WGU C254 (Cryptography)Real Exam
With Actual Questions & Verified
Answers,Plus Rationales/Expert Verified
For Guaranteed Pass 2025/2026 /Latest
Update/Instant Download Pdf
Which property ensures that a hash function makes it infeasible to find two different inputs
producing the same output?
A. Preimage resistance
B. Second preimage resistance
C. Collision resistance
D. Avalanche effect
Answer: C. Collision resistance
Rationale: Collision resistance specifically addresses the difficulty of finding two distinct
inputs with the same hash output.
1. Which block cipher mode provides both confidentiality and integrity when used
correctly?
A. ECB
B. CBC
C. GCM
D. CFB
Answer: C. GCM
Rationale: Galois/Counter Mode combines counter-mode encryption with a built-in
authentication tag for integrity.
2. Which algorithm is most commonly used for public-key encryption in email (e.g.,
OpenPGP)?
A. AES
B. RSA
C. SHA-256
D. HMAC
Answer: B. RSA
Rationale: RSA is a widely used asymmetric algorithm for key transport and
encryption in email systems like PGP.
,3. What is the primary purpose of a salt in password hashing?
A. Speed up hashing
B. Provide key expansion
C. Prevent rainbow table attacks
D. Ensure chosen-ciphertext security
Answer: C. Prevent rainbow table attacks
Rationale: Unique salts per password thwart precomputed hash lookups and make
mass cracking harder.
4. Which of the following provides forward secrecy in TLS?
A. RSA key exchange
B. Static Diffie–Hellman (DH)
C. Ephemeral Diffie–Hellman (DHE/ECDHE)
D. PSK without PFS
Answer: C. Ephemeral Diffie–Hellman (DHE/ECDHE)
Rationale: Ephemeral keys create new session keys per connection so past sessions
remain secure even if long-term keys are compromised.
5. In AES, what is the size of the block?
A. 64 bits
B. 128 bits
C. 192 bits
D. 256 bits
Answer: B. 128 bits
Rationale: AES has a fixed 128-bit block size regardless of key length.
6. Which statement best describes a Message Authentication Code (MAC)?
A. Ensures non-repudiation using public keys
B. Provides integrity and authenticity using a shared secret
C. Compresses messages for storage efficiency
D. Encrypts messages with asymmetric keys
Answer: B. Provides integrity and authenticity using a shared secret
Rationale: MACs verify that data originated from someone with the shared key and
was not altered.
7. Which is a secure key-derivation function designed for passwords?
A. MD5
B. PBKDF2
C. CRC32
D. DES
Answer: B. PBKDF2
Rationale: PBKDF2 applies many iterations with a salt to slow down brute-force
attacks.
, 8. Which attack attempts to exploit patterns in ECB mode?
A. Meet-in-the-middle
B. Pixelated image attack
C. Length extension attack
D. Bleichenbacher attack
Answer: B. Pixelated image attack
Rationale: ECB encrypts identical plaintext blocks into identical ciphertext blocks,
revealing patterns like “pixelation.”
9. What does the avalanche effect mean in cryptography?
A. A small change in input causes a large change in output
B. The cipher breaks down rapidly with long messages
C. Output is always uniformly random
D. Keys must be very large
Answer: A. A small change in input causes a large change in output
Rationale: Avalanche ensures diffusion; tiny input changes drastically alter the
output.
10. Which of the following is not a property of a cryptographic hash?
A. Deterministic output
B. Fixed-size output
C. Invertibility
D. Collision resistance (desired)
Answer: C. Invertibility
Rationale: Cryptographic hashes are one-way; they should not be invertible.
11. Which asymmetric algorithm is based on the hardness of discrete logarithms over
elliptic curves?
A. RSA
B. ECC
C. Twofish
D. Blowfish
Answer: B. ECC
Rationale: ECC relies on the elliptic-curve discrete logarithm problem.
12. Which padding oracle issue is commonly associated with CBC mode?
A. Replay attack
B. Bit-flipping with integrity bypass
C. Timing side channels in modular exponentiation
D. Key reuse exposure
Answer: B. Bit-flipping with integrity bypass
Rationale: CBC without authentication can be vulnerable to padding oracle attacks
and bit-flipping.
With Actual Questions & Verified
Answers,Plus Rationales/Expert Verified
For Guaranteed Pass 2025/2026 /Latest
Update/Instant Download Pdf
Which property ensures that a hash function makes it infeasible to find two different inputs
producing the same output?
A. Preimage resistance
B. Second preimage resistance
C. Collision resistance
D. Avalanche effect
Answer: C. Collision resistance
Rationale: Collision resistance specifically addresses the difficulty of finding two distinct
inputs with the same hash output.
1. Which block cipher mode provides both confidentiality and integrity when used
correctly?
A. ECB
B. CBC
C. GCM
D. CFB
Answer: C. GCM
Rationale: Galois/Counter Mode combines counter-mode encryption with a built-in
authentication tag for integrity.
2. Which algorithm is most commonly used for public-key encryption in email (e.g.,
OpenPGP)?
A. AES
B. RSA
C. SHA-256
D. HMAC
Answer: B. RSA
Rationale: RSA is a widely used asymmetric algorithm for key transport and
encryption in email systems like PGP.
,3. What is the primary purpose of a salt in password hashing?
A. Speed up hashing
B. Provide key expansion
C. Prevent rainbow table attacks
D. Ensure chosen-ciphertext security
Answer: C. Prevent rainbow table attacks
Rationale: Unique salts per password thwart precomputed hash lookups and make
mass cracking harder.
4. Which of the following provides forward secrecy in TLS?
A. RSA key exchange
B. Static Diffie–Hellman (DH)
C. Ephemeral Diffie–Hellman (DHE/ECDHE)
D. PSK without PFS
Answer: C. Ephemeral Diffie–Hellman (DHE/ECDHE)
Rationale: Ephemeral keys create new session keys per connection so past sessions
remain secure even if long-term keys are compromised.
5. In AES, what is the size of the block?
A. 64 bits
B. 128 bits
C. 192 bits
D. 256 bits
Answer: B. 128 bits
Rationale: AES has a fixed 128-bit block size regardless of key length.
6. Which statement best describes a Message Authentication Code (MAC)?
A. Ensures non-repudiation using public keys
B. Provides integrity and authenticity using a shared secret
C. Compresses messages for storage efficiency
D. Encrypts messages with asymmetric keys
Answer: B. Provides integrity and authenticity using a shared secret
Rationale: MACs verify that data originated from someone with the shared key and
was not altered.
7. Which is a secure key-derivation function designed for passwords?
A. MD5
B. PBKDF2
C. CRC32
D. DES
Answer: B. PBKDF2
Rationale: PBKDF2 applies many iterations with a salt to slow down brute-force
attacks.
, 8. Which attack attempts to exploit patterns in ECB mode?
A. Meet-in-the-middle
B. Pixelated image attack
C. Length extension attack
D. Bleichenbacher attack
Answer: B. Pixelated image attack
Rationale: ECB encrypts identical plaintext blocks into identical ciphertext blocks,
revealing patterns like “pixelation.”
9. What does the avalanche effect mean in cryptography?
A. A small change in input causes a large change in output
B. The cipher breaks down rapidly with long messages
C. Output is always uniformly random
D. Keys must be very large
Answer: A. A small change in input causes a large change in output
Rationale: Avalanche ensures diffusion; tiny input changes drastically alter the
output.
10. Which of the following is not a property of a cryptographic hash?
A. Deterministic output
B. Fixed-size output
C. Invertibility
D. Collision resistance (desired)
Answer: C. Invertibility
Rationale: Cryptographic hashes are one-way; they should not be invertible.
11. Which asymmetric algorithm is based on the hardness of discrete logarithms over
elliptic curves?
A. RSA
B. ECC
C. Twofish
D. Blowfish
Answer: B. ECC
Rationale: ECC relies on the elliptic-curve discrete logarithm problem.
12. Which padding oracle issue is commonly associated with CBC mode?
A. Replay attack
B. Bit-flipping with integrity bypass
C. Timing side channels in modular exponentiation
D. Key reuse exposure
Answer: B. Bit-flipping with integrity bypass
Rationale: CBC without authentication can be vulnerable to padding oracle attacks
and bit-flipping.
