Cryptography for Certified Ethical Hacker (CEH)

Sample Practice Questions

1. Question 1

   A client asks you to ensure that their corporate emails are being transmitted securely. Which of the following measures would best verify the use of strong encryption in email transmission?
   1. A. Check the SMTP server configuration for STARTTLS support.
   2. B. Attempt to decrypt email traffic using a rainbow table.
   3. C. Capture email traffic and analyze it with a regular expression tool.
   4. D. Review user email clients for PGP or S/MIME encryption settings.
   Explanation

   The correct answer is: A. Check the SMTP server configuration for STARTTLS support..

   Email transmission (sending/receiving) typically uses SMTP, IMAP, and POP3. STARTTLS upgrades these connections to TLS so traffic between client and server is encrypted in transit. Checking the SMTP server configuration for STARTTLS support (A) verifies that the transport of email is protected with strong encryption (TLS), which is the standard way to ensure --email is transmitted securely-- at the server level. Rainbow tables (B) are for cracking password hashes, not for --verifying-- encryption. Capturing and analyzing traffic (C) might show whether encryption is used but does not --verify-- configuration. PGP/S/MIME (D) provide end-to-end or message-level encryption; reviewing client settings verifies that capability, but STARTTLS is the primary measure for transmission (server-to-server and client-to-server) encryption and is the best single check for --email transmitted securely-- in most environments.

2. Question 2

   In a scenario where email confidentiality is a concern, which type of encryption should be employed to ensure that only the intended recipient can read the email?
   1. A. Asymmetric encryption
   2. B. Symmetric encryption
   3. C. Hashing
   4. D. Steganography
   Explanation

   The correct answer is: A. Asymmetric encryption.

   Confidentiality here means only the intended recipient can read the email. Asymmetric encryption (public-key cryptography) uses the recipient--s public key to encrypt; only the recipient--s private key can decrypt. So only the intended recipient can read it, without needing a shared secret. Symmetric encryption (B) uses one shared key; you must get the key to the recipient securely first, and key distribution is harder for ad-hoc email. Hashing (C) is one-way; it does not provide confidentiality. Steganography (D) hides the existence of data but does not by itself ensure --only the recipient can read.-- For ensuring only the intended recipient can read the email, asymmetric encryption (e.g., PGP, S/MIME) is the appropriate type.

3. Question 3

   To ensure the integrity and authenticity of a message, which cryptographic technique should be employed?
   1. A. Symmetric encryption
   2. B. Digital signature
   3. C. Hashing with MD5
   4. D. Base64 encoding
   Explanation

   The correct answer is: B. Digital signature.

   Integrity means the message was not changed; authenticity means it came from the claimed sender. A digital signature is created with the sender--s private key and verified with their public key; it provides integrity (tampering breaks the signature) and authenticity (only the holder of the private key could have produced it). So digital signature (B) is the technique that delivers both integrity and authenticity. Symmetric encryption (A) provides confidentiality, not integrity or authenticity by itself. Hashing (e.g., MD5) (C) can verify integrity but not authenticity (anyone could send message + hash); MD5 is also cryptographically weak. Base64 (D) is encoding, not cryptography. For both integrity and authenticity, use a digital signature.

4. Question 4

   A client wants to guarantee that a document sent over email remains unchanged by the time it is received. Which cryptographic technique should be used?
   1. A. Symmetric Key Encryption
   2. B. Asymmetric Key Encryption
   3. C. Hashing
   4. D. Steganography
   Explanation

   The correct answer is: C. Hashing.

   To show that a document remained unchanged in transit, the sender computes a cryptographic hash (e.g., SHA-256) of the document and sends the hash with the document (or via a secure channel). The recipient hashes the received document and compares the hash; if they match, the document was not altered. So hashing (C) is the technique used to guarantee the document is unchanged. Symmetric (A) and asymmetric (B) encryption protect confidentiality; they do not by themselves prove that the plaintext was unchanged (you could encrypt a modified document). Steganography (D) hides data and does not provide integrity. For guaranteeing a document is unchanged, hashing (or a digital signature, which combines hashing with signing) is the appropriate technique; hashing is the direct answer.

5. Question 5

   Which of the following cryptographic methods provides non-repudiation?
   1. A. AES
   2. B. Digital signatures
   3. C. Block ciphers
   4. D. Diffie-Hellman
   Explanation

   The correct answer is: B. Digital signatures.

   Non-repudiation means the sender cannot later deny having sent (or agreed to) the message. A digital signature is produced with the sender--s private key, which (in a properly managed system) only they possess. A verifier can use the public key to confirm the signature; so the signer cannot plausibly deny having signed. Digital signatures (B) therefore provide non-repudiation. AES (A) and block ciphers (C) are symmetric encryption; they do not bind the message to a specific sender, so they do not provide non-repudiation. Diffie-Hellman (D) is for key agreement and does not provide non-repudiation. The cryptographic method that provides non-repudiation is digital signatures.

Other Certified Ethical Hacker (CEH) domains

• Cloud Computing (10 questions)
• Information Security and Ethical Hacking Overview (33 questions)
• Mobile, IOT and OT Hacking (14 questions)
• Network and Perimeter Hacking (47 questions)
• Reconnaissance Techniques (24 questions)
• System Hacking Phases (14 questions)
• Web Application Hacking (44 questions)
• Wireless Network Hacking (27 questions)