Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Begin your journey towards becoming a Certified Ethical Hacker with this set of 24 practice questions. Covering foundational topics like Footprinting, Reconnaissance, and Scanning Networks, this set will help you build a solid understanding of the essentials.

1Q: Which of the below can be used by an attacker to control a malicious bot?

a. IRC channels
b. Websites
c. FTP servers
d. IM tools

Solution: The correct answer is A.

2Q: Against which of the below attacks will the SSH protocol provide protection? Each correct answer represents a complete solution. Choose two.

a. Broadcast storm
b. DoS attack
c. IP spoofing
d. Password sniffing

Solution: The correct answers C and D.

3Q: Which of the below are the parts of active sniffing? (Select more than one answer if applicable.)

a. ARP spoofing
b. MAC flooding
c. OS fingerprinting
d. MAC duplicating

Solution: The correct answers are A, B, and D.

4Q: Mike needs to view network packets in a continuous-stream display. Which Snort mode will access the network packets and display them in this manner on Mike’s console?

a. Packet logger
b. Output module
c. Sniffer
d. Network intrusion detection

Solution: The correct answer is A.

5Q: Garry is a security professional. His newest assignment is to implement some countermeasures against attacks—in particular, sniffer attacks. If given the below choices, which items would be useful to him? (Select more than one answer if applicable.)

a. Use only encrypted protocols for communications.
b. Use switches rather than hubs/repeaters. Switches will only send information/packets to a specific, correct host predefined by the network.
c. Utilize tools such as StackGuard or Immunix System to prevent attacks.
d. Decrease the network range of the network, thereby avoiding some attack attempts on wireless networks.

Solution: The correct answers are A, B, and D.

6Q: Marry is a claims processor for a local insurance company. One morning, she receives an email that has been marked urgent from a client. The client says she has uploaded several pictures of her damaged vehicle and the scene of the accident online and provides a link, purportedly to these photos. Although this is not the usual process for reviewing claims, Marry clicks on the link. The link takes her to an unfamiliar website, and she sees no pictures, so she simply closes her browser and goes back to work on a different claim. Later on, Marry notices that her workstation is running much more sluggishly than it ever has before. In addition, documents are taking far more time to load than usual. Of the below scenarios, which seems the most likely under the circumstances?

a. Marry’s system was subjected to a malicious pharming attack.
b. Marry was the victim of a vishing attack (also known as a social engineering attack).
c. Marry was the victim of a phishing attack.
d. Marry’s system is running slowly due to an issue with capacity planning.

Solution: The correct answer is C.

7Q: Alex hopes to start a career in computer security. As a new college-level student, he has just learned the term ethical hacking, which is a key part of secure information systems. Of the below options, choose which will be key areas of expertise for Alex’s future career. (Select more than one answer if applicable.)

a. Alex needs to gain a large body of knowledge about how computers function, with special regard to networking and programming.
b. Operating systems are very important to Alex’s career. Because companies utilize varying operating systems, including Windows (multiple versions), Mac (multiple versions), UNIX, and Linux, he must develop an advanced understanding of each of the major operating systems.
c. Alex should gain familiarity with computing and hardware platforms, which are key to software development.
d. Alex should be able to write reports related to his field and have great expertise in communication relating to computer security.

Solution: All of the above are correct.

8Q: Which type of hacker uses their computer knowledge to invade the privacy of others, thereby breaking security laws and rendering the security of information systems weak?

a. Security Providing Organization
b. Gray Hat
c. Black Hat
d. White Hat

Solution: The correct answer is C.

9Q: What is true about vulnerability in computer security?

a. This security weak spot is discovered and possibly exploited in a Target of Evaluation and results from failed analysis, design and implementation, or an operation.
b. It is caused by the incompetence of humans, natural disasters, or other indefensible situations.
c. This agent can take advantage of a weakness in an information system or network.
d. It is the threat or potential threat of a security violation and occurs only where there is a situation, action, or event that has the potential to break through security and damage a network or information system.

Solution: The correct answer is A.

10Q: Which of the policies listed below is a valid set of rules regarding connecting a system to an internal network while physically in a different location?

a. Computer Security Policy
b. User Account Policy
c. Remote Access Policy
d. Network Security Policy

Solution: The correct answer is C.

11Q: How can you establish that policies, configurations and procedural changes/updates are made in a controlled and well-documented environment?

a. Vulnerability scanning
b. Compliance
c. Change management
d. Peer review

Solution: The correct answer is C.

12Q: Security, which is a measurement of how safe a system or network is for individuals and organizations, is the condition of well being of information and infrastructure. With a secure system, theft (particularly undetected), tampering, and/or disruption (through Denial of Service Attacks) of services and information are limited to low or tolerable levels. Select the elements of security from the list below. (Select more than one answer if applicable.)

a. Integrity
b. Availability
c. Non-Repudiation
d. Authenticity
e. Confidentiality

Solution: The correct answers are A, B, D, and E.

13Q: Based on the information provided above, what testing methodology is being implemented by the website?

a. White-box testing
b. Black-box testing
c. Gray-box testing
d. Alpha or simulated testing

Solution: The correct answer is A.

14Q: How can gray box testing be distinguished from black box testing?

a. In white box testing, the tester has no knowledge of the target. He was given only the company’s name.
b. In black box testing, the tester has complete knowledge of the internal company network.
c. In gray box testing, the tester has to try to gain access into a system using commercially available tools only.
d. In gray box testing, the attacker performs attacks with a normal user account to see if he can escalate privileges.

Solution: The correct answer is D.

15Q: What core principle states that an individual or party cannot deny a role it had in an action or event (including document transmission)?

a. Non-repudiation
b. Perjury
c. Confidentiality
d. Secrecy and Privacy

Solution: The correct answer is A.

16Q: Microsoft’s print and file servers are among the more common targets for hackers. Which of the below is a common—but potentially harmful—vulnerability?

a. XSS
b. SQL infraction
c. Missing patches
d. Poor IV standards

Solution: The correct answer is C.

17Q: Mandy has made a career as an Ethical Hacker. Her company asks her to test the security of their server against potential Denial of Service (DoS) attacks. In order to accomplish this, she sends ICMP ECHO packets en masse to a set computer. She is employing which of the below techniques against DoS attacks?

a. Smurf Denial of Service (DoS) attack
b. Ping Flood Denial of Service (DoS) attack
c. Teardrop Denial of Service (DoS) attack
d. Land Denial of Service (DoS) attack

Solution: The correct answer is B.

18Q: There are many credos within the computer security world. Which of the below groups believes that a hacker’s purpose is to make social change, regardless of whether it involves breaking laws and/or defacing webpages?

a. Hactivists
b. Script kiddies
c. Crackers
d. Phreakers

Solution: The correct answer is A.

19Q: Security teams should do which of the below to reduce attack surface?

a. Harvesting
b. Scanning
c. Hardening
d. Windowing

Solution: The correct answer is C.

20Q: All but one of the statements below is false. Which one is correct? (Select more than one answer if applicable.)

a. A threat involves a series of events and/or circumstances that enable someone or an agent of someone to cause damage relating to information by exploiting existing vulnerabilities in IT product(s).
b. A threat exists where there is a way for someone to violate security through a circumstance, capability, action, or event. A threat has the potential to cause a security breach and/or cause harm to a system.
c. A threat is a type of weakness where there are too few safeguards in place that is open to exploitation through some vulnerability, which has the potential to cause harm to an information system or network.
d. A threat can cause harm in a variety of ways, including destruction of a system, disclosure or modification of the data contained within the system, and/or a DoS situation.

Solution: The correct answers are A, B, and D.

21Q: In his profession as an Ethical Hacker, Mike is often assigned jobs where he needs to test the security of a website. In this case, he is assigned to check the security of a new website. He can’t remember what the first step is in malicious hacking, but he needs to know it in order to protect against hackers. What is the first step?

a. Maintaining Access
b. Scanning
c. Covering\Clearing Tracks
d. Reconnaissance e. Gaining Access

Solution: The correct answer is D.

22Q: Alex is a malicious hacker who attacks a company’s server. Once he has gotten in, he sets up a backdoor on the company’s server and modifies the log files. Which of the above-discussed phases includes that modification?

a. Reconnaissance
b. Maintaining access
c. Gaining access
d. Covering/Clearing tracks

Solution: The correct answer is D.

23Q: If two unique corporations or companies go through a merger, what should they do to make sure that the Certificate of one company would trust the Certificate generated by the other?

a. Cross-certification
b. Public Key Exchange Authorization
c. Federated Identity
d. Must start from scratch – unique PKI system required.

Solution: The correct answer is A.

24Q: Which authority of PKI will verify an applicant?

a. Certificate Authority
b. Registration Authority
c. Root Central Authority
d. Validation Authority

Solution: The correct answer is B.

You may also like: