This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing encompasses authentication methods like two-factor authentication, which adds an extra layer of security beyond passwords. The passage provides the example of requiring 'a password plus a second check, such as a code' to illustrate how two-factor authentication works in protecting patient data. Choice A is correct because it accurately describes how two-factor authentication adds a second verification step, reducing harm when a password is guessed or stolen, which directly addresses the vulnerability exploited in the breach where attackers guessed a simple, reused password. Choice B is incorrect because it confuses two-factor authentication with encryption - authentication controls access while encryption scrambles data, and the passage clearly distinguishes these as separate security measures. To help students: Focus on understanding different security layers and their specific purposes. Encourage students to identify how each security measure addresses different vulnerabilities. Practice distinguishing between authentication (verifying identity) and encryption (protecting data). Watch for: confusing different security technologies, misunderstanding how security measures complement rather than replace each other, overlooking the specific vulnerability each measure addresses.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing encompasses recognizing social engineering tactics, which the passage defines as manipulation that pressures quick decisions, a critical skill for protecting against human-targeted attacks. The passage emphasizes how social engineering relates to security concerns like phishing calls that request verification codes, showing how attackers exploit human psychology rather than technical vulnerabilities. Choice A is correct because it accurately captures the role of recognizing social engineering in enhancing cybersecurity by helping users resist pressure tactics, thereby reducing the chance they disclose passwords or codes - directly addressing the manipulation tactics described in the passage. Choice B is incorrect because it claims recognizing social engineering eliminates the need for device updates, misunderstanding that social and technical security measures serve different purposes, a common error when students compartmentalize security concepts. To help students: Focus on understanding how attackers exploit human psychology. Encourage analyzing pressure tactics and urgency in suspicious communications. Practice recognizing manipulation techniques across different contexts. Watch for: assuming technical measures alone provide complete security, misunderstanding the human element in security, underestimating social engineering risks.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing includes defensive measures like rate limiting, which the passage defines as 'the system slows repeated login attempts to deter guessing.' The passage shows how attackers exploited weak passwords through repeated guessing, demonstrating why rate limiting is an important defense against brute force attacks. Choice A is correct because it accurately describes how rate limiting slows repeated login attempts, making password guessing harder and reducing account takeover risk, which directly addresses the attack method used in the breach where 'attackers repeatedly guess weak patron passwords.' Choice C is incorrect because it claims rate limiting increases guessing speed to help users, which is the opposite of its actual purpose and would make systems more vulnerable to the exact attack described in the passage. To help students: Focus on understanding how technical controls defend against specific attack methods. Encourage analyzing the relationship between attack techniques and defensive measures. Practice identifying how security measures balance usability with protection. Watch for: misunderstanding security measures as helping attackers, confusing the purpose of defensive controls, missing the connection between vulnerabilities and countermeasures.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing requires monitoring and accountability measures like audit logs, which the passage defines as 'records of who accessed what and when.' The passage demonstrates how audit logs help detect unauthorized access when a former employee's account was misused, illustrating their role in both detection and investigation. Choice A is correct because it accurately describes how audit logs record access activity, helping detect misuse and supporting accountability after a suspected breach, which aligns with how the logs revealed unusual patterns from the former employee's account access. Choice C is incorrect because it confuses audit logs with encryption, claiming logs convert data into coded text, when the passage clearly distinguishes these as separate security measures with different purposes - logs record activity while encryption protects data. To help students: Focus on understanding different security controls and their specific functions. Encourage analyzing how monitoring supports both prevention and response. Practice distinguishing between detective controls (audit logs) and protective controls (encryption). Watch for: confusing different security technologies, missing the role of logs in accountability, overlooking the importance of monitoring in security.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing encompasses password security practices that protect against credential-based attacks, with unique passwords per site being a critical defense against credential stuffing attacks. The passage provides examples such as the university experiencing a breach where reused passwords allowed attackers to access multiple accounts, leading to fraudulent refund requests and costly investigations. Choice A is correct because it accurately captures how unique passwords limit the damage from credential stuffing attacks - if one site's password database is compromised, the leaked password cannot be used to access the user's accounts on other sites. Choice B is incorrect because it misunderstands the relationship between passwords and phishing - unique passwords don't prevent phishing emails from being sent, they only limit the damage if credentials are compromised. To help students: Focus on understanding different password-related attacks and defenses. Encourage thinking about the interconnected nature of online accounts and cascade effects of breaches. Practice distinguishing between different security measures and what specific threats they address. Watch for: confusion about what password practices protect against, misunderstanding of credential stuffing attacks, and oversimplification of security benefits.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing includes ethical considerations like transparency, which the passage defines as 'clear communication about what data is collected and why.' The passage emphasizes how transparency supports informed consent and responsible data handling, connecting ethical practices to security outcomes. Choice A is correct because it accurately captures how transparency tells users what data is collected and why, supporting informed consent and responsible handling, which aligns with the passage's definition and emphasis on ethical implications of data collection. Choice C is incorrect because it completely misunderstands transparency, confusing it with encryption (data scrambling), when the passage clearly defines transparency as communication about data practices, not a technical security measure. To help students: Focus on understanding ethical principles alongside technical measures. Encourage analyzing how transparency builds trust and supports security. Practice distinguishing between ethical practices (transparency, consent) and technical controls (encryption, access limits). Watch for: confusing ethical concepts with technical measures, missing the connection between transparency and user trust, overlooking non-technical aspects of security.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing encompasses understanding privacy risks, including how oversharing personal information can lead to serious consequences like identity theft and stalking. The passage specifically mentions fitness apps sharing location patterns that reveal home addresses as a privacy concern, illustrating how seemingly innocent data can be exploited. Choice A is correct because it accurately captures how oversharing impacts privacy by explaining that location patterns can reveal routines, making identity theft and stalking easier - directly reflecting the passage's example of fitness apps exposing home addresses through location data. Choice B is incorrect because it suggests oversharing only matters for celebrities, contradicting the passage's focus on everyday users, a common error when students underestimate their own privacy risks. To help students: Focus on identifying how personal data can be aggregated and misused. Encourage analyzing seemingly harmless information sharing. Practice recognizing privacy implications of location and routine data. Watch for: underestimating personal vulnerability, misunderstanding data aggregation risks, assuming privacy only matters for high-profile individuals.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing encompasses practices like using unique passwords for different accounts to prevent cascading security failures when breaches occur. The passage mentions the 2018 Marriott breach which exposed personal details and increased fraud risk, illustrating why password compartmentalization is crucial. Choice A is correct because it accurately captures the purpose of using unique passwords - ensuring that a breach of one site does not automatically compromise accounts on other sites, which directly addresses the security principle of limiting damage from individual breaches. Choice B is incorrect because it suggests storing passwords in plain text on shared computers is safe, which contradicts fundamental security practices, a common error when students misunderstand that unique passwords alone don't eliminate all security requirements. To help students: Focus on understanding defense-in-depth strategies. Encourage analyzing how password reuse creates vulnerability chains. Practice recognizing the importance of password management tools. Watch for: assuming one security measure eliminates the need for others, misunderstanding password storage best practices, underestimating breach impacts.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing requires continuous maintenance including patching, which the passage defines as 'installing updates that fix known flaws.' The passage demonstrates how an unpatched server was exploited, leading to production stoppage and significant business impact, illustrating why timely patching is critical. Choice A is correct because it accurately describes how patching fixes known weaknesses in software, reducing the chance attackers exploit outdated systems, which directly addresses the vulnerability that led to the breach where 'an unpatched server is exploited.' Choice C is incorrect because it makes unrealistic guarantees about production continuity and ignores that patching addresses software vulnerabilities, not user configuration errors, demonstrating a common misconception about the scope of security measures. To help students: Focus on understanding the purpose and limitations of each security measure. Encourage analyzing how vulnerabilities are discovered and fixed through the patching process. Practice distinguishing between different types of security controls and their specific purposes. Watch for: making absolute claims about security, confusing different security measures' functions, missing the ongoing nature of security maintenance.

This question tests understanding of safe computing principles as discussed in AP Computer Science Principles, focusing on their practical and ethical implications. Safe computing encompasses practices like encryption, network security, and ethical data handling to protect sensitive information during storage and transmission. The passage provides examples such as the hospital network encrypting data 'in transit' to ensure that intercepted messages remain unreadable without the proper decryption key. Choice A is correct because it accurately captures the purpose of transit encryption in protecting privacy by making intercepted communications unreadable to unauthorized parties, addressing the specific vulnerability of data being captured while moving between systems. Choice B is incorrect because it confuses encryption with password management systems, which are entirely different security mechanisms serving different purposes. To help students: Focus on understanding the distinction between data at rest and data in transit, and why each requires protection. Encourage students to think about the data lifecycle and vulnerabilities at each stage. Practice identifying which security measures address which specific threats. Watch for: confusion between different security technologies, misunderstanding the scope of what encryption protects, and conflating different types of security measures.