Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Immerse yourself in realistic scenarios with this set of questions. Simulating actual ethical hacking challenges, these questions ensure that you are ready to apply your skills in practical situations, mirroring the demands of the cybersecurity field.

1Q: Cathy is an application security architect responsible for mitigating common website vulnerabilities, including cross-site scripting and SQL injection. First, she makes sure that the developers understand and follow coding practices. Second, Cathy works with the network team to train them on deploying IDS/IPS utilities. Third, she implements personal firewalls and anti-virus systems throughout. What else should Cathy set up to in her quest to counter common web application attacks?

a. Honeypot
b. Web application firewalls
c. VPN
d. RBAC

Solution: The correct answer is B.

2Q: Which of the below characters can a tester input to discover if their application is vulnerable to SQL injection attacks?

a. Semi colon (;)
b. Single quote (‘)
c. Double quote (“)
d. Dash (-)

Solution: The correct answer is B.

3Q: You work for a financial company. Your security department is requiring developers to shield their applications from SQL injections. Client supplied data must never be able to alter the syntax of any SQL statements. All application-required SQL statements need to be maintained within stored procedures on a database server. However, your company is concerned about the uptick in attack frequency and wants to know whether further defensive security scanning tools would be appropriate. You reply in the affirmative, and suggest one of the below tools. What would you recommend?

a. sqlninja
b. SQLIer
c. Acunetix
d. sqlmap

Solution: The correct answer is C.

4Q: The Voyager worm was posted on the Internet on October 31, 2005, and is intended to target Oracle databases. If successful, this worm will grant DBA to PUBLIC. What technique does the Voyager worm use to attack Oracle servers?

a. SQL Injection
b. Buffer Overflow
c. Code Injection attack
d. Utilization of default accounts and passwords

Solution: The correct answer is D.

5Q: Each network device utilizes a distinct pre-configured Media Access Control (MAC) address. This is used to recognize the authentic device and limit access to the network. Which of the below addresses is an acceptable MAC address?

a. 132.298.1.23
b. F936.28A1.5BCD.DEFA
c. 1011-0011-1010-1110-1100-0001
d. A3-07-B9-E3-BC-F9

Solution: The correct answer is D.

6Q: Which of the below wireless security features will provide the most effective security mechanism?

a. WAP
b. WEP
c. WPA with 802.1X authentication
d. WPA with Pre Shared Key

Solution: The correct answer is C.

7Q: John is a network administrator. He has implemented a dual firewall Demilitarized Zone (DMZ) to isolate the rest of his company’s network from other portions that are accessible to the public via the Internet. Which of the below security threats would be possible if an attacker launched successful DMZ protocol attacks? Each correct answer represents a complete solution. Choose three.

a. The attacker (if he bypassed the first firewall defense) will have access to the company’s internal network without breaking a second unique firewall.
b. The attacker would gain entrance onto the web server in the DMZ and could exploit the database.
c. The attacker would be able to exploit protocols to access the company’s internal network or intranet.
d. The attacker would be able to launch a Zero Day attack, which would entail transmitting a malicious payload outside of the IDS/prevention systems protecting the network.

Solution: The correct answers are B, C, and D.

8Q: Which of the below statements is not accurate regarding SSIDs? Each correct answer represents a complete solution. Choose three.

a. SSIDs help identify a wireless network.
b. SSIDs utilize case in-sensitive text and numerical strings with a maximum length of 64 characters.
c. Each wireless device within a wireless network is required to use the same SSID in order to communicate with other devices in the network.
d. Setting an SSID to match Wireless Access Points (WAPs) of other networks creates a conflict.

Solution: The correct answer is B, which is false.

9Q: Which of the below is a major benefit that a network-based IDS/IPS system will offer as compared to host-based solutions?

a. A network-based IDS/IPS is placed at the boundary between internal and external network sources.
b. A network-based IDS/IPS is easier to install and configure.
c. A network-based IDS/IPS will slow down user interfaces.
d. A network-based IDS/IPS does not use resources from the host system.

Solution: The correct answer is D.

10Q: Which security strategy will require multiple and varied techniques to maintain the security of systems against attackers?

a. Overt channels
b. Three-way handshake
c. Data Loss Prevention
d. Defense in depth

Solution: The correct answer is D.

11Q: Which of the below options are accurate regarding WPA? (Select more than one answer if applicable.)

a. WPA provides improved security over WEP.
b. WPA-PSK requires that users enter an 8- to 63-character passphrase into the wireless client.
c. WPA-PSK transforms that passphrase into a 256-bit key.
d. Shared-key WPA is highly vulnerable to password cracking attacks when feeble passphrases are chosen.

Solution: A, B, C, and D are the correct answers—all of the above.

12Q: Karen, a network security professional, is worried that an attacker discovering the wireless network of her company by passing by its office. She is concerned that attackers will be able to access the network via their wireless connection. Which of the below will not aid her in securing this wireless connection? Each correct answer represents a complete solution. Choose two.

a. Use WEP or WPA encryption.
b. Do not broadcast the SSID.
c. Hardening the server’s OS.
d. Use MAC filtering on the router.
e. Enforce strict password policies on workstations.

Solution: Answers C and E are correct.

13Q: One of your company’s web developers wants to allow contractors working on various projects to access the Internet over a wireless connection. Because the approval process is so lengthy, the developer sets up his own wireless router, attaches it to a network port, and sets up a WAP for these contractors. Which of the below statements describes the risk this might pose to your company’s systems?

a. Adding a WAP is commonplace and poses no security risks.
b. This WAP will cause traffic on the network to surge and will cause sluggishness in the overall performance of the network.
c. Hackers often use unauthorized WAPs to enter a network.
d. This router breaks protocol and evades the network’s intrusion detection.

Solution: The correct answer is C.

14Q: How can a security team detect rogue WAPs and block them from entering its network?

a. Network anti-spyware software
b. Network anti-virus software
c. Site surveys
d. Protocol analyzers

Solution: The correct answer is C.

15Q: John has discovered what seems to be an unauthorized wireless access point on his company’s network. At first, he is confused by this WAP, as its MAC address is identical to another genuine WAP, but the unauthorized WAP is broadcasting a much greater signal. What kind of attack is this?

a. DoS attack
b. WAP cloning attack
c. Bluesnarfing attack
d. The evil twin attack

Solution: The correct answer is D.

16Q: Alex is worried that a hacker might use wardriving to discover his company’s wireless network. What basic thing can he do that will help to mitigate the risk?

a. Do not broadcast the network’s SSID.
b. Set up and configure WEP.
c. Set up and configure MAC filtering.
d. Set up and configure WPA.

Solution: The correct answer is A.

17Q: Which of the below statements are accurate regarding using WLAN discovery software (NetStumbler, Kismet, or MacStumbler) to discover rogue access points when using a laptop that has an integrated, Wi-Fi compliant MiniPCI card? (Select more than one answer if applicable.)

a. These tools will not detect rogue access points when the victim is using data encryption.
b. These tools can discover rogue access points as long as the victim is using IEEE 802.11 frequency bands.
c. These tools can determine the rogue access point even when it is attached to a wired network.
d. These tools can determine the authorization status of an access point.

Solution: The correct answers are B and D.

18Q: Which of the below tools will monitor the radio spectrum to discover rogue access points and utilization of wireless attack tools?

a. IDS
b. Snort
c. WIPS
d. Firewall

Solution: The correct answer is C.

19Q: You are the administrator for a workgroup that has 143 Windows XP Professional client machines and 42 Windows 2003 Server machines. You need to install and implement a security layer of WAP designed for your company’s wireless environment—this layer must provide privacy, data integrity, and authentication for client-server communications. Additionally, both the client and the server should be authenticated in order to maintain a secure, encrypted connection during transactions. Which of the below should you use to complete this task?

a. Recovery Console (RC)
b. Wired Equivalent Privacy (WEP)
c. Virtual Private Network (VPN)
d. Wireless Transport Layer Security (WTLS)

Solution: The correct answer is D.

20Q: Mandy needs to set up an ad hoc wireless network over which she can transmit important files to a coworker. Which of the below protocols for wireless security should she pick for creating her ad hoc wireless network? Each correct answer represents a complete solution. Choose two.

a. WPA-PSK
b. WPA-EAP
c. WEP
d. WPA2 -EAP

Solution: The correct answers are A and C.

21Q: An executive in Mallory’s company has complaints about odd behavior on her PDA. After investigation, Mallory determines that a trusted device is copying data off of the executive’s PDA. The executive admits that the strange behavior began shortly after she accepted an e-business card from an unknown individual. What kind of attack does this represent?

a. Bluesnarfing
b. PDA hijacking
c. Session hijacking
d. Privilege escalation

Solution: The correct answer is A.

22Q: A salesperson in Gary’s company is concerned that he is frequently receiving unsolicited messages on his PDA. Gary determines that the issue occurs when the salesperson is in a crowded area—like an airport, and identifies the problem as one of the below attacks. Which is it?

a. Bluesnarfing
b. Bluejacking
c. Virus and Malware
d. Spam or Phishing

Solution: The correct answer is B.

23Q: John is a project engineer for a company that uses Windows XP machines. John’s computer does not use the default gateway; he is able to connect to the Internet, but cannot use e-mail unless he uses the company’s intranet. Which of the below is potentially the reason for this situation?

a. Protocols other than TCP/IP are being used.
b. An IP packet filter is installed.
c. The router is blocking Gordon’s machine.
d. Gordon may be using a proxy server.

Solution: The correct answer is D.

24Q: When no genuine anomaly has occurred, but an alarm is generated in an Intrusion Detection System, the alarm is called which of the following?

a. False positive
b. False negative
c. True positive
d. True negative

Solution: The correct answer is A.

You may also like: