Certified Ethical Hacker (CEH) v.10 Practice
Questions
(Latest 2025/ 2026 Update) Qs & As | Grade
A| 100% Correct (Verified Answers)
Which of the following is the best example of a deterrent control?
A. A log aggregation system
B. Hidden cameras onsite.
C. A guard posted outside the door.
D. Backup recovery systems. - ANSWER C. A guard posted
outside the door.
Deterrents have to be visible to prevent an attack. A guard visible outside the door
could help prevent physical attacks.
Enacted in 2002, this US law requires every federal agency to implement
information security programs, including significant reporting on compliance and
accreditation. Which of the following is the best choice for this definition?
A. FISMA
B. HIPAA
C. NIST 800-53
D. OSSTMM - ANSWER A. FISMA (Federal Information
Security Management Act)
FISMA has been around since 2002 and was updated in 2014. It gave information
security responsibilities to NIST, OMB, and other government agencies, and
declared the Department of Homeland Security (DHS) as the operational lead for
budgets and guidelines on security matters.
,Brad has done some research and determined that a certain set of systems on his
network fail once every ten years. The purchase price for each of these systems is
$1200. Brad also discovers that the admins on staff, who earn $50 an hour,
estimate five hours to replace a machine. Five employees, earning $25 an hour,
depend on each system and will be completely unproductive while it's down. What
is the ALE of these devices?
A. $2075
B. $207.50
C. $120
D. $1200 - ANSWER B. $207.50
ARO = 1 Occurrence/10 years = 0.1
SLE = $1200 + (5 x 50 = 250) + (5 x 5 x 25 = 625) = $2075
$2075 x 0.1 = $207.50
An ethical hacker is hired to test the security of a business network. The CEH is
given no prior knowledge of the network and has a specific framework in which to
work, defining boundaries, NDAs, and the completion data. Which of the
following is a true statement?
A. A white hat is attempting a black box test.
B. A white hat is attempting a white box test.
C. A black hat is attempting a black box test.
D. A black hat is attempting a gray box test. - ANSWER A. A
white hat is attempting a black box test.
An ethical hacker hired under a specific agreement is a white hat.
When an attack by a hacker is politically motivated, the hacker is said to be
participating in which of the following?
A. Black Hat Hacking
B. Gray Box Attacks
C. Gray Hat Attacks
D. Hacktivism - ANSWER D. Hacktivism
,Two hackers attempt to crack a company's network resource security. One is
considered an ethical hacker, whereas the other is not. What distinguishes the
ethical hacker from the "cracker"?
A. The cracker always attempts white box testing.
B. The ethical hacker always attempts black box testing.
C. The cracker posts results to the Internet.
D. The ethical hacker always obtains written permission before testing. -
ANSWER D. The ethical hacker always obtains written permission
before testing.
In which stage of an ethical hack would the attacker actively apply tools and
techniques to gather more in-depth information on their targets?
A. Active Reconnaissance
B. Scanning and enumeration
C. Gaining Access
D. Passive Reconnaissance - ANSWER B. Scanning and
enumeration
Which type of attack is generally conducted as an inside attacker with elevated
privileges on the resources?
A. Gray Box
B. White Box
C. Black Box
D. Active Reconnaissance - ANSWER B. White Box
Which of the following Common Criteria processes refers to the system or product
being tested?
A. ST
B. PP
C. EAL
D. TOE - ANSWER D. TOE (Target of Evaluation)
, Your company has a document that spells out exactly what employees are allowed
to do on their computer systems. It also defines what is prohibited and what
consequences await those who break the rules. A copy of this document is signed
by all employees prior to their network access. Which of the following best
describes this policy?
A. Information Security Policy
B. Special Access Policy
C. Information Audit Policy
D. Network Connection Policy - ANSWER A. Information
Security Policy
The Information Security Policy, sometimes known as the Acceptable Use Policy,
defines what is allowed and not allowed, and what the consequences are for
misbehavior in regard to resources on the corporate network.
Sally is a member of a pen test team newly hired to test a bank's security. She
begins searching for IP addresses the bank may own by searching public records
on the Internet. She also looks up news articles and job postings to discover
information that may be valuable. In what phase of the pen test is Sally working?
A. Preparation
B. Assessment
C. Conclusion
D. Reconnaissance - ANSWER B. Assessment
The Assessment phase is where all the activity takes place, including the passive
information gathering performed by Sally in this example.
Joe is a security engineer for a firm. His company downsizes, and Joe discovers he
will be laid off within a short amount of time. Joe plants viruses and sets about
destroying data and settings throughout the network, with no regard to being
caught. Which type of hacker is Joe considered to be?
A. Hacktivist
B. Suicide Hacker
C. Black Hat
D. Script Kiddie - ANSWER B. Suicide Hacker
Questions
(Latest 2025/ 2026 Update) Qs & As | Grade
A| 100% Correct (Verified Answers)
Which of the following is the best example of a deterrent control?
A. A log aggregation system
B. Hidden cameras onsite.
C. A guard posted outside the door.
D. Backup recovery systems. - ANSWER C. A guard posted
outside the door.
Deterrents have to be visible to prevent an attack. A guard visible outside the door
could help prevent physical attacks.
Enacted in 2002, this US law requires every federal agency to implement
information security programs, including significant reporting on compliance and
accreditation. Which of the following is the best choice for this definition?
A. FISMA
B. HIPAA
C. NIST 800-53
D. OSSTMM - ANSWER A. FISMA (Federal Information
Security Management Act)
FISMA has been around since 2002 and was updated in 2014. It gave information
security responsibilities to NIST, OMB, and other government agencies, and
declared the Department of Homeland Security (DHS) as the operational lead for
budgets and guidelines on security matters.
,Brad has done some research and determined that a certain set of systems on his
network fail once every ten years. The purchase price for each of these systems is
$1200. Brad also discovers that the admins on staff, who earn $50 an hour,
estimate five hours to replace a machine. Five employees, earning $25 an hour,
depend on each system and will be completely unproductive while it's down. What
is the ALE of these devices?
A. $2075
B. $207.50
C. $120
D. $1200 - ANSWER B. $207.50
ARO = 1 Occurrence/10 years = 0.1
SLE = $1200 + (5 x 50 = 250) + (5 x 5 x 25 = 625) = $2075
$2075 x 0.1 = $207.50
An ethical hacker is hired to test the security of a business network. The CEH is
given no prior knowledge of the network and has a specific framework in which to
work, defining boundaries, NDAs, and the completion data. Which of the
following is a true statement?
A. A white hat is attempting a black box test.
B. A white hat is attempting a white box test.
C. A black hat is attempting a black box test.
D. A black hat is attempting a gray box test. - ANSWER A. A
white hat is attempting a black box test.
An ethical hacker hired under a specific agreement is a white hat.
When an attack by a hacker is politically motivated, the hacker is said to be
participating in which of the following?
A. Black Hat Hacking
B. Gray Box Attacks
C. Gray Hat Attacks
D. Hacktivism - ANSWER D. Hacktivism
,Two hackers attempt to crack a company's network resource security. One is
considered an ethical hacker, whereas the other is not. What distinguishes the
ethical hacker from the "cracker"?
A. The cracker always attempts white box testing.
B. The ethical hacker always attempts black box testing.
C. The cracker posts results to the Internet.
D. The ethical hacker always obtains written permission before testing. -
ANSWER D. The ethical hacker always obtains written permission
before testing.
In which stage of an ethical hack would the attacker actively apply tools and
techniques to gather more in-depth information on their targets?
A. Active Reconnaissance
B. Scanning and enumeration
C. Gaining Access
D. Passive Reconnaissance - ANSWER B. Scanning and
enumeration
Which type of attack is generally conducted as an inside attacker with elevated
privileges on the resources?
A. Gray Box
B. White Box
C. Black Box
D. Active Reconnaissance - ANSWER B. White Box
Which of the following Common Criteria processes refers to the system or product
being tested?
A. ST
B. PP
C. EAL
D. TOE - ANSWER D. TOE (Target of Evaluation)
, Your company has a document that spells out exactly what employees are allowed
to do on their computer systems. It also defines what is prohibited and what
consequences await those who break the rules. A copy of this document is signed
by all employees prior to their network access. Which of the following best
describes this policy?
A. Information Security Policy
B. Special Access Policy
C. Information Audit Policy
D. Network Connection Policy - ANSWER A. Information
Security Policy
The Information Security Policy, sometimes known as the Acceptable Use Policy,
defines what is allowed and not allowed, and what the consequences are for
misbehavior in regard to resources on the corporate network.
Sally is a member of a pen test team newly hired to test a bank's security. She
begins searching for IP addresses the bank may own by searching public records
on the Internet. She also looks up news articles and job postings to discover
information that may be valuable. In what phase of the pen test is Sally working?
A. Preparation
B. Assessment
C. Conclusion
D. Reconnaissance - ANSWER B. Assessment
The Assessment phase is where all the activity takes place, including the passive
information gathering performed by Sally in this example.
Joe is a security engineer for a firm. His company downsizes, and Joe discovers he
will be laid off within a short amount of time. Joe plants viruses and sets about
destroying data and settings throughout the network, with no regard to being
caught. Which type of hacker is Joe considered to be?
A. Hacktivist
B. Suicide Hacker
C. Black Hat
D. Script Kiddie - ANSWER B. Suicide Hacker
