WGU Introduction to Cryptography HNO1 Introduction to Cryptography Exam Questions

Answer : D

Large prime numbers are crucial because they enable cryptosystems where certain operations are easy to perform, but reversing them is computationally hard without secret information. In RSA, security is based on the difficulty of factoring a large composite number that is the product of two large primes; multiplying primes is easy, but factoring the product is believed to be hard at sufficient sizes. In Diffie--Hellman and related systems, primes define finite groups (often modulo a large prime) where exponentiation is efficient but the discrete logarithm problem is hard. Primes also help ensure desirable group properties---such as having a large cyclic subgroup---reducing vulnerabilities from small subgroups or weak structure. The value of ''large'' is that it makes brute-force and known algorithmic attacks infeasible with current computing resources. Large primes do not primarily make encryption faster, nor do they make decryption easier; they are chosen to maximize security margins. While primes can be involved in encoding steps, their importance is security: they form the mathematical foundation for hardness assumptions used by major public-key algorithms. Therefore, the best answer is that they provide security in encryption algorithms.

Answer : B

OCSP is the primary online alternative to CRLs for checking whether a certificate has been revoked. With a CRL, a relying party periodically downloads a list of revoked certificate serial numbers published by the issuing CA (or CRL distribution point). That approach can be bandwidth-heavy, introduces latency between revocation and client awareness, and can result in clients using stale revocation data if updates are infrequent. OCSP improves this by allowing a client (or a server on the client's behalf) to query an OCSP responder in near real time about the status of a specific certificate (good, revoked, or unknown). In practice, many TLS deployments use OCSP stapling, where the server periodically fetches a signed OCSP response from the CA's responder and ''staples'' it to the TLS handshake, reducing client-side network calls and improving privacy (the CA doesn't learn which site the client is visiting). Thus, OCSP provides a more timely, certificate-specific revocation status mechanism than CRLs while preserving the CA's signed assurance.

Answer : B

Ethical concerns about encryption commonly arise from the tension between individual privacy/security and societal needs such as law enforcement, national security, and public safety. Strong end-to-end encryption can prevent unauthorized parties from accessing data, including criminals and foreign adversaries, but it can also limit legitimate government access to communications and evidence---even with warrants---because providers may not possess the keys needed to decrypt. This has fueled debates around ''going dark,'' lawful access, and proposals for exceptional access mechanisms or backdoors. Critics argue that weakening encryption for access would create systemic risk, since any intentional vulnerability can be exploited by malicious actors, while proponents emphasize investigative needs in serious cases. Regardless of the stance, the primary ethical concern reflected in policy debates is that encryption complicates government access to information that may be crucial for preventing or investigating crime. The other options do not capture the main ethical controversy: encryption is widely beneficial beyond corporations, and it is not primarily about speed or storage reduction. Therefore, the correct answer is B.

Answer : D

Symmetric encryption alone typically provides confidentiality, but it does not automatically provide integrity. Many encryption modes (especially older ones like CBC without authentication) are malleable, meaning an attacker may be able to modify ciphertext and cause predictable changes in plaintext after decryption. To add integrity, systems commonly combine symmetric encryption with a cryptographic hash-based integrity mechanism, such as a hash function used in an HMAC (Hash-based Message Authentication Code) or a dedicated authenticated-encryption mode like GCM that internally uses authentication tags. Among the given options, a hash function is the fundamental additional element that enables integrity checks: it allows construction of a MAC (e.g., HMAC-SHA-256) that the receiver verifies to detect any tampering. An initialization vector and a nonce value are used to ensure uniqueness and randomness properties for encryption but do not, by themselves, guarantee integrity. An encoding algorithm changes representation, not security. Therefore, the correct additional input element for implementing integrity alongside symmetric encryption is a hash function, typically as part of an HMAC or similar MAC construction.

Answer : D

An IV (Initialization Vector) is a value used to ensure that encrypting identical plaintext under the same key produces different ciphertexts, preventing pattern leakage. In many secure designs, the IV must be unique (and often unpredictable) per encryption operation. A common way to ensure uniqueness is to incorporate a nonce---a ''number used once.'' A nonce can be random, pseudo-random, or a counter-based value depending on the mode and security requirements. For example, CTR mode uses a nonce combined with a counter to produce unique input blocks; GCM uses a nonce/IV to ensure unique authentication and encryption behavior. The encryption key should remain stable across many operations and should not be used as the ''randomizer'' for IV generation; mixing key material into IV creation in an ad hoc way can create reuse or correlation issues. Plaintext and algorithm do not provide the needed uniqueness property. The nonce concept is specifically about ensuring one-time uniqueness of the starting value so that IV reuse does not repeat keystream blocks (stream modes) or reveal plaintext equality (CBC/CTR). Therefore, the correct choice is Nonce.

Answer : A

Cryptography must evolve because threats, computing capabilities, and attack techniques continuously change. Algorithms once considered safe can become vulnerable due to cryptanalysis, implementation attacks, protocol flaws, or sheer increases in available compute power. Examples include the deprecation of SHA-1 for signatures, weakening of RC4, and migration away from older TLS versions and weak cipher suites. Frameworks also need to adapt to new environments---cloud architectures, IoT deployments, mobile devices---and new adversary models, including the long-term risk posed by quantum computing to current public-key systems. Adaptation includes updating standards, increasing key sizes where needed, adopting modern primitives (AEAD modes, stronger KDFs), improving key management practices (rotation, hardware-backed storage), and refining operational guidance (certificate lifetimes, revocation strategies). A rigid structure that never changes would lock organizations into obsolete protections and accumulate risk. Standardizing obsolete techniques or complying with outdated standards is the opposite of sound security engineering. Therefore, cryptography frameworks must adapt over time to respond to emerging threats and vulnerabilities and to maintain effective protection as the landscape evolves.

Answer : D

Large-scale quantum computers threaten many widely deployed public-key algorithms because quantum algorithms can solve their underlying hard math problems efficiently. In particular, Shor's algorithm can factor large integers and compute discrete logarithms in polynomial time, which directly breaks the security assumptions of RSA (factoring) and traditional Diffie--Hellman/ECC (discrete log). That makes RSA the clearest target among the options. By comparison, symmetric algorithms like AES are affected mainly by Grover's algorithm, which provides a quadratic speedup for brute force; this can be mitigated by using larger keys (e.g., AES-256). Hash functions like SHA-256 also face Grover-style speedups for preimage search, again mitigated by output length/security margin, and collision resistance is impacted differently. ECB is a mode of operation, not a standalone algorithm, and its issues are classical (pattern leakage), not specifically quantum. Therefore, the algorithm most directly threatened by quantum computing among the choices is RSA.