Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Test your awareness of human vulnerabilities and manipulation tactics with questions on Social Engineering. This set covers phishing, pretexting, and other techniques, ensuring you are well-prepared to defend against social engineering attacks.

1Q: Which of the below tools can be used to hide secret data within a text file?

a. Image hide
b. Snow.exe
c. SARA
d. Fpipe

Solution: The correct answer is B.

2Q: Which of the below is not a packet capturing utility?

a. Cain
b. Aero peek
c. Wireshark
d. Aircrack-ng

Solution: The correct answer is D.

3Q: An attacker sends a FIN packet to a target port. What type of stealth scanning did the attacker likely use?

a. TCP FIN scanning
b. TCP FTP proxy scanning
c. TCP SYN scanning
d. UDP port scanning

Solution: The correct answer is A.

4Q: Mike needs to send a file to an FTP server. It will be segmented into several packets, sent to the server and reassembled upon reaching the destination target (the FTP server). In order to maintain the integrity of the packets, which information will help Mike accomplish his task?

a. Sequence number
b. TTL
c. Checksum
d. Acknowledgement number

Solution: The correct answer is A.

5Q: Mike is an Ethical Hacker. His newest assignment is to test the security of his company’s website. Once he performs a Teardrop attack on the web server, it crashes. Why did this happen?

a. The server is not capable of handling overlapping data fragments.
b. Ping requests at its server level are too high.
c. The ICMP packet is too large. It cannot be larger than 65,536 bytes.
d. The spoofed TCP SYN packet that contains the target’s IP address has been filled in at both source and destination fields.

Solution: The correct answer is A.

6Q: Which countermeasure should you take?

a. Run your antivirus program.
b. No action necessary.
c. Search for files that match the name of the attachment and remove them from your drives.
d. Shut down or restart your system and check to see what processes are running.

Solution: The correct answer is B.

7Q: Which of the below would you use to perform HTTP tunneling? (Select more than one answer if applicable.)

a. HTTPort
b. Tunneled
c. BackStealth
d. Nikto

Solution: The correct answers are A, B, and C.

8Q: A company blocked all ports through an external firewall and will only allow port 80/443 to connect. You want to use FTP to connect to a remote server online. How will you get around the firewall? (Select more than one answer if applicable.)

a. HTTPort
b. BackStealth
c. Nmap
d. BiDiBLAH

Solution: Answers A and B are correct.

9Q: An employee in your company is suspected of downloading ftp of sensitive and proprietary data onto a competitor’s remote ftp server. FTP and ports are not allowed by the company’s firewall. Which technique might the employee be using?

a. Tor Proxy Chaining software
b. IP spoofing
c. HTTP tunneling

Solution: The correct answer is C.

10Q: You configured a rule on a gateway device that blocks external packets with source addresses from inside the network. Which type of attack are you attempting to protect your network against?

a. DOS attack
b. IP spoofing
c. Egress filtering
d. ARP spoofing

Solution: The correct answer is B.

11Q: Which of the below attacks can Brutus perform to crack a password? Each correct answer represents a complete solution. Choose three.

a. Dictionary attack
b. Brute force attack
c. Replay attack
d. Hybrid attack
e. Man-in-the-middle attack

Solution: The correct answers are A, B, and D.

12Q: What uses a 160-bit hash to prevent against brute force attacks?

a. PGP
b. MD5
c. SHA-1
d. RSA

Solution: The correct answer is C.

13Q: Which of the below attacks uses a pre-calculated hash table, a structure that maps keys to values, to retrieve plain text passwords?

a. Dictionary attack
b. Rainbow attack
c. Hybrid attack
d. Brute Force attack

Solution: The correct answer is B.

14Q: A rainbow table is rendered useless with the use of which of the below?

a. Uju beans
b. Pepper
c. Salt
d. Cinnamon

Solution: The correct answer is C.

15Q: Mike is a Network Administrator of a TCP/IP network. There are DNS resolution issues with the network. Which of the following utilities could be used to diagnose the problem?

a. NSLOOKUP
b. PING
c. TRACERT
d. IPCONFIG

Solution: The correct answer is A.

16Q: Which of the below tools could potentially be used for Windows password cracking, Windows enumeration, and/or VoIP session sniffing?

a. Cain
b. L0phtcrack
c. John the Ripper
d. Obiwan

Solution: The correct answer is A.

17Q: An attacker who captures the VoIP traffic on a network can use which of the following tools to recreate a conversation from the captured packets?

a. HPing
b. NMAP
c. Cain and Abel
d. VoIP-killer

Solution: The correct answer is C.

18Q: Alex is a professional Ethical Hacker and is responsible for security testing of a company’s website. He realizes that UDP port 137 of the company’s web server is open. Assuming that the Network Administrator of the company did not modify the default port values of any services, which of the below services will be found to be running on UDP 137?

a. NetBIOS
b. HTTP
c. HTTPS
d. TELNET

Solution: The correct answer is A.

19Q: In DNS Zone transfer enumeration, an attacker tries to get a copy of the entire zone file for a domain from its DNS server. The information gleaned from the DNS zone can be used to collect usernames, passwords, and other sensitive and valuable information. An attacker must first connect to the authoritative DNS server for the target zone. In addition, the attacker may launch a DoS attack against the zone’s DNS servers by flooding them with a high volume of requests. Which of the below tools can this attacker use to perform the DNS zone transfer? (Select more than one answer if applicable.)

a. NSLookup
b. Dig
c. Host
d. DSniff

Solution: The correct answers are A, B, and C.

20Q: Alex works as a Security Professional testing the security of a web server. He needs to find information about all network connections and listening ports, listing them in numerical form. Which of the below commands will he use?

a. netstat -an
b. netstat -e
c. netstat -r
d. netstat -s

Solution: The correct answer is A.

21Q: Which of the below options could represent countermeasures against NetBIOS NULL session enumeration on Windows 2000? (Select more than one answer if applicable.)

a. Disable TCP port 139/445
b. Disable all SMB services on individual hosts by unbinding WINS Client TCP/IP from the server’s control panel/interface.
c. Edit registry key HKLM\SYSTEM\CurrentControlSet\LSA and input the value RestrictAnonymous.
d. Deny any and all unauthorized inbound connections from connecting to TCP port 53.

Solution: The correct answers are A, B, and C.

22Q: You have just installed a Windows 2003 server. What action should you take regarding the default shares?

a. You should disable them.
b. You should disable them only if it is a domain server.
c. Modify the values so that they are hidden shares.
d. Windows Server operations/services require these default shares, so they should be left as-is.

Solution: The correct answer is A.

23Q: Masquerading (attempting to impersonate a person or another machine), providing false information, or denying the existence of a transaction or event is classified as which of the below forms of attack?

a. A dictionary attack
b. A repudiation attack
c. A DDoS attack
d. A reply attack

Solution: The correct answer is B.

24Q: As a network administrator, you want to secure your company’s FTP server so that no non-authorized users can gain access to it. How can you do this?

a. Disable anonymous authentication.
b. Enable anonymous authentication.
c. Stop FTP service on the server.
d. Disable the network adapter on the server.

Solution: The correct answer is A.

You may also like: