WGU D430 Fundamentals of Information Security -
Independently written study summary Chapter Exercises
(ALL) Questions and Answers; verified and accurate
2025/2026
What type of cipher is a Caesar cipher correct answer Substitution Cipher because it
substitutes each letter in the alphabet with a different one.
What is the difference between a block and a stream cipher correct answer
Block ciphers operate on a predetermined number of bits at a time.
Stream ciphers operate on a single bit at a time.
A block cipher takes a predetermined number of bits (or binary digits, which are either a
1 or a 0), known as a block, and encrypts that block. Blocks typically have 64bits, but
they can be larger or smaller depending on the algorithm used and the various modes
the algorithm can operate in.
A stream cipher encrypts each bit in the plaintext message one bit at a time. You can
make a block cipher act as a stream cipher by setting the block size to one bit.
ECC is classified as which type of cryptographic algorithm correct answer Asymmetric.
Elliptic curve cryptography (ECC) is a class of cryptographic algorithms, although
people sometimes refer to is as though it were a simple algorithm. Named for the type
of mathematical problem on which its cryptographic functions are based, elliptic curve
cryptography has several advantages over other types of algorithms.
What is the key point of Kerckhoffs's second principle correct answer The enemy
knows the system Kerckhoffs' surviving principle nr. 2 (of initially six design principles for
military ciphers) says nothing else than that you have to look at the security of your
crypto under the aspects of "the enemy knows the algorithm" and maybe even "the
enemy carries the message".
,The system should be indecipherable in practice, if not theoretically. The system's
design should not require secrecy and its compromise should not be a hassle for a
correspondent. The encryption key should be memorized and recalled without notes
and should be convenient to modify
What is a substitution cipher correct answer A Substitution Cipher substitutes each
letter in the alphabet with a different one. A substitution cipher replaces bits, characters,
or blocks of information with other bits, characters, or blocks.
What are the main differences between symmetric and asymmetric key cryptography
correct answer The main difference is that symmetric encryption uses the same key to
encrypt and decrypt data. In contrast, asymmetric encryption uses a pair of keys - a
public key to encrypt data and a private key to decrypt information. Both symmetric and
asymmetric algorithms provide authentication capability.
Explain how 3DES differs from DES. 3DES is simply DES used to encrypt each block
three times, with three different keys.
How does public key cryptography work correct answer Asymmetric Key Cryptography
(AKA Public Key Cryptography), used two keys: a public key and a private key. You use
the public key to encrypt data, and anyone can access the key. You can see them
included in email signatures or posted on servers that exist specifically to host public
keys. Private keys, used to decrypt messages, are carefully guarded by the receiver.
Try to decrypt this message using the information in this chapter: V qb abg srne
pbzchgref. V srne gur ynpx bs gurz. --- Vfnnp Nfvzbi.
(hint: it's a caesar cipher with a 13-character shift, i.e., ROT-13; if stumped, try
http://www.xarg.org/tools/caesar-cipher/).
, How is physical security important when discussing the cryptographic security of data
correct answer Physical security keeps your employees, facilities, and assets safe
from real-world threats. These threats can arise from internal or external intruders that
question data security. Physical attacks can cause a safe area to break into or the
invasion of a restricted area part.
Physical security is the protection of personnel, hardware, software, networks and data
from physical actions and events that could cause serious loss or damage to an
enterprise, agency or institution. This includes protection from fire, flood, natural
disasters, burglary, theft, vandalism and terrorism.
Select one of the US laws applicable to computing covered in this chapter and
summarize its main stipulations.
The Children's Internet Protection Act (CIPA) of 2000 requires schools and libraries to
prevent children from accessing obscene or harmful content over the Internet.
CIPA requires policies and technical protection measures to be in place to block or filter
such content.
-Institutions must monitor the activities of minors.
-Provide education regarding appropriate online behavior.
-CIPA provides cheap internet access for eligible institutions that choose to comply with
these standards rather than impose penalties for noncompliance.
Why might a compliance audit be a positive occurrence correct answer It can help the
participating company to educate its employee, find and fix compliance issues, revisit
the compliance policy to be consistent with standards
What type of data is COPPA concerned with correct answer COPPA only applies to
personal information collected online from children, including personal information about
themselves, their parents, friends, or other persons.
Independently written study summary Chapter Exercises
(ALL) Questions and Answers; verified and accurate
2025/2026
What type of cipher is a Caesar cipher correct answer Substitution Cipher because it
substitutes each letter in the alphabet with a different one.
What is the difference between a block and a stream cipher correct answer
Block ciphers operate on a predetermined number of bits at a time.
Stream ciphers operate on a single bit at a time.
A block cipher takes a predetermined number of bits (or binary digits, which are either a
1 or a 0), known as a block, and encrypts that block. Blocks typically have 64bits, but
they can be larger or smaller depending on the algorithm used and the various modes
the algorithm can operate in.
A stream cipher encrypts each bit in the plaintext message one bit at a time. You can
make a block cipher act as a stream cipher by setting the block size to one bit.
ECC is classified as which type of cryptographic algorithm correct answer Asymmetric.
Elliptic curve cryptography (ECC) is a class of cryptographic algorithms, although
people sometimes refer to is as though it were a simple algorithm. Named for the type
of mathematical problem on which its cryptographic functions are based, elliptic curve
cryptography has several advantages over other types of algorithms.
What is the key point of Kerckhoffs's second principle correct answer The enemy
knows the system Kerckhoffs' surviving principle nr. 2 (of initially six design principles for
military ciphers) says nothing else than that you have to look at the security of your
crypto under the aspects of "the enemy knows the algorithm" and maybe even "the
enemy carries the message".
,The system should be indecipherable in practice, if not theoretically. The system's
design should not require secrecy and its compromise should not be a hassle for a
correspondent. The encryption key should be memorized and recalled without notes
and should be convenient to modify
What is a substitution cipher correct answer A Substitution Cipher substitutes each
letter in the alphabet with a different one. A substitution cipher replaces bits, characters,
or blocks of information with other bits, characters, or blocks.
What are the main differences between symmetric and asymmetric key cryptography
correct answer The main difference is that symmetric encryption uses the same key to
encrypt and decrypt data. In contrast, asymmetric encryption uses a pair of keys - a
public key to encrypt data and a private key to decrypt information. Both symmetric and
asymmetric algorithms provide authentication capability.
Explain how 3DES differs from DES. 3DES is simply DES used to encrypt each block
three times, with three different keys.
How does public key cryptography work correct answer Asymmetric Key Cryptography
(AKA Public Key Cryptography), used two keys: a public key and a private key. You use
the public key to encrypt data, and anyone can access the key. You can see them
included in email signatures or posted on servers that exist specifically to host public
keys. Private keys, used to decrypt messages, are carefully guarded by the receiver.
Try to decrypt this message using the information in this chapter: V qb abg srne
pbzchgref. V srne gur ynpx bs gurz. --- Vfnnp Nfvzbi.
(hint: it's a caesar cipher with a 13-character shift, i.e., ROT-13; if stumped, try
http://www.xarg.org/tools/caesar-cipher/).
, How is physical security important when discussing the cryptographic security of data
correct answer Physical security keeps your employees, facilities, and assets safe
from real-world threats. These threats can arise from internal or external intruders that
question data security. Physical attacks can cause a safe area to break into or the
invasion of a restricted area part.
Physical security is the protection of personnel, hardware, software, networks and data
from physical actions and events that could cause serious loss or damage to an
enterprise, agency or institution. This includes protection from fire, flood, natural
disasters, burglary, theft, vandalism and terrorism.
Select one of the US laws applicable to computing covered in this chapter and
summarize its main stipulations.
The Children's Internet Protection Act (CIPA) of 2000 requires schools and libraries to
prevent children from accessing obscene or harmful content over the Internet.
CIPA requires policies and technical protection measures to be in place to block or filter
such content.
-Institutions must monitor the activities of minors.
-Provide education regarding appropriate online behavior.
-CIPA provides cheap internet access for eligible institutions that choose to comply with
these standards rather than impose penalties for noncompliance.
Why might a compliance audit be a positive occurrence correct answer It can help the
participating company to educate its employee, find and fix compliance issues, revisit
the compliance policy to be consistent with standards
What type of data is COPPA concerned with correct answer COPPA only applies to
personal information collected online from children, including personal information about
themselves, their parents, friends, or other persons.
