Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Cryptography and Malware Analysis practice sets

CEH Cryptography and Malware Analysis • Complete Question Bank

CEH Cryptography and Malware Analysis — All Questions With Answers

Complete CEH Cryptography and Malware Analysis question bank — all 0 questions with answers and detailed explanations.

20
Questions
Free
No signup
Certifications/CEH/Practice Test/Cryptography and Malware Analysis/All Questions
Question 1easymultiple choice
Read the full NAT/PAT explanation →

A security analyst receives an alert about a suspicious file hash. The analyst wants to check if the file is known malware by querying an online database of malware signatures. Which tool should the analyst use?

Question 2mediummultiple choice
Read the full Cryptography and Malware Analysis explanation →

During a penetration test, an ethical hacker finds that a web application transmits sensitive data in plaintext over HTTPS. Which of the following best describes this security issue?

Question 3hardmultiple choice
Read the full Cryptography and Malware Analysis explanation →

A company's internal PKI uses an offline root CA and an online issuing CA. A security engineer needs to revoke a compromised certificate issued by the online CA. Which CRL distribution point should the engineer update?

Question 4easymultiple choice
Read the full Cryptography and Malware Analysis explanation →

A security analyst suspects that a user's machine is infected with a keylogger. Which of the following is the most effective method to detect a hardware keylogger?

Question 5mediummultiple choice
Read the full Cryptography and Malware Analysis explanation →

An ethical hacker is analyzing a piece of malware that uses a custom encryption algorithm. The malware sample contains a hardcoded key that is 16 bytes long. The analyst observes that the encrypted data is the same length as the plaintext. Which encryption mode is most likely being used?

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

During a forensic investigation, an analyst finds that a malware sample uses a technique to detect if it is running in a sandbox by checking the number of CPU cores. The malware terminates execution if the core count is less than 2. Which anti-analysis technique is this?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A company wants to secure its email communications using digital signatures. Which cryptographic key does the sender use to sign the email?

Question 8easymulti select
Read the full Cryptography and Malware Analysis explanation →

Which TWO of the following are characteristics of a polymorphic virus? (Choose two.)

Question 9mediummulti select
Read the full Cryptography and Malware Analysis explanation →

Which THREE of the following are types of cryptanalytic attacks? (Choose three.)

Question 10mediummultiple choice
Read the full Cryptography and Malware Analysis explanation →

You are a security analyst for a medium-sized company. The company uses a custom web application for internal project management. The application uses AES-256-CBC for encrypting sensitive data stored in the database. Recently, the company experienced a data breach where an attacker exfiltrated the entire database. Although the data was encrypted, the attacker was able to decrypt some records. Investigation reveals that the encryption key is stored in a configuration file on the same server, and the initialization vector (IV) is hardcoded in the application code. Additionally, the application uses the same key for all records. Which of the following is the most effective remediation to prevent future decryption of stolen encrypted data?

Question 11mediummultiple choice
Read the full Cryptography and Malware Analysis explanation →

Refer to the exhibit. An analyst suspects that the downloaded file 'update.exe' may have been tampered with. The vendor's official website lists the SHA256 hash as 4e7c2a8f9b3d1e5f6a0c8b7d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f. What should the analyst conclude?

Exhibit

Refer to the exhibit.

---
C:\> certutil -hashfile C:\Users\Admin\Downloads\update.exe SHA256
SHA256 hash of C:\Users\Admin\Downloads\update.exe:
4e7c2a8f9b3d1e5f6a0c8b7d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f
---
Question 12easymultiple choice
Read the full Cryptography and Malware Analysis explanation →

During a penetration test, a security analyst discovers that an organization's web application uses HTTP for login forms, potentially exposing credentials to interception. Which of the following is the BEST cryptographic control to implement to protect credentials in transit?

Question 13hardmultiple choice
Read the full Cryptography and Malware Analysis explanation →

A security engineer needs to configure a web server to support Perfect Forward Secrecy (PFS) for HTTPS connections. Which of the following key exchange methods should be prioritized?

Question 14mediummulti select
Read the full Cryptography and Malware Analysis explanation →

A malware analyst is investigating a suspicious executable that appears to be a Trojan. The analyst runs the executable in a sandbox and observes the following behavior: it creates a hidden file in the %AppData% directory, modifies the Windows registry to add a startup entry, and attempts to connect to an external IP address on port 443 using HTTPS. Which TWO of the following techniques are likely being used by this malware?

Question 15hardmultiple choice
Read the full NAT/PAT explanation →

You are a security analyst at a financial institution. The SOC has detected anomalous outbound traffic from a server in the DMZ to an unknown IP address on TCP port 8443. The server runs a custom application that normally communicates with internal databases on port 1433. The server's OS is Windows Server 2019. Preliminary analysis shows that a new service named 'UpdateSvc' was installed three days ago, set to start automatically, and runs under the LocalSystem account. The service binary is located at C:\Windows\System32\svchost.exe (the legitimate one). However, the service's 'ImagePath' registry key points to 'C:\Windows\System32\svchost.exe -k UpdateSvc'. Additionally, a scheduled task named 'HealthCheck' runs every hour and executes 'powershell.exe -EncodedCommand <base64>'. The encoded command decodes to a script that downloads a payload from the same unknown IP on port 8443 and executes it in memory. The server has antivirus installed that detected nothing. As the analyst, which of the following is the BEST immediate course of action?

Question 16hardmulti select
Read the full Cryptography and Malware Analysis explanation →

An organization is investigating a potential malware infection. The security analyst observes unusual outbound connections to a known malicious IP address and finds a suspicious process running under a user's session. The analyst decides to perform memory analysis using Volatility. Which TWO commands would be most useful to identify the malicious process and its network connections?

Question 17easymultiple choice
Read the full Cryptography and Malware Analysis explanation →

Refer to the exhibit. A security analyst runs netstat on a compromised Windows machine. Based on the output, which process is most likely associated with the malicious activity?

Exhibit

Refer to the exhibit.

C:\Users\Admin>netstat -anob

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    192.168.1.10:49152     203.0.113.5:4444       ESTABLISHED     1234
  TCP    192.168.1.10:49153     198.51.100.20:80       TIME_WAIT       5678
  [svchost.exe]
  TCP    192.168.1.10:49154     203.0.113.5:4444       ESTABLISHED     1234
  [explorer.exe]
Question 18mediummultiple choice
Read the full Cryptography and Malware Analysis explanation →

You are a security analyst for a financial institution. The company has deployed a network of 500 Windows 10 workstations and 50 servers running Windows Server 2019. All systems are protected by a next-generation firewall and an endpoint detection and response (EDR) solution. Recently, several employees reported that their workstations are running slowly and exhibiting unusual pop-up messages demanding a ransom note in Bitcoin. The EDR alerts show that a file named 'invoice.docm' was downloaded from an email attachment and executed on multiple workstations. The EDR also indicates that the file dropped a PowerShell script that connected to an external IP address and downloaded additional payloads. After the initial infection, the EDR detected that the ransomware binary 'encryptor.exe' was executed, which began encrypting files. However, the encryption process was stopped by the EDR before all files were encrypted. The incident response team needs to determine the source of the infection and prevent future occurrences. Which of the following is the most effective first step to identify the initial infection vector?

Question 19mediumdrag order
Read the full wireless explanation →

Drag and drop the steps to configure a wireless network with WPA2-Enterprise authentication on a Cisco AP into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediummatching
Read the full Cryptography and Malware Analysis explanation →

Match each vulnerability assessment tool to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Automated vulnerability scanning

Open-source vulnerability scanner

Cloud-based vulnerability management

Network vulnerability scanner

Web server vulnerability scanner

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CEH Practice Test 1 — 10 Questions→CEH Practice Test 2 — 10 Questions→CEH Practice Test 3 — 10 Questions→CEH Practice Test 4 — 10 Questions→CEH Practice Test 5 — 10 Questions→CEH Practice Exam 1 — 20 Questions→CEH Practice Exam 2 — 20 Questions→CEH Practice Exam 3 — 20 Questions→CEH Practice Exam 4 — 20 Questions→Free CEH Practice Test 1 — 30 Questions→Free CEH Practice Test 2 — 30 Questions→Free CEH Practice Test 3 — 30 Questions→CEH Practice Questions 1 — 50 Questions→CEH Practice Questions 2 — 50 Questions→CEH Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Cryptography and Malware Analysis setsAll Cryptography and Malware Analysis questionsCEH Practice Hub