Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Challenge yourself with advanced ethical hacking techniques in this set. Explore sophisticated methodologies and scenarios, ensuring you are well-prepared to tackle the complexities of the Certified Ethical Hacker exam.

1Q: Pen test team member Amy attempts to guess the ISN for a TCP session. Which attack is she most likely carrying out?

a. XSS
b. Session splicing
c. Session hijacking
d. Multipartite attack

Solution: The correct answer is C.

2Q: Abby is a dedicated and responsible IT technician. One morning, Abby receives an e-mail from her company’s manager asking her to provide her logon ID and password, but Abby is aware that the company policy specifically forbids its users from revealing logon IDs and passwords to anyone. Abby immediately notifies the systems administrator about the email. In his response to her, he agrees with her and congratulates her on avoiding the attack. What is the name of the attack that Abby avoided?

a. Trojan horse
b. Replay attack
c. Social engineering
d. DoS

Solution: The correct answer is C.

3Q: In John’s work as an IT Technician, he is responsible for setting up security for his company’s entire network. He is specifically attentive to protecting the company’s userbase from social engineering attacks. Which of the below approaches are frequently employed by social engineering hackers? (Select more than one answer if applicable.)

a. Trojan horse
b. Personal approaches
c. Telephone
d. Brute force
e. E-mail

Solution: The correct answers are A, B, and E.

4Q: Which of the below are examples of passive attacks? (Select more than one answer if applicable.)

a. Dumpster diving
b. Placing a backdoor
c. Shoulder surfing
d. Eavesdropping

Solution: The correct answers are A, C, and D.

5Q: Alex is employed as an Ethical Hacker for a successful company. His supervisor assigns him the responsibility of security testing his company’s website. Alex’s first step is to begin dumpster diving to collect as much information as possible about his company. Which of the below phases of malicious hacking does dumpster diving come under?

a. Gaining access
b. Reconnaissance
c. Maintaining access
d. Scanning

Solution: The correct answer is B.

6Q: John works as a programmer. Ordinarily, John utilizes the company’s work-from-home setup and only comes into the office on Wednesdays. On one particular Wednesday, after being yelled at by his immediate supervisor for procrastination, he took a little time to jot down the usernames and passwords of coworkers as they entered into the system (he was able to view this information on their computer monitors). Which of the below social engineering attacks did he just perform?

a. Authorization by third party
b. Shoulder surfing
c. Important user posing
d. Dumpster diving

Solution: The correct answer is B.

7Q: Which of the below social engineering attacks would involve an attacker damaging a target’s machine and/or other device and then be on hand, advertising himself as an expert person who is able to fix the damage and solve any other resulting problem?

a. Important user posing attack
b. In-person/personal approach attack
c. Impersonation attack
d. Reverse social engineering attack

Solution: The correct answer is D.

8Q: As the Network Administrator for a bank, John is worried that his clients are potentially vulnerable to phishing attacks by hackers using phony bank websites. How can John protect his clients?

a. MAC
b. Two factor authentication
c. Three factor authentication
d. Mutual authentication

Solution: The correct answer is D.

9Q: Which of the below statements are true about a phishing attack?

a. This type of attack will direct a target to input information and passwords into the fields of a website that appears to be genuine.
b. This type of attack involves an attacker transmitting several SYN packets to the victim’s machine or server.
c. This attack type is designed to secretly secure login information from others, including usernames and passwords, as well as information about financial accounts.
d. This attack is carried out via spoofing of e-mail accounts, instant messaging accounts, and social networking accounts.

Solution: The correct answers are A, C, and D.

10Q: An attacker sends an e-mail containing a link to a website with a very similar URL as that of a major banking institution, concealing its malicious nature. The attacker hopes that the recipient will miss some difference in this URL and attempt to log in, providing a password and potentially a pin number or other account detail to the attacker. What technique has this phishing attack employed related to the URL of the website?

a. Dumpster diving
b. URL obfuscation
c. Shoulder surfing
d. Reverse social engineering

Solution: The correct answer is B.

11Q: Into which two primary categories can all social engineering attacks be divided?

a. Insider-based attacks and outsider-based attacks
b. Human-based and computer-based attacks
c. Fear-based and persuasion-based attacks
d. Phishing-based and spear-phishing based attacks

Solution: The correct answer is B.

12Q: Social engineers use their influence and persuasive skills to deceive others into providing them with important and personal/proprietary information. What are the steps utilized by hackers in carrying out social engineering attacks?

a. Choose target, Research target, Develop rapport, Exploit relationship
b. Research target(s), Develop rapport, Select victim(s), Exploit relationship(s)
c. Research target, Select target, Develop rapport, Exploit relationship
d. Select target, Develop rapport, Research target, Exploit relationship

Solution: The correct answer is C.

13Q: Social engineering attacks are widespread and potentially quite damaging to a company and its machines. How can a security team protect its systems and users against social engineering attacks? (Select more than one answer if applicable.)

a. Use appropriate firewalls and tools based on best practices.
b. Implement and enforce appropriate security rules, procedures, and policies.
c. Foster an open-minded corporate culture and transparent environment.
d. Put in place appropriate security training for non-IT personnel.

Solution: The correct answer is B.

14Q: Alex, a malicious hacker, transmits an ICMP packet which is more than 65,536 bytes to his target’s system. What kind of attack has he carried out?

a. Fraggle
b. Ping of death
c. Teardrop
d. Jolt

Solution: The correct answer is B.

15Q: Mandy is an Ethical Hacker. She has been given responsibility for managing a project to test the security of a subsidiary’s website. In one of her tests, she attempts to carry out a DoS attack on the subsidiary’s web server and discovers that the firewall of the server is blocking ICMP messages, but failing to check UDP packets. In a follow-up test, she sends a large volume of UDP echo request traffic to the IP broadcast addresses of the web server utilizing a spoofed source address that matches the server. What kind of attack is she testing against the server?

a. Ping flood attack
b. Teardrop attack
c. Fraggle DoS attack
d. Smurf DoS attack

Solution: The correct answer is A.

16Q: Cathy, a professional Ethical Hacker, has been assigned to a project involving security testing of her company’s website. She is utilizing the TFN and Trin00 tools to security test the web server for vulnerabilities. What kind of attack can Cathy carry out against the web server with those two tools?

a. Brute force attack
b. Cross site scripting attack
c. Reply attack
d. DDoS attack

Solution: The correct answer is D.

17Q: An attacker transmits a spoofed TCP SYN packet utilizing the IP addresses of a target for both the source field and the destination field?

a. Smurf DoS attack
b. Fraggle DoS attack
c. Land attack
d. Jolt DoS attack

Solution: The correct answer is C.

18Q: In which of the below ways can a security team protect its systems against devastating DDoS attacks? (Select more than one answer if applicable.)

a. Implementation of intrusion detection systems
b. Limit the network bandwidth
c. Utilize network-ingress filtering
d. Block unknown and troublesome IP addresses
e. Implement LM hashes for passwords

Solution: Answers A, B, C, and D are correct.

19Q: Which of the below DoS attacks has Barney discovered as a vulnerability for the We-are-secure security network?

a. Jolt attack
b. Smurf attack
c. Teardrop attack
d. Fraggle attack

Solution: The correct answer is B.

20Q: Which of the below constitute malicious activities executed by a bot/botnet? Each correct answer represents a complete solution. Choose three.

a. Malicious downloader programs that download entire websites.
b. Spambots can harvest emails from contact forms or guestbook pages.
c. Honeypot detection.
d. Bots and botnets can operate as viruses or as worms.

Solution: The correct answers are A, B, and D.

21Q: An investigator tested a hacked network in an attempt to uncover the source of the hacking activity. He soon realized that the administrator account password had been obtained from a local source, despite the server’s anti-virus and anti-spyware software. This tells him the method chosen by the attacker. What is it?

a. Stealth anonymizer
b. Hardware keylogger
c. SNMP community strings
d. SMB signing

Solution: The correct answer is B.

22Q: Because your company’s server is becoming increasingly unresponsive and its listen queue is quickly reaching its capacity, you suspect that an attacker has been carrying out SYN flooding attacks on the server. This attack works by filling up the table reserved for half open TCP connections in the operating system’s TCP IP stack. In a 3-way TCP handshake, what missing process is likely contributing to this attack?

a. SYN-ACK
b. SYN
c. ACK
d. ACK-SYN

Solution: The correct answer is C.

23Q: Which of the below constitute methods that could be used to protect against session hijacking? (Select more than one answer if applicable.)

a. Regenerating a session id after the user has successfully logged in.
b. Using a short, straight number or string as the session key.
c. Encrypting any and all data transmitted between the parties, especially the session key.
d. Alter the session cookie’s value with each request.

Solution: The correct answers are A, C, and D.

24Q: John advises his company’s development team to utilize a random long number for session keys in order to mitigate security issues. What attack is he attempting to prevent?

a. IP Spoofing
b. Misdirected Trust
c. Brute force
d. Blind Hijacking

Solution: The correct answer is C.

You may also like: