WGU Introduction-to-Cryptography WGU Introduction to Cryptography HNO1 Exam Practice Test

Asymmetric cryptography uses a public/private key pair where different keys are used for related operations (encryption/decryption or signature/verification). Elliptic-Curve Cryptography (ECC) is a family of asymmetric algorithms built on the mathematics of elliptic curves over finite fields. ECC supports key exchange (ECDH), digital signatures (ECDSA/EdDSA), and other primitives with smaller key sizes for comparable security to traditional discrete-log or RSA systems (e.g., a 256-bit ECC key is often comparable in security to a 3072-bit RSA key, depending on scheme and parameters). By contrast, SHA-256 is a cryptographic hash function (one-way digest), and HMAC is a keyed integrity/authentication construction built from a hash function—neither is encryption. DES is a symmetric block cipher (same key for encryption and decryption). Therefore, the example of asymmetric encryption among the options is ECC.

Disk/storage encryption protects data at rest by encrypting the contents of a drive so it remains unreadable without the correct authentication and keys. BitLocker (commonly on Windows) and FileVault (commonly on macOS) are well-known software-based full-disk encryption solutions integrated into their operating systems. They encrypt sectors on disk and typically tie key protection to user credentials and, where available, hardware features such as a TPM or secure enclave to reduce key extraction risk. A VPN encrypts network traffic in transit, not disk storage. An HSM is specialized hardware used to generate, store, and protect cryptographic keys and perform crypto operations; it is not a disk encryption product itself. USB encryption hardware refers to hardware-encrypted removable media, not a software solution for a system disk. Therefore, the correct example of a software encryption solution for disk storage is BitLocker and FileVault.

WPA with TKIP was designed as an interim improvement over WEP while still using the RC4 stream cipher for compatibility with legacy hardware. TKIP addresses WEP’s major weaknesses by introducing per-packet key mixing, a message integrity mechanism (“Michael”), and replay protection. In TKIP, the encryption key used with RC4 is 128 bits. Practically, TKIP derives a per-packet RC4 key from a 128-bit temporal key (TK), the transmitter’s MAC address, and a sequence counter (TKIP Sequence Counter, TSC) to avoid the simple IV reuse patterns that made WEP easy to break. Even with these improvements, TKIP has known weaknesses and is deprecated in favor of WPA2/WPA3 using AES-based CCMP/GCMP. But strictly for the question asked, TKIP’s RC4 keying material is based on a 128-bit key size, not 40/56-bit legacy sizes and not 256-bit.

The value 51 mod 11 is the remainder after dividing 51 by 11. Modular arithmetic is widely used in cryptography to keep computations within a finite set of residues, such as in RSA where values are taken modulo n, or in Diffie–Hellman where exponents and group elements are reduced modulo a prime. To compute 51 mod 11, find the largest multiple of 11 less than or equal to 51. Multiples of 11 are 11, 22, 33, 44, 55. The closest without exceeding 51 is 44. Subtracting gives 51 − 44 = 7, so the remainder is 7. Therefore, 51 mod 11 = 7, matching option “07.” This remainder is always in the range 0 through 10 because the modulus is 11. Such residue computations underpin the “wraparound” behavior that makes modular exponentiation and inverse computations well-defined in cryptographic groups.

ECB (Electronic Codebook) mode encrypts each block independently with the same key, which makes it naturally amenable to parallel processing: multiple blocks can be encrypted or decrypted simultaneously because there is no chaining dependency between blocks. This is in contrast to CBC encryption, where each plaintext block is XORed with the previous ciphertext block, creating a dependency that prevents straightforward parallelization of encryption (though CBC decryption can be parallelized because ciphertext blocks are already known). Feedback modes like CFB and OFB generate keystream material sequentially, where each step depends on the previous state, limiting parallelism. While ECB’s parallelism is an implementation advantage, it is widely discouraged for most real data because it leaks patterns—identical plaintext blocks produce identical ciphertext blocks. Modern systems prefer parallel-friendly and secure modes such as CTR or GCM, but among the listed options, the mode most known for parallel processing is ECB due to block independence. Therefore, the correct answer is Electronic Codebook (ECB).

A true random number generator (TRNG) draws randomness from physical phenomena that are inherently unpredictable and not algorithmically reproducible. Because of this, it is nondeterministic: you cannot feed it the same “input” and expect the same output stream. TRNGs are often slower than PRNGs because they depend on collecting entropy from hardware sources and may require conditioning to remove bias. This aligns with option B: slow and nondeterministic, producing different results even under similar or repeated conditions. Option A describes a deterministic PRNG, where identical seeds yield identical sequences. Option C is unrelated; factorization is a hard math problem used in cryptography (e.g., RSA security assumptions), not a randomness generator definition. Option D describes a counter, which is deterministic and not random. In secure systems, TRNG output may seed a cryptographically secure PRNG to provide both unpredictability and high throughput; but the defining characteristic of a TRNG is nondeterminism from physical entropy. Therefore, option B is correct.

OTP systems (such as HOTP and TOTP) generate a sequence of passwords using a shared secret and a moving factor (counter or time). The critical secret that underpins the ability to compute past or future OTP values is the seed (also called the shared secret key). In HOTP, the seed is used with an HMAC function and an incrementing counter; in TOTP, the seed is used with HMAC and a time-step value. If an attacker obtains the seed and knows the algorithm and moving factor, they can compute future OTPs. The “function” and “encryption algorithm” are typically standardized and public; security relies on keeping the seed secret. An initialization vector is not a standard OTP component in HOTP/TOTP generation. Therefore, the component needed to predict future OTP values is the seed. Protecting the seed is essential: it should be stored securely (e.g., hardware token secure storage) and transmitted only through controlled provisioning processes. If compromised, OTP becomes predictable and no longer serves as a strong second factor.

Web browsers rely on PKI to establish trust in secure connections, primarily through X.509 certificates and a built-in set of trusted root Certificate Authorities (CAs). When a browser connects to an HTTPS site, the server presents a certificate chain. The browser validates that chain up to a trusted root, checks that the certificate is valid for the domain (SAN/CN matching), confirms validity dates, and may check revocation status. This PKI process allows browsers to authenticate the website’s identity and negotiate encrypted session keys for TLS, enabling confidentiality and integrity for the connection. In practical terms, the browser’s PKI components include certificate stores, validation logic, and mechanisms for handling intermediates, trust policies, and revocation. While PKI supports authentication as an outcome, the best description of how browsers utilize PKI is that they manage and validate digital certificates and associated keys to establish trust. PKI is not about compressing messages or encrypting data at rest; it is about identity binding and trust chains that make secure web communication possible.

When software is digitally signed, the organization computes a cryptographic hash (digest) of the software (or its manifest) and then signs that digest using the organization’s private key. Verification works in the opposite direction: the customer (verifier) uses the organization’s public key to validate the signature and recover/confirm the signed digest, then independently hashes the received software and compares the result. If the digests match and the signature validates under the public key, the customer has strong assurance that the software has not been altered since it was signed and that it was signed by the holder of the corresponding private key. The customer never needs the organization’s private key—sharing it would destroy security and enable forgery. Likewise, the customer’s own keys are irrelevant to verifying the publisher’s signature. The organization’s public key is typically delivered inside a certificate chain (code signing certificate) so the verifier can also validate publisher identity and trust. Therefore, the customer uses the organization’s public key for signature verification (often described as “decrypting” the signed digest).

Symmetric cryptography uses a single shared secret key for both encryption and decryption. This contrasts with asymmetric cryptography, which uses a key pair (public/private). Symmetric algorithms (like AES, ChaCha20) are efficient and well-suited for bulk data encryption, but they require a secure method for key distribution because both parties must possess the same secret. Hashing is not a keyed operation by default (though HMAC is keyed); it maps arbitrary data to a fixed-size digest and is primarily used for integrity checking, fingerprints, and password hashing constructions. Padding is a data formatting technique (e.g., PKCS#7) used to align plaintext to a block size; it is not a cryptographic “operation” that uses a key. Therefore, the cryptographic operation characterized by using one key shared between parties is symmetric encryption. In real systems, symmetric encryption is frequently combined with asymmetric methods for key exchange and with MACs/AEAD for integrity, producing the standard hybrid approach used in protocols like TLS and IPsec.

Bitcoin’s supply is controlled by protocol rules enforced by consensus: new bitcoins enter circulation through the block subsidy awarded to miners for producing valid blocks. This subsidy is programmed to halve at fixed intervals (every 210,000 blocks), which steadily reduces the rate of new coin creation over time and asymptotically approaches a capped total supply (commonly cited as 21 million BTC). This mechanism is often called the halving schedule and is the primary way limits are managed. The number of participants is not fixed; anyone can run a node or mine. There is no per-country cap and no per-person maximum enforced by the protocol—addresses and ownership are not limited that way. The supply cap emerges from the decreasing issuance schedule combined with consensus validation rules that reject blocks creating coins beyond what the schedule allows. Therefore, the correct answer is that limits are managed because rewards for mining reduce over time.

With IPsec ESP in transport mode, the payload of the original IP packet (typically the transport-layer segment and higher) is encrypted and integrity-protected between the two endpoints—here, the corporate server and the remote client. Because encryption is applied by the sending endpoint and removed only by the receiving endpoint, intermediate routers, switches, and monitoring devices in either network cannot view the protected payload while it is in transit. They may see outer IP headers and certain metadata needed for routing, but not the encrypted content protected by ESP. As a result, the packet’s contents are inspectable only at the endpoints: before encryption on the sender (plaintext exists in memory/stack before IPsec processing) and after decryption on the receiver (plaintext is restored for the application). This is true whether the traffic traverses internal networks or the Internet; the cryptographic boundary is between the endpoints participating in the IPsec SA. Therefore, inspection of the actual content is possible only on the devices at headquarters and offsite, before sending and after receiving, not by in-transit networks.

CBC mode introduces chaining between blocks to prevent the pattern leakage inherent in ECB. In CBC, each plaintext block is XORed with the previous ciphertext block before being encrypted with the block cipher. For the first block, CBC uses an Initialization Vector (IV) to serve as the “previous ciphertext” input. This makes encryption of each block dependent on the previous block’s ciphertext, which is exactly the defining characteristic described in option A. CBC does not generate a continuous stream of key material—that describes stream ciphers or stream-like modes such as CTR/OFB. CBC also does not require a different key per operation; the same symmetric key is reused, while the IV must be fresh/unpredictable to ensure semantic security. The block size is determined by the underlying block cipher (e.g., AES is 128-bit blocks, DES/3DES are 64-bit blocks), not a fixed 32-bit size for CBC itself. Because CBC is not inherently authenticated, best practice is to pair it with a MAC (Encrypt-then-MAC) or use an AEAD mode instead.

Frequency analysis is a classical cryptanalysis technique that exploits predictable statistical patterns in natural language. In English, certain letters (like E, T, A, O, I, N) occur more frequently than others, and common digrams/trigrams (TH, HE, IN, ER) appear with recognizable distribution. When a cipher preserves character boundaries (as in many substitution ciphers), the ciphertext will also show frequency patterns—though mapped to different symbols. The analyst counts ciphertext character occurrences, compares the distribution to expected English letter frequencies, and infers likely plaintext mappings. “Spotting variations” refers to observing differences in how often symbols appear and using that to plot relationships between ciphertext and standard English. Brute force instead tries all keys; known-plaintext attacks rely on having plaintext–ciphertext pairs; chosen-ciphertext attacks involve decrypting attacker-selected ciphertexts. Those are different attack models. Frequency analysis is specifically about statistical correlation between ciphertext symbols and language characteristics, which is why it is effective against monoalphabetic substitution and weak polyalphabetic schemes with short periods.

Data integrity means ensuring that information has not been modified without authorization. Digital signatures are a core cryptographic technique that provides integrity by binding a message (typically its hash) to the signer’s private key. The signer creates a signature over the message digest; the verifier checks it with the signer’s public key and recomputes the digest. Any change to the message alters the digest and causes verification to fail, revealing tampering. Digital signatures also support authenticity (verifying the signer) and can contribute to nonrepudiation under proper key-management and policy controls, but integrity is a primary guarantee they deliver. “Authentication” is broader and can be achieved by other means, but it is not as directly tied to integrity as signatures in this option set. “Non-repudiation” is an outcome/goal rather than a standalone integrity technique. “Steganography” hides the existence of data and does not inherently protect integrity. Therefore, among these options, digital signatures are the best cryptographic technique for ensuring data integrity.

A cryptographic policy defines how encryption, keys, certificates, and integrity mechanisms are used and managed across an organization. During incident response, that policy becomes a playbook for making safe, consistent decisions under pressure. It can specify how to rotate or revoke compromised keys, how to validate and reissue certificates, how to preserve evidence integrity with hashing, and how to securely communicate sensitive incident details (e.g., using approved encrypted channels). It can also define backup encryption requirements and key escrow or recovery procedures, enabling secure data recovery without exposing protected data. Policies typically outline roles and responsibilities (who can access keys, who can approve rekeying), logging requirements, and escalation steps—reducing confusion and preventing ad hoc crypto changes that might worsen exposure. The goal is not to limit encryption; it is to ensure cryptography is used correctly to contain and remediate incidents. Therefore, providing guidelines for secure recovery and communication is the correct contribution of cryptographic policy to incident response.

Modular arithmetic is the mathematics of working with remainders after division by a fixed number called the modulus. In cryptography, it underpins many core constructions because it defines arithmetic in finite sets (rings and fields) where values “wrap around,” enabling stable, repeatable operations with bounded results. Public-key systems like RSA rely on modular exponentiation (raising integers to powers modulo a composite number), while Diffie–Hellman and many elliptic-curve schemes operate in groups defined by modular arithmetic properties. Encryption and key exchange use modular operations because they allow efficient computation forward (e.g., exponentiation modulo a large number) while making certain inverse problems computationally hard without secret information (e.g., factoring or discrete logarithms). Modular reduction also helps keep intermediate values manageable and supports group properties needed for proofs of security. Although modular arithmetic is not “encryption by itself,” it is a foundational method used inside encryption algorithms and protocols. Therefore, among the options, describing it as a method used for encryption via modular operations best matches cryptographic usage.

Lightweight cryptography is designed for constrained environments—devices with limited CPU, memory, storage, bandwidth, and power (battery). Examples include IoT sensors, smart locks, RFID tags, embedded controllers, and industrial devices. Administrators choose lightweight algorithms and protocols to maintain reasonable security while fitting strict resource budgets and real-time constraints. The goal is not “weaker security because data is unimportant,” but rather efficient security that can still meet threat models under constraints. Option B captures this: embedded systems often cannot afford the computational cost of heavy cryptographic primitives (large key sizes, complex modes, frequent handshakes) or may struggle with latency and energy consumption. Option A is irrelevant because physical security of a desktop doesn’t remove the need for cryptography in communications or storage. Option C is the opposite of lightweight design. Option D is a poor justification; security design should be based on risk, and lightweight cryptography is not merely for “minimal protection,” but for practical deployability under constraints. Therefore, the correct reason is limited resources on embedded systems.

Code-signing is used to provide verifiable assurance that software comes from a known publisher and has not been modified since it was signed. In a typical code-signing workflow, the publisher computes a cryptographic hash (digest) of the executable or package and then creates a digital signature over that digest using the publisher’s private key. Operating systems, browsers, and application platforms verify the signature using the corresponding public key (usually delivered via a code-signing certificate chained to a trusted root). If verification succeeds, the system can trust that the code’s contents match what the publisher signed (integrity) and that the signer identity is authenticated by the certificate chain (authenticity). This helps defend against tampering, malware injection, and supply-chain attacks where attackers alter binaries or updates in transit or at rest. Code-signing does not primarily generate randomness, compress data, or authenticate users; it authenticates the software publisher and validates the software artifact. Modern ecosystems also use timestamping and revocation checking to handle certificate expiration and compromised signing keys, reinforcing trust over time.

In classic WEP deployments, RC4 was used with what is commonly called “40-bit WEP” (also labeled “64-bit WEP” because it combines a 40-bit secret key with a 24-bit IV to form a 64-bit RC4 seed). The key attribute emphasized in many foundational descriptions of WEP is this 40-bit shared secret length, which was originally chosen due to export restrictions and legacy constraints. Although “104-bit WEP” (sometimes called “128-bit WEP,” again counting the 24-bit IV) also existed, the option set here points to the historically standard and widely referenced attribute: a 40-bit key when RC4 is used in WEP. Importantly, WEP’s security failure is not only about key size; the 24-bit IV is too small and repeats frequently, and WEP’s key scheduling vulnerabilities combined with IV reuse allow attackers to recover the secret key with enough captured frames. Still, among the given options, the correct attribute is the 40-bit key.

IPsec’s initial key exchange is commonly performed using IKE (Internet Key Exchange), which negotiates Security Associations (SAs), authenticates peers, and establishes shared keys for ESP/AH protection. The traditional and default transport for IKEv1 and IKEv2 is UDP port 500. During negotiation, peers exchange proposals (crypto suites), perform Diffie–Hellman to derive key material, and authenticate using pre-shared keys, certificates, or EAP methods. If a firewall blocks UDP 500, the IKE negotiation cannot begin, preventing IPsec tunnels from forming. In many real deployments, NAT traversal is also used; in that case, traffic typically shifts to UDP 4500 (NAT-T) after detection of NAT, but UDP 500 is still required for the initial exchange and NAT detection in many configurations. TCP 500 is not standard for IKE. Port 443 is associated with HTTPS/TLS and some SSL VPNs, not IPsec IKE. Therefore, among the options provided, the firewall must allow UDP 500 for IPsec key exchange to succeed.

3DES (Triple DES) is a symmetric block cipher that retains DES’s 64-bit block size while increasing effective security by applying DES multiple times. The common “two-key 3DES” variant uses two independent 56-bit DES keys (K1 and K2) in an Encrypt–Decrypt–Encrypt (EDE) sequence: Encrypt with K1, Decrypt with K2, then Encrypt again with K1. Because each DES key is 56 bits (ignoring parity bits), the total keying material is 112 bits. This matches the question’s “112-bit key size and 64-bit block size.” Plain DES uses only a 56-bit effective key and a 64-bit block size, so it does not match the 112-bit key size. AES has a 128-bit block size and key sizes of 128/192/256. IDEA uses a 64-bit block size but has a 128-bit key. Therefore, the correct algorithm is 3DES. Although 3DES improved on DES, it is now considered legacy due to its small 64-bit block size (birthday-bound issues for large data volumes) and performance overhead compared to AES.

AES (Advanced Encryption Standard) is a symmetric block cipher standardized to operate on a fixed 128-bit block size and supports key sizes of 128, 192, and 256 bits. When the key size is 256 bits, the cipher is commonly referred to as AES-256, but the block size remains 128 bits regardless of key length. This combination (256-bit key, 128-bit block) matches the question precisely. By comparison, DES uses a 64-bit block size with a 56-bit effective key. 3DES also uses a 64-bit block size and effectively applies DES three times, yielding an effective key length typically cited as 112 bits (two-key 3DES) or 168 bits (three-key 3DES), depending on how keys are configured. IDEA uses a 64-bit block size with a 128-bit key. Therefore, the only listed algorithm that supports a 256-bit key while maintaining a 128-bit block size is AES. This is one reason AES is widely adopted for modern symmetric encryption: strong key sizes with efficient implementation and broad standardization.

NIST’s lightweight cryptography effort targets environments like IoT and embedded systems where CPU, memory, energy, and bandwidth are constrained, yet strong security is still required. Ascon is an authenticated encryption with associated data (AEAD) family designed to be efficient in both hardware and software with small footprint, making it well-suited for constrained devices. NIST selected Ascon because it offers a strong security design with good performance and implementability under tight resource budgets, while providing modern protections (confidentiality + integrity) through AEAD. That aligns with option C: secure and efficient encryption for resource-constrained devices. The selection was not primarily about authenticating users (that is typically handled by protocols and identity systems, not an AEAD primitive). It was also not mainly about legacy compatibility; lightweight cryptography aims at new and constrained deployments rather than preserving outdated stacks. And while Ascon can certainly be used to protect data at rest, that is only one application; the core reason for the choice is its suitability for constrained environments and robust, efficient authenticated encryption.

A brute-force attack exhaustively tries every possible key or password candidate until the correct one is found. Because it explores the full search space (or a very large portion of it), brute force is often the slowest method, especially when strong keys, long passwords, rate limits, and slow password hashing (bcrypt/Argon2) are used. By contrast, a dictionary attack reduces work by trying only common or likely passwords, often succeeding quickly against weak human-chosen secrets. Rainbow table attacks shift work into precomputation; once a table exists, lookup can be faster than brute-force—though salt and modern hashing defeat them. Birthday attacks are about finding collisions, not necessarily recovering a specific secret, and their expected work is about 2^(n/2) for an n-bit hash, which can be less than brute-force key search in many contexts. Therefore, among the listed options, brute-force generally takes the longest to succeed because it makes the fewest assumptions and does the most total work.

A polyalphabetic substitution cipher uses multiple substitution alphabets rather than a single fixed mapping. The classic cipher that uses a keyword to select shifting alphabets across the message is the Vigenère cipher. In Vigenère, each plaintext letter is shifted by an amount determined by the corresponding key letter (repeating the keyword as needed). For example, a keyword like “YELLOW” is aligned under the plaintext; each key character defines a Caesar shift (A=0, B=1, …) applied to the plaintext character, producing ciphertext. This rotation of alphabets across positions makes Vigenère more resistant to simple frequency analysis than monoalphabetic substitution, because the same plaintext letter may encrypt to different ciphertext letters depending on its position relative to the key. The Pigpen cipher is a symbol substitution cipher, Caesar is monoalphabetic with a single shift, and Playfair is a digraph substitution cipher using a 5×5 key square, not the repeating-key polyalphabetic method described. Therefore, the correct cipher is Vigenère.

HIPAA is a U.S. regulation focused on protecting the privacy and security of protected health information (PHI). In relation to encryption, HIPAA’s Security Rule requires covered entities and business associates to implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI. Encryption is widely recognized as a key technical safeguard for confidentiality—protecting PHI in transit (e.g., over networks) and at rest (e.g., on storage devices) by making data unreadable without the proper keys. HIPAA does not standardize encryption across all industries, nor does it prohibit electronic health records; it regulates how they must be protected. While HIPAA often uses the term “addressable” for encryption controls (meaning organizations must implement it if reasonable and appropriate, or document an equivalent alternative), the overarching purpose remains protection of patient information through secure measures, with encryption as a central mechanism. Therefore, the best answer is ensuring confidentiality of patient information through secure measures like encryption.