Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Hone your skills in network traffic analysis with this set of questions on Sniffing. Learn to detect and counteract various sniffing attacks, a crucial aspect of securing networks in the ever-evolving landscape of cybersecurity.

1Q: Which of the below protocols will provide a framework for negotiation and management of security associations between peers, and also and traverses the UDP/500 port?

a. IKE
b. ESP
c. ISAKMP
d. AH

Solution: The correct answer is A.

2Q: Which of the below declarations is correct about of digital signatures?

a. Digital signature is required for an e-mail message to get through a firewall.
b. Digital signature compresses the message to which it is applied.
c. Digital signature decrypts the contents of documents.
d. Digital signature confirms the identity of the individual who applies it to a document.

Solution: The correct answer is A.

3Q: John is a black hat and wishes to run a port scan on a machine he is attacking to try to find some open ports and other valuable information. He decides to use the nmap command to execute his scan. Because he is worried that the admin may be running PortSentry in order to block any scans, he will slow the scan downs so that they are less suspicious. What nmap options can he use to do this?

a. nmap -sS -PT -PI -O -T1 <ip address>
b. nmap -sF -P0 -O <ip address>
c. nmap -sO -PT -O -C5 <ip address>
d. nmap -sF -PT -PI -O <ip address>

Solution: The correct answer is A.

4Q: You want to access and pull password files from various websites. These passwords are stored within the index directory of a website’s server. What could you use from the below options that would allow you to do this?

a. Google
b. Nmap
c. Whois
d. Sam Spade

Solution: The correct answer is A.

5Q: While browsing an online job board, you come across a job posting for tech professionals. You visit the company’s website and analyze its contents and conclude that they are looking for professionals who possess a strong knowledge of Windows Server 2003 and Windows active directory installations. Which of the below hacking phase(s) does this fall under?

a. Reconnaissance
b. Gaining access
c. Covering tracks
d. Scanning

Solution: The correct answer is A.

6Q: When a match for an alert rule is found in Snort, the intrusion detection system carries out which of the below actions?

a. Blocks a connection with the source IP address in the packet
b. Halts rule query, sends a network alert, and freezes the packet
c. Continues to analyze the packet until each rule has been checked
d. Drops the packet and selects the next packet detection option

Solution: The correct answer is C.

7Q: Which of the below represent examples of such limitations? (Select more than one answer if applicable.)

a. Secure protocols
b. Plugins
c. ActiveX controls
d. Java applications
e. JavaScript

Solution: Answers A, B, C, D, and E are correct.

8Q: Which of the below is true about the TCP/IP model? (Select more than one answer if applicable.)

a. This model sets forth design guidelines and implementations for different networking protocols, enabling computers to interface through a network.
b. This model allows end-to-end connectivity, delineating the format of data as well as the way it is addressed, transmitted and/or routed, and even how it will be received.
c. This data model has five (5) separate layers of abstraction.
d. Each layer of this model contains several different protocols.

Solution: The correct answers are A, B, and D.

9Q: John needs to procure information related to a server with an IP address range that is within the IP address range that is used in Brazil. There are many registries available online for discovering the details of web server IP addresses, or reverse Domain Name Service (DNS) lookup. Which of the below registries will be most useful to him?

a. RIPE NCC
b. APNIC
c. ARIN
d. LACNIC

Solution: The correct answer is D.

10Q: Routing protocols are used to show how computers communicate. From the below options, select the two routing protocols:

a. TCP or SMTP
b. BGP
c. UDP
d. RIP

Solution: The correct answers are B and D.

11Q: Which of the below is a good definition the principle of least privilege?

a. A manager should have all the access and privileges of his or her employees.
b. People at the bottom of an organization’s hierarchy should have lower privileges than the highest members of the hierarchy.
c. All users should need to input a unique password before given any access.
d. Users should have access only to the data and services that are necessary and important to perform their job(s).

Solution: The correct answer is D.

12Q: John is a System Administrator. He has the responsibility to ensure network security for an organization. John is currently working with the advanced features of a Windows firewall in order to block/prevent a client machine from responding to any pings. Which of the below advanced setting types will require modification?

a. ICMP
b. SMTP
c. SNMP
d. UDP

Solution: The correct answer is A.

13Q: In order to determine the end-time for DNS cache poisoning, which of the below DNS records should you examine?

a. MX
b. NS
c. PTR
d. SOA

Solution: The correct answer is D.

14Q: Which of the below items is a straightforward example of two-factor authentication?

a. Fingerprint and smartcard
b. Username/login and password
c. ID and token or pin
d. Iris scanning and fingerprinting

Solution: The correct answer is A.

15Q: Which of the below methods would succeed in protecting a router from prospective smurf attacks?

a. Disabling the ability to forward ports on the router
b. Placing the router into broadcast-only mode for a full cycle
c. Disabling the router from accepting any broadcast ping messages
d. Installing a new router in the DMZ

Solution: The correct answer is C.

16Q: Which information can an attacker get after tracerouting any network? (Select more than one answer if applicable.)

a. Network topology
b. Web administrator email address
c. Firewall locations
d. Trusted routers

Solution: The correct answers are A, C, and D.

17Q: Which of the below terms is a valid Google search operator that can be used in searching for a specific file type?

a. filetype
b. inurl
c. file type
d. intitle

Solution: The correct answer is A.

18Q: You need to obtain the default security report from Nessus. Which of the below Google search queries could you use?

a. filetype:pdf “Assessment Report” nessus
b. link:pdf nessus “Assessment report”
c. filetype:pdf nessus
d. site:pdf nessus “Assessment report”

Solution: The correct answer is A.

19Q: Nessus is a proprietary vulnerability scanner utilized by many organizations. Which of the below is a technique used by vulnerability scanners?

a. Banner grabbing
b. Port Scanning
c. Analyzing service responses
d. Malware analysis

Solution: The correct answer is C.

20Q: Which of the below ways could be used to defeat a multi-level security solution?

a. Leak data via asymmetric routing.
b. Leak data via a covert channel.
c. Leak data via steganography.
d. Leak data via an overt channel.

Solution: The correct answer is B.

21Q: Administrators use Remote Desktop to gain access their servers from different locations. In which of the below ways could a hacker exploit Remote Desktop to gain access?

a. Capture any LANMAN (or LM) hashes and crack each of them with Cain and Abel.
b. Capture the RDP traffic and then decode with Cain and Abel.
c. Utilize a social engineering tool to capture the domain name of the remote server.
d. Scan the server to see what ports are open.

Solution: The correct answer is B.

22Q: Which of the below options represents the best defense against privilege escalation (exploitation of a bug) vulnerability?

a. Patch all computers and servers immediately after the release of any updates.
b. Run apps without administrator privileges and download a content registry tool for storage of tracking cookies.
c. Run services with your least privileged account(s) and then implement multi-factor authentication, or MFA.
d. Monthly reviews of user and administrator roles.

Solution: The correct answer is C.

23Q: Various devices, in the form of hardware and software, can emulate key computer services, such as browsers and email. Through these tools, system administrators can determine what vulnerabilities are enabling a hacker to break into a system. What is another name for this kind of device?

a. Honeypot
b. Router
c. Port Scanner
d. Core Switch

Solution: The correct answer is B.

24Q: As the Security Consultant for a firm, Mandy must check security for her client’s network. Her client informs her that of his many concerns, the security of the firm’s Web applications hosted on its Web server is the most important to him. With this in mind, which of the below should be Mandy’s highest priority?

a. Setting up an intrusion detection system (IDS).
b. Configuring a believable honeypot.
c. Scanning for open ports.
d. Scanning and removing vulnerabilities.

Solution: The correct answer is D.

You may also like: