Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›SSCP›Objectives›Cryptography
Objective 5.0

Cryptography

SSCP Practice Questions

Use this page to practise cryptography questions. Knowing which algorithm to use in which scenario — and why — is tested more than memorising key lengths or round counts.

Full Practice Test →All Objectives

What this objective tests

SSCP Cryptography — Key Topics

Cryptography questions test encryption algorithm selection, key exchange, hashing, PKI and when to use symmetric vs asymmetric encryption.

  • Symmetric (AES) vs asymmetric (RSA, ECC) algorithm use cases.
  • Hashing algorithms (SHA-256, MD5) and their integrity use cases.
  • Public Key Infrastructure: certificates, CAs, certificate chains.
  • TLS handshake, digital signatures and non-repudiation.

Common exam traps

Where candidates lose marks on Cryptography

  • ⚠AES is symmetric and fast; RSA is asymmetric and used for key exchange, not bulk encryption.
  • ⚠Hashing is one-way; encryption is two-way.
  • ⚠A certificate proves identity; it does not encrypt data by itself.
  • ⚠SHA-256 is a hashing algorithm, not an encryption algorithm.

SSCP Cryptography — Practice Questions

30 questions from this objective

Question 2easymultiple choice
Full question →

A company wants to ensure that data transmitted between its two branch offices remains confidential. Which cryptographic goal is primarily being addressed?

Question 3mediummultiple choice
Full question →

A security administrator needs to choose an encryption algorithm for a high-speed network where data is encrypted at the link layer. Which algorithm is most appropriate?

Question 4hardmultiple choice
Full question →

A system administrator notices that a server's certificate was issued by a CA that is not in the trusted root store of client machines. What is the most likely impact on clients connecting via TLS?

Question 5easymultiple choice
Read the full NAT/PAT explanation →

When implementing a digital signature, which key is used to create the signature?

Question 6mediummultiple choice
Full question →

A company's policy requires that all data at rest be encrypted. Which of the following is the most effective method to encrypt files on a laptop?

Question 7mediummulti select
Full question →

Which TWO of the following are symmetric encryption algorithms? (Select exactly two.)

Question 8hardmulti select
Full question →

Which THREE of the following are common use cases for public key infrastructure (PKI)? (Select exactly three.)

Question 9hardmultiple choice
Full question →

Refer to the exhibit. An administrator runs an OpenSSL s_client command and receives the output shown. What is the most likely cause of the 'unable to get local issuer certificate' error?

Exhibit

Refer to the exhibit.

```
openssl s_client -connect server.example.com:443
CONNECTED(00000003)
depth=0 C = US, ST = California, L = San Francisco, O = Example Inc, CN = server.example.com
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=Example Inc/CN=server.example.com
   i:/C=US/O=Example Root CA/CN=Example Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBxTCCAS0CAQAwDQYJKoZIhvcNAQELBQAwHzENMAsGA1UEAwwEUm9vdDEPMA0G
A1UEChMGVGVzdCBDQTAeFw0yNDAxMDEwMDAwMDBaFw0yNTAxMDEwMDAwMDBaMD8x
CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTYW4g
RnJhbmNpc2NvMQ0wCwYDVQQDDARUZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQC0Yj1J2K1F1L2y3Y4Z5X6Z7Q8a9b0c1d2e3f4g5h6i7j8k9l0m1n2o3p4
q5r6s7t8u9v0w1x2y3z4A5B6C7D8E9F0G1H2I3J4K5L6M7N8O9P0QCAwEAATAN
BgkqhkiG9w0BAQsFAAOBgQBmJ6k7L8P9Q0R1S2T3U4V5W6X7Y8Z9a0b1c2d3e4f5
g6h7i8j9k0l1m2n3o4p5q6r7s8t9u0v1w2x3y4z5A6B7C8D9E0F1G2H3I4J5K6L7
M8N9O0P1Q2R3S4T5U6V7W8X9Y0Z1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r
```
Question 10mediummultiple choice
Read the full VPN explanation →

Refer to the exhibit. A network engineer is configuring an IPsec VPN. Which protocol does this configuration apply to?

Exhibit

Refer to the exhibit.

```
# Security policy snippet
crypto isakmp policy 10
 authentication pre-share
 encryption aes 256
 hash sha256
 group 14
 lifetime 86400
```
Question 11hardmultiple choice
Full question →

A mid-sized company has deployed a web application that handles sensitive customer data. The application uses TLS to encrypt data in transit. Recently, the company received a penetration test report indicating that an attacker could potentially downgrade the TLS connection to an older, weaker version (e.g., TLS 1.0) by performing a man-in-the-middle attack. The application server runs on Windows Server 2022 with IIS 10. The security team wants to disable all versions of TLS below 1.2 on the server. However, after making registry changes to disable TLS 1.0 and 1.1, some legacy clients that only support TLS 1.0 are unable to connect. The business requires that these legacy clients still be able to access the application securely, but the security team insists on disabling weak protocols. The server currently has a valid certificate from a public CA. Which of the following is the most appropriate course of action?

Question 12mediumdrag order
Full question →

Drag and drop the steps for a typical TLS 1.3 handshake into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 13mediummatching
Full question →

Match each disaster recovery site type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fully operational, real-time replication

Partially configured, ready in hours

Empty facility, setup required

Portable unit with equipment

Question 14easymultiple choice
Full question →

A security administrator needs to store sensitive customer data in a database. To protect the data at rest, which encryption method should be used?

Question 15easymultiple choice
Full question →

An organization wants to ensure that a software update has not been tampered with during download. Which cryptographic technique should be used?

Question 16easymultiple choice
Full question →

A security professional is implementing a solution to verify the authenticity of a digital certificate. Which component of a PKI is responsible for issuing and revoking certificates?

Question 17mediummultiple choice
Full question →

A company deploys a web application that handles sensitive financial transactions. To protect data in transit, which protocol should be used?

Question 18mediummultiple choice
Full question →

A system administrator is configuring a file encryption solution for a shared network drive. The solution must allow multiple users to read the files without sharing a single symmetric key. Which approach should be used?

Question 19mediummultiple choice
Full question →

A security analyst reviews a cryptographic implementation and notices that the same initialization vector (IV) is used repeatedly with the same key in CBC mode. What is the primary risk?

Question 20hardmultiple choice
Full question →

An organization wants to implement a cryptographic solution that ensures forward secrecy for its internal communications. Which key exchange method should be used?

Question 21hardmultiple choice
Full question →

A security engineer is designing a system to store passwords securely. Which of the following is the most robust approach for password storage?

Question 22hardmultiple choice
Full question →

An administrator notices that a certificate used for code signing is about to expire. The certificate is signed by a trusted root CA. What is the correct procedure to ensure continued trust?

Question 23mediummulti select
Full question →

Which TWO factors are most critical when selecting a cryptographic algorithm for a government application?

Question 24easymulti select
Full question →

Which THREE characteristics are important for a password hashing algorithm?

Question 25hardmulti select
Full question →

Which THREE are security implications of using deprecated cryptographic protocols such as SSL 3.0 and TLS 1.0?

Question 26easymultiple choice
Full question →

Refer to the exhibit. Which component of the cipher suite provides perfect forward secrecy?

Exhibit

Refer to the exhibit.
OpenSSL> s_client -connect example.com:443
...
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
...
Question 27mediummultiple choice
Full question →

Refer to the exhibit. What is the purpose of the 'group 14' parameter in the IKEv2 proposal?

Exhibit

Refer to the exhibit.
! IPsec IKEv2 configuration
crypto ikev2 proposal 1
 encryption aes-cbc-256
 integrity sha-256
 group 14
!
Question 28hardmultiple choice
Full question →

Refer to the exhibit. What is the most likely cause of this error?

Exhibit

Refer to the exhibit.
ERROR: Certificate verification failed - self-signed certificate in certificate chain
Question 29easymultiple choice
Full question →

A company needs to encrypt large volumes of data at rest on a file server. Which type of cryptography is most appropriate for this task?

Question 30mediummultiple choice
Full question →

An administrator reports that a TLS handshake fails between a web server and client. The server supports TLS 1.2 with ciphers ECDHE-RSA-AES128-GCM-SHA256 and RSA-AES256-CBC-SHA256. The client supports only TLS 1.0 with ciphers RSA-RC4-SHA and RSA-AES128-SHA. What is the most likely cause?

Question 31hardmultiple choice
Full question →

A PKI administrator is designing a key management lifecycle for a high-security environment. Which practice is most critical for ensuring long-term security of asymmetric keys?

More Cryptography questions available in the full practice test.

Continue Practising →
←

Previous objective

Access Controls

All SSCP Objectives

  • 2.Access Controls
  • 5.Cryptography