Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCEHDomainsCryptography and Malware Analysis
CEHFree — No Signup

Cryptography and Malware Analysis

Practice CEH Cryptography and Malware Analysis questions with full explanations on every answer.

20questions

Start practicing

Cryptography and Malware Analysis — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CEH Domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice Cryptography and Malware Analysis questions

10Q20Q30Q50Q

All CEH Cryptography and Malware Analysis questions (20)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A security analyst receives an alert about a suspicious file hash. The analyst wants to check if the file is known malware by querying an online database of malware signatures. Which tool should the analyst use?

2

During a penetration test, an ethical hacker finds that a web application transmits sensitive data in plaintext over HTTPS. Which of the following best describes this security issue?

3

A company's internal PKI uses an offline root CA and an online issuing CA. A security engineer needs to revoke a compromised certificate issued by the online CA. Which CRL distribution point should the engineer update?

4

A security analyst suspects that a user's machine is infected with a keylogger. Which of the following is the most effective method to detect a hardware keylogger?

5

An ethical hacker is analyzing a piece of malware that uses a custom encryption algorithm. The malware sample contains a hardcoded key that is 16 bytes long. The analyst observes that the encrypted data is the same length as the plaintext. Which encryption mode is most likely being used?

6

During a forensic investigation, an analyst finds that a malware sample uses a technique to detect if it is running in a sandbox by checking the number of CPU cores. The malware terminates execution if the core count is less than 2. Which anti-analysis technique is this?

7

A company wants to secure its email communications using digital signatures. Which cryptographic key does the sender use to sign the email?

8

Which TWO of the following are characteristics of a polymorphic virus? (Choose two.)

9

Which THREE of the following are types of cryptanalytic attacks? (Choose three.)

10

You are a security analyst for a medium-sized company. The company uses a custom web application for internal project management. The application uses AES-256-CBC for encrypting sensitive data stored in the database. Recently, the company experienced a data breach where an attacker exfiltrated the entire database. Although the data was encrypted, the attacker was able to decrypt some records. Investigation reveals that the encryption key is stored in a configuration file on the same server, and the initialization vector (IV) is hardcoded in the application code. Additionally, the application uses the same key for all records. Which of the following is the most effective remediation to prevent future decryption of stolen encrypted data?

11

Refer to the exhibit. An analyst suspects that the downloaded file 'update.exe' may have been tampered with. The vendor's official website lists the SHA256 hash as 4e7c2a8f9b3d1e5f6a0c8b7d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f. What should the analyst conclude?

12

During a penetration test, a security analyst discovers that an organization's web application uses HTTP for login forms, potentially exposing credentials to interception. Which of the following is the BEST cryptographic control to implement to protect credentials in transit?

13

A security engineer needs to configure a web server to support Perfect Forward Secrecy (PFS) for HTTPS connections. Which of the following key exchange methods should be prioritized?

14

A malware analyst is investigating a suspicious executable that appears to be a Trojan. The analyst runs the executable in a sandbox and observes the following behavior: it creates a hidden file in the %AppData% directory, modifies the Windows registry to add a startup entry, and attempts to connect to an external IP address on port 443 using HTTPS. Which TWO of the following techniques are likely being used by this malware?

15

You are a security analyst at a financial institution. The SOC has detected anomalous outbound traffic from a server in the DMZ to an unknown IP address on TCP port 8443. The server runs a custom application that normally communicates with internal databases on port 1433. The server's OS is Windows Server 2019. Preliminary analysis shows that a new service named 'UpdateSvc' was installed three days ago, set to start automatically, and runs under the LocalSystem account. The service binary is located at C:\Windows\System32\svchost.exe (the legitimate one). However, the service's 'ImagePath' registry key points to 'C:\Windows\System32\svchost.exe -k UpdateSvc'. Additionally, a scheduled task named 'HealthCheck' runs every hour and executes 'powershell.exe -EncodedCommand <base64>'. The encoded command decodes to a script that downloads a payload from the same unknown IP on port 8443 and executes it in memory. The server has antivirus installed that detected nothing. As the analyst, which of the following is the BEST immediate course of action?

16

An organization is investigating a potential malware infection. The security analyst observes unusual outbound connections to a known malicious IP address and finds a suspicious process running under a user's session. The analyst decides to perform memory analysis using Volatility. Which TWO commands would be most useful to identify the malicious process and its network connections?

17

Refer to the exhibit. A security analyst runs netstat on a compromised Windows machine. Based on the output, which process is most likely associated with the malicious activity?

18

You are a security analyst for a financial institution. The company has deployed a network of 500 Windows 10 workstations and 50 servers running Windows Server 2019. All systems are protected by a next-generation firewall and an endpoint detection and response (EDR) solution. Recently, several employees reported that their workstations are running slowly and exhibiting unusual pop-up messages demanding a ransom note in Bitcoin. The EDR alerts show that a file named 'invoice.docm' was downloaded from an email attachment and executed on multiple workstations. The EDR also indicates that the file dropped a PowerShell script that connected to an external IP address and downloaded additional payloads. After the initial infection, the EDR detected that the ransomware binary 'encryptor.exe' was executed, which began encrypting files. However, the encryption process was stopped by the EDR before all files were encrypted. The incident response team needs to determine the source of the infection and prevent future occurrences. Which of the following is the most effective first step to identify the initial infection vector?

19

Drag and drop the steps to configure a wireless network with WPA2-Enterprise authentication on a Cisco AP into the correct order.

20

Match each vulnerability assessment tool to its function.

Practice all 20 Cryptography and Malware Analysis questions

Other CEH exam domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecuritySocial Engineering and Physical Security

Frequently asked questions

What does the Cryptography and Malware Analysis domain cover on the CEH exam?

The Cryptography and Malware Analysis domain covers the key concepts tested in this area of the CEH exam blueprint published by EC-Council. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CEH domains — no account required.

How many Cryptography and Malware Analysis questions are in the CEH question bank?

The Courseiva CEH question bank contains 20 questions in the Cryptography and Malware Analysis domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Cryptography and Malware Analysis for CEH?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Cryptography and Malware Analysis questions for CEH?

Yes — the session launcher on this page draws questions exclusively from the Cryptography and Malware Analysis domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CEH domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

PT0-002CS0-003SY0-701200-201