Get WGU Introduction to Cryptography Exam Practice Questions - Real and Updated

Answer : D

To ensure confidentiality so that only the intended recipient can decrypt an email, the sender must encrypt in a way that only the recipient can reverse. In public key cryptography, that means encrypting with the recipient's public key. The recipient is the only party who should possess the matching private key, so only they can decrypt the ciphertext. This pattern is fundamental to PKI-based secure email systems such as S/MIME and OpenPGP: the sender looks up or is provided the recipient's certificate/public key, encrypts the message (often by encrypting a randomly generated symmetric session key with the recipient's public key), and the recipient uses their private key to recover the session key and decrypt the content. Encrypting with the sender's private key would not provide confidentiality; it resembles signing because anyone with the sender's public key could ''decrypt'' it. Encrypting with a private key of the recipient is also incorrect because private keys are not shared and should never leave the recipient's control. Therefore, the correct key to encrypt the message so only the friend can decrypt it is the recipient's public key.

Answer : A

Asymmetric encryption is defined by using a key pair: a public key that can be shared widely and a private key that remains secret to its owner. The keys are mathematically related so that data encrypted with one key can be decrypted with the other (in confidentiality use cases, encryption with the recipient's public key and decryption with the recipient's private key). This design solves key distribution challenges: anyone can encrypt to a recipient without first sharing a secret key securely. It also enables digital signatures, where the private key signs and the public key verifies---supporting authenticity and integrity. Option B describes symmetric cryptography, not asymmetric. Option C is not a defining property; both symmetric and asymmetric algorithms can involve rounds or repeated operations. Option D is incorrect because asymmetric encryption is reversible for the intended holder of the private key; ''irreversible'' describes hashing, not encryption. Therefore, the characteristic feature of asymmetric encryption is the use of both a public and private key.

Answer : D

One-way client authentication is the method where the client (customer) proves its identity to the server (web service). In cryptographic terms, this is commonly implemented through client credentials such as client TLS certificates (mTLS from the server's perspective) or through authentication protocols layered over TLS (for example, signed tokens), but the defining direction is that the client is the party being authenticated. In a strict TLS certificate-authentication framing, client authentication occurs when the server requests a client certificate during the handshake and the client demonstrates possession of the corresponding private key (via signature in handshake messages). The server then validates the client certificate chain and authorization policy. One-way server authentication, by contrast, authenticates only the server to the client and does not identify the customer. Mutual authentication authenticates both sides simultaneously; while it includes client authentication, it is broader than what the question asks. ''End-to-end authentication'' describes assurance between endpoints across intermediaries, but it is not the specific ''customer authenticates to service'' method in certificate-based terminology. Therefore, the best answer is one-way client authentication.

Answer : D

AES (Advanced Encryption Standard) is a symmetric block cipher standardized to operate on a fixed 128-bit block size and supports key sizes of 128, 192, and 256 bits. When the key size is 256 bits, the cipher is commonly referred to as AES-256, but the block size remains 128 bits regardless of key length. This combination (256-bit key, 128-bit block) matches the question precisely. By comparison, DES uses a 64-bit block size with a 56-bit effective key. 3DES also uses a 64-bit block size and effectively applies DES three times, yielding an effective key length typically cited as 112 bits (two-key 3DES) or 168 bits (three-key 3DES), depending on how keys are configured. IDEA uses a 64-bit block size with a 128-bit key. Therefore, the only listed algorithm that supports a 256-bit key while maintaining a 128-bit block size is AES. This is one reason AES is widely adopted for modern symmetric encryption: strong key sizes with efficient implementation and broad standardization.

Answer : B

A true random number generator (TRNG) draws randomness from physical phenomena that are inherently unpredictable and not algorithmically reproducible. Because of this, it is nondeterministic: you cannot feed it the same ''input'' and expect the same output stream. TRNGs are often slower than PRNGs because they depend on collecting entropy from hardware sources and may require conditioning to remove bias. This aligns with option B: slow and nondeterministic, producing different results even under similar or repeated conditions. Option A describes a deterministic PRNG, where identical seeds yield identical sequences. Option C is unrelated; factorization is a hard math problem used in cryptography (e.g., RSA security assumptions), not a randomness generator definition. Option D describes a counter, which is deterministic and not random. In secure systems, TRNG output may seed a cryptographically secure PRNG to provide both unpredictability and high throughput; but the defining characteristic of a TRNG is nondeterminism from physical entropy. Therefore, option B is correct.