08/02/2025 13:37:11
CEH Practice Exam Questions
An ethical hacker is given no prior knowledge of the network and has a specific
framework in which to work. The agreement specifies boundaries, nondisclosure
agreements, and a completion date definition. Which of the following statements are
true?
A white hat is attempting a black box test.
Which of the following attacks is considered an integrity attack, where the attacker is
not concerned with deciphering the entirety of a plaintext message?
Bit flipping
As part of a pen test on a U.S. Government system, you discover files containing
social security numbers and other PII (Personally Identifiable Information) sensitive
information. You are asked about controls placed on dissemination of this
information. Which of the following acts should you check?
Privacy Act
Joe has spent a large amount of time learning hacking tools and techniques, and has
even passed certification exams to promote himself in the ethical hacking field. Joe
uses his talents during the election season to deface websites and launch denial of
service attacks against opponents of his candidate. Which answer most closely
correlates with Joe's actions?
Hactivism
A hacker is attempting to gain access to a target inside a business. After trying
several methods, he gets frustrated and starts a denial of service attack against a
server attached to the target. Which security control is the hacker affecting?
Availability
The security, functionality, and ease of use (SFE) triangle states which of the
following as true?
As security increases, ease of use decreases and functionality decreases.
In which phase of the ethical hacking methodology would a hacker discover available
targets on a network?
Scanning and enumeration
Which of the following are potential drawbacks to a black box test? (Choose all that
apply.)
The client does not get a full picture of an internal attacker focused on their systems.
; This test takes the longest amount of time to complete.
In which phase of a penetration test would an ethical hacker perform footprinting?
Assessment
Which of the following would not be considered passive reconnaissance?
Ping sweeping a range of IP addresses found through a DNS lookup
As part of the preparation phase for a pen test that you are participating in, the client
relays their intent to discover security flaws and possible remediation. They seem
particularly concerned about external threats and do not mention internal threats at
all. When defining scope, the threat of internal users is not added as part of the test.
Which test is this client ignoring?
Gray box
In which phase of an attack would vulnerability mapping occur?
Scanning and enumeration
While performing a pen test, you find success in exploiting a machine. Your attack
vector took advantage of a common mistake—the Windows 7 installer script used to
, 08/02/2025 13:37:11
load the machine left the administrative account with a default password. Which
attack did you successfully execute?
Operating system
A machine in your environment uses an open X-server to allow remote access. The
X-server access control is disabled, allowing connections from almost anywhere and
with little to no authentication measures. Which of the following are true statements
regarding this situation? (Choose all that apply.) A. An external vulnerability can take
advantage of the misconfigured X-server threat.
An external threat can take advantage of the misconfigured X-server vulnerability. ;
An internal threat can take advantage of the misconfigured X-server vulnerability.
You are examining security logs snapshotted during a prior attack against the target.
The target's IP address is 135.17.22.15, and the attack originated from 216.88.76.5.
Which of the following correctly characterizes this attack?
Outside attack
An ethical hacker needs to be aware of a variety of laws. What do Sections 1029 and
1030 of United States Code Title 18 specify?
They define most of the U.S. laws concerning hacking and computer crime.
Which of the following should a security professional use as a possible means to
verify the integrity of a data message from sender to receiver?
Hash algorithm
Which of the following describes activities taken in the conclusion phase of a
penetration test?
Reports are prepared detailing security deficiencies.
Which of the following best describes an ethical hacker?
An ethical hacker never proceeds with an audit or test without written permission.
In which phase of the attack would a hacker set up and configure "zombie"
machines?
Maintaining access
Which of the following is a true statement concerning cryptography?
Converts plaintext to ciphertext for protection during transit or in storage.
Which of the following would be the best choice to guarantee the integrity of
messages in transit or storage?
Hash algorithm
Which of the following encryption algorithms is your best choice if your primary need
is bulk encryption, and you need fast, strong encryption?
AES
You're describing a basic PKI system to a new member of the team. He asks how
the public key can be distributed within the system in an orderly, controlled fashion
so that the users can be sure of the sender's identity. Which of the following would
be your answer?
Digital certificate
You are discussing hash values with a CEH instructor. Immediately after telling you
the hash is a one-way algorithm and cannot be reversed, he explains that you can
still discover the value entered into the hash, given enough time and resources.
Which of the following hash anomalies might allow this?
Collision
What is the standard format for digital certificates?
X.509
You're discussing cryptography and determine you need to ensure messages are
safe from unauthorized observation. Also, you want to provide a way to ensure the
CEH Practice Exam Questions
An ethical hacker is given no prior knowledge of the network and has a specific
framework in which to work. The agreement specifies boundaries, nondisclosure
agreements, and a completion date definition. Which of the following statements are
true?
A white hat is attempting a black box test.
Which of the following attacks is considered an integrity attack, where the attacker is
not concerned with deciphering the entirety of a plaintext message?
Bit flipping
As part of a pen test on a U.S. Government system, you discover files containing
social security numbers and other PII (Personally Identifiable Information) sensitive
information. You are asked about controls placed on dissemination of this
information. Which of the following acts should you check?
Privacy Act
Joe has spent a large amount of time learning hacking tools and techniques, and has
even passed certification exams to promote himself in the ethical hacking field. Joe
uses his talents during the election season to deface websites and launch denial of
service attacks against opponents of his candidate. Which answer most closely
correlates with Joe's actions?
Hactivism
A hacker is attempting to gain access to a target inside a business. After trying
several methods, he gets frustrated and starts a denial of service attack against a
server attached to the target. Which security control is the hacker affecting?
Availability
The security, functionality, and ease of use (SFE) triangle states which of the
following as true?
As security increases, ease of use decreases and functionality decreases.
In which phase of the ethical hacking methodology would a hacker discover available
targets on a network?
Scanning and enumeration
Which of the following are potential drawbacks to a black box test? (Choose all that
apply.)
The client does not get a full picture of an internal attacker focused on their systems.
; This test takes the longest amount of time to complete.
In which phase of a penetration test would an ethical hacker perform footprinting?
Assessment
Which of the following would not be considered passive reconnaissance?
Ping sweeping a range of IP addresses found through a DNS lookup
As part of the preparation phase for a pen test that you are participating in, the client
relays their intent to discover security flaws and possible remediation. They seem
particularly concerned about external threats and do not mention internal threats at
all. When defining scope, the threat of internal users is not added as part of the test.
Which test is this client ignoring?
Gray box
In which phase of an attack would vulnerability mapping occur?
Scanning and enumeration
While performing a pen test, you find success in exploiting a machine. Your attack
vector took advantage of a common mistake—the Windows 7 installer script used to
, 08/02/2025 13:37:11
load the machine left the administrative account with a default password. Which
attack did you successfully execute?
Operating system
A machine in your environment uses an open X-server to allow remote access. The
X-server access control is disabled, allowing connections from almost anywhere and
with little to no authentication measures. Which of the following are true statements
regarding this situation? (Choose all that apply.) A. An external vulnerability can take
advantage of the misconfigured X-server threat.
An external threat can take advantage of the misconfigured X-server vulnerability. ;
An internal threat can take advantage of the misconfigured X-server vulnerability.
You are examining security logs snapshotted during a prior attack against the target.
The target's IP address is 135.17.22.15, and the attack originated from 216.88.76.5.
Which of the following correctly characterizes this attack?
Outside attack
An ethical hacker needs to be aware of a variety of laws. What do Sections 1029 and
1030 of United States Code Title 18 specify?
They define most of the U.S. laws concerning hacking and computer crime.
Which of the following should a security professional use as a possible means to
verify the integrity of a data message from sender to receiver?
Hash algorithm
Which of the following describes activities taken in the conclusion phase of a
penetration test?
Reports are prepared detailing security deficiencies.
Which of the following best describes an ethical hacker?
An ethical hacker never proceeds with an audit or test without written permission.
In which phase of the attack would a hacker set up and configure "zombie"
machines?
Maintaining access
Which of the following is a true statement concerning cryptography?
Converts plaintext to ciphertext for protection during transit or in storage.
Which of the following would be the best choice to guarantee the integrity of
messages in transit or storage?
Hash algorithm
Which of the following encryption algorithms is your best choice if your primary need
is bulk encryption, and you need fast, strong encryption?
AES
You're describing a basic PKI system to a new member of the team. He asks how
the public key can be distributed within the system in an orderly, controlled fashion
so that the users can be sure of the sender's identity. Which of the following would
be your answer?
Digital certificate
You are discussing hash values with a CEH instructor. Immediately after telling you
the hash is a one-way algorithm and cannot be reversed, he explains that you can
still discover the value entered into the hash, given enough time and resources.
Which of the following hash anomalies might allow this?
Collision
What is the standard format for digital certificates?
X.509
You're discussing cryptography and determine you need to ensure messages are
safe from unauthorized observation. Also, you want to provide a way to ensure the
