Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Dive deeper into network security with questions tailored to assess your knowledge of Scanning, Enumeration, and System Hacking. Strengthen your skills in identifying vulnerabilities and understanding how to secure systems effectively.

1Q: Mike wants to carry out an ARP poisoning attack and needs to know which of the below tools would be useful in launching this type of attack. (Select more than one answer if applicable.)

a. Arpspoof
b. Ettercap
c. Cain and Abel
d. Brutus

Solution: The correct answers are A, B, and C.

2Q: Which of the below types of attack will enable an attacker to sniff data frames within a local area network (LAN) or even to stop network traffic entirely?

a. Session hijacking
b. Port scanning
c. ARP spoofing
d. Man-in-the-middle

Solution: The correct answer is C.

3Q: Mike is a security consultant. Many of his fellow employees are being redirected to a different website when they enter the public e-mail site access address into their browser. This alternate website requests that users validate their identity through entering their login information and password. In order to validate this change, Mike uses his iPhone to access the e-mail website. Instead of being directed to the new login/password page, his iPhone browser sends him directly to the original page. What attack has the company likely suffered?

a. DNS zone transfer attack
b. Directory traversal attack
c. DNS cache poisoning
d. Web cache poisoning attack of the email server

Solution: The correct answer is C.

4Q: Adam wants to install a packet sniffer named Windump—which is the functional Windows equivalent of the Linux-based TCPDump—and needs to first create a library. Which of the below options represents the name of the library Adam must install on his Windows machine?

a. WinTCP
b. WinPCAP
c. idconfig
d. Winconf

Solution: The correct answer is B.

5Q: Alex attacks the CAM switches of a network. What kind of attack has he performed?

a. ARP spoofing
b. IP address spoofing
c. DNS cache poisoning
d. MAC flooding

Solution: The correct answer is A.

6Q: Two of the statements below are correct. Can you identify which?

a. In a spoofing attack, the valid user may still be active, but the attacker will utilize that user’s identity and/or data (the valid user’s session is not interrupted).
b. A session hijacking attack occurs when a hacker steals the session key or magic cookie, taking over the session and disconnecting the valid user.
c. A session hijacking attack occurs when a hacker steals the session key or magic cookie, taking over the session without disconnecting the valid user.
d. In a spoofing attack, the valid user must not be active so that the attacker may access the IP address or other identifying data, masquerading as the valid user until the valid user’s session becomes active again.

Solution: The correct answers are A and C.

7Q: Your computer uses the Windows 2000 Server OS. You need to improve the security of the server. Which of the below changes are required to accomplish this? (Select two answers from the below choices.)

a. Remove the Administrator account
b. Enable the Guest account.
c. Rename the Administrator account.
d. Disable the Guest account.

Solution: Answers C and D are correct.

8Q: What is the definition of a script kiddie?

a. A script kiddie utilizes hacking programs found online and developed by someone else to hack into information systems and deface websites. They are not independently knowledgeable about hacking.
b. A script kiddie has lost the respect of others in an organization. Their integrity is suspect.
c. A script kiddie focuses their attacks on communication systems.
d. A script kiddie has been working with various computer systems from a young age. They are experts in many computer fields and operating systems, in addition to being knowledgebase in networks, frameworks, software and hardware. They love to root out vulnerabilities and threats on a server to boost its security.

Solution: The correct answer is A.

9Q: How is a penetration tester differentiated from an attacker?

a. A penetration tester uses various vulnerability assessment tools.
b. A penetration tester does not test the physical security.
c. A penetration tester does not perform a sniffing attack.
d. A penetration tester differs from an attacker by his lack of malicious intent.

Solution: The correct answer is D.

10Q: What is the first thing an ethical hacker must do before running a pentest?

a. Perform an nmap scan.
b. Uncover social engineering metadata.
c. Print a findings report.
d. Obtain a signed document from senior management.

Solution: The correct answer is D.

11Q: What are some end objectives of an effective pentesting attempt?

a. Verify whether certain data can still be restored with a regular backup in the event of hardware damage.
b. Examine the IT infrastructure in terms of its compliance, efficiency, effectiveness, etc.
c. Identify vulnerabilities and flaws and improve security of technical systems.
d. Catalogue the assets and resources in a system.

Solution: The correct answer is C.

12Q: Penetration tests occur in phasing. Recall from a previous question the terms ‘data gathering’ and reconnaissance. During which phase(s) do these two actions occur?

a. Out-attack phase
b. Post-attack phase
c. Attack phase
d. Pre-attack phase

Solution: The correct answer is D.

13Q: Which of the below tools (based in Linux) can be used for penetration testing?

a. JPlag
b. Vedit
c. Ettercap
d. Kali Linux

Solution: The correct answer is D.

14Q: The PCI-DSS requires organization to perform external pentests. How often will this organization need to be done?

a. Once a quarter
b. At least once a year and after a major change or update
c. Every two years
d. Once a year

Solution: The correct answer is B.

15Q: What method is the most widespread method for an attacker to find victims for social engineering strikes?

a. Phone
b. War driving
c. Session hijacking
d. Email

Solution: The correct answer is A.

16Q: Alex is using Facebook, Twitter, and other social networking sites to gather information on his targets. What sort of methods is he employing? (Select 2.)

a. Distributed denial of service attack
b. MiTM attack
c. Teardrop attack
d. SQL injection attack
e. Phishing attack
f. Social engineering attack

Solution: The correct answers are E and F.

17Q. A tester detects an access point via WPA2 during a routine wireless penetration test. Which of the below attacks would be useful in obtaining a key?

a. First she needs to reset the MAC address of the wireless network card. Next, she should utilize the AirCrack tool to capture the key.
b. She should capture the WPA2 authentication handshake and then work to crack the handshake.
c. She should try the key cracking tool airodump-ng [airocrack-ng] through the network ESSID.
d. She must reset the network and start from scratch because WPA2 simply cannot be cracked.

Solution: The correct answer is B.

18Q: What is the chief reason that using a stored biometric opens an individual up to an attack?

a. This kind of authorization runs a comparison on the original to the copy rather than the other way around.
b. The symbols used to represent a stored biometric might not be original in a digital or stored format.
c. An attacker can use the stored biometric data to easily masquerade as the individual identified by that data.
d. A stored biometric is no longer “something you have” and instead becomes “something you are.”

Solution: The correct answer is C.

19Q: Which of the below scans can measure facial and other features through the use of a webcam or other digital camera capable of taking videos?

a. Iris scan
b. Facial recognition scan
c. Signature dynamics scan
d. Retina scan

Solution: The correct answer is A.

20Q: You are starting a new Nessus policy and need to turn on (or enable) Global Variable Settings. Where should you go to enable them?

a. Plugins
b. General
c. Preferences
d. Credentials

Solution: The correct answer is C.

21Q: A pentester (otherwise known as a penetration tester) keys in the below command. What kind of scan is this? nmap -N -sS -PO -p 123 192.168.1.10

a. Idle scan
b. Intense scan
c. Stealth scan
d. Fin scan

Solution: The correct answer is C.

22Q: If a hacker wanted to modify prices on a website, which of the below methods would they use? As an aside, there are no alerts shown through IDS.

a. XSS
b. Hidden form fields
c. SQL injection
d. Port scanning

Solution: The correct answer is B.

23Q: What kind of a scan delivers specially designed packets to a system (remote) and then analyzes the output?

a. Active
b. Bounce
c. Passive
d. Directive

Solution: The correct answer is A.

24Q: Which of the below of information collection methods did you use?

a. Port scanning
b. Dumpster diving
c. OS fingerprinting
d. Banner grabbing

Solution: The correct answer is D.

You may also like: