Wireless, Cryptography & Cloud
34 free practice questions with explanations
PassNova has 34 free Certified Ethical Hacker (CEH) practice questions on Wireless, Cryptography & Cloud, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.
Wireless, Cryptography & Cloud: example questions & answers
Here are 6 example questions from this topic. Practise the full set of 34 free in the browser.
-
To crack a WPA2-PSK network offline, an attacker first needs to capture which piece of information by deauthenticating a client and waiting for it to reconnect?
- A The ISP account password
- B The DHCP lease table
- C The router's serial number
- D The 4-way handshake ✓
Answer: Capturing the WPA2 4-way handshake lets an attacker perform an offline dictionary or brute-force attack against the pre-shared key, commonly forcing it by sending deauthentication frames.
-
Which statement correctly describes the difference between symmetric and asymmetric encryption?
- A Symmetric uses one shared key for encryption and decryption; asymmetric uses a public/private key pair ✓
- B Symmetric is always slower than asymmetric encryption
- C Asymmetric encryption uses the same key for both parties
- D Symmetric encryption cannot be used for bulk data
Answer: Symmetric encryption (e.g., AES) uses a single shared secret key for both encryption and decryption, whereas asymmetric encryption (e.g., RSA) uses a mathematically linked public and private key pair.
-
What primary security property does a cryptographic hash function such as SHA-256 provide?
- A Availability, by compressing files for faster transfer
- B Non-repudiation, by exchanging session keys
- C Confidentiality, by encrypting data so it can later be decrypted
- D Integrity, by producing a fixed-length one-way digest that changes if the input changes ✓
Answer: A cryptographic hash is a one-way function producing a fixed-length digest; any change to the input changes the output, making hashes ideal for verifying data integrity (they are not reversible like encryption).
-
A company stores files in a cloud object-storage bucket (e.g., Amazon S3) that is left publicly readable. What is the most direct consequence?
- A Anyone on the internet can list and download the stored data ✓
- B The cloud provider blocks all access by default
- C The data is replicated only to the owner's laptop
- D The bucket automatically encrypts itself
Answer: A misconfigured publicly readable object-storage bucket exposes its contents so anyone who finds the URL can enumerate and download the data, a leading cause of cloud data breaches.
-
Under the cloud shared-responsibility model for Infrastructure-as-a-Service (IaaS), which task is the CUSTOMER responsible for rather than the provider?
- A Powering and cooling the servers
- B Securing the physical data-centre hardware
- C Patching the guest operating system and applications they deploy ✓
- D Maintaining the hypervisor
Answer: In the IaaS shared-responsibility model the provider secures the underlying physical and virtualization layers, while the customer is responsible for the guest OS, applications, and their data and configurations.
-
Which wireless security protocol is considered insecure because its use of RC4 with weak initialization vectors allows the key to be recovered using tools like Aircrack-ng?
- A WPA3-SAE
- B WEP ✓
- C WPA2-Enterprise
- D EAP-TLS
Answer: WEP relies on RC4 with short, reusable initialization vectors that leak key material; capturing enough IVs lets tools such as Aircrack-ng recover the key, so WEP is deprecated.