Introduction-to-Cryptography Exam Dumps - WGU Introduction to Cryptography HNO1

The value 51 mod 11 is the remainder after dividing 51 by 11. Modular arithmetic is widely used in cryptography to keep computations within a finite set of residues, such as in RSA where values are taken modulo n, or in Diffie–Hellman where exponents and group elements are reduced modulo a prime. To compute 51 mod 11, find the largest multiple of 11 less than or equal to 51. Multiples of 11 are 11, 22, 33, 44, 55. The closest without exceeding 51 is 44. Subtracting gives 51 − 44 = 7, so the remainder is 7. Therefore, 51 mod 11 = 7, matching option “07.” This remainder is always in the range 0 through 10 because the modulus is 11. Such residue computations underpin the “wraparound” behavior that makes modular exponentiation and inverse computations well-defined in cryptographic groups.

Lattice-based cryptography refers to cryptographic constructions whose security is based on the computational hardness of problems on mathematical lattices (regular grids of points in high-dimensional space). Examples of hard lattice problems include the Shortest Vector Problem (SVP) and Closest Vector Problem (CVP), and practical schemes often use related problems like Learning With Errors (LWE) or Ring-LWE. These problems are believed to remain hard even for quantum computers, making lattice-based cryptography a major candidate family for post-quantum cryptography. Lattice schemes can support encryption, digital signatures, and key exchange, often with strong security reductions (worst-case to average-case) and efficient implementations. The word “lattice” here is not about simple point encoding; it’s about relying on geometric/algebraic structures and noise-based hardness assumptions. It is also unrelated to blockchain “options.” While many lattice schemes do involve modular arithmetic internally, what defines the category is the underlying lattice hardness assumptions, not modular arithmetic alone. Therefore, the correct definition is a cryptographic scheme based on geometric lattices.

A brute-force attack exhaustively tries every possible key or password candidate until the correct one is found. Because it explores the full search space (or a very large portion of it), brute force is often the slowest method, especially when strong keys, long passwords, rate limits, and slow password hashing (bcrypt/Argon2) are used. By contrast, a dictionary attack reduces work by trying only common or likely passwords, often succeeding quickly against weak human-chosen secrets. Rainbow table attacks shift work into precomputation; once a table exists, lookup can be faster than brute-force—though salt and modern hashing defeat them. Birthday attacks are about finding collisions, not necessarily recovering a specific secret, and their expected work is about 2^(n/2) for an n-bit hash, which can be less than brute-force key search in many contexts. Therefore, among the listed options, brute-force generally takes the longest to succeed because it makes the fewest assumptions and does the most total work.

The string format $2a$08$... is a well-known identifier for the bcrypt password hashing scheme. In common password-hash notation, the prefix indicates the algorithm and parameters: “$2a$” denotes bcrypt (version 2a), and “08” indicates the cost factor (work factor) controlling how computationally expensive hashing is. bcrypt is designed specifically for password storage: it includes a built-in salt and is intentionally slow and adaptive, making brute-force and GPU attacks far more expensive than fast general-purpose hashes like MD5 or SHA-512. NTLM and MD5 are obsolete for secure password storage due to speed and known weaknesses. SHA-512, while cryptographically strong as a hash, is still too fast for password hashing unless used in a dedicated password-hashing construction (e.g., PBKDF2, scrypt, Argon2) with appropriate parameters and salts. Since the given hash clearly matches bcrypt’s encoding, the correct algorithm is bcrypt, which incorporates salting and cost-based key stretching as part of its design.

Breaches tied to poor cryptographic practices often stem from preventable issues: outdated algorithms, weak key management, misconfigured TLS, missing integrity checks, hard-coded secrets, unrotated keys, or improper certificate validation. A key lesson is that organizations must proactively identify and prioritize these risks—exactly what comprehensive risk assessments are designed to do. Effective risk assessment inventories cryptographic assets (keys, certificates, protocols), maps them to business processes, evaluates threats (e.g., MITM, data exfiltration, supply-chain tampering), and finds gaps between current controls and best practices. It also helps ensure crypto decisions align with real-world risk, compliance requirements, and operational constraints. The other options are explicitly wrong: training is relevant because many crypto failures are implementation/configuration errors; audits and updates are essential because cryptographic guidance evolves; and security cannot be “secondary” without increasing breach likelihood and impact. Therefore, the most defensible lesson is that comprehensive risk assessments are vital for identifying vulnerabilities before attackers exploit them.

Frequency analysis is a classical cryptanalysis technique that exploits predictable statistical patterns in natural language. In English, certain letters (like E, T, A, O, I, N) occur more frequently than others, and common digrams/trigrams (TH, HE, IN, ER) appear with recognizable distribution. When a cipher preserves character boundaries (as in many substitution ciphers), the ciphertext will also show frequency patterns—though mapped to different symbols. The analyst counts ciphertext character occurrences, compares the distribution to expected English letter frequencies, and infers likely plaintext mappings. “Spotting variations” refers to observing differences in how often symbols appear and using that to plot relationships between ciphertext and standard English. Brute force instead tries all keys; known-plaintext attacks rely on having plaintext–ciphertext pairs; chosen-ciphertext attacks involve decrypting attacker-selected ciphertexts. Those are different attack models. Frequency analysis is specifically about statistical correlation between ciphertext symbols and language characteristics, which is why it is effective against monoalphabetic substitution and weak polyalphabetic schemes with short periods.

3DES (Triple DES) is a symmetric block cipher that retains DES’s 64-bit block size while increasing effective security by applying DES multiple times. The common “two-key 3DES” variant uses two independent 56-bit DES keys (K1 and K2) in an Encrypt–Decrypt–Encrypt (EDE) sequence: Encrypt with K1, Decrypt with K2, then Encrypt again with K1. Because each DES key is 56 bits (ignoring parity bits), the total keying material is 112 bits. This matches the question’s “112-bit key size and 64-bit block size.” Plain DES uses only a 56-bit effective key and a 64-bit block size, so it does not match the 112-bit key size. AES has a 128-bit block size and key sizes of 128/192/256. IDEA uses a 64-bit block size but has a 128-bit key. Therefore, the correct algorithm is 3DES. Although 3DES improved on DES, it is now considered legacy due to its small 64-bit block size (birthday-bound issues for large data volumes) and performance overhead compared to AES.

DER (Distinguished Encoding Rules) is a binary encoding format used to represent ASN.1 structures in a canonical, unambiguous way. X.509 certificates are defined using ASN.1, and DER provides a strict subset of BER (Basic Encoding Rules) that guarantees a single, unique encoding for any given data structure. That “unique encoding” property is important for cryptographic operations such as hashing and digital signatures, because different encodings of the same abstract data could otherwise produce different hashes and break signature verification. In contrast, PEM is not a binary encoding; it is essentially a Base64-encoded text wrapper around DER data, bounded by header/footer lines (e.g., “BEGIN CERTIFICATE”). PKI is an overall framework for certificate issuance, trust, and lifecycle management—not an encoding. RSA is an asymmetric algorithm used for encryption/signing, not a certificate encoding format. Therefore, the binary-based certificate encoding process among the options is DER.