• Home
  • Articles
  • Introduction-to-Cryptography Braindumps Real Exam Updated on Jun 20, 2026 with 62 Questions [Q30-Q54]

Introduction-to-Cryptography Braindumps Real Exam Updated on Jun 20, 2026 with 62 Questions [Q30-Q54]

Share

Introduction-to-Cryptography Braindumps Real Exam Updated on Jun 20, 2026 with 62 Questions

Latest Introduction-to-Cryptography PDF Dumps & Real Tests Free Updated Today

NEW QUESTION # 30
(Which component is used to verify the integrity of a message?)

  • A. TKIP
  • B. IV
  • C. AES
  • D. HMAC

Answer: D

Explanation:
HMAC (Hash-based Message Authentication Code) is a standard mechanism used to verify both integrity and authenticity of a message when two parties share a secret key. It combines a cryptographic hash function (such as SHA-256) with a secret key in a structured way that resists common attacks on naive keyed-hash constructions. The sender computes an HMAC tag over the message and transmits the message plus tag. The receiver recomputes the HMAC using the same shared secret key and compares the result; if the tag matches, the receiver can be confident the message was not modified in transit and that it came from someone who knows the shared key. AES is an encryption algorithm primarily providing confidentiality; it can provide integrity only when used in authenticated modes (e.g., GCM) but "AES" alone is not the integrity component. An IV helps randomize encryption but does not validate integrity. TKIP is a legacy WLAN protocol component, not the general integrity verifier. Therefore, the correct component for verifying message integrity among the options is HMAC.


NEW QUESTION # 31
(What type of encryption uses different keys to encrypt and decrypt the message?)

  • A. Secure
  • B. Symmetric
  • C. Private key
  • D. Asymmetric

Answer: D

Explanation:
Asymmetric encryption (also called public key cryptography) uses a pair of mathematically related keys: a public key and a private key. One key is used to encrypt, and the other is used to decrypt, which is the defining "different keys" property asked in the question. In the common confidentiality use case, a sender encrypts a message using the recipient's public key, and only the recipient can decrypt it using their private key. This solves the key distribution problem inherent in symmetric encryption, where both parties must securely share the same secret key in advance. Asymmetric systems also enable digital signatures: the private key signs (creates a signature) and the public key verifies it, providing authenticity and integrity. Symmetric encryption, by contrast, uses the same shared key for both encryption and decryption (even though internal round keys may exist, it is still one shared secret).
"Private key" alone is not a full encryption type, and "secure" is a generic description rather than a cryptographic category. Therefore, the correct answer is D. Asymmetric.


NEW QUESTION # 32
(Employee A needs to send Employee B a symmetric key for confidential communication. Which key is used to encrypt the symmetric key?)

  • A. Employee B's public key
  • B. Employee A's private key
  • C. Employee A's public key
  • D. Employee B's private key

Answer: A

Explanation:
When securely distributing a symmetric key over an untrusted network, a common approach is hybrid cryptography: use asymmetric cryptography to protect the symmetric key, then use the symmetric key for bulk encryption. To ensure only Employee B can recover the symmetric key, Employee A encrypts (wraps) that symmetric key using Employee B's public key. Because only Employee B should possess the matching private key, only B can decrypt the wrapped symmetric key. This is the same principle used in TLS key exchange (in older RSA key transport) and in secure email: encrypt the session key to the recipient's public key. Encrypting the symmetric key with Employee A's private key would not provide confidentiality-anyone with A's public key could reverse it, and it functions more like a signature than encryption. Employee B's private key should never be shared and is used only by B to decrypt. Therefore, for confidentiality of the shared symmetric key, the correct encryption key is Employee B's public key.


NEW QUESTION # 33
(How does adding salt to a password improve security?)

  • A. Salt prevents users from reusing the same password.
  • B. Salt ensures two people do not have the same password.
  • C. Salt creates a different hash if two people use the same password.
  • D. Salt enforces the complexity rules for passwords.

Answer: C

Explanation:
A salt is a unique, random value stored alongside a password hash and combined with the password during hashing. Its main security benefit is that it ensures identical passwords do not produce identical hashes across different accounts or systems. If two users choose the same password, their stored hashes will differ because their salts differ, which directly prevents attackers from spotting shared passwords by comparing hashes. Salts also defeat precomputation attacks such as rainbow tables, because an attacker would need to regenerate tables for each possible salt value-a task that becomes infeasible when salts are large and unique per password. Salt does not enforce password complexity rules (that's a policy/validation function), does not guarantee users choose different passwords, and does not prevent password reuse across sites. The correct statement is that salt makes the resulting hash different even for the same password, improving resistance to offline cracking at scale and eliminating the "same hash
= same password" shortcut attackers rely on.


NEW QUESTION # 34
(An organization wants to digitally sign its software to guarantee the integrity of its source code. Which key should the customer use to decrypt the digest of the source code?)

  • A. Organization's public key
  • B. Organization's private key
  • C. Customer's public key
  • D. Customer's private key

Answer: A

Explanation:
When software is digitally signed, the organization computes a cryptographic hash (digest) of the software (or its manifest) and then signs that digest using the organization's private key. Verification works in the opposite direction: the customer (verifier) uses the organization's public key to validate the signature and recover/confirm the signed digest, then independently hashes the received software and compares the result. If the digests match and the signature validates under the public key, the customer has strong assurance that the software has not been altered since it was signed and that it was signed by the holder of the corresponding private key. The customer never needs the organization's private key-sharing it would destroy security and enable forgery. Likewise, the customer's own keys are irrelevant to verifying the publisher's signature. The organization's public key is typically delivered inside a certificate chain (code signing certificate) so the verifier can also validate publisher identity and trust. Therefore, the customer uses the organization's public key for signature verification (often described as "decrypting" the signed digest).


NEW QUESTION # 35
(Which type of network were VPN connections originally designed to tunnel through?)

  • A. Protected
  • B. Encrypted
  • C. Private
  • D. Public

Answer: D

Explanation:
A VPN (Virtual Private Network) is designed to create a secure, private communication channel over an otherwise untrusted or shared infrastructure. Historically and conceptually, VPNs were built to allow organizations and users to transmit sensitive traffic across the public Internet while maintaining confidentiality, integrity, and authenticity. The "virtual" aspect means the network behaves like a private link, but the underlying transport is typically a public network where attackers could potentially observe or tamper with traffic. VPN technologies such as IPsec and SSL/TLS-based VPNs encapsulate packets and apply encryption and authentication so that the payload and session metadata are protected even when traversing public routing domains. Options like "encrypted" and "protected" describe properties of the VPN tunnel itself rather than the underlying network it traverses; the VPN provides encryption/protection precisely because the medium is not inherently secure. "Private" would describe a dedicated internal network, which generally does not require a VPN to achieve basic confidentiality. Therefore, VPNs were originally designed to tunnel through public networks.


NEW QUESTION # 36
(How are limits managed for the number of bitcoins that can be created and stored in a blockchain?)

  • A. A maximum has been established per country
  • B. The total number of participants has been set
  • C. Rewards for mining reduce over time
  • D. Each person has a maximum number

Answer: C

Explanation:
Bitcoin's supply is controlled by protocol rules enforced by consensus: new bitcoins enter circulation through the block subsidy awarded to miners for producing valid blocks. This subsidy is programmed to halve at fixed intervals (every 210,000 blocks), which steadily reduces the rate of new coin creation over time and asymptotically approaches a capped total supply (commonly cited as 21 million BTC).
This mechanism is often called the halving schedule and is the primary way limits are managed. The number of participants is not fixed; anyone can run a node or mine. There is no per-country cap and no per-person maximum enforced by the protocol-addresses and ownership are not limited that way. The supply cap emerges from the decreasing issuance schedule combined with consensus validation rules that reject blocks creating coins beyond what the schedule allows. Therefore, the correct answer is that limits are managed because rewards for mining reduce over time.


NEW QUESTION # 37
(Which certificate encoding process is binary-based?)

  • A. Privacy Enhanced Mail (PEM)
  • B. Rivest-Shamir-Adleman (RSA)
  • C. Public Key Infrastructure (PKI)
  • D. Distinguished Encoding Rules (DER)

Answer: D

Explanation:
DER (Distinguished Encoding Rules) is a binary encoding format used to represent ASN.1 structures in a canonical, unambiguous way. X.509 certificates are defined using ASN.1, and DER provides a strict subset of BER (Basic Encoding Rules) that guarantees a single, unique encoding for any given data structure. That "unique encoding" property is important for cryptographic operations such as hashing and digital signatures, because different encodings of the same abstract data could otherwise produce different hashes and break signature verification. In contrast, PEM is not a binary encoding; it is essentially a Base64-encoded text wrapper around DER data, bounded by header/footer lines (e.g.,
"BEGIN CERTIFICATE"). PKI is an overall framework for certificate issuance, trust, and lifecycle management-not an encoding. RSA is an asymmetric algorithm used for encryption/signing, not a certificate encoding format. Therefore, the binary-based certificate encoding process among the options is DER.


NEW QUESTION # 38
(Which cryptographic operation uses a single key?)

  • A. Asymmetric
  • B. Hashing
  • C. Symmetric
  • D. Padding

Answer: C

Explanation:
Symmetric cryptography uses a single shared secret key for both encryption and decryption. This contrasts with asymmetric cryptography, which uses a key pair (public/private). Symmetric algorithms (like AES, ChaCha20) are efficient and well-suited for bulk data encryption, but they require a secure method for key distribution because both parties must possess the same secret. Hashing is not a keyed operation by default (though HMAC is keyed); it maps arbitrary data to a fixed-size digest and is primarily used for integrity checking, fingerprints, and password hashing constructions. Padding is a data formatting technique (e.g., PKCS#7) used to align plaintext to a block size; it is not a cryptographic "operation" that uses a key. Therefore, the cryptographic operation characterized by using one key shared between parties is symmetric encryption. In real systems, symmetric encryption is frequently combined with asymmetric methods for key exchange and with MACs/AEAD for integrity, producing the standard hybrid approach used in protocols like TLS and IPsec.


NEW QUESTION # 39
(What is the length (in bits) of a SHA-1 hash output?)

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
SHA-1 (Secure Hash Algorithm 1) produces a fixed-size output of 160 bits (20 bytes). Hash output size matters in cryptography because it influences collision resistance and the effort required for various attacks. For an ideal n-bit hash, finding a collision by generic means is expected around 2^(n/2) operations (birthday bound). With SHA-1's 160-bit output, that generic bound would be about 2^80, which was once considered strong; however, SHA-1 has been broken in practice with significantly less work due to cryptanalytic advances, and it is now deprecated for most security uses. Still, the question is strictly about output length, not current suitability. The other options do not match SHA-1: 40 bits would be far too small for a modern hash, 80 bits is not SHA-1's output, and 320 bits would imply a much larger digest (closer to SHA-256's 256 bits or SHA-384's 384 bits). Therefore, the correct SHA-1 output length is 160 bits.


NEW QUESTION # 40
(What is the RC4 encryption key size when utilizing WPA with Temporal Key Integrity Protocol (TKIP)?)

  • A. 40 bits
  • B. 56 bits
  • C. 256 bits
  • D. 128 bits

Answer: D

Explanation:
WPA with TKIP was designed as an interim improvement over WEP while still using the RC4 stream cipher for compatibility with legacy hardware. TKIP addresses WEP's major weaknesses by introducing per-packet key mixing, a message integrity mechanism ("Michael"), and replay protection.
In TKIP, the encryption key used with RC4 is 128 bits. Practically, TKIP derives a per-packet RC4 key from a 128-bit temporal key (TK), the transmitter's MAC address, and a sequence counter (TKIP Sequence Counter, TSC) to avoid the simple IV reuse patterns that made WEP easy to break. Even with these improvements, TKIP has known weaknesses and is deprecated in favor of WPA2/WPA3 using AES-based CCMP/GCMP. But strictly for the question asked, TKIP's RC4 keying material is based on a 128-bit key size, not 40/56-bit legacy sizes and not 256-bit.


NEW QUESTION # 41
(What is the correlation between the number of rounds and the key length used in the AES algorithm?)

  • A. The number of rounds increases as the key length increases.
  • B. The key length is the same regardless of the number of rounds.
  • C. The number of rounds decreases as the key length increases.
  • D. The number of rounds is the same regardless of the key length.

Answer: A

Explanation:
In AES, the number of rounds is explicitly tied to the key length. AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-256 uses 14 rounds. The purpose of additional rounds is to increase diffusion and confusion, strengthening resistance against cryptanalysis as the key schedule and state transformations iterate more times. Although key length primarily affects brute-force resistance, AES's designers and standardization parameters link longer keys with more rounds to maintain security margins across variants, especially considering differences in the key schedule structure. Thus, as key length increases from 128 to 192 to 256 bits, the number of rounds increases correspondingly from 10 to
12 to 14. This relationship is fixed by the AES specification and does not vary dynamically at runtime.
Therefore, the correct correlation is that the number of rounds increases as the key length increases.


NEW QUESTION # 42
(What are the primary characteristics of Bitcoin proof of work?)

  • A. Easy to produce and easy to verify
  • B. Difficult to produce and difficult to verify
  • C. Easy to produce and difficult to verify
  • D. Difficult to produce and easy to verify

Answer: D

Explanation:
Bitcoin's proof of work (PoW) is designed so that finding a valid block is computationally difficult, but checking validity is computationally easy. Miners must repeatedly hash candidate block headers (double SHA-256) with different nonces until they find a hash value below a network-defined target.
This trial-and-error search requires significant work and energy because the probability of success per attempt is extremely low at current difficulty levels. However, verification is straightforward: any node can hash the block header once (or a small number of times) and confirm the resulting hash meets the target threshold and that the block contents follow protocol rules. This "hard to produce, easy to verify" property is essential: it makes it expensive for attackers to rewrite history or outpace honest miners, while allowing all participants-even low-power devices-to validate blocks efficiently.
Therefore, the primary characteristic of Bitcoin proof of work is that it is difficult to produce and easy to verify.


NEW QUESTION # 43
(Which authentication method allows a web service installed on a network operating system to prove its identity to a customer?)

  • A. One-way client authentication
  • B. Mutual authentication
  • C. One-way server authentication
  • D. End-to-end authentication

Answer: C

Explanation:
One-way server authentication is the standard model used by most TLS-enabled web services to prove the server's identity to a client. In this model, the server presents an X.509 certificate during the TLS handshake. The client validates the certificate chain to a trusted root CA, checks hostname binding (CN
/SAN), validates validity dates, and may check revocation status. If validation succeeds, the client gains cryptographic assurance that it is communicating with the holder of the private key corresponding to the server certificate's public key, and that the certificate is issued to the expected domain/identity. This proves the server's identity to the customer without requiring the customer to present a certificate.
Mutual authentication would require both client and server to authenticate each other using certificates (commonly in certain enterprise APIs), but the question asks specifically about the web service proving its identity to the customer, which is satisfied by server-only authentication. One-way client authentication is the opposite direction (client proves identity to server). "End-to-end authentication" is a broader concept and not the specific TLS identity proof mechanism described here. Thus, one-way server authentication is the correct choice.


NEW QUESTION # 44
(Which cipher uses shifting letters of the alphabet for encryption?)

  • A. Caesar
  • B. SHA-1
  • C. Vigenere
  • D. Bifid

Answer: A

Explanation:
The Caesar cipher is the classic substitution cipher that encrypts by shifting letters of the alphabet by a fixed number of positions (e.g., shift by 3: A#D, B#E, etc.). It is a monoalphabetic cipher because a single shift value is applied uniformly across the entire message, making it simple and vulnerable to frequency analysis and brute force (only 25 meaningful shifts in the Latin alphabet). Vigenere also involves shifting, but it uses a repeating keyword to vary the shift per character (polyalphabetic), whereas the question's phrasing typically points to the fundamental "shift cipher," which is Caesar.
SHA-1 is a cryptographic hash function, not a cipher. Bifid is a fractionation cipher combining Polybius square coordinates and transposition, not a direct shifting method. Therefore, the cipher that uses shifting letters of the alphabet for encryption is the Caesar cipher.


NEW QUESTION # 45
(Why should a forensic investigator create a hash of a victim's hard drive and of the bitstream copy of the hard drive?)

  • A. To identify if someone opened the drive
  • B. To establish who created the files on the drives
  • C. To verify that the drives are identical
  • D. To certify the information on the drive is correct

Answer: C

Explanation:
In digital forensics, investigators must preserve evidence integrity and demonstrate an unbroken chain of custody. Creating a cryptographic hash (such as SHA-256) of the original drive and then hashing the forensic bitstream image provides a strong mathematical assurance that the copy is an exact, bit-for-bit replica. Because secure hash functions are designed so that any tiny change in data produces a dramatically different digest, matching hashes indicate the image contains identical data to the source at the time of acquisition. This is critical in legal and investigative contexts: analysis is performed on the copy, not the original, to avoid altering evidence. If the hashes match, the investigator can testify that the evidence examined is identical to what was collected, supporting admissibility and credibility.
Hashing does not prove who created files, nor does it directly show whether someone "opened the drive"; it specifically validates the integrity and equivalence of the captured image. Therefore, hashing both artifacts is done to verify that the original and the bitstream copy are identical.


NEW QUESTION # 46
(Which encryption process sends a list of cipher suites that are supported for encrypted communications?)

  • A. ServerHello
  • B. Forward secrecy
  • C. Integrity check
  • D. ClientHello

Answer: D

Explanation:
In the TLS handshake, the ClientHello message is the client's opening negotiation message and includes the client's supported cryptographic capabilities. A key part of ClientHello is the offered cipher suites list, which advertises combinations of key exchange, authentication, encryption, and integrity/AEAD algorithms the client is willing to use. The server responds with ServerHello, selecting one of the offered cipher suites (in TLS 1.2 and earlier) and confirming protocol parameters. Forward secrecy is a property achieved by using ephemeral key exchange (e.g., (EC)DHE), not a specific message that "sends a list." "Integrity check" is a security goal/mechanism, not the negotiation step. While TLS 1.3 changes the structure of negotiation (cipher suite list still appears in ClientHello but only covers AEAD and hash; key exchange is negotiated via extensions), the fundamental idea remains: the client proposes supported cipher suites in ClientHello, and the server picks compatible parameters. Therefore, the process that sends the list of supported cipher suites is the ClientHello.


NEW QUESTION # 47
(What makes the RC4 cipher unique compared to RC5 and RC6?)

  • A. Asymmetric
  • B. Block
  • C. Symmetric
  • D. Stream

Answer: D

Explanation:
RC4 is unique among the RC family listed because it is a stream cipher. It generates a pseudorandom keystream and encrypts data by XORing that keystream with plaintext bytes (and decryption is the same XOR operation). This differs from RC5 and RC6, which are block ciphers: they encrypt fixed-size blocks of data through multiple rounds of operations (such as modular addition, XOR, and rotations) using a secret key. The stream-cipher design means RC4 historically fit protocols where data arrives continuously (e.g., early wireless and web encryption) and where simple, fast software implementation was desired. However, stream ciphers demand careful handling of nonces/IVs to avoid keystream reuse; reuse can catastrophically leak plaintext relationships. RC4 also has well-documented statistical biases in its keystream, leading to practical attacks in protocols like WEP and later concerns in TLS, which is why RC4 has been deprecated in modern security standards. Still, from a classification standpoint, "stream" is the distinguishing characteristic versus RC5/RC6 being block ciphers.


NEW QUESTION # 48
(Which attack maps hashed values to their original input data?)

  • A. Brute-force
  • B. Dictionary
  • C. Rainbow table
  • D. Birthday

Answer: C

Explanation:
A rainbow table attack uses large, precomputed tables that link hash outputs back to likely original inputs (typically passwords). Instead of storing every password#hash pair directly (which would be huge), rainbow tables store chains created by alternating hash operations with reduction functions, allowing attackers to reconstruct candidate plaintexts that produce a given hash. This makes cracking fast,ifthe target hashes are unsalted and use a known, fast hash function. Salt defeats rainbow tables because the attacker would need separate tables for each salt value, which becomes infeasible when salts are unique and sufficiently large. A dictionary attack is related but typically computes hashes on the fly from a wordlist rather than using precomputed chain structures. A birthday attack targets collisions, not mapping to original data. Brute-force tries all candidates without precomputation.
Because the question explicitly describes mapping hashed values back to original data via a precomputed approach, the correct choice is Rainbow table.


NEW QUESTION # 49
(What is an attribute of RC4 when used with WEP?)

  • A. 512-bit key
  • B. 40-bit key
  • C. 128-bit key
  • D. 256-bit key

Answer: B

Explanation:
In classic WEP deployments, RC4 was used with what is commonly called "40-bit WEP" (also labeled
"64-bit WEP" because it combines a 40-bit secret key with a 24-bit IV to form a 64-bit RC4 seed). The key attribute emphasized in many foundational descriptions of WEP is this 40-bit shared secret length, which was originally chosen due to export restrictions and legacy constraints. Although "104-bit WEP" (sometimes called "128-bit WEP," again counting the 24-bit IV) also existed, the option set here points to the historically standard and widely referenced attribute: a 40-bit key when RC4 is used in WEP.
Importantly, WEP's security failure is not only about key size; the 24-bit IV is too small and repeats frequently, and WEP's key scheduling vulnerabilities combined with IV reuse allow attackers to recover the secret key with enough captured frames. Still, among the given options, the correct attribute is the 40-bit key.


NEW QUESTION # 50
(What is a component of a one-time password (OTP) that is needed to guess future iterations of passwords?)

  • A. Seed
  • B. Function
  • C. Encryption algorithm
  • D. Initialization vector

Answer: A

Explanation:
OTP systems (such as HOTP and TOTP) generate a sequence of passwords using a shared secret and a moving factor (counter or time). The critical secret that underpins the ability to compute past or future OTP values is the seed (also called the shared secret key). In HOTP, the seed is used with an HMAC function and an incrementing counter; in TOTP, the seed is used with HMAC and a time-step value. If an attacker obtains the seed and knows the algorithm and moving factor, they can compute future OTPs. The "function" and "encryption algorithm" are typically standardized and public; security relies on keeping the seed secret. An initialization vector is not a standard OTP component in HOTP
/TOTP generation. Therefore, the component needed to predict future OTP values is the seed.
Protecting the seed is essential: it should be stored securely (e.g., hardware token secure storage) and transmitted only through controlled provisioning processes. If compromised, OTP becomes predictable and no longer serves as a strong second factor.


NEW QUESTION # 51
(What describes how Counter (CTR) mode encryption functions?)

  • A. Encrypts each block with the same key, where each block is independent of the others
  • B. Uses an IV to encrypt the first block, then uses the result of the encryption to encrypt the next block
  • C. Uses a self-synchronizing stream cipher where the IV is encrypted and XORed with the data stream one bit at a time
  • D. Converts the block cipher into a stream cipher, then uses a counter value and a nonce to encrypt the data

Answer: D

Explanation:
CTR mode turns a block cipher (like AES) into a stream-like construction by generating a keystream from successive encryptions of a changing input block. Specifically, CTR forms input blocks using a nonce (unique per message) combined with an increasing counter. Each nonce||counter block is encrypted with the block cipher under the shared key, producing a pseudorandom output block. That output is then XORed with plaintext to yield ciphertext (and XORed with ciphertext to recover plaintext). This design enables parallelization (blocks can be generated independently), efficient random access decryption, and avoids chaining dependencies seen in modes like CBC. Option B describes CFB-like behavior; option C describes ECB; option D describes CBC. CTR's security critically depends on never reusing the same nonce/counter sequence with the same key, because reuse would repeat keystream blocks and expose plaintext relationships. Therefore, the correct description is that CTR converts the block cipher into a stream cipher using a counter value and a nonce.


NEW QUESTION # 52
(What is used to randomize the initial value when generating Initialization Vectors (IVs)?)

  • A. Algorithm
  • B. Key
  • C. Plaintext
  • D. Nonce

Answer: D

Explanation:
An IV (Initialization Vector) is a value used to ensure that encrypting identical plaintext under the same key produces different ciphertexts, preventing pattern leakage. In many secure designs, the IV must be unique (and often unpredictable) per encryption operation. A common way to ensure uniqueness is to incorporate a nonce-a "number used once." A nonce can be random, pseudo-random, or a counter-based value depending on the mode and security requirements. For example, CTR mode uses a nonce combined with a counter to produce unique input blocks; GCM uses a nonce/IV to ensure unique authentication and encryption behavior. The encryption key should remain stable across many operations and should not be used as the "randomizer" for IV generation; mixing key material into IV creation in an ad hoc way can create reuse or correlation issues. Plaintext and algorithm do not provide the needed uniqueness property. The nonce concept is specifically about ensuring one-time uniqueness of the starting value so that IV reuse does not repeat keystream blocks (stream modes) or reveal plaintext equality (CBC/CTR). Therefore, the correct choice is Nonce.


NEW QUESTION # 53
(Which additional input element can be used to implement integrity in combination with symmetric ciphers?)

  • A. Encoding algorithm
  • B. Initialization vector
  • C. Nonce value
  • D. Hash function

Answer: D

Explanation:
Symmetric encryption alone typically provides confidentiality, but it does not automatically provide integrity. Many encryption modes (especially older ones like CBC without authentication) are malleable, meaning an attacker may be able to modify ciphertext and cause predictable changes in plaintext after decryption. To add integrity, systems commonly combine symmetric encryption with a cryptographic hash-based integrity mechanism, such as a hash function used in an HMAC (Hash-based Message Authentication Code) or a dedicated authenticated-encryption mode like GCM that internally uses authentication tags. Among the given options, a hash function is the fundamental additional element that enables integrity checks: it allows construction of a MAC (e.g., HMAC-SHA-256) that the receiver verifies to detect any tampering. An initialization vector and a nonce value are used to ensure uniqueness and randomness properties for encryption but do not, by themselves, guarantee integrity.
An encoding algorithm changes representation, not security. Therefore, the correct additional input element for implementing integrity alongside symmetric encryption is a hash function, typically as part of an HMAC or similar MAC construction.


NEW QUESTION # 54
......

Introduction-to-Cryptography Dumps With 100% Verified Q&As - Pass Guarantee or Full Refund: https://www.pdf4test.com/Introduction-to-Cryptography-dump-torrent.html

Pass WGU Introduction-to-Cryptography Exam With Practice Test Questions Dumps Bundle: https://drive.google.com/open?id=1T1q2hEl0alYBMHiMMGjeiBU5D95raLkt

Related Articles

more
WGU Introduction-to-Cryptography Certification Practice Exam

PDF4Test will provide you with the valid test questions and test answers to help you pass certification actual test smoothly.

Latest dump torrent

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 PDF4Test NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy