CEH V11 Simulated Exam - Set B (Latest
2025/ 2026 Update) Qs & As | Grade A| 100%
Correct (Verified Answers)
Which of the following is the regulation that specifies the requirements for
establishing, implementing, maintaining, and continually improving an information
security management system within the context of an organization?
A: The Federal Information Security Management Act (FISMA)
B: ISO/IEC 27001:2013
C: The Digital Millennium Copyright Act (DMCA)
D: Sarbanes Oxley Act (SOX) - ANSWER B: ISO/IEC 27001:2013
A hacker is attempting to see which protocols are supported by target machines or
network. Which NMAP switch would the hacker use?
A: -sO
B: -sT
C: -sS
D: -sU - ANSWER A: -sO
Jim, a professional hacker, launched an APT attack on an organization. He was
successful in entering the target network and extending access in the target
network. He is now maintaining access with the use of customized malware and
repackaging tools.
Which of the following phases of the APT lifecycle involves maintaining access to
the target system, starting from evading endpoint security devices, until there is no
further use of the data and assets?
,A: Preparation
B: Cleanup
C: Initial intrusion
D: Persistence - ANSWER D: Persistence
A hacker is attempting to use nslookup to query domain name service (DNS). The
hacker uses the nslookup interactive mode for the search. Which command should
the hacker type into the command shell to request the appropriate records?
A: Locate type=ns
B: Request type=ns
C: Set type=ns
D: Transfer type=ns - ANSWER C: Set type=ns
An attacker uses the following SQL query to perform an SQL injection
attackSELECT * FROM users WHERE name - '' OR '1'='1';Identify the type of
SQL injection attack performed
A: Tautology
B: Illegal/logically incorrect query
C: UNION SQL injection
D: End-of-line comment - ANSWER A: Tautology
Denis is looking at an older system that uses DES encryption. A colleague has told
him that DES is insecure due to its short key size. What is the key length used for
DES?
A: 56
B: 64
C: 128
D: 256 - ANSWER A: 56
,Which of the following tools is designed to capture a WPA/WPA2 handshake and
act as an ad-hoc AP?
A: Airmon-ng
B: Airbase-ng
C: Airolib-ng
D: Airodump-ng - ANSWER B: Airbase-ng
select
An attacker sniffs encrypted traffic from the network and is subsequently able to
decrypt it. Which cryptanalytic technique can the attacker use now in his attempt to
discover the encryption key?
A: Birthday attack
B: Known plaintext attack
C: Meet in the middle attack
D: Chosen ciphertext attack - ANSWER D: Chosen ciphertext attack
Which of the following attacks helps an attacker bypass a same-origin policy's
security constraints, allowing a malicious web page to communicate or make
arbitrary requests to local domains?
A: MarioNet attack
B: Watering hole attack
C: Clickjacking attack
D: DNS rebinding attack - ANSWER D: DNS rebinding attack
Which of the following techniques is used by an attacker to access all of an
application's functionalities and employs an intercepting proxy to monitor all
requests and responses?
A: Web spidering/crawling
B: Banner grabbing
C: Attacker-directed spidering
, D: DNS interrogation - ANSWER A: Web spidering/crawling
Which of the following hping command performs UDP scan on port 80?
A: hping3 -2 <IP Address> -p 80
B: hping3 -1 <IP Address> -p 80
C: hping3 -A <IP Address> -p 80
D: hping3 -F -P -U <IP Address> -p 80 - ANSWER A: hping3 -2
<IP Address> -p 80
Which of the following vulnerability assessment phases involves tasks such as
system rescanning, dynamic analysis, and attack surface reviewing?
A: Verification
B: Remediation
C: Monitoring
D: Risk assessment - ANSWER A: Verification
In which of the following methods does an attacker leverage headers such as Host
in the HTTP request message to crack passwords?
A: Brute-forcing
B: Password guessing
C: Attack password reset mechanism
D: "Remember Me" exploit - ANSWER C: Attack password reset
mechanism
Which of the following types of antennas is useful for transmitting weak radio
signals over very long distances - on the order of 10 miles?
A: Omnidirectional
B: Parabolic grid
2025/ 2026 Update) Qs & As | Grade A| 100%
Correct (Verified Answers)
Which of the following is the regulation that specifies the requirements for
establishing, implementing, maintaining, and continually improving an information
security management system within the context of an organization?
A: The Federal Information Security Management Act (FISMA)
B: ISO/IEC 27001:2013
C: The Digital Millennium Copyright Act (DMCA)
D: Sarbanes Oxley Act (SOX) - ANSWER B: ISO/IEC 27001:2013
A hacker is attempting to see which protocols are supported by target machines or
network. Which NMAP switch would the hacker use?
A: -sO
B: -sT
C: -sS
D: -sU - ANSWER A: -sO
Jim, a professional hacker, launched an APT attack on an organization. He was
successful in entering the target network and extending access in the target
network. He is now maintaining access with the use of customized malware and
repackaging tools.
Which of the following phases of the APT lifecycle involves maintaining access to
the target system, starting from evading endpoint security devices, until there is no
further use of the data and assets?
,A: Preparation
B: Cleanup
C: Initial intrusion
D: Persistence - ANSWER D: Persistence
A hacker is attempting to use nslookup to query domain name service (DNS). The
hacker uses the nslookup interactive mode for the search. Which command should
the hacker type into the command shell to request the appropriate records?
A: Locate type=ns
B: Request type=ns
C: Set type=ns
D: Transfer type=ns - ANSWER C: Set type=ns
An attacker uses the following SQL query to perform an SQL injection
attackSELECT * FROM users WHERE name - '' OR '1'='1';Identify the type of
SQL injection attack performed
A: Tautology
B: Illegal/logically incorrect query
C: UNION SQL injection
D: End-of-line comment - ANSWER A: Tautology
Denis is looking at an older system that uses DES encryption. A colleague has told
him that DES is insecure due to its short key size. What is the key length used for
DES?
A: 56
B: 64
C: 128
D: 256 - ANSWER A: 56
,Which of the following tools is designed to capture a WPA/WPA2 handshake and
act as an ad-hoc AP?
A: Airmon-ng
B: Airbase-ng
C: Airolib-ng
D: Airodump-ng - ANSWER B: Airbase-ng
select
An attacker sniffs encrypted traffic from the network and is subsequently able to
decrypt it. Which cryptanalytic technique can the attacker use now in his attempt to
discover the encryption key?
A: Birthday attack
B: Known plaintext attack
C: Meet in the middle attack
D: Chosen ciphertext attack - ANSWER D: Chosen ciphertext attack
Which of the following attacks helps an attacker bypass a same-origin policy's
security constraints, allowing a malicious web page to communicate or make
arbitrary requests to local domains?
A: MarioNet attack
B: Watering hole attack
C: Clickjacking attack
D: DNS rebinding attack - ANSWER D: DNS rebinding attack
Which of the following techniques is used by an attacker to access all of an
application's functionalities and employs an intercepting proxy to monitor all
requests and responses?
A: Web spidering/crawling
B: Banner grabbing
C: Attacker-directed spidering
, D: DNS interrogation - ANSWER A: Web spidering/crawling
Which of the following hping command performs UDP scan on port 80?
A: hping3 -2 <IP Address> -p 80
B: hping3 -1 <IP Address> -p 80
C: hping3 -A <IP Address> -p 80
D: hping3 -F -P -U <IP Address> -p 80 - ANSWER A: hping3 -2
<IP Address> -p 80
Which of the following vulnerability assessment phases involves tasks such as
system rescanning, dynamic analysis, and attack surface reviewing?
A: Verification
B: Remediation
C: Monitoring
D: Risk assessment - ANSWER A: Verification
In which of the following methods does an attacker leverage headers such as Host
in the HTTP request message to crack passwords?
A: Brute-forcing
B: Password guessing
C: Attack password reset mechanism
D: "Remember Me" exploit - ANSWER C: Attack password reset
mechanism
Which of the following types of antennas is useful for transmitting weak radio
signals over very long distances - on the order of 10 miles?
A: Omnidirectional
B: Parabolic grid
