CEH v13 Domain 9.1 Practice Test 003

This practice test covers Domain 9 (Cryptography) Subdomain 1 (Cryptography) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 9.1 Practice Test 003

10 questions • 8 single-answer, 2 multi-select

Question 1

A security analyst at a financial institution discovers that the organization's web application uses self-signed certificates instead of CA-issued certificates, causing browser warnings for users. She is tasked with implementing a proper trust hierarchy to ensure all certificates can be verified back to a known root. Which PKI component is responsible for issuing and signing digital certificates on behalf of the organization?

A. Registration Authority (RA) B. Certificate Authority (CA) C. Certificate Revocation List (CRL) D. Online Certificate Status Protocol (OCSP)

Question 2

Kevin is analyzing a legacy authentication system that uses MD5 to store password hashes, and he identifies that two different inputs produce the same hash output. He documents this vulnerability for his client's security report. Which cryptographic attack does this vulnerability demonstrate?

A. Brute Force Attack B. Dictionary Attack C. Birthday Attack D. Rainbow Table Attack

Question 3

Jane, a penetration tester, intercepts network traffic between two endpoints and observes that the initial key exchange uses a public-private key pair, while subsequent data transmission uses a faster shared key. The hybrid approach balances security with performance in the observed protocol. Which encryption scheme is being described for the initial key negotiation phase?

A. AES-256 B. Blowfish C. RSA D. SHA-256

Question 4

Select all that apply

A security team at an enterprise organization mandates full disk encryption on all employee laptops to prevent data exposure in case of physical theft. The IT security manager must recommend two solutions from the shortlist that are designed specifically for encrypting entire drives. Which two of the following are full disk encryption tools? (Choose two)

A. BitLocker B. Wireshark C. VeraCrypt D. Metasploit E. John the Ripper

Question 5

Elijah, a security researcher, intercepts a corporate email and attempts to read its content, but finds it is encrypted end-to-end using a certificate-based standard commonly integrated into enterprise email clients like Microsoft Outlook. The standard binds public keys to user identities through X.509 certificates issued by a trusted authority. Which email encryption protocol is being used?

A. PGP B. S/MIME C. TLS D. SSH

Question 6

During a penetration test of an enterprise network, a security team captures authentication handshake traffic and uses a precomputed lookup table to reverse captured hash values back to their original plaintext passwords. The technique dramatically reduces cracking time compared to exhaustive character-by-character brute-force methods. Which type of attack is being performed?

A. Birthday Attack B. Dictionary Attack C. Rainbow Table Attack D. Timing Attack

Question 7

A digital forensics investigator uses a standalone utility to simultaneously compute MD5, SHA-1, and SHA-256 checksums of a seized hard drive image to verify its integrity throughout the chain of custody. The utility is widely referenced in EC-Council CEH training materials as a standard hashing tool for forensic workflows. Which tool is being described?

A. Wireshark B. Nmap C. HashCalc D. Aircrack-ng

Question 8

A cloud security engineer notices that clients are unable to quickly verify whether a recently compromised certificate has been revoked, causing delays in blocking fraudulent connections. The current infrastructure requires clients to download and parse a large, periodically updated file listing all invalidated certificates, which is too slow for real-time decisions. Which mechanism should replace this approach to enable on-demand certificate status verification?

A. CRL Distribution Point B. Certificate Signing Request (CSR) C. Online Certificate Status Protocol (OCSP) D. Root Certificate Authority

Question 9

Select all that apply

A security architect designing a classified government data storage system must select two encryption algorithms from an approved list that use the same secret key for both encrypting and decrypting stored records, ensuring fast processing of large data volumes. She needs to confirm that her selections follow the shared-key cryptographic model. Which two of the following are symmetric block cipher algorithms? (Choose two)

A. RSA B. AES C. Elliptic Curve Cryptography (ECC) D. DES E. Diffie-Hellman

Question 10

During a red team engagement, Kevin captures encrypted messages exchanged between two executives and obtains matching samples of the original content alongside their corresponding ciphertext by socially engineering an assistant into forwarding unencrypted message drafts. He uses these paired samples to derive the encryption key used by the target system. Which cryptanalysis technique does Kevin's approach represent?

A. Chosen Plaintext Attack B. Ciphertext-Only Attack C. Known Plaintext Attack D. Brute Force Attack

Related Posts

Leave a Comment Cancel Reply