Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCEHTopicsCryptography and Malware Analysis
Free · No Signup RequiredEC-Council · CEH

CEH Cryptography and Malware Analysis Practice Questions

20+ practice questions focused on Cryptography and Malware Analysis — one of the most tested topics on the Certified Ethical Hacker CEH exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Cryptography and Malware Analysis Practice

Exam Domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Cryptography and Malware Analysis Questions

Practice all 20+ →
1.

A security analyst receives an alert about a suspicious file hash. The analyst wants to check if the file is known malware by querying an online database of malware signatures. Which tool should the analyst use?

A.Nmap
B.John the Ripper
C.VirusTotal
D.Wireshark

Explanation: VirusTotal is a free online service that aggregates multiple antivirus engines and malware detection tools, allowing users to upload files or query file hashes against a vast database of known malware signatures. This directly matches the requirement to check if a file is known malware by querying an online database.

2.

During a penetration test, an ethical hacker finds that a web application transmits sensitive data in plaintext over HTTPS. Which of the following best describes this security issue?

A.Weak TLS cipher suite
B.Lack of application-layer encryption
C.SSL stripping attack
D.Man-in-the-middle attack

Explanation: The core issue is that the web application transmits sensitive data in plaintext over HTTPS, meaning the data is encrypted in transit by TLS but not encrypted at the application layer. This leaves the data vulnerable to exposure if the TLS termination point (e.g., a reverse proxy or load balancer) is compromised or if logs capture the plaintext payload. Application-layer encryption (e.g., encrypting the data before sending it over HTTPS) ensures end-to-end confidentiality, even if the TLS channel is broken or inspected.

3.

A company's internal PKI uses an offline root CA and an online issuing CA. A security engineer needs to revoke a compromised certificate issued by the online CA. Which CRL distribution point should the engineer update?

A.The CRL published by the certificate authority that signed the issuing CA's certificate
B.The CRL published by the intermediate CA, if any
C.The CRL published by the online issuing CA
D.The CRL published by the offline root CA

Explanation: The compromised certificate was issued by the online issuing CA, so only that CA has the authority to revoke it and publish the updated CRL. Clients validating the certificate will check the CRL distribution point (CDP) embedded in the certificate, which points to the issuing CA's CRL. Updating the CRL on the online issuing CA ensures that revocation status is immediately available to relying parties.

4.

A security analyst suspects that a user's machine is infected with a keylogger. Which of the following is the most effective method to detect a hardware keylogger?

A.Check running processes for suspicious entries
B.Physically inspect the connection between the keyboard and the computer
C.Review USB device history in Event Viewer
D.Run an antivirus scan

Explanation: A hardware keylogger is a physical device inserted between the keyboard and the computer, typically at the PS/2 or USB connector. Unlike software-based keyloggers, it operates independently of the operating system, so it cannot be detected by process lists, event logs, or antivirus scans. The only reliable detection method is a physical inspection of the keyboard cable and connection point for any unusual inline devices.

5.

An ethical hacker is analyzing a piece of malware that uses a custom encryption algorithm. The malware sample contains a hardcoded key that is 16 bytes long. The analyst observes that the encrypted data is the same length as the plaintext. Which encryption mode is most likely being used?

A.GCM
B.CFB
C.ECB
D.CBC

Explanation: ECB (Electronic Codebook) mode encrypts each block of plaintext independently using the same key, so the ciphertext length equals the plaintext length (assuming no padding is needed for exact block sizes). The hardcoded 16-byte key and identical input/output lengths strongly suggest ECB, as other modes typically add an IV or authentication tag, altering the output length.

+15 more Cryptography and Malware Analysis questions available

Practice all Cryptography and Malware Analysis questions

How to master Cryptography and Malware Analysis for CEH

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Cryptography and Malware Analysis. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Cryptography and Malware Analysis questions on the CEH frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many CEH Cryptography and Malware Analysis questions are on the real exam?

The exact number varies per candidate. Cryptography and Malware Analysis is tested as part of the Certified Ethical Hacker CEH blueprint. Practicing with targeted Cryptography and Malware Analysis questions ensures you can handle any format or difficulty that appears.

Are these CEH Cryptography and Malware Analysis practice questions free?

Yes. Courseiva provides free CEH practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Cryptography and Malware Analysis one of the harder CEH topics?

Difficulty is subjective, but Cryptography and Malware Analysis is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Cryptography and Malware Analysis practice session with instant scoring and detailed explanations.

Start Cryptography and Malware Analysis Practice →

Topic Info

Topic

Cryptography and Malware Analysis

Exam

CEH

Questions available

20+