SSCP · topic practice

Cryptography practice questions

Use this page to practise cryptography questions. Knowing which algorithm to use in which scenario — and why — is tested more than memorising key lengths or round counts.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Cryptography

What the exam tests

What to know about Cryptography

Cryptography questions test encryption algorithm selection, key exchange, hashing, PKI and when to use symmetric vs asymmetric encryption.

Symmetric (AES) vs asymmetric (RSA, ECC) algorithm use cases.

Hashing algorithms (SHA-256, MD5) and their integrity use cases.

Public Key Infrastructure: certificates, CAs, certificate chains.

TLS handshake, digital signatures and non-repudiation.

Watch out for

Common Cryptography exam traps

  • AES is symmetric and fast; RSA is asymmetric and used for key exchange, not bulk encryption.
  • Hashing is one-way; encryption is two-way.
  • A certificate proves identity; it does not encrypt data by itself.
  • SHA-256 is a hashing algorithm, not an encryption algorithm.

Practice set

Cryptography questions

20 questions · select your answer, then reveal the explanation

Question 1easymultiple choice
Read the full Cryptography explanation →

A company wants to ensure that data transmitted between its two branch offices remains confidential. Which cryptographic goal is primarily being addressed?

Question 2mediummultiple choice
Read the full Cryptography explanation →

A security administrator needs to choose an encryption algorithm for a high-speed network where data is encrypted at the link layer. Which algorithm is most appropriate?

Question 3hardmultiple choice
Read the full Cryptography explanation →

A system administrator notices that a server's certificate was issued by a CA that is not in the trusted root store of client machines. What is the most likely impact on clients connecting via TLS?

Question 4easymultiple choice
Read the full NAT/PAT explanation →

When implementing a digital signature, which key is used to create the signature?

Question 5mediummultiple choice
Read the full Cryptography explanation →

A company's policy requires that all data at rest be encrypted. Which of the following is the most effective method to encrypt files on a laptop?

Question 6mediummulti select
Read the full Cryptography explanation →

Which TWO of the following are symmetric encryption algorithms? (Select exactly two.)

Which THREE of the following are common use cases for public key infrastructure (PKI)? (Select exactly three.)

Question 8hardmultiple choice
Read the full Cryptography explanation →

Refer to the exhibit. An administrator runs an OpenSSL s_client command and receives the output shown. What is the most likely cause of the 'unable to get local issuer certificate' error?

Exhibit

Refer to the exhibit.

```
openssl s_client -connect server.example.com:443
CONNECTED(00000003)
depth=0 C = US, ST = California, L = San Francisco, O = Example Inc, CN = server.example.com
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=Example Inc/CN=server.example.com
   i:/C=US/O=Example Root CA/CN=Example Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBxTCCAS0CAQAwDQYJKoZIhvcNAQELBQAwHzENMAsGA1UEAwwEUm9vdDEPMA0G
A1UEChMGVGVzdCBDQTAeFw0yNDAxMDEwMDAwMDBaFw0yNTAxMDEwMDAwMDBaMD8x
CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTYW4g
RnJhbmNpc2NvMQ0wCwYDVQQDDARUZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQC0Yj1J2K1F1L2y3Y4Z5X6Z7Q8a9b0c1d2e3f4g5h6i7j8k9l0m1n2o3p4
q5r6s7t8u9v0w1x2y3z4A5B6C7D8E9F0G1H2I3J4K5L6M7N8O9P0QCAwEAATAN
BgkqhkiG9w0BAQsFAAOBgQBmJ6k7L8P9Q0R1S2T3U4V5W6X7Y8Z9a0b1c2d3e4f5
g6h7i8j9k0l1m2n3o4p5q6r7s8t9u0v1w2x3y4z5A6B7C8D9E0F1G2H3I4J5K6L7
M8N9O0P1Q2R3S4T5U6V7W8X9Y0Z1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r
```
Question 9mediummultiple choice
Read the full VPN explanation →

Refer to the exhibit. A network engineer is configuring an IPsec VPN. Which protocol does this configuration apply to?

Exhibit

Refer to the exhibit.

```
# Security policy snippet
crypto isakmp policy 10
 authentication pre-share
 encryption aes 256
 hash sha256
 group 14
 lifetime 86400
```
Question 10hardmultiple choice
Read the full Cryptography explanation →

A mid-sized company has deployed a web application that handles sensitive customer data. The application uses TLS to encrypt data in transit. Recently, the company received a penetration test report indicating that an attacker could potentially downgrade the TLS connection to an older, weaker version (e.g., TLS 1.0) by performing a man-in-the-middle attack. The application server runs on Windows Server 2022 with IIS 10. The security team wants to disable all versions of TLS below 1.2 on the server. However, after making registry changes to disable TLS 1.0 and 1.1, some legacy clients that only support TLS 1.0 are unable to connect. The business requires that these legacy clients still be able to access the application securely, but the security team insists on disabling weak protocols. The server currently has a valid certificate from a public CA. Which of the following is the most appropriate course of action?

Drag and drop the steps for a typical TLS 1.3 handshake into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each disaster recovery site type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fully operational, real-time replication

Partially configured, ready in hours

Empty facility, setup required

Portable unit with equipment

Question 13easymultiple choice
Read the full Cryptography explanation →

A security administrator needs to store sensitive customer data in a database. To protect the data at rest, which encryption method should be used?

Question 14easymultiple choice
Read the full Cryptography explanation →

An organization wants to ensure that a software update has not been tampered with during download. Which cryptographic technique should be used?

Question 15easymultiple choice
Read the full Cryptography explanation →

A security professional is implementing a solution to verify the authenticity of a digital certificate. Which component of a PKI is responsible for issuing and revoking certificates?

Question 16mediummultiple choice
Read the full Cryptography explanation →

A company deploys a web application that handles sensitive financial transactions. To protect data in transit, which protocol should be used?

Question 17mediummultiple choice
Read the full Cryptography explanation →

A system administrator is configuring a file encryption solution for a shared network drive. The solution must allow multiple users to read the files without sharing a single symmetric key. Which approach should be used?

Question 18mediummultiple choice
Read the full Cryptography explanation →

A security analyst reviews a cryptographic implementation and notices that the same initialization vector (IV) is used repeatedly with the same key in CBC mode. What is the primary risk?

Question 19hardmultiple choice
Read the full Cryptography explanation →

An organization wants to implement a cryptographic solution that ensures forward secrecy for its internal communications. Which key exchange method should be used?

Question 20hardmultiple choice
Read the full Cryptography explanation →

A security engineer is designing a system to store passwords securely. Which of the following is the most robust approach for password storage?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Cryptography sessions

Start a Cryptography only practice session

Every question in these sessions is drawn from the Cryptography domain — nothing else.

Related practice questions

Related SSCP topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SSCP exam test about Cryptography?
Cryptography questions test encryption algorithm selection, key exchange, hashing, PKI and when to use symmetric vs asymmetric encryption.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Cryptography questions in a focused session?
Yes — the session launcher on this page draws every question from the Cryptography domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SSCP topics?
Use the topic links above to move to related areas, or go back to the SSCP question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SSCP exam covers. They are not copied from any real exam or dump site.