CEH - Certified Ethical Hacker Practice Questions: Cryptography Domain
Test your CEH - Certified Ethical Hacker knowledge with 10 practice questions from the Cryptography domain. Includes detailed explanations and answers.
CEH - Certified Ethical Hacker Practice Questions
Master the Cryptography Domain
Test your knowledge in the Cryptography domain with these 10 practice questions. Each question is designed to help you prepare for the CEH - Certified Ethical Hacker certification exam with detailed explanations to reinforce your learning.
Question 1
An organization needs to implement a VPN solution that uses encryption to secure data in transit. Which of the following protocols should be considered for this purpose?
Show Answer & Explanation
Correct Answer: A
Explanation: IPsec is a protocol suite designed to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. It is widely used in VPN implementations.
Question 2
You are evaluating a web application that uses session tokens for user authentication. Which cryptographic practice would best protect these tokens from being intercepted and reused?
Show Answer & Explanation
Correct Answer: C
Explanation: CORRECT: Using HTTPS encrypts the data in transit, protecting session tokens from interception. Encrypting tokens secures them at rest, not in transit. Signing tokens ensures authenticity, not confidentiality. Correctly protects tokens from interception by encrypting transmission. Storing tokens securely is important but does not protect against interception.
Question 3
While conducting a penetration test, you find that a server is using SSL 3.0 for secure communications. Which attack could you demonstrate to show the vulnerability of this protocol?
Show Answer & Explanation
Correct Answer: A
Explanation: CORRECT: The POODLE attack exploits a vulnerability in SSL 3.0 by forcing a downgrade and decrypting data. Correctly identifies the POODLE attack as targeting SSL 3.0. Heartbleed targets OpenSSL, not SSL 3.0. FREAK targets weak export-grade cipher suites, not specifically SSL 3.0. BEAST targets a different vulnerability in SSL/TLS.
Question 4
While conducting a security assessment, you identify that a system uses a symmetric encryption algorithm with a 56-bit key. Which algorithm is most likely being used?
Show Answer & Explanation
Correct Answer: B
Explanation: CORRECT: DES uses a 56-bit key for encryption. AES uses key sizes of 128, 192, or 256 bits. RSA is an asymmetric algorithm, not symmetric. Blowfish can use key sizes from 32 to 448 bits, not specifically 56 bits.
Question 5
You are testing the security of a web application. Which cryptographic flaw would allow an attacker to decrypt sensitive data by exploiting predictable initialization vectors?
Show Answer & Explanation
Correct Answer: D
Explanation: CORRECT: A padding oracle attack exploits predictable padding to decrypt data in certain cryptographic modes. Weak hash functions are vulnerable to collisions but do not involve predictable IVs. CBC mode can be vulnerable to padding oracle attacks but is not inherently flawed due to predictable IVs. ECB mode is flawed due to pattern preservation, not predictable IVs. Padding oracle attacks exploit padding vulnerabilities, not predictable IVs.
Question 6
Which of the following is a primary benefit of using a cryptographic hash function for storing passwords?
Show Answer & Explanation
Correct Answer: C
Explanation: CORRECT: Cryptographic hash functions are used to verify the integrity of passwords by producing a fixed-size hash. Hash functions do not ensure confidentiality; they provide integrity. Hash functions are one-way and do not allow decryption. Hash functions do not make password recovery straightforward; they make it secure.
Question 7
In a security audit, you find that a system uses SHA-1 for hashing passwords. What is the primary reason this is considered insecure?
Show Answer & Explanation
Correct Answer: B
Explanation: CORRECT: SHA-1 is considered insecure due to its vulnerability to collision attacks, where two different inputs produce the same hash. SHA-1 is not known for high computational cost. SHA-1 can handle large data but is insecure due to collisions. Hash functions do not provide encryption; they provide integrity.
Question 8
You are analyzing network traffic and find that the SSL/TLS session is being attacked. An attacker is attempting a man-in-the-middle attack to intercept encrypted communications. Which cryptographic technique helps prevent such attacks?
Show Answer & Explanation
Correct Answer: B
Explanation: Perfect forward secrecy ensures that the compromise of long-term keys does not compromise past session keys, mitigating risks in man-in-the-middle attacks. Elliptic curve cryptography is a type of encryption algorithm, not specific to preventing MITM. Block cipher mode is a method of encrypting data, and digital watermarking is used for content protection, not encryption.
Question 9
Which of the following is a method used to prevent replay attacks in a secure communication protocol?
Show Answer & Explanation
Correct Answer: A
Explanation: Using timestamps ensures that each message has a unique time value, thus preventing old messages from being replayed by an attacker.
Question 10
A client wants to guarantee that a document sent over email remains unchanged by the time it is received. Which cryptographic technique should be used?
Show Answer & Explanation
Correct Answer: C
Explanation: Hashing provides data integrity by creating a unique hash value for the original document. Any change to the document will result in a different hash value, indicating tampering.
Ready to Accelerate Your CEH - Certified Ethical Hacker Preparation?
Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.
- ✅ Unlimited practice questions across all CEH - Certified Ethical Hacker domains
- ✅ Full-length exam simulations with real-time scoring
- ✅ AI-powered performance tracking and weak area identification
- ✅ Personalized study plans with adaptive learning
- ✅ Mobile-friendly platform for studying anywhere, anytime
- ✅ Expert explanations and study resources
Already have an account? Sign in here
About CEH - Certified Ethical Hacker Certification
The CEH - Certified Ethical Hacker certification validates your expertise in cryptography and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.
📚 Explore Topic-Wise CEH Practice Questions
Strengthen your Certified Ethical Hacker preparation with domain-wise practice sets across every CEH module:
- Introduction to Ethical Hacking
- Footprinting and Reconnaissance
- Scanning Networks
- Enumeration
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Sniffing
- Social Engineering
- Denial of Service (DoS)
- Session Hijacking
- Evading IDS, Firewalls & Honeypots
- Hacking Web Servers
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- IoT Hacking
- Cloud Computing
- Cryptography
🔐 Certified Ethical Hacker (CEH) 2025 – Complete Exam Guide
Exam details, difficulty, costs, study plan & essential preparation tips
Preparing for the CEH exam? Don’t miss our comprehensive guide that breaks down every domain, exam blueprint, recommended study resources, and a practical study plan to help you pass on your first try.
👉 Read the CEH 2025 Ultimate Guide