SecProve

Legacy-vs-modern

Some practices that used to be standard are now deprecated. The trap offers an outdated standard that was correct on older exams and may still appear in real systems.

Most common in
Security+CISSPNetwork+CCSP

The Trap in One Sentence

You picked a legacy or deprecated practice. MD5, WEP, DES, single-factor — they used to be standard; the current standard isn't.

Pairs Candidates Confuse

MD5 / SHA-1vsSHA-256 / SHA-3

Collisions known vs current

WEP / WPAvsWPA3

Broken / weak vs current

DES / 3DESvsAES

Small keys / slow vs current

Single-factor (password)vsMFA / passkey

Insufficient vs current expectation

How to Avoid It

  • Maintain a 'deprecated' flashcard set per domain.
  • If a choice mentions MD5, DES, WEP, SHA-1, RC4, or SSL (any version), it's almost certainly the wrong answer.
  • Newer-exam editions (SY0-701, CISSP 2024) favor current standards over historical ones.

Frequently Asked Questions

How do I recognize a legacy-vs-modern trap in an exam question?

When a choice mentions an older standard (MD5, DES, WEP, SHA-1, RC4, SSL, single-factor auth) and another mentions the current replacement (SHA-256/SHA-3, AES, WPA3, MFA), the question is almost always rewarding the modern answer. The trap is picking the legacy option because it was correct on older exam versions or because it's still seen in production.

What's the tell-tale stem phrasing that signals this trap?

Stems framed around "BEST practice," "current recommendation," "meeting today's standards," or specific cert-version updates (SY0-701 over SY0-601, CISSP 2024) are pointing to the modern answer. Stems describing legacy environments may flip this — but the default direction is modern wins.

If a legacy and a modern option both seem to fit, how do I decide?

Default to modern unless the stem explicitly constrains you to legacy. If the stem says "the current exam SY0-701," pick the modern option even if the legacy option was correct on SY0-601. Memorize a deprecated set: MD5, SHA-1, DES, 3DES, RC4, WEP, WPA, SSL, single-factor — they're almost always wrong.

What's a real example of a legacy-vs-modern trap?

Stem: "Which hash algorithm is the BEST choice for storing password hashes on a new application in 2026?" Choices: (a) MD5, (b) SHA-256, (c) bcrypt with appropriate cost factor, (d) SHA-1. (a) and (d) are deprecated. (b) is current for general hashing but not appropriate for passwords (too fast, vulnerable to GPU brute force). (c) is the correct modern answer for password hashing.

How is legacy-vs-modern different from algorithm-confusion?

Legacy-vs-modern is specifically about temporal currency — old vs current. Algorithm-confusion is about job-class fit (symmetric vs asymmetric, hash vs HMAC) regardless of age. They co-occur on crypto stems but the dimensions are distinct.

Why do item writers love this distractor mechanism?

Cybersecurity is fast-moving and exams need to discriminate candidates who learned from current materials vs. those who learned from outdated sources. Legacy answers also reflect what candidates still see in production, making them feel plausible — a perfect distractor.

Where does this trap show up most often?

Sec+ across crypto, network security, and authentication topics. CISSP Domain 3 (Security Architecture and Engineering) and Domain 4 (Communication and Network Security). CCSP for legacy on-premises vs modern cloud-native answers. Any cert exam covering wireless security (WPA versions) features it heavily.

How do I deliberately drill against this archetype?

Use the trap drill linked from the section above to focus reps on this pattern. Memorize the "red list" of deprecated standards (MD5, SHA-1, DES, 3DES, RC4, WEP, WPA, SSL all versions). If you see any of them as a choice on a current-cert exam, treat it as wrong unless the stem explicitly demands legacy.

Practice Against This Trap

6 cert-prep questions currently use this archetype as a distractor. Run a trap drill to face them in a row.

Run a Legacy-vs-modern trap drill →

Related Traps