SSCP · topic practice

Cryptography practice questions

Practise Systems Security Certified Practitioner SSCP Cryptography practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Cryptography

What the exam tests

What to know about Cryptography

Cryptography questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Cryptography exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Cryptography questions

20 questions · select your answer, then reveal the explanation

Question 1easymultiple choice
Read the full Cryptography explanation →

A security analyst is recommending a symmetric encryption algorithm for a new application that requires both confidentiality and authentication. Which algorithm and mode combination should they select?

Question 2mediummultiple choice
Read the full Cryptography explanation →

An organization is implementing a digital signature solution to ensure non-repudiation of documents. Which combination of keys is used during the signing process?

Question 3mediummultiple choice
Read the full VPN explanation →

A company is deploying a VPN using IPsec. They want to ensure that even if the private key of the server is compromised, past session keys cannot be derived. Which key exchange method should they use?

Question 4hardmultiple choice
Read the full Cryptography explanation →

A security administrator is configuring a web server to use TLS. They want to optimize performance while maintaining strong security. Which cipher suite should they prioritize?

Question 5easymultiple choice
Read the full Cryptography explanation →

Which of the following hash algorithms is considered cryptographically broken and should be avoided due to collision attacks?

Question 6mediummultiple choice
Read the full Cryptography explanation →

An organization uses a PKI with a root CA that issues certificates to intermediate CAs, which then issue end-entity certificates. A client receives an end-entity certificate signed by an intermediate CA. During validation, which certificates are required to build the chain of trust?

Question 7mediummultiple choice
Read the full Cryptography explanation →

A security engineer needs to choose an asymmetric algorithm for a system with limited computational resources, such as an IoT device. The algorithm must provide equivalent security to RSA 2048-bit while using smaller key sizes. Which algorithm should they choose?

Question 8hardmultiple choice
Read the full Cryptography explanation →

A security auditor reviews a system that uses HMAC-SHA256 for message authentication. Which property does HMAC provide that a simple hash of the message does not?

Question 9easymultiple choice
Read the full Cryptography explanation →

Which of the following is a secure protocol for remote administration of a server, replacing insecure protocols like Telnet?

Question 10mediummultiple choice
Read the full Cryptography explanation →

A company wants to implement a key management system. They need to generate cryptographic keys that are unpredictable. Which source of randomness should be used?

Question 11hardmultiple choice
Read the full Cryptography explanation →

A certificate authority (CA) issues a certificate with the extended key usage (EKU) extension specifying 'serverAuth'. Which of the following is this certificate allowed to do?

Question 12easymultiple choice
Read the full Cryptography explanation →

Which of the following is a method to check the revocation status of a digital certificate in real-time without the client downloading a full list?

Question 13mediummulti select
Read the full Cryptography explanation →

A security team is evaluating hashing algorithms for use in a new system. Which of the following are considered currently secure for general use? (Select TWO)

An organization is designing a secure email system using S/MIME. Which of the following are essential components of the PKI that must be in place? (Select THREE)

Question 15mediummulti select
Read the full Cryptography explanation →

A company is migrating from 3DES to a modern encryption algorithm. Which of the following are acceptable choices? (Select TWO)

Question 16mediummultiple choice
Read the full Cryptography explanation →

An organization is migrating from 3DES to AES-256 for encrypting data at rest. Which mode of AES is recommended for authenticated encryption?

Question 17mediummultiple choice
Read the full Cryptography explanation →

A security analyst is reviewing a digital signature implementation. The signer uses their private key to encrypt the hash of a message. What does the recipient use to verify the signature?

Question 18easymultiple choice
Read the full Cryptography explanation →

Which of the following is a secure hash algorithm currently recommended by NIST?

Question 19hardmultiple choice
Read the full VPN explanation →

An organization is configuring a VPN using IPsec. To ensure forward secrecy, which key exchange method should be used?

Question 20mediummultiple choice
Read the full Cryptography explanation →

A company is implementing a PKI for internal use. What is the primary purpose of a Certificate Revocation List (CRL)?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Cryptography sessions

Start a Cryptography only practice session

Every question in these sessions is drawn from the Cryptography domain — nothing else.

Related practice questions

Related SSCP topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SSCP exam test about Cryptography?
Cryptography questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Cryptography questions in a focused session?
Yes — the session launcher on this page draws every question from the Cryptography domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SSCP topics?
Use the topic links above to move to related areas, or go back to the SSCP question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SSCP exam covers. They are not copied from any real exam or dump site.