Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Advanced Topics: Wireless, Cloud, IoT, Cryptography practice sets

CEH Advanced Topics: Wireless, Cloud, IoT, Cryptography • Complete Question Bank

CEH Advanced Topics: Wireless, Cloud, IoT, Cryptography — All Questions With Answers

Complete CEH Advanced Topics: Wireless, Cloud, IoT, Cryptography question bank — all 0 questions with answers and detailed explanations.

129
Questions
Free
No signup
Certifications/CEH/Practice Test/Advanced Topics: Wireless, Cloud, IoT, Cryptography/All Questions
Question 1easymultiple choice
Read the full wireless explanation →

A security analyst captures a large number of unique initialization vectors (IVs) from a wireless network using airodump-ng. Which attack are they MOST likely preparing to execute?

Question 2mediummultiple choice
Read the full wireless explanation →

During a penetration test, an analyst runs the following command: 'reaver -i wlan0mon -b 00:11:22:33:44:55 -vv'. What is the PRIMARY purpose of this command?

Question 3mediummultiple choice
Read the full wireless explanation →

A cloud security engineer discovers that an S3 bucket named 'acme-backups' is accessible to anyone with the bucket URL. The bucket contains sensitive customer data. Which AWS shared responsibility model component does this misconfiguration primarily violate?

Question 4hardmultiple choice
Read the full wireless explanation →

An IoT device uses the MQTT protocol without any authentication or encryption. An attacker on the same network subscribes to all topics on the MQTT broker. Which of the following is the MOST effective immediate countermeasure?

Question 5easymultiple choice
Read the full wireless explanation →

Which cryptographic algorithm is classified as symmetric and uses a block cipher with a fixed block size of 128 bits, supporting key sizes of 128, 192, and 256 bits?

Question 6mediummultiple choice
Read the full wireless explanation →

A security analyst observes the following log entry on a web server: 'GET /?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1'. This request appears to originate from a compromised web application. Which cloud attack technique is being attempted?

Question 7easymultiple choice
Read the full wireless explanation →

Which of the following tools is specifically designed for assessing the security of AWS environments by checking for misconfigurations in services like S3, IAM, and EC2?

Question 8mediummultiple choice
Read the full wireless explanation →

During a penetration test, a tester captures a WPA2 4-way handshake. Which of the following is the NEXT step to attempt to recover the Wi-Fi passphrase?

Question 9hardmultiple choice
Read the full wireless explanation →

A security analyst discovers that a containerized application running in a cloud environment can access the host's file system by mounting /var/run/docker.sock inside the container. Which type of attack does this configuration enable?

Question 10mediummultiple choice
Read the full wireless explanation →

Which of the following is the PRIMARY reason that MD5 is no longer recommended for use in digital signatures?

Question 11hardmultiple choice
Read the full wireless explanation →

An attacker intercepts a TLS-encrypted session and attempts to force the client and server to use a weaker cipher suite. Which type of attack is being performed?

Question 12mediummultiple choice
Read the full wireless explanation →

A penetration tester uses the tool 'Pacu' during an assessment. Which of the following actions is Pacu designed to perform?

Question 13mediummulti select
Read the full wireless explanation →

Which TWO of the following are common attack vectors against IoT devices? (Select TWO.)

Question 14hardmulti select
Read the full wireless explanation →

Which THREE of the following are effective countermeasures against evil twin attacks in wireless networks? (Select THREE.)

Question 15easymulti select
Read the full wireless explanation →

Which TWO of the following are symmetric encryption algorithms? (Select TWO.)

Question 16easymultiple choice
Read the full wireless explanation →

A security analyst captures network traffic and sees multiple ARP packets with the same source MAC address but different IP addresses. Which attack is MOST likely occurring?

Question 17mediummultiple choice
Read the full wireless explanation →

During a wireless penetration test, a tester captures the 4-way handshake between a client and WPA2-PSK access point. Which tool would the tester MOST likely use to attempt to recover the pre-shared key?

Question 18hardmultiple choice
Read the full wireless explanation →

A cloud security engineer notices that an S3 bucket named 'company-backup' is configured to allow 's3:GetObject' access to 'Principal: *'. Which attack is this misconfiguration MOST likely to enable?

Question 19mediummultiple choice
Read the full wireless explanation →

An IoT device uses the MQTT protocol without TLS. A security tester connects to the broker and subscribes to all topics using '#'. What is the tester MOST likely able to accomplish?

Question 20easymultiple choice
Read the full wireless explanation →

Which of the following cryptographic algorithms is classified as asymmetric?

Question 21mediummultiple choice
Read the full wireless explanation →

A penetration tester executes the following command: 'reaver -i wlan0mon -b 00:11:22:33:44:55 -vv'. Which attack is being performed?

Question 22hardmultiple choice
Read the full wireless explanation →

A security analyst observes an SSL/TLS handshake where the client and server negotiate TLS 1.0 instead of TLS 1.2, despite the server supporting TLS 1.2. Which attack BEST describes the manipulation of the handshake to force weaker encryption?

Question 23mediummultiple choice
Read the full wireless explanation →

An attacker gains access to a cloud environment and attempts to move laterally by assuming an IAM role with higher privileges. Which cloud attack vector is the attacker exploiting?

Question 24easymultiple choice
Read the full wireless explanation →

Which cloud security assessment tool is specifically designed to audit AWS environments for misconfigurations and provides a detailed report of findings?

Question 25hardmultiple choice
Read the full wireless explanation →

A security team finds that a web application accepts a user-supplied URL and fetches it server-side without validation. The application runs on AWS EC2 with a metadata endpoint at 169.254.169.254. Which attack is MOST likely to succeed?

Question 26mediummultiple choice
Read the full wireless explanation →

Which of the following is a recommended countermeasure against WPA2 KRACK attacks?

Question 27mediummultiple choice
Read the full wireless explanation →

A forensic analyst examines a firmware image extracted from an IoT thermostat and finds hardcoded credentials for a cloud backend. Which phase of the IoT attack lifecycle does this represent?

Question 28mediummulti select
Read the full wireless explanation →

Which TWO of the following are valid attacks against wireless networks? (Choose two.)

Question 29hardmulti select
Read the full wireless explanation →

Which THREE of the following are cryptanalysis attacks that target hash functions? (Choose three.)

Question 30easymulti select
Read the full wireless explanation →

Which TWO of the following are asymmetric encryption algorithms? (Choose two.)

Question 31mediummultiple choice
Read the full wireless explanation →

A security analyst captures WPA2 handshake packets using airodump-ng and then runs aircrack-ng with a wordlist. After several minutes, aircrack-ng reports 'KEY FOUND!' followed by a hex string. Which attack was successfully performed?

Question 32hardmultiple choice
Read the full wireless explanation →

During a cloud penetration test, a tester discovers an AWS S3 bucket that allows public 's3:PutObject' access. The tester uploads a file containing JavaScript that steals cookies. Which type of attack is this an example of?

Question 33mediummultiple choice
Read the full wireless explanation →

An IoT device uses MQTT protocol with default credentials 'admin/admin' and no TLS encryption. An attacker on the same network captures MQTT packets and extracts sensor data. Which two vulnerabilities are being exploited? (Choose the best combination)

Question 34easymultiple choice
Read the full wireless explanation →

Which tool is specifically designed to assess the security configuration of AWS, Azure, and GCP cloud environments by scanning for misconfigurations in services like S3, IAM, and EC2?

Question 35mediummultiple choice
Read the full wireless explanation →

A security analyst notices that after a user connects to a corporate Wi-Fi network, all HTTP traffic is redirected to a fake login page that captures credentials. The analyst suspects a rogue access point. Which attack is most likely being used to force client connections to the rogue AP?

Question 36hardmultiple choice
Read the full wireless explanation →

In a cloud environment, an attacker exploits a vulnerability in a web application to make the server send requests to internal metadata endpoints (e.g., http://169.254.169.254/latest/meta-data/). This yields IAM temporary credentials. Which attack is this?

Question 37easymultiple choice
Read the full wireless explanation →

Which wireless security standard introduced in 2018 uses Simultaneous Authentication of Equals (SAE) to replace the pre-shared key exchange in WPA2, providing forward secrecy and resistance to offline dictionary attacks?

Question 38mediummultiple choice
Read the full wireless explanation →

A penetration tester uses the tool 'Pacu' during an AWS security assessment. Which phase of testing is Pacu most commonly associated with?

Question 39hardmultiple choice
Read the full wireless explanation →

A security engineer observes the following log event: 'Certificate for www.example.com was issued by an intermediate CA that chains to a root CA not in the trusted store.' Which type of attack might this indicate?

Question 40mediummultiple choice
Read the full wireless explanation →

In an IoT environment, a researcher finds that the firmware of a smart lock can be extracted via UART and reversed to reveal hardcoded encryption keys. Which type of vulnerability is this?

Question 41easymultiple choice
Read the full wireless explanation →

Which asymmetric encryption algorithm is based on the algebraic structure of elliptic curves over finite fields and provides equivalent security to RSA with smaller key sizes?

Question 42mediummultiple choice
Read the full wireless explanation →

During a cloud security audit, a tool reports that an AWS IAM role has a policy allowing 'ec2:RunInstances' with a condition 'aws:SourceIp': '0.0.0.0/0'. What is the most immediate risk?

Question 43mediummulti select
Read the full wireless explanation →

Which TWO of the following are valid cryptanalytic attacks?

Question 44hardmulti select
Read the full wireless explanation →

Which THREE of the following are common attack vectors against IoT devices?

Question 45easymulti select
Read the full wireless explanation →

Which TWO of the following correctly describe aspects of the shared responsibility model in cloud computing?

Question 46easymultiple choice
Read the full wireless explanation →

A security analyst captures a large number of initialization vectors (IVs) on a WEP-protected network. Which tool is most commonly used to crack the WEP key using IVs?

Question 47easymultiple choice
Read the full wireless explanation →

What is the primary purpose of the 4-way handshake in WPA/WPA2-Personal?

Question 48mediummultiple choice
Read the full wireless explanation →

During a penetration test, a tester captures the WPA2 4-way handshake with airodump-ng and then uses aircrack-ng with a wordlist. However, the PSK is not found. Which of the following is the MOST likely reason?

Question 49mediummultiple choice
Read the full wireless explanation →

An attacker sets up a rogue access point with the same SSID as a legitimate corporate network and broadcasts a stronger signal. Clients connect to the rogue AP. What type of attack is this?

Question 50mediummultiple choice
Read the full wireless explanation →

In the cloud shared responsibility model, which of the following is typically the responsibility of the customer when using AWS EC2 (IaaS)?

Question 51hardmultiple choice
Read the full wireless explanation →

A security team discovers that an S3 bucket configured for static website hosting is exposing sensitive documents. The bucket policy allows public read access. Which AWS misconfiguration is MOST likely present?

Question 52mediummultiple choice
Read the full wireless explanation →

Which cloud security assessment tool is specifically designed to audit AWS environments against best practices and CIS benchmarks?

Question 53mediummultiple choice
Read the full wireless explanation →

An IoT device uses the MQTT protocol without TLS. An attacker on the same network subscribes to all topics and captures messages. What is the MOST significant security risk?

Question 54hardmultiple choice
Read the full wireless explanation →

A penetration tester performs a container escape by exploiting a misconfigured capability and mounts the host filesystem. Which cloud service model is MOST directly affected?

Question 55hardmultiple choice
Read the full wireless explanation →

Which cryptographic algorithm is vulnerable to a birthday attack on its hash output size of 128 bits, reducing the effective security to 64 bits against collision resistance?

Question 56easymultiple choice
Read the full wireless explanation →

In PKI, what is the primary role of a Certificate Authority (CA)?

Question 57mediummultiple choice
Read the full wireless explanation →

An analyst sees the following in a log: Client sends a request to https://victim.com/api?url=http://169.254.169.254/latest/meta-data/. This is MOST indicative of which attack?

Question 58mediummulti select
Read the full wireless explanation →

Which TWO of the following are common defense measures against wireless de-authentication attacks? (Select 2)

Question 59hardmulti select
Read the full wireless explanation →

Which THREE of the following are valid methods for exploiting cloud misconfigurations? (Select 3)

Question 60mediummulti select
Read the full wireless explanation →

Which TWO of the following are examples of asymmetric cryptography? (Select 2)

Question 61mediummultiple choice
Read the full wireless explanation →

A security analyst captures a WPA2 4-way handshake using airodump-ng. To crack the PSK, which tool would they MOST likely use next?

Question 62hardmultiple choice
Read the full wireless explanation →

During a cloud penetration test, you discover an S3 bucket that allows listing objects. You find a file named 'config.json' that contains an IAM access key and secret key. Which of the following is the BEST next step?

Question 63mediummultiple choice
Read the full wireless explanation →

Which of the following attacks is characterized by an attacker placing a fake wireless access point with the same SSID as a legitimate network to capture client credentials?

Question 64easymultiple choice
Read the full wireless explanation →

In the shared responsibility model for cloud computing, which of the following is typically the responsibility of the customer?

Question 65hardmultiple choice
Read the full wireless explanation →

A security analyst observes that a server running an IoT device management platform is sending MQTT traffic to an unexpected IP address. The analyst also notes that the device's firmware contains hardcoded credentials. Which attack vector is MOST likely being exploited?

Question 66easymultiple choice
Read the full wireless explanation →

Which of the following is a symmetric encryption algorithm that uses a block cipher with a fixed block size of 128 bits and key sizes of 128, 192, or 256 bits?

Question 67mediummultiple choice
Read the full wireless explanation →

A penetration tester uses the following command to attack a WPS-enabled AP: 'reaver -i mon0 -b 00:11:22:33:44:55 -vv'. What is the primary goal of this attack?

Question 68hardmultiple choice
Read the full wireless explanation →

An analyst notices that a cloud application is vulnerable to Server-Side Request Forgery (SSRF). Which of the following is the MOST effective mitigation against SSRF attacks in a cloud environment?

Question 69mediummultiple choice
Read the full wireless explanation →

A company wants to ensure that data in transit between its IoT devices and the cloud server is encrypted. Which protocol combination is BEST suited for this purpose?

Question 70easymultiple choice
Read the full wireless explanation →

Which of the following is a hashing algorithm that produces a 160-bit (20-byte) hash value?

Question 71mediummultiple choice
Read the full wireless explanation →

A security team discovers that an attacker has been intercepting and modifying traffic between a client and server by impersonating both endpoints. Which type of cryptographic attack is this?

Question 72mediummultiple choice
Read the full wireless explanation →

A security analyst runs the following command: 'wget http://example.com/bucket?list-type=2' and receives a listing of objects. Which cloud misconfiguration is this MOST likely exploiting?

Question 73mediummulti select
Read the full wireless explanation →

Which TWO tools are specifically designed for cloud security auditing and exploitation? (Choose two.)

Question 74hardmulti select
Read the full wireless explanation →

Which THREE of the following are common attack vectors against IoT devices? (Choose three.)

Question 75mediummulti select
Read the full wireless explanation →

An organization is using a cloud IAM policy that allows all actions on all resources. Which TWO security issues are MOST directly related to this configuration? (Choose two.)

Question 76easymultiple choice
Read the full wireless explanation →

A security analyst captures a WPA2 4-way handshake using airodump-ng. Which tool would they most likely use next to attempt to crack the PSK using a wordlist?

Question 77mediummultiple choice
Read the full wireless explanation →

During a wireless penetration test, the tester runs `airodump-ng wlan0mon` and sees numerous beacon frames from a network. The tester then sends deauthentication packets using `aireplay-ng -0 5 -a <BSSID> wlan0mon`. What is the PRIMARY purpose of this deauthentication attack?

Question 78hardmultiple choice
Read the full wireless explanation →

A penetration tester is assessing an AWS environment and discovers an S3 bucket with the following bucket policy: `{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"s3:GetObject","Resource":"arn:aws:s3:::example-bucket/*"}]}`. Which of the following is the MOST likely security issue?

Question 79mediummultiple choice
Read the full wireless explanation →

An IoT device uses MQTT for communication. An attacker intercepts MQTT packets and observes that the publish messages are not encrypted and contain plaintext sensor data. Which of the following is the BEST recommendation to secure MQTT traffic?

Question 80easymultiple choice
Read the full wireless explanation →

Which of the following cryptographic algorithms is classified as asymmetric?

Question 81mediummultiple choice
Read the full wireless explanation →

An attacker performs a downgrade attack on a TLS connection, forcing the client and server to negotiate a weaker cipher suite. This attack exploits which of the following?

Question 82hardmultiple choice
Read the full wireless explanation →

During a cloud penetration test, a tester discovers that an AWS IAM role has the following policy: `{"Effect":"Allow","Action":"*","Resource":"*"}`. This policy is attached to an EC2 instance. Which of the following attacks is the tester MOST likely to perform next?

Question 83mediummultiple choice
Read the full wireless explanation →

A security team is evaluating wireless security for a corporate network. They want to implement the strongest current encryption standard for Wi-Fi. Which of the following should they choose?

Question 84easymultiple choice
Read the full wireless explanation →

Which of the following tools is specifically designed for auditing cloud environments (AWS, Azure, GCP) for security misconfigurations?

Question 85hardmultiple choice
Read the full wireless explanation →

An analyst captures the following output from a wireless adapter: `[00:1A:2B:3C:4D:5E] 54 Mbps WPA2 CCMP PSK`. The analyst suspects a malicious rogue AP is impersonating a legitimate network. Which of the following indicators would MOST strongly confirm a rogue AP?

Question 86mediummultiple choice
Read the full wireless explanation →

An attacker uses Reaver against a Wi-Fi network. What vulnerability is the attacker primarily exploiting?

Question 87easymultiple choice
Read the full wireless explanation →

Which of the following is a well-known attack against the MD5 hash function that allows two different inputs to produce the same hash value?

Question 88mediummulti select
Read the full wireless explanation →

A penetration tester is assessing the security of a cloud application and discovers that it is vulnerable to Server-Side Request Forgery (SSRF). Which TWO of the following are potential impacts of this vulnerability?

Question 89hardmulti select
Read the full wireless explanation →

A security analyst is investigating a potential container escape in a Kubernetes cluster. Which THREE of the following are common indicators of a container escape?

Question 90mediummulti select
Read the full wireless explanation →

Which TWO of the following are common weaknesses in IoT devices that are often exploited by attackers?

Question 91easymultiple choice
Read the full wireless explanation →

A security analyst captures a large number of weak initialization vectors (IVs) using airodump-ng. Which attack does this preparation indicate?

Question 92mediummultiple choice
Read the full wireless explanation →

During a penetration test, an ethical hacker runs the following command: aireplay-ng -0 5 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0mon. What is the immediate effect of this command?

Question 93hardmultiple choice
Read the full wireless explanation →

A security engineer analyzes a cloud environment and finds that an S3 bucket named 'company-backups' is configured with a bucket policy that allows 'Principal': '*' and 'Action': 's3:GetObject'. Which of the following is the MOST likely risk?

Question 94mediummultiple choice
Read the full wireless explanation →

A penetration tester uses the tool 'ScoutSuite' against an AWS target. Which of the following BEST describes the purpose of this tool?

Question 95hardmultiple choice
Read the full wireless explanation →

An IoT device uses the MQTT protocol without TLS. An attacker on the same network captures messages and publishes a fake temperature reading. Which attack is being executed?

Question 96easymultiple choice
Read the full wireless explanation →

Which of the following cryptographic algorithms is classified as asymmetric?

Question 97mediummultiple choice
Read the full wireless explanation →

A security analyst notices that a web application's SSL/TLS certificate is issued by a CA that is not trusted by modern browsers. Which type of attack could this enable?

Question 98mediummultiple choice
Read the full wireless explanation →

Which of the following tools is specifically designed to exploit WPS vulnerabilities on wireless networks?

Question 99easymultiple choice
Read the full wireless explanation →

In the shared responsibility model for cloud computing, which of the following is typically the customer's responsibility?

Question 100hardmultiple choice
Read the full wireless explanation →

A penetration tester discovers that a cloud application is vulnerable to Server-Side Request Forgery (SSRF). Which of the following is a potential impact of this vulnerability?

Question 101mediummultiple choice
Read the full wireless explanation →

Which of the following is a cryptographic attack that exploits collisions in hash functions?

Question 102mediummultiple choice
Read the full wireless explanation →

A security engineer wants to ensure that a wireless network uses the most secure encryption available. Which of the following should be configured on the access point?

Question 103mediummulti select
Read the full wireless explanation →

Which TWO of the following are common attack vectors for IoT devices? (Select two)

Question 104hardmulti select
Read the full wireless explanation →

Which THREE of the following are valid defenses against WPA2 attacks? (Select three)

Question 105easymulti select
Read the full wireless explanation →

Which TWO of the following are characteristics of symmetric encryption? (Select two)

Question 106easymultiple choice
Read the full wireless explanation →

A security analyst captures a WPA2 4-way handshake using airodump-ng. Which tool would they use to perform a dictionary attack on the captured handshake to recover the PSK?

Question 107easymultiple choice
Read the full wireless explanation →

During a cloud penetration test, a tester discovers an S3 bucket that allows public listing and write access. Which of the following is the MOST likely misconfiguration?

Question 108easymultiple choice
Read the full wireless explanation →

Which of the following cryptographic hash functions is known to be vulnerable to collision attacks and should be avoided for security applications?

Question 109mediummultiple choice
Read the full wireless explanation →

An attacker sets up a fake access point with the same SSID as a legitimate corporate network. Clients connecting to this AP are prompted to enter their network credentials. Which type of attack is this?

Question 110mediummultiple choice
Read the full wireless explanation →

A penetration tester uses the tool Reaver to target a Wi-Fi network. What vulnerability is the tester attempting to exploit?

Question 111mediummultiple choice
Read the full wireless explanation →

In a cloud environment, which of the following is an example of a Server-Side Request Forgery (SSRF) attack?

Question 112mediummultiple choice
Read the full wireless explanation →

A security analyst observes repeated de-authentication packets targeting clients on a corporate Wi-Fi network. What is the MOST likely goal of the attacker?

Question 113mediummultiple choice
Read the full wireless explanation →

Which cryptographic algorithm is classified as symmetric and uses a block cipher with key sizes of 128, 192, or 256 bits?

Question 114hardmultiple choice
Read the full wireless explanation →

During an IoT assessment, a tester examines a smart thermostat that uses the MQTT protocol. The tester finds that the device connects to a broker without any authentication. Which of the following attacks is MOST likely to succeed?

Question 115hardmultiple choice
Read the full wireless explanation →

A security team uses ScoutSuite to assess their AWS environment. The tool reports that an S3 bucket policy allows access from any IP address. What is the MOST likely misconfiguration?

Question 116hardmultiple choice
Read the full wireless explanation →

A penetration tester performs a container escape from a Docker container running in a cloud environment. Which of the following is the MOST likely cause?

Question 117hardmultiple choice
Read the full wireless explanation →

A security analyst captures network traffic and sees the following: Client sends a SYN, server responds with SYN-ACK, then client sends ACK. Immediately after, the client sends an encrypted payload. This traffic is consistent with which phase of a WPA2 attack?

Question 118mediummulti select
Read the full wireless explanation →

Which TWO of the following are symmetric encryption algorithms? (Select 2)

Question 119mediummulti select
Read the full wireless explanation →

Which TWO of the following are common attack vectors against IoT devices? (Select 2)

Question 120hardmulti select
Read the full wireless explanation →

Which THREE of the following are valid methods to prevent a downgrade attack on TLS? (Select 3)

Question 121mediummultiple choice
Read the full wireless explanation →

During a penetration test, you capture the following 4-way handshake using airodump-ng. Which tool would you use to attempt a dictionary attack to recover the WPA2 passphrase?

Question 122easymulti select
Read the full wireless explanation →

Which TWO of the following are cloud-specific security threats?

Question 123mediummulti select
Read the full wireless explanation →

Which THREE of the following are characteristics of asymmetric encryption?

Question 124hardmulti select
Read the full wireless explanation →

Which TWO of the following attacks are specifically associated with wireless networks?

Question 125mediummulti select
Read the full wireless explanation →

Which THREE of the following are common IoT attack vectors?

Question 126mediummulti select
Read the full wireless explanation →

Which TWO of the following tools are used for cloud security auditing or exploitation?

Question 127hardmulti select
Read the full wireless explanation →

Which THREE of the following attacks target cryptographic weaknesses?

Question 128easymulti select
Read the full wireless explanation →

Which TWO of the following are symmetric encryption algorithms?

Question 129mediummulti select
Read the full wireless explanation →

Which THREE of the following are components of PKI (Public Key Infrastructure)?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CEH Practice Test 1 — 10 Questions→CEH Practice Test 2 — 10 Questions→CEH Practice Test 3 — 10 Questions→CEH Practice Test 4 — 10 Questions→CEH Practice Test 5 — 10 Questions→CEH Practice Exam 1 — 20 Questions→CEH Practice Exam 2 — 20 Questions→CEH Practice Exam 3 — 20 Questions→CEH Practice Exam 4 — 20 Questions→Free CEH Practice Test 1 — 30 Questions→Free CEH Practice Test 2 — 30 Questions→Free CEH Practice Test 3 — 30 Questions→CEH Practice Questions 1 — 50 Questions→CEH Practice Questions 2 — 50 Questions→CEH Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Advanced Topics: Wireless, Cloud, IoT, Cryptography setsAll Advanced Topics: Wireless, Cloud, IoT, Cryptography questionsCEH Practice Hub