Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Strengthen your defenses against cyber threats with this set of questions. Covering a range of topics, from reconnaissance to application security, these questions offer a comprehensive review of the skills needed to secure digital assets.

1Q: Which of the below utilities are examples of HIDS? (Select more than one answer if applicable.)

a. HPing
b. Legion
c. Tripwire
d. BlackIce Defender

Solution: Answers C and D are correct.

2Q: In your position as a Network Administrator, you implemented a network-based IDS and installed sensors at all key positions within the network. Each reports the command console. Which of the below will be key tasks of these sensors in this physical plan? (Select more than one answer if applicable.)

a. To analyze for known signatures.
b. To gather data from operating system logs.
c. To gather data from web servers.
d. To alert the console if any intrusions are detected.

Solution: Answers A and D are correct.

3Q: John is the Network Administrator for his company, which has a TCP/IP-based routed network. John recently learned about the Slammer worm, which attacked computers in 2003 and doubled the number of infected hosts every ~9 seconds. The Slammer worm was able to infect 75,000 hosts in its first 10 minutes. Which of the below tools will you install and configure to prevent such attacks?

a. Anti-x
b. Firewall
c. Intrusion Detection Systems
d. Intrusion Prevention Systems

Solution: The correct answer is D.

4Q: Alex is a Network Security Administrator and is working on the installation of a MySQL server. He wants to monitor only data that comes from or is sent to the server, as well as running processes, file system access and integrity, and user logins for detecting malicious activities. Which of the below intrusion detection methods can Alex implement to complete his project?

a. Host-based
b. Network-based
c. Anomaly-based
d. Signature-based

Solution: The correct answer is A.

5Q: Mandy is a Security Analyst for a company. She is gathering a large quantity of log data from multiple resources such as Apache log files, IIS logs, streaming servers, and FTP servers. In order to analyze these logs, Mandy decides to employ the AWStats application. Which of the below statements are true of AWStats? (Select more than one answer if applicable.)

a. It generates web, streaming, or mail server statistics graphically.
b. It functions solely as a CGI and shows information contained in a log.
c. It can analyze log files of server tools including Apache log files, WebStar, IIS and other web, proxy, and even some ftp servers.
d. It can work with all Web hosting providers, which allow Perl, CGI, and log access.

Solution: The correct answers are A, C, and D.

6Q: You are the Network Administrator for a company. Employees located in remote places connect to your company’s network using the Remote Access Service (RAS). Which of the below could you use to pass or block packets from set IP addresses and ports?

a. Gateway
b. Antivirus software
c. Bridge
d. Firewall

Solution: The correct answer is D.

7Q: Which of the below statements regarding packet filtering is correct?

a. It is used to transmit confidential data over a public network.
b. It enables or blocks the flow of encrypted packets to provide security
c. It enables or blocks the flow of specific packets to provide security.
d. It is used to store information regarding confidential data.

Solution: The correct answer is C.

8Q: Which areas of a network include DNS and web servers for Internet users?

a. VLAN
b. VPN
c. MMZ
d. DMZ

Solution: The correct answer is D.

9Q: Which of the below methods of cryptography does the NTFS Encrypting File System (EFS) utilize for the file-by-file encryption of data stored on a disk? (Select more than one answer if applicable.)

a. Digital certificates
b. RSA
c. Twofish
d. Public-key

Solution: Answers A and D are correct.

10Q: What command is used to generate a binary log file through tcpdump?

a. tcpdump -w
b. tcpdump -B
c. tcpdump -d
d. tcpdump -dd

Solution: The correct answer is A.

11Q: Which of the below protocols is used for properly functioning Internet Relay Chat (IRC) sessions?

a. SMTP
b. IMAP
c. TCP
d. ICMP

Solution: The correct answer is C.

12Q: John is a Network Administrator. John notices that the wireless AP sends 128 bytes of plaintext, and a station responds by encrypting it. The station then transmits the encrypted ciphertext using an identical key and cipher to that utilized by WEP to encrypt future network traffic. What kind of authentication mechanism is being used?

a. Open system authentication
b. Pre-shared key authentication
c. Single key authentication
d. Shared key authentication

Solution: The correct answer is D.

13Q: Alex is a sales manager for a company. He needs to download software from the Internet. However, the software he wants originates from a site outside of his trusted zone. To be sure that the downloaded software has not been Trojaned, he takes one of the below actions. Which action would make the most sense?

a. Alex will compare the downloadable version with the one published on the distribution media.
b. Alex will compare the file’s MD5 signature with the one published on the distribution media.
c. Alex will compare virus signature to the one published in a distribution.
d. Alex will compare the software size with the one given online.

Solution: The correct answer is B.

14Q: Applying cryptography will defeat which of the below attacks?

a. Web ripping
b. DoS
c. Sniffing
d. Buffer overflow

Solution: The correct answer is C.

15Q: When hostlist.txt file includes a listing of IP addresses and request.txt is the file output, which of the below tasks will you perform by running this script?

a. Banner grabbing to the hosts provided in the IP address list.
b. Put nmap into the listen mode to the hosts provided in the IP address list.
c. Perform port scanning of the hosts provided in the IP address list.
d. Transfer the hostlist.txt file to the hosts provided in the IP address list.

Solution: The correct answer is A.

16Q: What attack has most likely taken place on the company’s network?

a. Land attack
b. DoS attack
c. Smurf attack
d. Fraggle attack

Solution: The correct answer is C.

17Q: What are common signs that a system and its devices may be compromised and/or hacked? (Choose three)

a. New user accounts have been created.
b. Increased amount of failed logon events.
c. Consistency in usage baselines.
d. The server’s hard drives will be fragmented.
e. Patterns in time gaps in system and/or event logs.
f. The system’s partitions are encrypted.

Solution: The correct answer is B, C and F

18Q: John is a penetration tester. Responsibility for a project has been given to him; he must employ penetration testing on his company’s network. Running the test from home after downloading every security scanner he could find. Despite knowing the IP range of all systems and the exact network configuration, John is not able to discover any useful results from these security scanners. Why not? (Select more than one answer if applicable.)

a. Security scanners are not designed for testing through a firewall.
b. Security scanners cannot perform a vulnerability linkage.
c. Security scanners are only as smart as their database and cannot discover unpublished vulnerabilities.
d. Security scanners are as intelligent as their database and can discover unpublished vulnerabilities.

Solution: The correct answers are A, B, and C.

19Q: Your manager has requests that you to create something that will showcase the improvement of security of your company’s network over time. What is your manager expecting you to develop?

a. reports
b. metrics
c. standards
d. testing policy

Solution: The correct answer is B.

20Q: Which of the below is defined as unsolicited e-mails sent out to a large number of people?

a. Biometrics
b. Hotfix
c. Buffer overflow
d. Spam

Solution: The correct answer is D.

21Q: Which of the below languages are particularly susceptible to buffer overflow attacks? (Select more than one answer if applicable.)

a. C
b. C++
c. Java
d. Action script

Solution: The correct answers are A and B.

22Q: Which of the below algorithms can be employed in verifying file integrity? Each correct answer represents a complete solution. Choose two.

a. MD5
b. SHA
c. RSA
d. Blowfish

Solution: The correct answers are A and B.

23Q: Which of the below options represents the property of hash functions that ensures that it will not produce the same hashed value for two different messages?

a. Key length
b. Bit strength
c. Entropy
d. Collision resistance

Solution: The correct answer is D.

24Q: You work as a network administrator and your company has a Linux-based network. You have set up and installed a VPN server for remote users to be able to connect to the company’s network. Which of the below encryption types will Linux use?

a. RC2
b. MSCHAP
c. CHAP
d. 3DES

Solution: The correct answer is D.

You may also like: