Pass4Future also provide interactive practice exam software for preparing WGU Introduction to Cryptography HNO1 (Introduction to Cryptography) Exam effectively. You are welcome to explore sample free WGU Introduction to Cryptography Exam questions below and also try WGU Introduction to Cryptography Exam practice test software.
Do you know that you can access more real WGU Introduction-to-Cryptography exam questions via Premium Access? ()
(Which cryptographic operation uses a single key?)
Answer : D
Symmetric cryptography uses a single shared secret key for both encryption and decryption. This contrasts with asymmetric cryptography, which uses a key pair (public/private). Symmetric algorithms (like AES, ChaCha20) are efficient and well-suited for bulk data encryption, but they require a secure method for key distribution because both parties must possess the same secret. Hashing is not a keyed operation by default (though HMAC is keyed); it maps arbitrary data to a fixed-size digest and is primarily used for integrity checking, fingerprints, and password hashing constructions. Padding is a data formatting technique (e.g., PKCS#7) used to align plaintext to a block size; it is not a cryptographic ''operation'' that uses a key. Therefore, the cryptographic operation characterized by using one key shared between parties is symmetric encryption. In real systems, symmetric encryption is frequently combined with asymmetric methods for key exchange and with MACs/AEAD for integrity, producing the standard hybrid approach used in protocols like TLS and IPsec.
(What is the primary purpose of the Health Insurance Portability and Accountability Act (HIPAA) in relation to encryption?)
Answer : D
HIPAA is a U.S. regulation focused on protecting the privacy and security of protected health information (PHI). In relation to encryption, HIPAA's Security Rule requires covered entities and business associates to implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI. Encryption is widely recognized as a key technical safeguard for confidentiality---protecting PHI in transit (e.g., over networks) and at rest (e.g., on storage devices) by making data unreadable without the proper keys. HIPAA does not standardize encryption across all industries, nor does it prohibit electronic health records; it regulates how they must be protected. While HIPAA often uses the term ''addressable'' for encryption controls (meaning organizations must implement it if reasonable and appropriate, or document an equivalent alternative), the overarching purpose remains protection of patient information through secure measures, with encryption as a central mechanism. Therefore, the best answer is ensuring confidentiality of patient information through secure measures like encryption.
(What is a focus of the ISO/IEC 27001 standard?)
Answer : B
ISO/IEC 27001 is an international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Its focus is not inventing cryptographic algorithms, but managing information security through a structured governance approach: identifying assets, assessing risks, selecting and implementing controls, measuring effectiveness, and continuously improving. The standard emphasizes a risk-based methodology---controls are chosen based on organizational context and threat landscape, and the ISMS is refined over time through audits, management reviews, and corrective actions. While cryptography can be part of the control set (e.g., encryption policies, key management, secure communications), ISO/IEC 27001 addresses a broad range of security domains beyond crypto, including physical security, access control, incident management, supplier relationships, and business continuity. It also does not enforce criminal penalties; it is a certification/management standard. And it is not limited to network security. Therefore, the correct focus is risk management and continuous improvement of information security.
(What is an attribute of RC4 when used with WEP?)
Answer : A
In classic WEP deployments, RC4 was used with what is commonly called ''40-bit WEP'' (also labeled ''64-bit WEP'' because it combines a 40-bit secret key with a 24-bit IV to form a 64-bit RC4 seed). The key attribute emphasized in many foundational descriptions of WEP is this 40-bit shared secret length, which was originally chosen due to export restrictions and legacy constraints. Although ''104-bit WEP'' (sometimes called ''128-bit WEP,'' again counting the 24-bit IV) also existed, the option set here points to the historically standard and widely referenced attribute: a 40-bit key when RC4 is used in WEP. Importantly, WEP's security failure is not only about key size; the 24-bit IV is too small and repeats frequently, and WEP's key scheduling vulnerabilities combined with IV reuse allow attackers to recover the secret key with enough captured frames. Still, among the given options, the correct attribute is the 40-bit key.
(What is the maximum key size (in bits) supported by AES?)
Answer : C
AES supports three standardized key sizes: 128, 192, and 256 bits, with a fixed block size of 128 bits. The maximum of these supported key sizes is 256 bits (AES-256). Key size affects resistance to brute-force key search: larger keys exponentially increase the search space. In practice, AES-128 is already considered strong against brute force with contemporary computing capabilities, while AES-256 is often chosen for compliance requirements, conservative security margins, or to hedge against future advances. AES-512 is not part of the AES standard; if 512-bit keys are desired, systems typically use different constructions (like using AES-256 in certain key-derivation or wrapping schemes) rather than changing AES itself. Therefore, the correct maximum supported AES key size is 256 bits.
