Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Prepare for success in the Certified Ethical Hacker exam with this simulation set. Mirroring the exam format and difficulty level, these questions serve as the final step in your preparation journey, ensuring you are ready to demonstrate your mastery of ethical hacking.

1Q: Which of the below key phases in mitigating risk includes identifying vulnerabilities, assessing losses instigated by materialized threats, cost-benefit examination of countermeasures, and attacks assessments?

a. Risk assessment
b. Vulnerability management
c. Assessment, monitoring, and assurance
d. Adherence to security standards and policies for development and deployment

Solution: The correct answer is A.

2Q: What tool would you use to trying to access domain name related records for a given organization?

a. Nmap
b. Traceroute
c. NSLookup
d. Neotrace

Solution: The correct answer is C.

3Q: What netcat command could you use to capture a password file?

a. pwdump> file.txt.
b. nc -l -p <port number> -e cmd.exe -d
c. nc -l -u -p 1111 < /etc/passwd
d. nc <ip address><port number><passwd>

Solution: The correct answer is C.

4Q: A fast food chain wants to improve its security posture related to IT infrastructure. Unfortunately, a lower security budget has been approved, and the company is now planning to run tests through utilities with an internal team in a concurrent fashion with the intent of replicating attacks from external attackers. When an increased budget has been approved, new assessments incorporate other areas such as security architecture and policy. Which of the below testing sequences is appropriate?

a. Gray box testing all through.
b. Manual testing, followed by automated testing.
c. Black box testing, followed by white box testing.
d. Automated testing, followed by manual testing.

Solution: The correct answer is D.

5Q: Alex, a black hat, and secrets away some of his hacking tools by utilizing Alternate Data Streams (ADS). What must be true in this case?

a. Alex’s computer utilizes a FAT file system.
b. Alex must be using an NTFS file system.
c. Alternate Data Streams is a baked into the Linux kernel.
d. Alex is still running Microsoft Windows 98 if he is able to use this feature.

Solution: The correct answer is B.

6Q: John is his company’s backup administrator. His duties involve making backups of important data, and so he is only authorized to access this data in order to create backups. In some situations users with different roles have to access these same files. What is a secure way to manage the permissions?

a. Mandatory Access Control (MAC)
b. Discretionary Access Control (DAC)
c. Access Control List (ACL)
d. Role-Based Access Control (RBAC)

Solution: The correct answer is D.

7Q: Adam is his company’s security administrator. Charles is the sales manager and is off site for a last minute sales meeting. Charles needs some restricted files sent to him on a Flash drive. Adam is worried that the drive may get lost in the mail or by Charles. The first thought Adam has is to encrypt the files, but he realizes that the encryption keys might be broken. What piece of software might he use to hide the files from prying eyes?

a. File Sniff
b. EFS
c. Snow
d. File Sneaker

Solution: The correct answer is C.

8Q: Alex is a security administrator. He notices an inordinate amount of ICMP Echo Reply packets being received on the external gateway interface while watching the IDS. After looking into it further, he sees that the ICMP Echo Reply packets are originating from the Internet and there aren’t any requests from the internal host. What kind of attacks could cause this issue?

a. DoS attack
b. Land attack
c. Fraggle attack
d. Smurf attack

Solution: The correct answer is D.

9Q: What are the symptoms of a Denial of Service attack? (Select more than one answer if applicable.)

a. Results in an increase in the amount of spam
b. Helps services to a specific computer
c. Saturates network resources
d. Causes failure to access a Web site

Solution: The correct answers are A, C, and D.

10Q: John is a professional ethical hacker. His latest project involves testing the security of www.example.com. He doesn’t want www.example.com to know who is scanning them, but wants to discover open ports and applications that the web server is running. In order to do so he will initiate scanning with the IP address of some random third party. What technique can he use to make this happen?

a. UDP
b. RPC
c. IDLE
d. TCP SYN/ACK

Solution: The correct answer is C.

11Q: John is a security administrator. He will execute an active session hijack against Secure Inc. He discovered a target machine that will allow a Telnet session. He found another active session because there is so much traffic already on the network. What should he do next?

a. Use Brutus to crack the telnet password.
b. Guess the sequence numbers.
c. Use a sniffer to listen to the network traffic.
d. Use macoff to change the MAC address.

Solution: The correct answer is B.

12Q: The administrator of your network is allowing you to run some exploit code on your corporate network to test if the new IDS/IPS is able to discover and secure against the attacks. What might you use to try and bypass the IDS/IPS?

a. Meterpreter
b. Payload
c. Exploit
d. Encoder

Solution: The correct answer is D.

13Q: When John goes to check his morning news feed, he gets redirected to a site that is almost identical, but is actually filled with malicious software. He then realized his router has been compromised. What kind of attack has be fallen Bill?

a. Route table poisoning
b. Hit and Run Attacks
c. Black hole attack
d. Persistent Attacks

Solution: The correct answer is A.

14Q: John is a new pentester and is quickly building himself an arsenal of useful tools. What bootable Linux distro does he absolutely have to have because of the number of security tolls preloaded in the environment?

a. Kali Linux
b. Bidiblah
c. VMware
d. botnets

Solution: The correct answer is A.

15Q: If you needed to get a log message through a firewall what protocol and port number would you use?

a. SMTP – 25
b. SMNP – 161
c. Syslog – 514
d. POP3 -110

Solution: The correct answer is C.

16Q: What is used to encrypt a message before it is sent using PGP?

a. receiver’s private key
b. receiver’s public key
c. senders private key
d. sender’s public key

Solution: The correct answer is B.

17Q: Which of these could be considered a preventative control measure?

a. Audits
b. Digital signatures
c. Disaster recovery plan
d. Smart cards

Solution: The correct answer is D.

18Q: How do you define symmetric encryption in regards to asymmetric encryption?

a. It uses multiple keys to encrypt and decrypt data.
b. It uses sessions keys generated from each parties private key.
c. It uses the same key for encryption and decryption of data.
d. It creates a one-way hash that cannot be reversed.

Solution: The correct answer is C.

19Q: After a major security audit, all of the proposed changes are made. However, there are still some risks of an attacker penetrating your network. What is your next move?

a. Cancel the project (go in a different direction)
b. Deny to management that there is remaining risk
c. Accept the risk if it is low enough (to management)
d. Continue to apply additional controls until all risk is eliminated

Solution: The correct answer is C.

20Q: In regards to Proxy Firewalls, which of the following are true?

a. Proxy firewalls block network packets from passing in to and out of protected networks.
b. Proxy firewalls will increase the speed and functionality of a network.
c. Systems establish a connection with a proxy firewall, which then creates a new network connection for that device.
d. Firewall proxy servers decentralize all activity for an application.

Solution: The correct answer is C.

21Q: Consider additional user training for your company if it is hit by what kind of attack?

a. SQL injection
b. Application hardening
c. Vulnerability scanning
d. Social engineering

Solution: The correct answer is D.

22Q: Which kinds of access controls are utilized by firewalls and routers?

a. Rule-based
b. Mandatory
c. Discretionary
d. Role-based

Solution: The correct answer is D.

23Q: This kind of system will monitor, log, and alert you if you are being attacked, but cannot do anything to halt the attack.

a. Detective
b. Passive
c. Reactive
d. Active

Solution: The correct answer is A.

24Q: The international standard for IT systems functionality is known as?

a. ITSec
b. ISO 18011
c. Common Criteria
d. Orange Book