• Home
  • Articles
  • Pass Introduction-to-Cryptography Exam with Updated Introduction-to-Cryptography Exam Dumps PDF 2026 [Q17-Q42]

Pass Introduction-to-Cryptography Exam with Updated Introduction-to-Cryptography Exam Dumps PDF 2026 [Q17-Q42]

Share

Pass Introduction-to-Cryptography Exam with Updated Introduction-to-Cryptography Exam Dumps PDF 2026

Introduction-to-Cryptography Exam Dumps - Free Demo & 365 Day Updates

NEW QUESTION # 17
(Which type of network were VPN connections originally designed to tunnel through?)

  • A. Public
  • B. Private
  • C. Protected
  • D. Encrypted

Answer: A

Explanation:
A VPN (Virtual Private Network) is designed to create a secure, private communication channel over an otherwise untrusted or shared infrastructure. Historically and conceptually, VPNs were built to allow organizations and users to transmit sensitive traffic across the public Internet while maintaining confidentiality, integrity, and authenticity. The "virtual" aspect means the network behaves like a private link, but the underlying transport is typically a public network where attackers could potentially observe or tamper with traffic. VPN technologies such as IPsec and SSL/TLS-based VPNs encapsulate packets and apply encryption and authentication so that the payload and session metadata are protected even when traversing public routing domains. Options like "encrypted" and "protected" describe properties of the VPN tunnel itself rather than the underlying network it traverses; the VPN provides encryption/protection precisely because the medium is not inherently secure. "Private" would describe a dedicated internal network, which generally does not require a VPN to achieve basic confidentiality. Therefore, VPNs were originally designed to tunnel through public networks.


NEW QUESTION # 18
(Which mechanism implemented in WPA-Enterprise guards against bit-flipping exploits?)

  • A. Advanced Encryption Standard (AES)
  • B. Pre-shared key (PSK)
  • C. Message Integrity Check (MIC)
  • D. Global encryption key

Answer: C

Explanation:
Bit-flipping exploits target encryption modes or protocols that do not provide strong integrity, allowing attackers to modify ciphertext so that predictable changes occur in plaintext after decryption. To defend against this, protocols add an integrity mechanism that detects tampering. In WPA (including enterprise deployments), TKIP introduced a Message Integrity Check (MIC) called "Michael." The MIC is computed over the frame contents (with additional fields) and verified by the receiver; if an attacker flips bits in transit, the MIC verification fails, and the frame is rejected. While AES (used by WPA2's CCMP) also provides integrity via authenticated encryption, the option presented that directly names the tamper-detection mechanism associated with guarding against bit-flipping is MIC. A pre- shared key is an authentication/keying method (and not enterprise-mode anyway), and a "global encryption key" would be the opposite of what you want-global/static keys worsen security.
Therefore, the intended mechanism that mitigates bit-flipping by detecting unauthorized modifications is the Message Integrity Check.


NEW QUESTION # 19
(Which encryption algorithm encrypts with one key, decrypts with another key, and then encrypts with the first key?)

  • A. 3DES
  • B. AES
  • C. IDEA
  • D. DES

Answer: A

Explanation:
3DES (Triple DES) commonly uses an Encrypt-Decrypt-Encrypt (EDE) sequence. In the two-key form, it encrypts with key K1, decrypts with key K2, then encrypts again with K1. In the three-key form, it encrypts with K1, decrypts with K2, then encrypts with K3. The EDE construction was chosen partly for backward compatibility: if K1=K2=K3, the scheme reduces to single DES, allowing older systems to interoperate in constrained ways. AES and IDEA do not use an EDE triple-stage process as their defining structure; they are single-pass block ciphers with internal rounds. DES is a single-pass algorithm (one key) rather than a triple application with multiple keys. Therefore, the algorithm described-encrypt with one key, decrypt with another, encrypt with the first-is 3DES. Although now considered legacy, it remains a classic example of increasing effective security by applying a block cipher multiple times with independent keys.


NEW QUESTION # 20
(Which mechanism can be applied to protect the integrity of plaintext when using AES?)

  • A. RC4
  • B. Kerberos key sharing
  • C. Message Authentication Code (MAC)
  • D. RSA

Answer: C

Explanation:
AES by itself is a symmetric block cipher that provides confidentiality, but not guaranteed integrity unless used in an authenticated mode. To protect integrity of the plaintext (ensuring it has not been altered), a Message Authentication Code (MAC) can be applied. In the classic Encrypt-then-MAC pattern, the sender encrypts the plaintext with AES and then computes a MAC (often HMAC-SHA-256 or CMAC-AES) over the ciphertext (and relevant headers). The receiver verifies the MAC before attempting decryption, preventing tampering and many padding-oracle style vulnerabilities.
Alternatively, AES can be used in an AEAD mode like AES-GCM, which produces an authentication tag serving a similar purpose, but among the listed options the general integrity mechanism is "MAC." RC4 is an unrelated stream cipher and does not provide integrity. RSA is asymmetric and not the standard integrity add-on for AES-encrypted bulk data. Kerberos is an authentication protocol and key distribution system, not a message integrity primitive. Therefore, to protect plaintext integrity when using AES, the correct mechanism is a Message Authentication Code.


NEW QUESTION # 21
(What is the correlation between the number of rounds and the key length used in the AES algorithm?)

  • A. The number of rounds decreases as the key length increases.
  • B. The key length is the same regardless of the number of rounds.
  • C. The number of rounds increases as the key length increases.
  • D. The number of rounds is the same regardless of the key length.

Answer: C

Explanation:
In AES, the number of rounds is explicitly tied to the key length. AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-256 uses 14 rounds. The purpose of additional rounds is to increase diffusion and confusion, strengthening resistance against cryptanalysis as the key schedule and state transformations iterate more times. Although key length primarily affects brute-force resistance, AES's designers and standardization parameters link longer keys with more rounds to maintain security margins across variants, especially considering differences in the key schedule structure. Thus, as key length increases from 128 to 192 to 256 bits, the number of rounds increases correspondingly from 10 to
12 to 14. This relationship is fixed by the AES specification and does not vary dynamically at runtime.
Therefore, the correct correlation is that the number of rounds increases as the key length increases.


NEW QUESTION # 22
(Which number generator has different results given the same input data?)

  • A. True random
  • B. Pseudorandom
  • C. Sequence
  • D. Prime

Answer: A

Explanation:
A true random number generator (TRNG) produces outputs derived from nondeterministic physical processes (e.g., thermal noise, oscillator jitter, radioactive decay, or other hardware entropy sources).
Because the underlying phenomenon is not algorithmically determined by an input seed in the same way as a PRNG, repeated "inputs" (or identical conditions from a software perspective) do not yield the same sequence; the outputs vary unpredictably. By contrast, a pseudorandom number generator (PRNG) is deterministic: given the same seed and internal state, it produces the same output sequence, which is useful for repeatability but means security depends on seed secrecy and proper seeding.
"Prime" is not a generator type, and "sequence" is too generic and does not imply nondeterminism. In cryptographic systems, TRNGs (or hardware entropy sources) are often used to seed cryptographically secure PRNGs (CSPRNGs), combining high-quality entropy with efficient generation. Therefore, the generator that can produce different results for the "same input data" is a true random number generator.


NEW QUESTION # 23
(An administrator has configured a Virtual Private Network (VPN) connection utilizing IPsec transport mode with Encapsulating Security Payload (ESP) between a server in the corporate office and a client computer in the remote office. In which situation can the packet content be inspected?)

  • A. Only in the offsite location's network while data is in transit
  • B. On devices at headquarters and offsite before being sent and after being received
  • C. Only in the headquarters' network while data is in transit
  • D. In the headquarters' and offsite location's networks after the data has been sent

Answer: B

Explanation:
With IPsec ESP in transport mode, the payload of the original IP packet (typically the transport-layer segment and higher) is encrypted and integrity-protected between the two endpoints-here, the corporate server and the remote client. Because encryption is applied by the sending endpoint and removed only by the receiving endpoint, intermediate routers, switches, and monitoring devices in either network cannot view the protected payload while it is in transit. They may see outer IP headers and certain metadata needed for routing, but not the encrypted content protected by ESP. As a result, the packet's contents are inspectable only at the endpoints: before encryption on the sender (plaintext exists in memory/stack before IPsec processing) and after decryption on the receiver (plaintext is restored for the application). This is true whether the traffic traverses internal networks or the Internet; the cryptographic boundary is between the endpoints participating in the IPsec SA.
Therefore, inspection of the actual content is possible only on the devices at headquarters and offsite, before sending and after receiving, not by in-transit networks.


NEW QUESTION # 24
(A security engineer is implementing device authentication as a form of two-factor authentication in a Public Key Infrastructure (PKI) environment. What should be used as a second form of authentication?)

  • A. Digital signature
  • B. Symmetric encryption
  • C. Asymmetric encryption
  • D. Digital certificate

Answer: D

Explanation:
In a PKI environment, a digital certificate is the standard credential used to bind an identity (user, device, service) to a public key, with that binding vouched for by a Certificate Authority. For device authentication, the device typically proves possession of the private key corresponding to the certificate' s public key (for example, during a TLS handshake). As a second factor in a two-factor model, a certificate (often stored in a TPM, smart card, or secure enclave) represents "something you have"-a cryptographic credential anchored to hardware or a managed endpoint. The other listed options (symmetric encryption, asymmetric encryption, digital signature) are cryptographic operations or algorithm classes, not stand-alone authentication factors. A digital signature is a mechanism used within authentication flows, but it is not itself the credential that establishes an enrolled device identity within PKI. In practice, a certificate-based device factor is commonly paired with a knowledge factor (password/PIN) or a biometric factor to achieve true 2FA, but among these choices, the appropriate second form of authentication in PKI terms is the digital certificate.


NEW QUESTION # 25
(Which default port must be allowed by firewalls for the key exchange of the IPsec handshaking process to be successful?)

  • A. UDP 500
  • B. TCP 443
  • C. UDP 443
  • D. TCP 500

Answer: A

Explanation:
IPsec's initial key exchange is commonly performed using IKE (Internet Key Exchange), which negotiates Security Associations (SAs), authenticates peers, and establishes shared keys for ESP/AH protection. The traditional and default transport for IKEv1 and IKEv2 is UDP port 500. During negotiation, peers exchange proposals (crypto suites), perform Diffie-Hellman to derive key material, and authenticate using pre-shared keys, certificates, or EAP methods. If a firewall blocks UDP 500, the IKE negotiation cannot begin, preventing IPsec tunnels from forming. In many real deployments, NAT traversal is also used; in that case, traffic typically shifts to UDP 4500 (NAT-T) after detection of NAT, but UDP 500 is still required for the initial exchange and NAT detection in many configurations. TCP
500 is not standard for IKE. Port 443 is associated with HTTPS/TLS and some SSL VPNs, not IPsec IKE. Therefore, among the options provided, the firewall must allow UDP 500 for IPsec key exchange to succeed.


NEW QUESTION # 26
(Which authentication method allows a customer to authenticate to a web service?)

  • A. One-way client authentication
  • B. Mutual authentication
  • C. End-to-end authentication
  • D. One-way server authentication

Answer: A

Explanation:
One-way client authentication is the method where the client (customer) proves its identity to the server (web service). In cryptographic terms, this is commonly implemented through client credentials such as client TLS certificates (mTLS from the server's perspective) or through authentication protocols layered over TLS (for example, signed tokens), but the defining direction is that the client is the party being authenticated. In a strict TLS certificate-authentication framing, client authentication occurs when the server requests a client certificate during the handshake and the client demonstrates possession of the corresponding private key (via signature in handshake messages). The server then validates the client certificate chain and authorization policy. One-way server authentication, by contrast, authenticates only the server to the client and does not identify the customer. Mutual authentication authenticates both sides simultaneously; while it includes client authentication, it is broader than what the question asks. "End-to-end authentication" describes assurance between endpoints across intermediaries, but it is not the specific "customer authenticates to service" method in certificate-based terminology. Therefore, the best answer is one-way client authentication.


NEW QUESTION # 27
(What describes a true random number generator?)

  • A. Integer increased by one to match requests and responses
  • B. Unique integer determined through factorization of integers
  • C. Fast and deterministic, and the same input produces the same results
  • D. Slow and nondeterministic, and the same input produces different results

Answer: D

Explanation:
A true random number generator (TRNG) draws randomness from physical phenomena that are inherently unpredictable and not algorithmically reproducible. Because of this, it is nondeterministic:
you cannot feed it the same "input" and expect the same output stream. TRNGs are often slower than PRNGs because they depend on collecting entropy from hardware sources and may require conditioning to remove bias. This aligns with option B: slow and nondeterministic, producing different results even under similar or repeated conditions. Option A describes a deterministic PRNG, where identical seeds yield identical sequences. Option C is unrelated; factorization is a hard math problem used in cryptography (e.g., RSA security assumptions), not a randomness generator definition. Option D describes a counter, which is deterministic and not random. In secure systems, TRNG output may seed a cryptographically secure PRNG to provide both unpredictability and high throughput; but the defining characteristic of a TRNG is nondeterminism from physical entropy. Therefore, option B is correct.


NEW QUESTION # 28
(Which attack may take the longest amount of time to achieve success?)

  • A. Birthday
  • B. Dictionary
  • C. Brute-force
  • D. Rainbow table

Answer: C

Explanation:
A brute-force attack exhaustively tries every possible key or password candidate until the correct one is found. Because it explores the full search space (or a very large portion of it), brute force is often the slowest method, especially when strong keys, long passwords, rate limits, and slow password hashing (bcrypt/Argon2) are used. By contrast, a dictionary attack reduces work by trying only common or likely passwords, often succeeding quickly against weak human-chosen secrets. Rainbow table attacks shift work into precomputation; once a table exists, lookup can be faster than brute-force-though salt and modern hashing defeat them. Birthday attacks are about finding collisions, not necessarily recovering a specific secret, and their expected work is about 2^(n/2) for an n-bit hash, which can be less than brute-force key search in many contexts. Therefore, among the listed options, brute-force generally takes the longest to succeed because it makes the fewest assumptions and does the most total work.


NEW QUESTION # 29
(Why should a forensic investigator create a hash of a victim's hard drive and of the bitstream copy of the hard drive?)

  • A. To certify the information on the drive is correct
  • B. To establish who created the files on the drives
  • C. To verify that the drives are identical
  • D. To identify if someone opened the drive

Answer: C

Explanation:
In digital forensics, investigators must preserve evidence integrity and demonstrate an unbroken chain of custody. Creating a cryptographic hash (such as SHA-256) of the original drive and then hashing the forensic bitstream image provides a strong mathematical assurance that the copy is an exact, bit-for-bit replica. Because secure hash functions are designed so that any tiny change in data produces a dramatically different digest, matching hashes indicate the image contains identical data to the source at the time of acquisition. This is critical in legal and investigative contexts: analysis is performed on the copy, not the original, to avoid altering evidence. If the hashes match, the investigator can testify that the evidence examined is identical to what was collected, supporting admissibility and credibility.
Hashing does not prove who created files, nor does it directly show whether someone "opened the drive"; it specifically validates the integrity and equivalence of the captured image. Therefore, hashing both artifacts is done to verify that the original and the bitstream copy are identical.


NEW QUESTION # 30
(What are the primary characteristics of Bitcoin proof of work?)

  • A. Difficult to produce and difficult to verify
  • B. Easy to produce and difficult to verify
  • C. Difficult to produce and easy to verify
  • D. Easy to produce and easy to verify

Answer: C

Explanation:
Bitcoin's proof of work (PoW) is designed so that finding a valid block is computationally difficult, but checking validity is computationally easy. Miners must repeatedly hash candidate block headers (double SHA-256) with different nonces until they find a hash value below a network-defined target.
This trial-and-error search requires significant work and energy because the probability of success per attempt is extremely low at current difficulty levels. However, verification is straightforward: any node can hash the block header once (or a small number of times) and confirm the resulting hash meets the target threshold and that the block contents follow protocol rules. This "hard to produce, easy to verify" property is essential: it makes it expensive for attackers to rewrite history or outpace honest miners, while allowing all participants-even low-power devices-to validate blocks efficiently.
Therefore, the primary characteristic of Bitcoin proof of work is that it is difficult to produce and easy to verify.


NEW QUESTION # 31
(Which mode of encryption uses an Initialization Vector (IV) to encrypt the first block and then uses the result to encrypt the next block?)

  • A. Output Feedback (OFB)
  • B. Cipher Block Chaining (CBC)
  • C. Electronic Codebook (ECB)
  • D. Cipher Feedback (CFB)

Answer: B

Explanation:
CBC mode introduces dependency between blocks to prevent the pattern leakage seen in ECB. It starts with a random (or unpredictable) IV for the first block. Before encrypting block 1, CBC XORs plaintext block 1 with the IV, then encrypts the result. For block 2 and onward, CBC XORs each plaintext block with the previous ciphertext block before encryption. This chaining means that changing one plaintext block affects that block's ciphertext and also influences the next block's computation. The IV ensures that encrypting the same message twice under the same key produces different ciphertexts (assuming a fresh IV). Option A (ECB) has no IV or chaining. OFB and CFB are feedback modes that effectively generate a keystream; they do use an IV, but the "uses the result to encrypt the next block" wording most directly matches CBC's ciphertext-chaining description in standard teaching. CBC still requires integrity protection (e.g., HMAC or an AEAD mode) because it can be malleable without authentication. Therefore, the correct mode is Cipher Block Chaining (CBC).


NEW QUESTION # 32
(Why should an administrator choose lightweight cryptography?)

  • A. The data requires minimal protection due to the sensitivity level.
  • B. The embedded system has limited resources.
  • C. The desktop is in a secure area of the building.
  • D. The payload requires complex rounds of encryption.

Answer: B

Explanation:
Lightweight cryptography is designed for constrained environments-devices with limited CPU, memory, storage, bandwidth, and power (battery). Examples include IoT sensors, smart locks, RFID tags, embedded controllers, and industrial devices. Administrators choose lightweight algorithms and protocols to maintain reasonable security while fitting strict resource budgets and real-time constraints.
The goal is not "weaker security because data is unimportant," but rather efficient security that can still meet threat models under constraints. Option B captures this: embedded systems often cannot afford the computational cost of heavy cryptographic primitives (large key sizes, complex modes, frequent handshakes) or may struggle with latency and energy consumption. Option A is irrelevant because physical security of a desktop doesn't remove the need for cryptography in communications or storage. Option C is the opposite of lightweight design. Option D is a poor justification; security design should be based on risk, and lightweight cryptography is not merely for "minimal protection," but for practical deployability under constraints. Therefore, the correct reason is limited resources on embedded systems.


NEW QUESTION # 33
(What are the roles of keys when using digital signatures?)

  • A. A private key is used for both signing and signature validation.
  • B. A private key is used for signing, and a public key is used for signature validation.
  • C. A public key is used for signing, and a private key is used for signature validation.
  • D. A public key is used for both signing and signature validation.

Answer: B


NEW QUESTION # 34
(How are limits managed for the number of bitcoins that can be created and stored in a blockchain?)

  • A. Each person has a maximum number
  • B. The total number of participants has been set
  • C. A maximum has been established per country
  • D. Rewards for mining reduce over time

Answer: D

Explanation:
Bitcoin's supply is controlled by protocol rules enforced by consensus: new bitcoins enter circulation through the block subsidy awarded to miners for producing valid blocks. This subsidy is programmed to halve at fixed intervals (every 210,000 blocks), which steadily reduces the rate of new coin creation over time and asymptotically approaches a capped total supply (commonly cited as 21 million BTC).
This mechanism is often called the halving schedule and is the primary way limits are managed. The number of participants is not fixed; anyone can run a node or mine. There is no per-country cap and no per-person maximum enforced by the protocol-addresses and ownership are not limited that way. The supply cap emerges from the decreasing issuance schedule combined with consensus validation rules that reject blocks creating coins beyond what the schedule allows. Therefore, the correct answer is that limits are managed because rewards for mining reduce over time.


NEW QUESTION # 35
(Which certificate encoding process is binary-based?)

  • A. Rivest-Shamir-Adleman (RSA)
  • B. Distinguished Encoding Rules (DER)
  • C. Public Key Infrastructure (PKI)
  • D. Privacy Enhanced Mail (PEM)

Answer: B

Explanation:
DER (Distinguished Encoding Rules) is a binary encoding format used to represent ASN.1 structures in a canonical, unambiguous way. X.509 certificates are defined using ASN.1, and DER provides a strict subset of BER (Basic Encoding Rules) that guarantees a single, unique encoding for any given data structure. That "unique encoding" property is important for cryptographic operations such as hashing and digital signatures, because different encodings of the same abstract data could otherwise produce different hashes and break signature verification. In contrast, PEM is not a binary encoding; it is essentially a Base64-encoded text wrapper around DER data, bounded by header/footer lines (e.g.,
"BEGIN CERTIFICATE"). PKI is an overall framework for certificate issuance, trust, and lifecycle management-not an encoding. RSA is an asymmetric algorithm used for encryption/signing, not a certificate encoding format. Therefore, the binary-based certificate encoding process among the options is DER.


NEW QUESTION # 36
(Which symmetric encryption technique uses a 112-bit key size and a 64-bit block size?)

  • A. 3DES
  • B. AES
  • C. IDEA
  • D. DES

Answer: A

Explanation:
3DES (Triple DES) is a symmetric block cipher that retains DES's 64-bit block size while increasing effective security by applying DES multiple times. The common "two-key 3DES" variant uses two independent 56-bit DES keys (K1 and K2) in an Encrypt-Decrypt-Encrypt (EDE) sequence: Encrypt with K1, Decrypt with K2, then Encrypt again with K1. Because each DES key is 56 bits (ignoring parity bits), the total keying material is 112 bits. This matches the question's "112-bit key size and 64- bit block size." Plain DES uses only a 56-bit effective key and a 64-bit block size, so it does not match the 112-bit key size. AES has a 128-bit block size and key sizes of 128/192/256. IDEA uses a 64-bit block size but has a 128-bit key. Therefore, the correct algorithm is 3DES. Although 3DES improved on DES, it is now considered legacy due to its small 64-bit block size (birthday-bound issues for large data volumes) and performance overhead compared to AES.


NEW QUESTION # 37
(Which component is used to verify the integrity of a message?)

  • A. TKIP
  • B. IV
  • C. AES
  • D. HMAC

Answer: D

Explanation:
HMAC (Hash-based Message Authentication Code) is a standard mechanism used to verify both integrity and authenticity of a message when two parties share a secret key. It combines a cryptographic hash function (such as SHA-256) with a secret key in a structured way that resists common attacks on naive keyed-hash constructions. The sender computes an HMAC tag over the message and transmits the message plus tag. The receiver recomputes the HMAC using the same shared secret key and compares the result; if the tag matches, the receiver can be confident the message was not modified in transit and that it came from someone who knows the shared key. AES is an encryption algorithm primarily providing confidentiality; it can provide integrity only when used in authenticated modes (e.g., GCM) but "AES" alone is not the integrity component. An IV helps randomize encryption but does not validate integrity. TKIP is a legacy WLAN protocol component, not the general integrity verifier. Therefore, the correct component for verifying message integrity among the options is HMAC.


NEW QUESTION # 38
(An organization wants to digitally sign its software to guarantee the integrity of its source code. Which key should the customer use to decrypt the digest of the source code?)

  • A. Customer's private key
  • B. Organization's private key
  • C. Customer's public key
  • D. Organization's public key

Answer: D

Explanation:
When software is digitally signed, the organization computes a cryptographic hash (digest) of the software (or its manifest) and then signs that digest using the organization's private key. Verification works in the opposite direction: the customer (verifier) uses the organization's public key to validate the signature and recover/confirm the signed digest, then independently hashes the received software and compares the result. If the digests match and the signature validates under the public key, the customer has strong assurance that the software has not been altered since it was signed and that it was signed by the holder of the corresponding private key. The customer never needs the organization's private key-sharing it would destroy security and enable forgery. Likewise, the customer's own keys are irrelevant to verifying the publisher's signature. The organization's public key is typically delivered inside a certificate chain (code signing certificate) so the verifier can also validate publisher identity and trust. Therefore, the customer uses the organization's public key for signature verification (often described as "decrypting" the signed digest).


NEW QUESTION # 39
(Which encryption process sends a list of cipher suites that are supported for encrypted communications?)

  • A. ClientHello
  • B. ServerHello
  • C. Forward secrecy
  • D. Integrity check

Answer: A

Explanation:
In the TLS handshake, the ClientHello message is the client's opening negotiation message and includes the client's supported cryptographic capabilities. A key part of ClientHello is the offered cipher suites list, which advertises combinations of key exchange, authentication, encryption, and integrity/AEAD algorithms the client is willing to use. The server responds with ServerHello, selecting one of the offered cipher suites (in TLS 1.2 and earlier) and confirming protocol parameters. Forward secrecy is a property achieved by using ephemeral key exchange (e.g., (EC)DHE), not a specific message that "sends a list." "Integrity check" is a security goal/mechanism, not the negotiation step. While TLS 1.3 changes the structure of negotiation (cipher suite list still appears in ClientHello but only covers AEAD and hash; key exchange is negotiated via extensions), the fundamental idea remains: the client proposes supported cipher suites in ClientHello, and the server picks compatible parameters. Therefore, the process that sends the list of supported cipher suites is the ClientHello.


NEW QUESTION # 40
(Which mode of encryption converts data into a stream encryption and then uses a counter value and a nonce to encrypt the data?)

  • A. Cipher Block Chaining (CBC)
  • B. Counter (CTR)
  • C. Electronic Codebook (ECB)
  • D. Cipher Feedback (CFB)

Answer: B

Explanation:
CTR (Counter) mode converts a block cipher into a stream-like encryption method by generating a keystream from encrypted counter blocks. The core idea is to construct a sequence of input blocks using a nonce (unique per message/session) plus an incrementing counter. Each nonce||counter block is encrypted with the block cipher under the shared key; the output is a pseudorandom block that is XORed with plaintext to produce ciphertext. Decryption repeats the same keystream generation and XORs with ciphertext to recover plaintext. CTR offers practical benefits: it is highly parallelizable, supports precomputation of keystream blocks, and allows random access to any block without needing previous blocks (unlike CBC). ECB and CBC are block modes that do not use nonce+counter keystream generation. CFB is a feedback mode that can behave stream-like, but it does not use the explicit counter/nonce construction characteristic of CTR. CTR's security hinges on never reusing the same nonce/counter sequence with the same key, because that would reuse the keystream and enable XOR-based plaintext recovery. Therefore, the correct mode is Counter (CTR).


NEW QUESTION # 41
(What is the length (in bits) of a SHA-1 hash output?)

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
SHA-1 (Secure Hash Algorithm 1) produces a fixed-size output of 160 bits (20 bytes). Hash output size matters in cryptography because it influences collision resistance and the effort required for various attacks. For an ideal n-bit hash, finding a collision by generic means is expected around 2^(n/2) operations (birthday bound). With SHA-1's 160-bit output, that generic bound would be about 2^80, which was once considered strong; however, SHA-1 has been broken in practice with significantly less work due to cryptanalytic advances, and it is now deprecated for most security uses. Still, the question is strictly about output length, not current suitability. The other options do not match SHA-1: 40 bits would be far too small for a modern hash, 80 bits is not SHA-1's output, and 320 bits would imply a much larger digest (closer to SHA-256's 256 bits or SHA-384's 384 bits). Therefore, the correct SHA-1 output length is 160 bits.


NEW QUESTION # 42
......

Introduction-to-Cryptography Dumps - Pass Your Certification Exam: https://examsboost.actual4dumps.com/Introduction-to-Cryptography-study-material.html

Related Articles

more
WGU Introduction-to-Cryptography Certification Practice Exam

Copyright © 2026 Actual4Dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy