Introduction-to-Cryptography Exam Dumps : WGU Introduction to Cryptography HNO1

In a PKI environment, a digital certificate is the standard credential used to bind an identity (user, device, service) to a public key, with that binding vouched for by a Certificate Authority. For device authentication, the device typically proves possession of the private key corresponding to the certificate’s public key (for example, during a TLS handshake). As a second factor in a two-factor model, a certificate (often stored in a TPM, smart card, or secure enclave) represents “something you have”—a cryptographic credential anchored to hardware or a managed endpoint. The other listed options (symmetric encryption, asymmetric encryption, digital signature) are cryptographic operations or algorithm classes, not stand-alone authentication factors. A digital signature is a mechanism used within authentication flows, but it is not itself the credential that establishes an enrolled device identity within PKI. In practice, a certificate-based device factor is commonly paired with a knowledge factor (password/PIN) or a biometric factor to achieve true 2FA, but among these choices, the appropriate second form of authentication in PKI terms is the digital certificate.

Asymmetric encryption (also called public key cryptography) uses a pair of mathematically related keys: a public key and a private key. One key is used to encrypt, and the other is used to decrypt, which is the defining “different keys” property asked in the question. In the common confidentiality use case, a sender encrypts a message using the recipient’s public key, and only the recipient can decrypt it using their private key. This solves the key distribution problem inherent in symmetric encryption, where both parties must securely share the same secret key in advance. Asymmetric systems also enable digital signatures: the private key signs (creates a signature) and the public key verifies it, providing authenticity and integrity. Symmetric encryption, by contrast, uses the same shared key for both encryption and decryption (even though internal round keys may exist, it is still one shared secret). “Private key” alone is not a full encryption type, and “secure” is a generic description rather than a cryptographic category. Therefore, the correct answer is D. Asymmetric.

HMAC (Hash-based Message Authentication Code) is a standard mechanism used to verify both integrity and authenticity of a message when two parties share a secret key. It combines a cryptographic hash function (such as SHA-256) with a secret key in a structured way that resists common attacks on naïve keyed-hash constructions. The sender computes an HMAC tag over the message and transmits the message plus tag. The receiver recomputes the HMAC using the same shared secret key and compares the result; if the tag matches, the receiver can be confident the message was not modified in transit and that it came from someone who knows the shared key. AES is an encryption algorithm primarily providing confidentiality; it can provide integrity only when used in authenticated modes (e.g., GCM) but “AES” alone is not the integrity component. An IV helps randomize encryption but does not validate integrity. TKIP is a legacy WLAN protocol component, not the general integrity verifier. Therefore, the correct component for verifying message integrity among the options is HMAC.