (Health and Human Services HHS, 2021). What is the purpose of two-factor authentication in the passage?
It works only when users reuse passwords, because repetition helps systems recognize legitimate logins.
It adds a second verification step, reducing harm when a password is guessed or stolen.
It encrypts every file automatically, so passwords become unnecessary for accessing patient records.
It prevents device theft by locking office doors, which stops outsiders from entering buildings.
Explanation
This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing encompasses authentication methods like two-factor authentication, which adds an extra layer of security beyond passwords. The passage provides the example of requiring 'a password plus a second check, such as a code' to illustrate how two-factor authentication works in protecting patient data. Choice A is correct because it accurately describes how two-factor authentication adds a second verification step, reducing harm when a password is guessed or stolen, which directly addresses the vulnerability exploited in the breach where attackers guessed a simple, reused password. Choice B is incorrect because it confuses two-factor authentication with encryption - authentication controls access while encryption scrambles data, and the passage clearly distinguishes these as separate security measures. To help students: Focus on understanding different security layers and their specific purposes. Encourage students to identify how each security measure addresses different vulnerabilities. Practice distinguishing between authentication (verifying identity) and encryption (protecting data). Watch for: confusing different security technologies, misunderstanding how security measures complement rather than replace each other, overlooking the specific vulnerability each measure addresses.
Read the passage. In a Personal Data Security lesson, students learn that safe computing includes recognizing social engineering, meaning manipulation that pressures quick decisions. Privacy concerns include strangers collecting details from public profiles. Security concerns include phishing calls that request verification codes and malware that captures screenshots. Ethical implications include refusing to prank-call others with spoofed numbers and reporting harassment. The passage notes that breaches often lead to account takeovers, financial loss, and emotional stress (National Institute of Standards and Technology NIST, 2018). What role does recognizing social engineering play in enhancing cybersecurity according to the passage?
It guarantees privacy by stopping websites from collecting any information about visitors.
It works only for companies with security teams, not for individuals at home.
It helps users resist pressure tactics, reducing the chance they disclose passwords or codes.
It eliminates the need for device updates because manipulation cannot affect software security.
Explanation
This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing encompasses recognizing social engineering tactics, which the passage defines as manipulation that pressures quick decisions, a critical skill for protecting against human-targeted attacks. The passage emphasizes how social engineering relates to security concerns like phishing calls that request verification codes, showing how attackers exploit human psychology rather than technical vulnerabilities. Choice A is correct because it accurately captures the role of recognizing social engineering in enhancing cybersecurity by helping users resist pressure tactics, thereby reducing the chance they disclose passwords or codes - directly addressing the manipulation tactics described in the passage. Choice B is incorrect because it claims recognizing social engineering eliminates the need for device updates, misunderstanding that social and technical security measures serve different purposes, a common error when students compartmentalize security concepts. To help students: Focus on understanding how attackers exploit human psychology. Encourage analyzing pressure tactics and urgency in suspicious communications. Practice recognizing manipulation techniques across different contexts. Watch for: assuming technical measures alone provide complete security, misunderstanding the human element in security, underestimating social engineering risks.