6/28/25, 2:02
PM
CEH V12 EXAM QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS VERIFIED GRADED A++ LATEST
UPDATE 2025
Terms in this set (197)
Redteam Tool Indentifies nondiscoverable
Redfang
BlueTooth Devices Actively scans
(Bruteforce)
Peach Fuzzing framework, triggers application crashes, vulnerability
discovery
14-A report required by SEC Public companies financial filing
nmap fragmentation command -f and --mtu
open-source network security tool
Ettercap sniffing, protocol analysis, capture &
manipulates traffic (MITM) attacks.
Simple, windows user-friendly tool for port scanning & basic
Megaping
network diagnostics,
(ping, traceroute, NetBIOS, DNS, basic port scanning).
dSniff is a set of password sniffing and network
traffic analysis tools written by security researcher
and startup founder Dug Song to parse different
dSniff application protocols and extract relevant
information. dsniff, filesnarf, mailsnarf, msgsnarf,
urlsnarf, and webspy passively monitor a network for
interesting data
arpspoof can perform ARP poisoning to redirect network traffic.
dnsspoof can manipulate DNS responses, directing traffic to
malicious sites.
Primary Network scanning tool for discovering
nmap
1/22
,6/28/25, 2:02
PM
hosts, services, OS, live ports, protocols,
vulnerabilities
This attack occurs when XML input containing a reference
XXE ATTACK (XML External
to an external entity is processed by a weakly
Entity)
configured XML parser.
inject malicious scripts into webpages viewed by
other users. to steal sensitive data (such as cookies or
session tokens)
XXS ATTACK Ty pes:
1. Stored XSS: Script stored on the server and delivered to
users.
2. Reflected XSS: Script reflected off a web server, executed in
browser.
3. DOM-based XSS: The vulnerability exists in the client-side
script of a webpage.
Passive Bluetooth Scanner
Btscanner Collects: device name, class, signal strength, to
identify devices, including those in non-discoverable
mode.
Sends Unsolicited Messages via bluetooth
Bluejacking Softwares: Bluediving, Bluetooth Stack
Smasher, BluejackX. Uncomon, most
vulnerabilities patched
Bluesnarfing Stealing data via bluetooth
Cuckoo Sandbox Malware Sandbox to analyze changes, including files, network
activity, and registry.
If you saw the following in This Answer is Correct
your ifconfig In the flags, you can see PROMISC, which is an indicator the
output, what could you say is interface is in
happening? promiscuous mode. This is necessary for a system to be sniffing
network traffic.
eth0: Without promiscuous mode, the system only gets packets that
are specifically
2/22
, 6/28/25, 2:02
PM
flags=8963˂UP,BROADCAST,S addressed to it. While the other attacks could also be
MART,RUNN happening, the only thing we can say for sure based on
ING,PROMISC,SIMPLEX,MULTI this output is that the interface is in promiscuous mode,
CAST˃ mtu 1500 suggesting there is network sniffing happening.
options=50b˂RXCSUM,TXCSU
M,VLAN_HW
TAGGING,AV,CHANNEL_IO˃
ether 14:98:77:31:b2:33 inet6
fe80::10c6:713a:e86f:556d%en0
prefixlen 64 secured scopeid
0x7 inet 192.168.1.144
netmask 0xffffff00 broadcast
192.168.1.255
inet6 2601:18d:8b7f:e33a::52
prefixlen 64 dynamic inet6
fd23:5d5f:cd75:40d2:87:38bc:
9448:3407
prefixlen 64 autoconf
secured nd6
options=201˂PERFORMNUD
,DAD˃ media: autoselect
(1000baseT ˂full-
duplex,flow-
control,energy-efficient-
ethernet˃) status: active
A. ARP spoofing attack
B. ARP flooding attack
C. Network sniffing
D. Man-in-the-middle attack
When sending a packet with B. No Response
a FIN flag set, what will the
target respond with if the
RST is sent back from a SYN message
port is open?
3/22
PM
CEH V12 EXAM QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS VERIFIED GRADED A++ LATEST
UPDATE 2025
Terms in this set (197)
Redteam Tool Indentifies nondiscoverable
Redfang
BlueTooth Devices Actively scans
(Bruteforce)
Peach Fuzzing framework, triggers application crashes, vulnerability
discovery
14-A report required by SEC Public companies financial filing
nmap fragmentation command -f and --mtu
open-source network security tool
Ettercap sniffing, protocol analysis, capture &
manipulates traffic (MITM) attacks.
Simple, windows user-friendly tool for port scanning & basic
Megaping
network diagnostics,
(ping, traceroute, NetBIOS, DNS, basic port scanning).
dSniff is a set of password sniffing and network
traffic analysis tools written by security researcher
and startup founder Dug Song to parse different
dSniff application protocols and extract relevant
information. dsniff, filesnarf, mailsnarf, msgsnarf,
urlsnarf, and webspy passively monitor a network for
interesting data
arpspoof can perform ARP poisoning to redirect network traffic.
dnsspoof can manipulate DNS responses, directing traffic to
malicious sites.
Primary Network scanning tool for discovering
nmap
1/22
,6/28/25, 2:02
PM
hosts, services, OS, live ports, protocols,
vulnerabilities
This attack occurs when XML input containing a reference
XXE ATTACK (XML External
to an external entity is processed by a weakly
Entity)
configured XML parser.
inject malicious scripts into webpages viewed by
other users. to steal sensitive data (such as cookies or
session tokens)
XXS ATTACK Ty pes:
1. Stored XSS: Script stored on the server and delivered to
users.
2. Reflected XSS: Script reflected off a web server, executed in
browser.
3. DOM-based XSS: The vulnerability exists in the client-side
script of a webpage.
Passive Bluetooth Scanner
Btscanner Collects: device name, class, signal strength, to
identify devices, including those in non-discoverable
mode.
Sends Unsolicited Messages via bluetooth
Bluejacking Softwares: Bluediving, Bluetooth Stack
Smasher, BluejackX. Uncomon, most
vulnerabilities patched
Bluesnarfing Stealing data via bluetooth
Cuckoo Sandbox Malware Sandbox to analyze changes, including files, network
activity, and registry.
If you saw the following in This Answer is Correct
your ifconfig In the flags, you can see PROMISC, which is an indicator the
output, what could you say is interface is in
happening? promiscuous mode. This is necessary for a system to be sniffing
network traffic.
eth0: Without promiscuous mode, the system only gets packets that
are specifically
2/22
, 6/28/25, 2:02
PM
flags=8963˂UP,BROADCAST,S addressed to it. While the other attacks could also be
MART,RUNN happening, the only thing we can say for sure based on
ING,PROMISC,SIMPLEX,MULTI this output is that the interface is in promiscuous mode,
CAST˃ mtu 1500 suggesting there is network sniffing happening.
options=50b˂RXCSUM,TXCSU
M,VLAN_HW
TAGGING,AV,CHANNEL_IO˃
ether 14:98:77:31:b2:33 inet6
fe80::10c6:713a:e86f:556d%en0
prefixlen 64 secured scopeid
0x7 inet 192.168.1.144
netmask 0xffffff00 broadcast
192.168.1.255
inet6 2601:18d:8b7f:e33a::52
prefixlen 64 dynamic inet6
fd23:5d5f:cd75:40d2:87:38bc:
9448:3407
prefixlen 64 autoconf
secured nd6
options=201˂PERFORMNUD
,DAD˃ media: autoselect
(1000baseT ˂full-
duplex,flow-
control,energy-efficient-
ethernet˃) status: active
A. ARP spoofing attack
B. ARP flooding attack
C. Network sniffing
D. Man-in-the-middle attack
When sending a packet with B. No Response
a FIN flag set, what will the
target respond with if the
RST is sent back from a SYN message
port is open?
3/22
