Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCEHDomainsAdvanced Topics: Wireless, Cloud, IoT, Cryptography
CEHFree — No Signup

Advanced Topics: Wireless, Cloud, IoT, Cryptography

Practice CEH Advanced Topics: Wireless, Cloud, IoT, Cryptography questions with full explanations on every answer.

129questions

Start practicing

Advanced Topics: Wireless, Cloud, IoT, Cryptography — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CEH Domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice Advanced Topics: Wireless, Cloud, IoT, Cryptography questions

10Q20Q30Q50Q

All CEH Advanced Topics: Wireless, Cloud, IoT, Cryptography questions (129)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A security analyst captures a large number of unique initialization vectors (IVs) from a wireless network using airodump-ng. Which attack are they MOST likely preparing to execute?

2

During a penetration test, an analyst runs the following command: 'reaver -i wlan0mon -b 00:11:22:33:44:55 -vv'. What is the PRIMARY purpose of this command?

3

A cloud security engineer discovers that an S3 bucket named 'acme-backups' is accessible to anyone with the bucket URL. The bucket contains sensitive customer data. Which AWS shared responsibility model component does this misconfiguration primarily violate?

4

An IoT device uses the MQTT protocol without any authentication or encryption. An attacker on the same network subscribes to all topics on the MQTT broker. Which of the following is the MOST effective immediate countermeasure?

5

Which cryptographic algorithm is classified as symmetric and uses a block cipher with a fixed block size of 128 bits, supporting key sizes of 128, 192, and 256 bits?

6

A security analyst observes the following log entry on a web server: 'GET /?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1'. This request appears to originate from a compromised web application. Which cloud attack technique is being attempted?

7

Which of the following tools is specifically designed for assessing the security of AWS environments by checking for misconfigurations in services like S3, IAM, and EC2?

8

During a penetration test, a tester captures a WPA2 4-way handshake. Which of the following is the NEXT step to attempt to recover the Wi-Fi passphrase?

9

A security analyst discovers that a containerized application running in a cloud environment can access the host's file system by mounting /var/run/docker.sock inside the container. Which type of attack does this configuration enable?

10

Which of the following is the PRIMARY reason that MD5 is no longer recommended for use in digital signatures?

11

An attacker intercepts a TLS-encrypted session and attempts to force the client and server to use a weaker cipher suite. Which type of attack is being performed?

12

A penetration tester uses the tool 'Pacu' during an assessment. Which of the following actions is Pacu designed to perform?

13

Which TWO of the following are common attack vectors against IoT devices? (Select TWO.)

14

Which THREE of the following are effective countermeasures against evil twin attacks in wireless networks? (Select THREE.)

15

Which TWO of the following are symmetric encryption algorithms? (Select TWO.)

16

A security analyst captures network traffic and sees multiple ARP packets with the same source MAC address but different IP addresses. Which attack is MOST likely occurring?

17

During a wireless penetration test, a tester captures the 4-way handshake between a client and WPA2-PSK access point. Which tool would the tester MOST likely use to attempt to recover the pre-shared key?

18

A cloud security engineer notices that an S3 bucket named 'company-backup' is configured to allow 's3:GetObject' access to 'Principal: *'. Which attack is this misconfiguration MOST likely to enable?

19

An IoT device uses the MQTT protocol without TLS. A security tester connects to the broker and subscribes to all topics using '#'. What is the tester MOST likely able to accomplish?

20

Which of the following cryptographic algorithms is classified as asymmetric?

21

A penetration tester executes the following command: 'reaver -i wlan0mon -b 00:11:22:33:44:55 -vv'. Which attack is being performed?

22

A security analyst observes an SSL/TLS handshake where the client and server negotiate TLS 1.0 instead of TLS 1.2, despite the server supporting TLS 1.2. Which attack BEST describes the manipulation of the handshake to force weaker encryption?

23

An attacker gains access to a cloud environment and attempts to move laterally by assuming an IAM role with higher privileges. Which cloud attack vector is the attacker exploiting?

24

Which cloud security assessment tool is specifically designed to audit AWS environments for misconfigurations and provides a detailed report of findings?

25

A security team finds that a web application accepts a user-supplied URL and fetches it server-side without validation. The application runs on AWS EC2 with a metadata endpoint at 169.254.169.254. Which attack is MOST likely to succeed?

26

Which of the following is a recommended countermeasure against WPA2 KRACK attacks?

27

A forensic analyst examines a firmware image extracted from an IoT thermostat and finds hardcoded credentials for a cloud backend. Which phase of the IoT attack lifecycle does this represent?

28

Which TWO of the following are valid attacks against wireless networks? (Choose two.)

29

Which THREE of the following are cryptanalysis attacks that target hash functions? (Choose three.)

30

Which TWO of the following are asymmetric encryption algorithms? (Choose two.)

31

A security analyst captures WPA2 handshake packets using airodump-ng and then runs aircrack-ng with a wordlist. After several minutes, aircrack-ng reports 'KEY FOUND!' followed by a hex string. Which attack was successfully performed?

32

During a cloud penetration test, a tester discovers an AWS S3 bucket that allows public 's3:PutObject' access. The tester uploads a file containing JavaScript that steals cookies. Which type of attack is this an example of?

33

An IoT device uses MQTT protocol with default credentials 'admin/admin' and no TLS encryption. An attacker on the same network captures MQTT packets and extracts sensor data. Which two vulnerabilities are being exploited? (Choose the best combination)

34

Which tool is specifically designed to assess the security configuration of AWS, Azure, and GCP cloud environments by scanning for misconfigurations in services like S3, IAM, and EC2?

35

A security analyst notices that after a user connects to a corporate Wi-Fi network, all HTTP traffic is redirected to a fake login page that captures credentials. The analyst suspects a rogue access point. Which attack is most likely being used to force client connections to the rogue AP?

36

In a cloud environment, an attacker exploits a vulnerability in a web application to make the server send requests to internal metadata endpoints (e.g., http://169.254.169.254/latest/meta-data/). This yields IAM temporary credentials. Which attack is this?

37

Which wireless security standard introduced in 2018 uses Simultaneous Authentication of Equals (SAE) to replace the pre-shared key exchange in WPA2, providing forward secrecy and resistance to offline dictionary attacks?

38

A penetration tester uses the tool 'Pacu' during an AWS security assessment. Which phase of testing is Pacu most commonly associated with?

39

A security engineer observes the following log event: 'Certificate for www.example.com was issued by an intermediate CA that chains to a root CA not in the trusted store.' Which type of attack might this indicate?

40

In an IoT environment, a researcher finds that the firmware of a smart lock can be extracted via UART and reversed to reveal hardcoded encryption keys. Which type of vulnerability is this?

41

Which asymmetric encryption algorithm is based on the algebraic structure of elliptic curves over finite fields and provides equivalent security to RSA with smaller key sizes?

42

During a cloud security audit, a tool reports that an AWS IAM role has a policy allowing 'ec2:RunInstances' with a condition 'aws:SourceIp': '0.0.0.0/0'. What is the most immediate risk?

43

Which TWO of the following are valid cryptanalytic attacks?

44

Which THREE of the following are common attack vectors against IoT devices?

45

Which TWO of the following correctly describe aspects of the shared responsibility model in cloud computing?

46

A security analyst captures a large number of initialization vectors (IVs) on a WEP-protected network. Which tool is most commonly used to crack the WEP key using IVs?

47

What is the primary purpose of the 4-way handshake in WPA/WPA2-Personal?

48

During a penetration test, a tester captures the WPA2 4-way handshake with airodump-ng and then uses aircrack-ng with a wordlist. However, the PSK is not found. Which of the following is the MOST likely reason?

49

An attacker sets up a rogue access point with the same SSID as a legitimate corporate network and broadcasts a stronger signal. Clients connect to the rogue AP. What type of attack is this?

50

In the cloud shared responsibility model, which of the following is typically the responsibility of the customer when using AWS EC2 (IaaS)?

51

A security team discovers that an S3 bucket configured for static website hosting is exposing sensitive documents. The bucket policy allows public read access. Which AWS misconfiguration is MOST likely present?

52

Which cloud security assessment tool is specifically designed to audit AWS environments against best practices and CIS benchmarks?

53

An IoT device uses the MQTT protocol without TLS. An attacker on the same network subscribes to all topics and captures messages. What is the MOST significant security risk?

54

A penetration tester performs a container escape by exploiting a misconfigured capability and mounts the host filesystem. Which cloud service model is MOST directly affected?

55

Which cryptographic algorithm is vulnerable to a birthday attack on its hash output size of 128 bits, reducing the effective security to 64 bits against collision resistance?

56

In PKI, what is the primary role of a Certificate Authority (CA)?

57

An analyst sees the following in a log: Client sends a request to https://victim.com/api?url=http://169.254.169.254/latest/meta-data/. This is MOST indicative of which attack?

58

Which TWO of the following are common defense measures against wireless de-authentication attacks? (Select 2)

59

Which THREE of the following are valid methods for exploiting cloud misconfigurations? (Select 3)

60

Which TWO of the following are examples of asymmetric cryptography? (Select 2)

61

A security analyst captures a WPA2 4-way handshake using airodump-ng. To crack the PSK, which tool would they MOST likely use next?

62

During a cloud penetration test, you discover an S3 bucket that allows listing objects. You find a file named 'config.json' that contains an IAM access key and secret key. Which of the following is the BEST next step?

63

Which of the following attacks is characterized by an attacker placing a fake wireless access point with the same SSID as a legitimate network to capture client credentials?

64

In the shared responsibility model for cloud computing, which of the following is typically the responsibility of the customer?

65

A security analyst observes that a server running an IoT device management platform is sending MQTT traffic to an unexpected IP address. The analyst also notes that the device's firmware contains hardcoded credentials. Which attack vector is MOST likely being exploited?

66

Which of the following is a symmetric encryption algorithm that uses a block cipher with a fixed block size of 128 bits and key sizes of 128, 192, or 256 bits?

67

A penetration tester uses the following command to attack a WPS-enabled AP: 'reaver -i mon0 -b 00:11:22:33:44:55 -vv'. What is the primary goal of this attack?

68

An analyst notices that a cloud application is vulnerable to Server-Side Request Forgery (SSRF). Which of the following is the MOST effective mitigation against SSRF attacks in a cloud environment?

69

A company wants to ensure that data in transit between its IoT devices and the cloud server is encrypted. Which protocol combination is BEST suited for this purpose?

70

Which of the following is a hashing algorithm that produces a 160-bit (20-byte) hash value?

71

A security team discovers that an attacker has been intercepting and modifying traffic between a client and server by impersonating both endpoints. Which type of cryptographic attack is this?

72

A security analyst runs the following command: 'wget http://example.com/bucket?list-type=2' and receives a listing of objects. Which cloud misconfiguration is this MOST likely exploiting?

73

Which TWO tools are specifically designed for cloud security auditing and exploitation? (Choose two.)

74

Which THREE of the following are common attack vectors against IoT devices? (Choose three.)

75

An organization is using a cloud IAM policy that allows all actions on all resources. Which TWO security issues are MOST directly related to this configuration? (Choose two.)

76

A security analyst captures a WPA2 4-way handshake using airodump-ng. Which tool would they most likely use next to attempt to crack the PSK using a wordlist?

77

During a wireless penetration test, the tester runs `airodump-ng wlan0mon` and sees numerous beacon frames from a network. The tester then sends deauthentication packets using `aireplay-ng -0 5 -a <BSSID> wlan0mon`. What is the PRIMARY purpose of this deauthentication attack?

78

A penetration tester is assessing an AWS environment and discovers an S3 bucket with the following bucket policy: `{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"s3:GetObject","Resource":"arn:aws:s3:::example-bucket/*"}]}`. Which of the following is the MOST likely security issue?

79

An IoT device uses MQTT for communication. An attacker intercepts MQTT packets and observes that the publish messages are not encrypted and contain plaintext sensor data. Which of the following is the BEST recommendation to secure MQTT traffic?

80

Which of the following cryptographic algorithms is classified as asymmetric?

81

An attacker performs a downgrade attack on a TLS connection, forcing the client and server to negotiate a weaker cipher suite. This attack exploits which of the following?

82

During a cloud penetration test, a tester discovers that an AWS IAM role has the following policy: `{"Effect":"Allow","Action":"*","Resource":"*"}`. This policy is attached to an EC2 instance. Which of the following attacks is the tester MOST likely to perform next?

83

A security team is evaluating wireless security for a corporate network. They want to implement the strongest current encryption standard for Wi-Fi. Which of the following should they choose?

84

Which of the following tools is specifically designed for auditing cloud environments (AWS, Azure, GCP) for security misconfigurations?

85

An analyst captures the following output from a wireless adapter: `[00:1A:2B:3C:4D:5E] 54 Mbps WPA2 CCMP PSK`. The analyst suspects a malicious rogue AP is impersonating a legitimate network. Which of the following indicators would MOST strongly confirm a rogue AP?

86

An attacker uses Reaver against a Wi-Fi network. What vulnerability is the attacker primarily exploiting?

87

Which of the following is a well-known attack against the MD5 hash function that allows two different inputs to produce the same hash value?

88

A penetration tester is assessing the security of a cloud application and discovers that it is vulnerable to Server-Side Request Forgery (SSRF). Which TWO of the following are potential impacts of this vulnerability?

89

A security analyst is investigating a potential container escape in a Kubernetes cluster. Which THREE of the following are common indicators of a container escape?

90

Which TWO of the following are common weaknesses in IoT devices that are often exploited by attackers?

91

A security analyst captures a large number of weak initialization vectors (IVs) using airodump-ng. Which attack does this preparation indicate?

92

During a penetration test, an ethical hacker runs the following command: aireplay-ng -0 5 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0mon. What is the immediate effect of this command?

93

A security engineer analyzes a cloud environment and finds that an S3 bucket named 'company-backups' is configured with a bucket policy that allows 'Principal': '*' and 'Action': 's3:GetObject'. Which of the following is the MOST likely risk?

94

A penetration tester uses the tool 'ScoutSuite' against an AWS target. Which of the following BEST describes the purpose of this tool?

95

An IoT device uses the MQTT protocol without TLS. An attacker on the same network captures messages and publishes a fake temperature reading. Which attack is being executed?

96

Which of the following cryptographic algorithms is classified as asymmetric?

97

A security analyst notices that a web application's SSL/TLS certificate is issued by a CA that is not trusted by modern browsers. Which type of attack could this enable?

98

Which of the following tools is specifically designed to exploit WPS vulnerabilities on wireless networks?

99

In the shared responsibility model for cloud computing, which of the following is typically the customer's responsibility?

100

A penetration tester discovers that a cloud application is vulnerable to Server-Side Request Forgery (SSRF). Which of the following is a potential impact of this vulnerability?

101

Which of the following is a cryptographic attack that exploits collisions in hash functions?

102

A security engineer wants to ensure that a wireless network uses the most secure encryption available. Which of the following should be configured on the access point?

103

Which TWO of the following are common attack vectors for IoT devices? (Select two)

104

Which THREE of the following are valid defenses against WPA2 attacks? (Select three)

105

Which TWO of the following are characteristics of symmetric encryption? (Select two)

106

A security analyst captures a WPA2 4-way handshake using airodump-ng. Which tool would they use to perform a dictionary attack on the captured handshake to recover the PSK?

107

During a cloud penetration test, a tester discovers an S3 bucket that allows public listing and write access. Which of the following is the MOST likely misconfiguration?

108

Which of the following cryptographic hash functions is known to be vulnerable to collision attacks and should be avoided for security applications?

109

An attacker sets up a fake access point with the same SSID as a legitimate corporate network. Clients connecting to this AP are prompted to enter their network credentials. Which type of attack is this?

110

A penetration tester uses the tool Reaver to target a Wi-Fi network. What vulnerability is the tester attempting to exploit?

111

In a cloud environment, which of the following is an example of a Server-Side Request Forgery (SSRF) attack?

112

A security analyst observes repeated de-authentication packets targeting clients on a corporate Wi-Fi network. What is the MOST likely goal of the attacker?

113

Which cryptographic algorithm is classified as symmetric and uses a block cipher with key sizes of 128, 192, or 256 bits?

114

During an IoT assessment, a tester examines a smart thermostat that uses the MQTT protocol. The tester finds that the device connects to a broker without any authentication. Which of the following attacks is MOST likely to succeed?

115

A security team uses ScoutSuite to assess their AWS environment. The tool reports that an S3 bucket policy allows access from any IP address. What is the MOST likely misconfiguration?

116

A penetration tester performs a container escape from a Docker container running in a cloud environment. Which of the following is the MOST likely cause?

117

A security analyst captures network traffic and sees the following: Client sends a SYN, server responds with SYN-ACK, then client sends ACK. Immediately after, the client sends an encrypted payload. This traffic is consistent with which phase of a WPA2 attack?

118

Which TWO of the following are symmetric encryption algorithms? (Select 2)

119

Which TWO of the following are common attack vectors against IoT devices? (Select 2)

120

Which THREE of the following are valid methods to prevent a downgrade attack on TLS? (Select 3)

121

During a penetration test, you capture the following 4-way handshake using airodump-ng. Which tool would you use to attempt a dictionary attack to recover the WPA2 passphrase?

122

Which TWO of the following are cloud-specific security threats?

123

Which THREE of the following are characteristics of asymmetric encryption?

124

Which TWO of the following attacks are specifically associated with wireless networks?

125

Which THREE of the following are common IoT attack vectors?

126

Which TWO of the following tools are used for cloud security auditing or exploitation?

127

Which THREE of the following attacks target cryptographic weaknesses?

128

Which TWO of the following are symmetric encryption algorithms?

129

Which THREE of the following are components of PKI (Public Key Infrastructure)?

Practice all 129 Advanced Topics: Wireless, Cloud, IoT, Cryptography questions

Other CEH exam domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Frequently asked questions

What does the Advanced Topics: Wireless, Cloud, IoT, Cryptography domain cover on the CEH exam?

The Advanced Topics: Wireless, Cloud, IoT, Cryptography domain covers the key concepts tested in this area of the CEH exam blueprint published by EC-Council. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CEH domains — no account required.

How many Advanced Topics: Wireless, Cloud, IoT, Cryptography questions are in the CEH question bank?

The Courseiva CEH question bank contains 129 questions in the Advanced Topics: Wireless, Cloud, IoT, Cryptography domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Advanced Topics: Wireless, Cloud, IoT, Cryptography for CEH?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Advanced Topics: Wireless, Cloud, IoT, Cryptography questions for CEH?

Yes — the session launcher on this page draws questions exclusively from the Advanced Topics: Wireless, Cloud, IoT, Cryptography domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CEH domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

PT0-002CS0-003SY0-701200-201