20 curated questions from the College Board's 2021 AP CSP Practice Exam
How to Use This Practice Set
20 questions sampled from the released 2021 AP CSP Practice Exam, mixed across Big Ideas just like the real exam.
Each question has a topic tag — pay attention to which topics are giving you trouble.
Click an answer to get instant feedback with the explanation from the official College Board answer key.
The score tracker at the top updates as you go. There's no time limit on this page; the real exam gives you about 1m 43s per question.
Attempted:0 / 20
Correct:0
Accuracy:—
Question 1Cybersecurity2021 Practice Exam · Q1
Which of the following is an example of a phishing attack?
Official Explanation
D is correct. Phishing is a technique that attempts to trick a user into providing personal information — in this case via fraudulent email. (A is just malware, B is a denial-of-service attempt, C describes remote-access hacking.)
Question 2Pseudocode2021 Practice Exam · Q2
To be eligible for a particular ride at an amusement park, a person must be at least 12 years old and must be between 50 and 80 inches tall, inclusive. Let age represent a person's age in years, and height the person's height in inches. Which expression evaluates to true if and only if the person is eligible for the ride?
Official Explanation
A is correct. All three conditions — age ≥ 12, height ≥ 50, AND height ≤ 80 — must be true. B is impossible (can't be both ≤ 50 and ≥ 80). C and D let ineligible people through.
Question 3Internet2021 Practice Exam · Q4
Which of the following best explains the relationship between the Internet and the World Wide Web?
Official Explanation
D is correct. The Internet is the global infrastructure of interconnected networks using protocols. The World Wide Web is an information system (pages, programs, files) accessed via the Internet. They're not the same.
Question 4Cybersecurity2021 Practice Exam · Q6
Which of the following best exemplifies the use of multifactor authentication to protect an online banking system?
Official Explanation
C is correct. MFA combines several separate pieces of evidence from different categories. Here: password (something you know) + phone code (something you have). The others all use a single factor in different ways.
Question 5Internet2021 Practice Exam · Q8
Which of the following best describes a direct benefit in using redundant routing on the Internet?
Official Explanation
C is correct. If a device or connection fails, data can be re-routed along another path. Redundancy adds more resources, not fewer (eliminating A and B). It does nothing to prevent interception (D).
Question 6Data & Binary2021 Practice Exam · Q10
The player controls in a video game are represented by 5-bit binary numbers, as shown:
Control
Binary
Jump
11000
Run
11001
Pause
11011
Reset
11111
What is the decimal value for the jump control?
Official Explanation
C is correct. 110002 = 24 + 23 = 16 + 8 = 24.
Question 7Pseudocode2021 Practice Exam · Q14
A list of numbers is "increasing" if each value after the first is ≥ the preceding value. The procedure below is intended to return true if numberList is increasing and false otherwise. Assume numberList contains at least two elements. Which change is needed for the program to work as intended?
Line 1: PROCEDURE isIncreasing(numberList)
Line 2: {
Line 3: count ← 2
Line 4: REPEAT UNTIL(count > LENGTH(numberList))
Line 5: {
Line 6: IF(numberList[count] < numberList[count - 1])
Line 7: {
Line 8: RETURN(true)
Line 9: }
Line 10: count ← count + 1
Line 11: }
Line 12: RETURN(false)
Line 13: }
Official Explanation
C is correct. As written, the procedure returns true when it finds an out-of-order pair (the list is not increasing) and false otherwise — the logic is inverted. Swapping lines 8 and 12 fixes it. (A would index into numberList[0], an error. D would create an infinite loop.)
Question 8Impacts & Ethics2021 Practice Exam · Q16
The author of an e-book publishes the e-book using a no-rights-reserved Creative Commons license. Which of the following best explains the consequences of publishing the book with this type of license?
Official Explanation
B is correct. A no-rights-reserved Creative Commons license is used when the creator wants the work to be freely available to everyone. CC licenses don't encrypt content (A) and the no-rights-reserved version specifically removes restrictions (C, D).
Question 9Cybersecurity2021 Practice Exam · Q19
Which of the following best explains how devices and information can be susceptible to unauthorized access if weak passwords are used?
Official Explanation
D is correct. A weak password is easy to guess based on publicly available info about the user (or because it's a common password like "password" or "1234"). The other choices describe attacks that don't depend on password strength.
Question 10Internet2021 Practice Exam · Q20
A local router is configured to limit the bandwidth of guest users connecting to the Internet. Which of the following best explains the result of this configuration as compared to a configuration in which the router does not limit the bandwidth?
Official Explanation
D is correct. Bandwidth is the maximum data per unit time. Limiting it caps how much data per second guests can move. (A is backwards — less bandwidth means files take longer. Packet count depends on file size, not bandwidth.)
Question 11Data & Binary2021 Practice Exam · Q21
A video-streaming website keeps a count of times each video has been played. At one time the most popular video's count was about two million. Later, the same video displayed a seven-digit negative number while other videos' counts displayed correctly. What is the most likely explanation?
Official Explanation
A is correct. This is the classic overflow error: the count exceeded the maximum value representable in a fixed number of bits and wrapped around to a negative number. Rounding errors cause imprecision, not wrap-around. The count isn't analog so no sampling error.
Question 12Internet2021 Practice Exam · Q23
Which of the following statements about the Internet is true?
Official Explanation
B is correct. The Internet uses open (nonproprietary) protocols specifically to be scalable so additional devices can be added easily. Encryption isn't required (C) and routing is dynamic and decentralized (D).
Question 13Data & Compression2021 Practice Exam · Q24
In which of the following situations would it be most appropriate to choose lossy compression over lossless compression?
Official Explanation
C is correct. Lossy compression sacrifices some quality for smaller file size — ideal when storage space matters more than perfect fidelity. Choices A, B, and D all require maximum quality or exact reconstruction, so lossless would be chosen.
Question 14Impacts & Bias2021 Practice Exam · Q27
A social-media app is updating its algorithm to add a new feature. Which of the following strategies is LEAST likely to introduce bias into the application?
Official Explanation
B is correct. A random sample of all users is the most representative group and least likely to introduce bias. A, C, and D all test on narrow non-representative groups (heavy users, teens only, one city) — classic sources of sampling bias.
Question 15Internet2021 Practice Exam · Q30
Which of the following best explains how data is transmitted on the Internet?
Official Explanation
B is correct. Data is broken into packets and reassembled at the destination. Packets may travel along different paths, arrive in order, out of order, or not at all. They do not travel as a single bundle nor on a fixed path.
Question 16Data & Binary2021 Practice Exam · Q31
A binary number is transformed by appending three 0s to the end. For example, 11101 becomes 11101000. Which best describes the relationship between the transformed number and the original?
Official Explanation
C is correct. Appending a 0 in binary multiplies the value by 2 (same as appending a 0 in decimal multiplies by 10). Three appended 0s multiplies by 2 × 2 × 2 = 8. Choice D is the decimal answer — a classic trap.
Question 17Cybersecurity2021 Practice Exam · Q32
Which of the following is a true statement about the use of public key encryption in transmitting messages?
Official Explanation
A is correct. The defining benefit of public-key encryption is that two parties can communicate securely without first sharing a secret. The public key being public is fine — only the matching private key decrypts (B is wrong). It works on any digital data, not just text (C). And it's asymmetric, not single-key (D describes symmetric).
Question 18Pseudocode2021 Practice Exam · Q34
Result X is expected 25% of the time and result Y 75%. The code below is intended to simulate 100 trials, but it reports "X occurred 24 times and Y occurred 70 times" — only 94 trials counted. Which change ensures a correct simulation?
Line 1: xCount ← 0
Line 2: yCount ← 0
Line 3: REPEAT 100 TIMES
Line 4: {
Line 5: IF(RANDOM(1, 4) = 1)
Line 6: {
Line 7: xCount ← xCount + 1
Line 8: }
Line 9: IF(RANDOM(1, 4) > 1)
Line 10: {
Line 11: yCount ← yCount + 1
Line 12: }
Line 13: }
Official Explanation
B is correct. The bug: RANDOM is called twice per loop iteration, so the two outcomes are two separate trials. Using ELSE instead of a second IF ensures one roll per loop — xCount or yCount increments, never both, never neither.
Question 19Impacts2021 Practice Exam · Q41
An online gaming company is introducing initiatives to encourage respectful communication. Which of the following describes a solution that uses crowdsourcing?
Official Explanation
A is correct. Crowdsourcing means obtaining input or contributions from a large group of people (the "crowd"). Players endorsing each other is the crowd contributing information about who is respectful. B is a default change, C is automated monitoring, D is a policy update — none involve the crowd contributing data.
Question 20Cybersecurity2021 Practice Exam · Q43
Which of the following best exemplifies the use of keylogging to gain unauthorized access to a computer system?
Official Explanation
A is correct. Keylogging is software that records every keystroke. B is a weak-password brute force. C is eavesdropping on an unencrypted connection. D is phishing.
Every question on this page is reproduced from the College Board's official 2021 AP Computer Science Principles Practice Exam, and the explanations come directly from the official answer key.