CEH Practice Exam Questions (Latest 2025/
2026 Update) Qs & As | Grade A| 100%
Correct (Verified Answers)
A Certified Ethical Hacker follows a specific methodology for testing a system.
Which step comes after footprinting in the CEH methodology? - ANSWER
Scanning
You've been hired as part of a pen test team. During the in brief, you learn the
client wants the pen test attack to simulate a normal user who finds ways to elevate
privileges and create attacks. Which test type does the client want? - ANSWER
Gray box
Which of the following is true regarding an ethical hacker? - ANSWER
The ethical hacker has authorization to proceed from the target owner.
You begin your first pen-test assignment by checking out IP address ranges owned
by the target as well as details of their domain name registration. Additionally, you
visit job boards and financial websites to gather any technical information online.
What activity are you performing? - ANSWER Passive footprinting
,You send a message across a network and are primarily concerned that it is not
altered during transit. Which security element ensures a message arrives at its
destination with no alteration? - ANSWER Integrity
An ethical hacker is given no prior knowledge of the network and has a specific
framework in which to work. The agreement specifies boundaries, nondisclosure
agreements, and a completion date definition. Which of the following statements
are true? - ANSWER A white hat is attempting a black box test.
Which of the following attacks is considered an integrity attack, where the attacker
is not concerned with deciphering the entirety of a plaintext message? -
ANSWER Bit flipping
As part of a pen test on a U.S. Government system, you discover files containing
social security numbers and other PII (Personally Identifiable Information)
sensitive information. You are asked about controls placed on dissemination of this
information. Which of the following acts should you check? - ANSWER
Privacy Act
Joe has spent a large amount of time learning hacking tools and techniques, and
has even passed certification exams to promote himself in the ethical hacking field.
Joe uses his talents during the election season to deface websites and launch denial
of service attacks against opponents of his candidate. Which ANSWER most
closely correlates with Joe's actions? - ANSWER Hactivism
A hacker is attempting to gain access to a target inside a business. After trying
several methods, he gets frustrated and starts a denial of service attack against a
server attached to the target. Which security control is the hacker affecting? -
ANSWER Availability
, The security, functionality, and ease of use (SFE) triangle states which of the
following as true? - ANSWER As security increases, ease of use
decreases and functionality decreases.
In which phase of the ethical hacking methodology would a hacker discover
available targets on a network? - ANSWER Scanning and enumeration
Which of the following are potential drawbacks to a black box test? (Choose all
that apply.) - ANSWER The client does not get a full picture of an
internal attacker focused on their systems. ; This test takes the longest amount of
time to complete.
In which phase of a penetration test would an ethical hacker perform footprinting?
- ANSWER Assessment
Which of the following would not be considered passive reconnaissance? -
ANSWER Ping sweeping a range of IP addresses found through a DNS
lookup
As part of the preparation phase for a pen test that you are participating in, the
client relays their intent to discover security flaws and possible remediation. They
seem particularly concerned about external threats and do not mention internal
threats at all. When defining scope, the threat of internal users is not added as part
of the test. Which test is this client ignoring? - ANSWER Gray box
2026 Update) Qs & As | Grade A| 100%
Correct (Verified Answers)
A Certified Ethical Hacker follows a specific methodology for testing a system.
Which step comes after footprinting in the CEH methodology? - ANSWER
Scanning
You've been hired as part of a pen test team. During the in brief, you learn the
client wants the pen test attack to simulate a normal user who finds ways to elevate
privileges and create attacks. Which test type does the client want? - ANSWER
Gray box
Which of the following is true regarding an ethical hacker? - ANSWER
The ethical hacker has authorization to proceed from the target owner.
You begin your first pen-test assignment by checking out IP address ranges owned
by the target as well as details of their domain name registration. Additionally, you
visit job boards and financial websites to gather any technical information online.
What activity are you performing? - ANSWER Passive footprinting
,You send a message across a network and are primarily concerned that it is not
altered during transit. Which security element ensures a message arrives at its
destination with no alteration? - ANSWER Integrity
An ethical hacker is given no prior knowledge of the network and has a specific
framework in which to work. The agreement specifies boundaries, nondisclosure
agreements, and a completion date definition. Which of the following statements
are true? - ANSWER A white hat is attempting a black box test.
Which of the following attacks is considered an integrity attack, where the attacker
is not concerned with deciphering the entirety of a plaintext message? -
ANSWER Bit flipping
As part of a pen test on a U.S. Government system, you discover files containing
social security numbers and other PII (Personally Identifiable Information)
sensitive information. You are asked about controls placed on dissemination of this
information. Which of the following acts should you check? - ANSWER
Privacy Act
Joe has spent a large amount of time learning hacking tools and techniques, and
has even passed certification exams to promote himself in the ethical hacking field.
Joe uses his talents during the election season to deface websites and launch denial
of service attacks against opponents of his candidate. Which ANSWER most
closely correlates with Joe's actions? - ANSWER Hactivism
A hacker is attempting to gain access to a target inside a business. After trying
several methods, he gets frustrated and starts a denial of service attack against a
server attached to the target. Which security control is the hacker affecting? -
ANSWER Availability
, The security, functionality, and ease of use (SFE) triangle states which of the
following as true? - ANSWER As security increases, ease of use
decreases and functionality decreases.
In which phase of the ethical hacking methodology would a hacker discover
available targets on a network? - ANSWER Scanning and enumeration
Which of the following are potential drawbacks to a black box test? (Choose all
that apply.) - ANSWER The client does not get a full picture of an
internal attacker focused on their systems. ; This test takes the longest amount of
time to complete.
In which phase of a penetration test would an ethical hacker perform footprinting?
- ANSWER Assessment
Which of the following would not be considered passive reconnaissance? -
ANSWER Ping sweeping a range of IP addresses found through a DNS
lookup
As part of the preparation phase for a pen test that you are participating in, the
client relays their intent to discover security flaws and possible remediation. They
seem particularly concerned about external threats and do not mention internal
threats at all. When defining scope, the threat of internal users is not added as part
of the test. Which test is this client ignoring? - ANSWER Gray box
