Certified Ethical Hacker v12 – Practice Test Questions

In the ever-evolving landscape of cybersecurity, the role of Certified Ethical Hackers (CEH) has become increasingly crucial. These professionals are tasked with identifying and exploiting vulnerabilities in computer systems, networks, and applications, all with the goal of fortifying digital defenses against malicious hackers.

Achieving the CEH certification requires a deep understanding of various hacking techniques, tools, and methodologies. One effective way to prepare for the CEH exam is through practice test questions, which simulate real-world scenarios and assess your knowledge and skills.

Focus on the vulnerabilities specific to web servers and applications with this set. Covering SQL injection, cross-site scripting (XSS), and best practices for web development, these questions enhance your expertise in web security.

1Q: You have installed a keylogger on Alex’s computer, complete with password protection. In the final step, or the covering tracks step, which of the following actions would you perform before walking away? (Select more than one answer if applicable.)

a. Clear the recent docs from her registry.
b. Clear all caches.
c. Delete the cookies.
d. Disable auditing.
e. Change the user account password for the operating system.

Solution: The correct answers are A, B, C, and D.

2Q: A hacker successfully broke into an application, but then failed to cover his tracks in the enterprise systems. The forensics investigator found it quite simple to follow the hacker’s actions back to the source. What action could a hacker take to prevent being discovered and/or identified? (Select more than one answer if applicable.)

a. Use Armor Tools.
b. Disable auditing.
c. Run Traceless.
d. Clear the event log.

Solution: The correct answer is B.

3Q: In order to determine how a Windows server has been attacked, you decide to check the event logs for traces of the hacker’s activity. You look for patterns in the hacker’s behavior that might later lead to identifying the responsible party. Luckily, one of the below tools has been used on the system that will capture these events. Which is the correct tool?

a. Auditpol
b. WinZapper
c. Evidence Eliminator
d. ELSave

Solution: The correct answer is A.

4Q: Alex needs to demonstrate a type of attack that an ordinary firewall and IDS system would not detect. It should only be able to be discovered through tcpdump, which captures each packet that enters or leaves a server machine. Alex therefore initiates his TCP connection with a server using port 80. He uses two distinct hosts on two distinct networks; one network acted as server while the other acted as a client. Even with the most current version of Snort, updated to include the latest rule sets, installed and running throughout the demonstration, Snort did not raise an alarm about any attack. Which of the below attack types does Alex’s demonstration explore?

a. Inside-Out Attack
b. White-listing attack
c. Covert channel attack
d. Tor attack

Solution: The correct answer is C.

5Q: How can a covert channel be utilized (select all that apply)?

a. To transfer files between the hacker’s system and a target system, or from the target system to the hacker’s machine.
b. To execute/launch applications and processes on the target system.
c. To avail the hacker of an interactive, remote control from the hacker’s machine to the target machine.
d. To securely and secretly detect any violations of any corporate firewall rules, and observe any hacking patterns without frightening off the hacker.

Solution: The correct answers are A, B, and C.

6Q: After a series of confusing and frustrating attacks, a company decides to hire you to do a security audit of its network. The company is suspicious that the attacks, which seem to have no clear purpose, might be the folly of a malicious insider or a disgruntled employee. Therefore, they direct you to perform security tests that will reveal any inside attacks initiated from within their corporate network. Which of the tests below would prove useful under these circumstances? Each correct answer represents a complete solution. Choose two.

a. Social Engineering
b. DNS Tunneling
c. Bypass corporate filter firewall rules from inside-out
d. Reverse Engineering

Solution: Answers B and C are correct.

7Q: Your systems administrator needs to report back to the company with details about the network. What kind of attack has most likely occurred according to the information given in the log above?

a. Back orifice
b. BoBo
c. Netbus
d. SubSeven

Solution: The correct answer is A.

8Q: Which of the below NETSTAT command parameters would display all active TCP connections as well as the TCP and UDP ports in a listening state?

a. -a
b. -b
c. -e
d. -f

Solution: The correct answer is A.

9Q: Which of the below NETSTAT command parameters would display an IP routing table?

a. -p
b. -r
c. -s
d. -t

Solution: The correct answer is B.

10Q: What will this command do?

a. It will securely delete the /etc/password from your server.
b. It will download the /etc/password from your server to the attacker’s machine.
c. It will load or restore the /etc/passwd file on your server.
d. It will run an update on the /etc/password of your server.

Solution: The correct answer is B.

11Q: Adam is learning about ICMP tunneling and needs to know which of the below statements does not represent a fact about this covert connection technique. Which of the below does not apply to ICMP tunneling?

a. You can use ping requests and replies in order to tunnel complete TCP traffic
b. You can use it to tunnel another protocol via ICMP (Internet Control Message Protocol).
c. You can use it to bypass firewalls because they will not restrict ICMP packets.
d. You can use it to send ICMP packets in an encrypted form over an HTTP port.

Solution: The correct answer is D; all other statements are true.

12Q: A hacker wishes to use a netbus Trojan on the Windows program, chess.exe. He will use his program to break into the target machine. Which of the below tools should he choose to do this? (Select more than one answer if applicable.)

a. Beast
b. Tripwire
c. Wrapper
d. Yet Another Binder

Solution: The correct answer is C.

13Q: In his Network Security Administrator position, Alex has the responsibility to observe, secure, and analyze the network of his company. At the moment, Alex is most concerned to learn that it is possible for others to utilize bypass authentication in order to access his company’s network. This gives them more permissions than they were intended to have, and creates a vulnerability that could compromise his company’s data, secrets, and client list. What is the name used for this activity, which is often called privilege escalation?

a. Rootkit
b. Boot sector
c. Master Boot Record
d. Backdoor

Solution: The correct answer is D.

14Q: Which of the below could be signs of a virus attack on a machine? Each correct answer represents a complete solution. Choose two.

a. Unclear monitor display
b. Corrupted or missing files
c. Sudden reduction in system resources
d. Faster read/write access of the CD-ROM drive

Solution: The correct answers are B and C.

15Q: A web server you are working with hits 100,000,000 total visits and immediately crashes. What kind of malicious code may have been used to cause this sudden crash?

a. Polymorphic Virus
b. Worm
c. Virus
d. Logic Bomb

Solution: The correct answer is D.

16Q: Mike is not easily scammed. After puzzling it over, he does a quick online search about the Boot.ini file, which turns out to be a vital system file. In fact, it is what loads the OS! Which attack type was carried out (but ultimately unsuccessful) against Troy?

a. Multipartite
b. Hoax
c. Polymorphic
d. Macro

Solution: The correct answer is B.

17Q: Which of the below statements is accurate regarding the distinction between computer worms and Trojan horses?

a. Trojan horses are harmful to computers and networks while worms are not.
b. Trojan horses are a form of malicious code, while worms are not (worms lay dormant until other code executes itself to complete a malicious act).
c. Worms replicate themselves while Trojan horses do not.
d. Worms can be sent through emails while Trojan horses can only be installed directly or remotely onto a system through a network.

Solution: The correct answer is C.

18Q: Where a user lacks permissions to list directory contents, yet can still achieve access to the directory and the contents—so long as he uses the correct path and filename through FTP. What is this kind of FTP access called?

a. Hidden FTP
b. Blind FTP
c. Passive FTP
d. Secure FTP

Solution: The correct answer is B.

19Q: Which of the below tasks would a malicious bot or botnet be capable of performing? Select the best answer.

a. Launching DDoS attacks
b. Collecting email addresses from within contact forms and/or guestbooks.
c. Downloading an entire website to drain a target’s bandwidth
d. Stealing confidential and/or financial information, including credit card account numbers, logins, etc. e. All of the above.

Solution: The correct answer is E. All of the above answers are accurate.

20Q: Mike is always struggling with computer issues. When Mike opens a website, it starts an automatic download containing harmful code onto his machine. What should he do to prevent this from occurring in the future? Each correct answer represents a complete solution. Choose two.

a. Implement File Integrity Auditing
b. Disable Active Scripting
c. Configure Security Logs
d. Disable ActiveX Controls

Solution: Answers B and D are correct.

21Q: Mandy is an Ethical Hacker. Her newest assignment is website security testing before the company’s website is relaunched. In order to determine how viruses might affect the server, she places one on the system. With no alerts raised by the antiviruses, which were installed and running at the time, the virus infects the system. Which of the below could serve as explanations for this situation? (Select more than one answer if applicable.)

a. Mandy modified the unique hash/signature identifying the virus.
b. Mandy developed a completely new virus.
c. Mandy installed a virus that was not incorporated in the database of the antiviral program that was running on the server.
d. The virus has mutation engine, which has provided further encrypted code in addition to the current code of the virus.

Solution: The correct answers are A, B, C, and D.

22Q: The Internet Protocol Suite includes several dozen distinct protocols all utilized to accomplish different tasks. Which of the below protocols will match an IP address to MAC addresses on a network interface card?

a. ARP
b. RARP
c. PIM
d. DHCP

Solution: The correct answer is A.

23Q: An attacker is searching for a GUI utility (for a Windows machine) that will allow him to accomplish Man-in-the-Middle attacks, ARP “poisoning” and sniffing. Which of the below would allow the attacker to launch those attack types?

a. wsniff
b. CAIN
c. Airjack
d. Ettercap

Solution: The correct answer is B.

24Q: Evan modifies the MAC address on a sniffer program so that it is the same as an open port on a target’s system, fooling the network into routing his machine into the system successfully. What is this called?

a. MAC flooding
b. IP spoofing
c. MAC duplicating
d. ARP spoofing

Solution: The correct answer is C.

You may also like: