Introduction-to-Cryptography WGU Introduction to Cryptography HNO1 Questions and Answers

HIPAA is a U.S. regulation focused on protecting the privacy and security of protected health information (PHI). In relation to encryption, HIPAA’s Security Rule requires covered entities and business associates to implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI. Encryption is widely recognized as a key technical safeguard for confidentiality—protecting PHI in transit (e.g., over networks) and at rest (e.g., on storage devices) by making data unreadable without the proper keys. HIPAA does not standardize encryption across all industries, nor does it prohibit electronic health records; it regulates how they must be protected. While HIPAA often uses the term “addressable” for encryption controls (meaning organizations must implement it if reasonable and appropriate, or document an equivalent alternative), the overarching purpose remains protection of patient information through secure measures, with encryption as a central mechanism. Therefore, the best answer is ensuring confidentiality of patient information through secure measures like encryption.

ISO/IEC 27001 is an international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Its focus is not inventing cryptographic algorithms, but managing information security through a structured governance approach: identifying assets, assessing risks, selecting and implementing controls, measuring effectiveness, and continuously improving. The standard emphasizes a risk-based methodology—controls are chosen based on organizational context and threat landscape, and the ISMS is refined over time through audits, management reviews, and corrective actions. While cryptography can be part of the control set (e.g., encryption policies, key management, secure communications), ISO/IEC 27001 addresses a broad range of security domains beyond crypto, including physical security, access control, incident management, supplier relationships, and business continuity. It also does not enforce criminal penalties; it is a certification/management standard. And it is not limited to network security. Therefore, the correct focus is risk management and continuous improvement of information security.

Auditing improves cryptographic practice by systematically evaluating whether cryptographic controls are correctly selected, implemented, configured, and maintained. Through audits, an organization can discover weak algorithms (e.g., deprecated hashes), improper key lengths, unsafe modes (e.g., unauthenticated CBC), missing integrity controls, poor certificate validation, and operational problems such as key reuse, weak randomness sources, inadequate rotation, or overly permissive access to key material. Audits also assess compliance with internal policy and external standards, ensuring crypto is used consistently across systems and that exceptions are documented and risk-managed. Importantly, auditing does not guarantee that incidents will never happen; it reduces risk by finding gaps before attackers do. It also does not eliminate the need for updates—audits often reveal that policies must evolve as threats and best practices change. Employee training can be recommended as an outcome of auditing, but audits do not automatically ensure training. Thus, the most accurate benefit is that auditing identifies weaknesses and drives corrective action, strengthening cryptographic posture over time.

A cryptographic policy defines how encryption, keys, certificates, and integrity mechanisms are used and managed across an organization. During incident response, that policy becomes a playbook for making safe, consistent decisions under pressure. It can specify how to rotate or revoke compromised keys, how to validate and reissue certificates, how to preserve evidence integrity with hashing, and how to securely communicate sensitive incident details (e.g., using approved encrypted channels). It can also define backup encryption requirements and key escrow or recovery procedures, enabling secure data recovery without exposing protected data. Policies typically outline roles and responsibilities (who can access keys, who can approve rekeying), logging requirements, and escalation steps—reducing confusion and preventing ad hoc crypto changes that might worsen exposure. The goal is not to limit encryption; it is to ensure cryptography is used correctly to contain and remediate incidents. Therefore, providing guidelines for secure recovery and communication is the correct contribution of cryptographic policy to incident response.

NIST’s lightweight cryptography effort targets environments like IoT and embedded systems where CPU, memory, energy, and bandwidth are constrained, yet strong security is still required. Ascon is an authenticated encryption with associated data (AEAD) family designed to be efficient in both hardware and software with small footprint, making it well-suited for constrained devices. NIST selected Ascon because it offers a strong security design with good performance and implementability under tight resource budgets, while providing modern protections (confidentiality + integrity) through AEAD. That aligns with option C: secure and efficient encryption for resource-constrained devices. The selection was not primarily about authenticating users (that is typically handled by protocols and identity systems, not an AEAD primitive). It was also not mainly about legacy compatibility; lightweight cryptography aims at new and constrained deployments rather than preserving outdated stacks. And while Ascon can certainly be used to protect data at rest, that is only one application; the core reason for the choice is its suitability for constrained environments and robust, efficient authenticated encryption.

Lightweight cryptography is designed for constrained environments—devices with limited CPU, memory, storage, bandwidth, and power (battery). Examples include IoT sensors, smart locks, RFID tags, embedded controllers, and industrial devices. Administrators choose lightweight algorithms and protocols to maintain reasonable security while fitting strict resource budgets and real-time constraints. The goal is not “weaker security because data is unimportant,” but rather efficient security that can still meet threat models under constraints. Option B captures this: embedded systems often cannot afford the computational cost of heavy cryptographic primitives (large key sizes, complex modes, frequent handshakes) or may struggle with latency and energy consumption. Option A is irrelevant because physical security of a desktop doesn’t remove the need for cryptography in communications or storage. Option C is the opposite of lightweight design. Option D is a poor justification; security design should be based on risk, and lightweight cryptography is not merely for “minimal protection,” but for practical deployability under constraints. Therefore, the correct reason is limited resources on embedded systems.

In the classical definition, a stream cipher encrypts data in very small units—often described as one bit at a time—by combining plaintext with a keystream (commonly via XOR). While many practical stream ciphers operate on bytes or words for efficiency, the conceptual distinction compared to block ciphers is that stream encryption processes data as a continuous stream rather than fixed-size blocks. This is why the standard teaching answer is “1 bit” per application of the keystream. Block ciphers, by contrast, encrypt blocks like 64 bits (DES/3DES) or 128 bits (AES) in each invocation of the block primitive. Options like 40, 192, and 256 are not typical stream cipher “per-step” processing sizes; 40 and 256 are often associated with key sizes, and 192 could be a key size for AES, not an encryption granularity. The essential security requirement for stream ciphers is that the keystream must be unpredictable and never reused with the same key/nonce combination; otherwise XOR properties allow attackers to recover relationships between plaintexts. Thus, the best answer is 1.

Web browsers rely on PKI to establish trust in secure connections, primarily through X.509 certificates and a built-in set of trusted root Certificate Authorities (CAs). When a browser connects to an HTTPS site, the server presents a certificate chain. The browser validates that chain up to a trusted root, checks that the certificate is valid for the domain (SAN/CN matching), confirms validity dates, and may check revocation status. This PKI process allows browsers to authenticate the website’s identity and negotiate encrypted session keys for TLS, enabling confidentiality and integrity for the connection. In practical terms, the browser’s PKI components include certificate stores, validation logic, and mechanisms for handling intermediates, trust policies, and revocation. While PKI supports authentication as an outcome, the best description of how browsers utilize PKI is that they manage and validate digital certificates and associated keys to establish trust. PKI is not about compressing messages or encrypting data at rest; it is about identity binding and trust chains that make secure web communication possible.

3DES (Triple DES) is a symmetric block cipher that retains DES’s 64-bit block size while increasing effective security by applying DES multiple times. The common “two-key 3DES” variant uses two independent 56-bit DES keys (K1 and K2) in an Encrypt–Decrypt–Encrypt (EDE) sequence: Encrypt with K1, Decrypt with K2, then Encrypt again with K1. Because each DES key is 56 bits (ignoring parity bits), the total keying material is 112 bits. This matches the question’s “112-bit key size and 64-bit block size.” Plain DES uses only a 56-bit effective key and a 64-bit block size, so it does not match the 112-bit key size. AES has a 128-bit block size and key sizes of 128/192/256. IDEA uses a 64-bit block size but has a 128-bit key. Therefore, the correct algorithm is 3DES. Although 3DES improved on DES, it is now considered legacy due to its small 64-bit block size (birthday-bound issues for large data volumes) and performance overhead compared to AES.

A true random number generator (TRNG) draws randomness from physical phenomena that are inherently unpredictable and not algorithmically reproducible. Because of this, it is nondeterministic: you cannot feed it the same “input” and expect the same output stream. TRNGs are often slower than PRNGs because they depend on collecting entropy from hardware sources and may require conditioning to remove bias. This aligns with option B: slow and nondeterministic, producing different results even under similar or repeated conditions. Option A describes a deterministic PRNG, where identical seeds yield identical sequences. Option C is unrelated; factorization is a hard math problem used in cryptography (e.g., RSA security assumptions), not a randomness generator definition. Option D describes a counter, which is deterministic and not random. In secure systems, TRNG output may seed a cryptographically secure PRNG to provide both unpredictability and high throughput; but the defining characteristic of a TRNG is nondeterminism from physical entropy. Therefore, option B is correct.

The value 51 mod 11 is the remainder after dividing 51 by 11. Modular arithmetic is widely used in cryptography to keep computations within a finite set of residues, such as in RSA where values are taken modulo n, or in Diffie–Hellman where exponents and group elements are reduced modulo a prime. To compute 51 mod 11, find the largest multiple of 11 less than or equal to 51. Multiples of 11 are 11, 22, 33, 44, 55. The closest without exceeding 51 is 44. Subtracting gives 51 − 44 = 7, so the remainder is 7. Therefore, 51 mod 11 = 7, matching option “07.” This remainder is always in the range 0 through 10 because the modulus is 11. Such residue computations underpin the “wraparound” behavior that makes modular exponentiation and inverse computations well-defined in cryptographic groups.

CBC mode introduces dependency between blocks to prevent the pattern leakage seen in ECB. It starts with a random (or unpredictable) IV for the first block. Before encrypting block 1, CBC XORs plaintext block 1 with the IV, then encrypts the result. For block 2 and onward, CBC XORs each plaintext block with the previous ciphertext block before encryption. This chaining means that changing one plaintext block affects that block’s ciphertext and also influences the next block’s computation. The IV ensures that encrypting the same message twice under the same key produces different ciphertexts (assuming a fresh IV). Option A (ECB) has no IV or chaining. OFB and CFB are feedback modes that effectively generate a keystream; they do use an IV, but the “uses the result to encrypt the next block” wording most directly matches CBC’s ciphertext-chaining description in standard teaching. CBC still requires integrity protection (e.g., HMAC or an AEAD mode) because it can be malleable without authentication. Therefore, the correct mode is Cipher Block Chaining (CBC).

In AES, the number of rounds is explicitly tied to the key length. AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-256 uses 14 rounds. The purpose of additional rounds is to increase diffusion and confusion, strengthening resistance against cryptanalysis as the key schedule and state transformations iterate more times. Although key length primarily affects brute-force resistance, AES’s designers and standardization parameters link longer keys with more rounds to maintain security margins across variants, especially considering differences in the key schedule structure. Thus, as key length increases from 128 to 192 to 256 bits, the number of rounds increases correspondingly from 10 to 12 to 14. This relationship is fixed by the AES specification and does not vary dynamically at runtime. Therefore, the correct correlation is that the number of rounds increases as the key length increases.

Data integrity means ensuring that information has not been modified without authorization. Digital signatures are a core cryptographic technique that provides integrity by binding a message (typically its hash) to the signer’s private key. The signer creates a signature over the message digest; the verifier checks it with the signer’s public key and recomputes the digest. Any change to the message alters the digest and causes verification to fail, revealing tampering. Digital signatures also support authenticity (verifying the signer) and can contribute to nonrepudiation under proper key-management and policy controls, but integrity is a primary guarantee they deliver. “Authentication” is broader and can be achieved by other means, but it is not as directly tied to integrity as signatures in this option set. “Non-repudiation” is an outcome/goal rather than a standalone integrity technique. “Steganography” hides the existence of data and does not inherently protect integrity. Therefore, among these options, digital signatures are the best cryptographic technique for ensuring data integrity.

An IV (Initialization Vector) is a value used to ensure that encrypting identical plaintext under the same key produces different ciphertexts, preventing pattern leakage. In many secure designs, the IV must be unique (and often unpredictable) per encryption operation. A common way to ensure uniqueness is to incorporate a nonce—a “number used once.” A nonce can be random, pseudo-random, or a counter-based value depending on the mode and security requirements. For example, CTR mode uses a nonce combined with a counter to produce unique input blocks; GCM uses a nonce/IV to ensure unique authentication and encryption behavior. The encryption key should remain stable across many operations and should not be used as the “randomizer” for IV generation; mixing key material into IV creation in an ad hoc way can create reuse or correlation issues. Plaintext and algorithm do not provide the needed uniqueness property. The nonce concept is specifically about ensuring one-time uniqueness of the starting value so that IV reuse does not repeat keystream blocks (stream modes) or reveal plaintext equality (CBC/CTR). Therefore, the correct choice is Nonce.

The expression 23 mod 6 asks for the remainder when 23 is divided by 6. Modular arithmetic is foundational in cryptography, especially in public-key systems (RSA, Diffie–Hellman, ECC) where operations occur in finite rings or fields. To compute 23 mod 6, identify the largest multiple of 6 that does not exceed 23. Multiples of 6 are 6, 12, 18, 24. Since 24 is greater than 23, the largest valid multiple is 18. Subtract: 23 − 18 = 5, so the remainder is 5. Therefore, 23 mod 6 = 5, which corresponds to option “05.” Modular reduction keeps numbers within a fixed range (0 to modulus−1), enabling stable arithmetic under wraparound behavior. In cryptographic protocols, this wraparound property is essential for defining groups and ensuring operations remain bounded and consistent.

The NOBUS (Nobody But Us) principle is a controversial security notion suggesting that it is possible to introduce or maintain an access capability (often framed as a “backdoor” or exploitable weakness) that is effectively usable only by the party that designed it—typically a government or specific organization—while remaining infeasible for everyone else to exploit. In practice, NOBUS is invoked in debates about lawful access, surveillance, and exceptional access mechanisms: proponents claim that sophisticated entities can keep exploitation techniques secret and complex enough that adversaries cannot replicate them. Critics argue that this assumption is fragile because vulnerabilities can be independently discovered, reverse engineered, leaked, or eventually exploited as tools and knowledge spread. Moreover, once a weakness exists, it becomes a systemic risk: software and cryptographic systems are widely deployed and adversaries can invest heavily in finding and weaponizing the same flaw. Modern security engineering generally favors eliminating known weaknesses rather than relying on secrecy or assumed asymmetry of capability. Therefore, the best description of NOBUS is that a vulnerability is believed to be so difficult to exploit that only its creator can exploit it.

A cryptographic hash function maps input data of arbitrary length to a fixed-length digest and is designed to be one-way: given a digest, it should be computationally infeasible to recover the original input (preimage resistance). This one-way property enables many security applications: file integrity checking (any change alters the digest), password storage (combined with salt and slow hashing), digital signatures (signing a digest rather than large data), and commitment schemes. Hash functions are not encryption because they do not support decryption; they intentionally discard information about the input. They also do not use public/private key pairs; those are features of asymmetric cryptography. “Reversible” is the opposite of the intended design goal. A well-designed hash also aims for collision resistance (hard to find two different inputs with the same digest) and second-preimage resistance. Among the answer choices, the defining characteristic that best captures what makes a hash function distinct is that it is one-way.

When software is digitally signed, the organization computes a cryptographic hash (digest) of the software (or its manifest) and then signs that digest using the organization’s private key. Verification works in the opposite direction: the customer (verifier) uses the organization’s public key to validate the signature and recover/confirm the signed digest, then independently hashes the received software and compares the result. If the digests match and the signature validates under the public key, the customer has strong assurance that the software has not been altered since it was signed and that it was signed by the holder of the corresponding private key. The customer never needs the organization’s private key—sharing it would destroy security and enable forgery. Likewise, the customer’s own keys are irrelevant to verifying the publisher’s signature. The organization’s public key is typically delivered inside a certificate chain (code signing certificate) so the verifier can also validate publisher identity and trust. Therefore, the customer uses the organization’s public key for signature verification (often described as “decrypting” the signed digest).

Large prime numbers are crucial because they enable cryptosystems where certain operations are easy to perform, but reversing them is computationally hard without secret information. In RSA, security is based on the difficulty of factoring a large composite number that is the product of two large primes; multiplying primes is easy, but factoring the product is believed to be hard at sufficient sizes. In Diffie–Hellman and related systems, primes define finite groups (often modulo a large prime) where exponentiation is efficient but the discrete logarithm problem is hard. Primes also help ensure desirable group properties—such as having a large cyclic subgroup—reducing vulnerabilities from small subgroups or weak structure. The value of “large” is that it makes brute-force and known algorithmic attacks infeasible with current computing resources. Large primes do not primarily make encryption faster, nor do they make decryption easier; they are chosen to maximize security margins. While primes can be involved in encoding steps, their importance is security: they form the mathematical foundation for hardness assumptions used by major public-key algorithms. Therefore, the best answer is that they provide security in encryption algorithms.

A brute-force attack exhaustively tries every possible key or password candidate until the correct one is found. Because it explores the full search space (or a very large portion of it), brute force is often the slowest method, especially when strong keys, long passwords, rate limits, and slow password hashing (bcrypt/Argon2) are used. By contrast, a dictionary attack reduces work by trying only common or likely passwords, often succeeding quickly against weak human-chosen secrets. Rainbow table attacks shift work into precomputation; once a table exists, lookup can be faster than brute-force—though salt and modern hashing defeat them. Birthday attacks are about finding collisions, not necessarily recovering a specific secret, and their expected work is about 2^(n/2) for an n-bit hash, which can be less than brute-force key search in many contexts. Therefore, among the listed options, brute-force generally takes the longest to succeed because it makes the fewest assumptions and does the most total work.

For protecting credit card data, the primary compliance framework is PCI DSS (Payment Card Industry Data Security Standard). PCI DSS is an industry standard created by major card brands and administered through the PCI Security Standards Council. It sets requirements for organizations that store, process, or transmit cardholder data, including controls around network security, access control, monitoring, and cryptography. PCI DSS explicitly addresses encryption and protection of cardholder data (for example, protecting stored cardholder data and encrypting transmission over open, public networks, and using strong cryptography and secure protocols). CCPA and GDPR are privacy regulations focused on personal data rights and governance, and while they may encourage security measures, they are not specifically the card-industry security standard for payment data. HIPAA applies to protected health information, not payment card data. Therefore, the correct answer is PCI DSS.

A salt is a unique, random value stored alongside a password hash and combined with the password during hashing. Its main security benefit is that it ensures identical passwords do not produce identical hashes across different accounts or systems. If two users choose the same password, their stored hashes will differ because their salts differ, which directly prevents attackers from spotting shared passwords by comparing hashes. Salts also defeat precomputation attacks such as rainbow tables, because an attacker would need to regenerate tables for each possible salt value—a task that becomes infeasible when salts are large and unique per password. Salt does not enforce password complexity rules (that’s a policy/validation function), does not guarantee users choose different passwords, and does not prevent password reuse across sites. The correct statement is that salt makes the resulting hash different even for the same password, improving resistance to offline cracking at scale and eliminating the “same hash = same password” shortcut attackers rely on.

In the TLS handshake, the ClientHello message is the client’s opening negotiation message and includes the client’s supported cryptographic capabilities. A key part of ClientHello is the offered cipher suites list, which advertises combinations of key exchange, authentication, encryption, and integrity/AEAD algorithms the client is willing to use. The server responds with ServerHello, selecting one of the offered cipher suites (in TLS 1.2 and earlier) and confirming protocol parameters. Forward secrecy is a property achieved by using ephemeral key exchange (e.g., (EC)DHE), not a specific message that “sends a list.” “Integrity check” is a security goal/mechanism, not the negotiation step. While TLS 1.3 changes the structure of negotiation (cipher suite list still appears in ClientHello but only covers AEAD and hash; key exchange is negotiated via extensions), the fundamental idea remains: the client proposes supported cipher suites in ClientHello, and the server picks compatible parameters. Therefore, the process that sends the list of supported cipher suites is the ClientHello.