CEH V12 Exam Version 4 (Latest 2025/ 2026
Update) Qs & As | Grade A| 100% Correct
(Verified Answers)
Victor, an employee in an organization, received an executable file as an email
attachment. Out of suspicion, he reached out to the organization's IT team. The
team used a tool to dismantle the executable file into a binary program to find
harmful or malicious processes.
Which of the following tools did the IT team employ to analyze the application?
A. SplunkSpam
B. Mimic
C. IDA Pro
D. CCleaner - ANSWER C
Which of the following techniques scans the headers of IP packets leaving a
network and ensures that unauthorized or malicious traffic never leaves the internal
network?
A. Ingress filtering
B. TCP intercept
C. Rate limiting
D. Egress filtering - ANSWER D
TechSoft Inc. recently experienced many cyberattacks. The management of the
organization instructed David, a security engineer, to strengthen the security of the
organization. In this process, David employed a tool for detecting session hijacking
attempts and performed asset discovery, intrusion detection, threat intelligence,
and vulnerability assessment using that tool.
,Which of the following tools did David employ in the above scenario?
A. USM Anywhere
B. Dependency Walker
C. Weevely
D. API Monitor - ANSWER A
In which of the following types of vulnerability assessment does an organization
assess the assets situated at multiple locations, such as client and server
applications, simultaneously through appropriate synchronization techniques?
A. Internal assessment
B. Network-based assessment
C. Credentialed assessment
D. Distributed assessment - ANSWER D
Cooper, a certified hacker, targeted multiple user accounts of an organization's
work group to crack their passwords. In this process, he used a single commonly
used password on multiple accounts simultaneously and waited for responses
before initiating another password on the same accounts. This technique allowed
Cooper to attempt more passwords without being affected by automatic lockout
mechanisms.
Identify the type of password cracking attack performed by Cooper in the above
scenario.
A. Password guessing
B. Password spraying attack
C. Pass-the-ticket attack
D. GPU-based attack - ANSWER B
, Which of the following modbus-cli commands is used by attackers to manipulate
the register values in a target PLC device?
A. modbus write <Target IP> 101 1 1 1 1 1 1 1 1 1 1 modbus write <Target IP>
%M100 1 1 1 1 1 1 1 1 1 1
B. modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2 modbus write <Target IP>
400101 2 2 2 2 2 2 2 2
C. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10
D. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 -
ANSWER B
In which of the following security risks does an API accidentally expose internal
variables or objects because of improper binding and filtering based on a whitelist,
allowing attackers with unauthorized access to modify object properties?
A. Broken object-level authorization
B. Broken object-level authorization
C. Broken object-level authorization
D. Injection - ANSWER B
Identify the type of cluster computing in which work is distributed among nodes to
avoid overstressing a single node and periodic health checks are performed on each
node to identify node failures and reroute the incoming traffic to another node.
A.Fail-over
B.Load balancing
C.Highly available
D.High-performance computing - ANSWER B
Which of the following is an attack technique where the only information available
to the attacker is some plaintext blocks along with the corresponding ciphertext
and algorithm used to encrypt and decrypt the text?
A. Ciphertext-only attack
Update) Qs & As | Grade A| 100% Correct
(Verified Answers)
Victor, an employee in an organization, received an executable file as an email
attachment. Out of suspicion, he reached out to the organization's IT team. The
team used a tool to dismantle the executable file into a binary program to find
harmful or malicious processes.
Which of the following tools did the IT team employ to analyze the application?
A. SplunkSpam
B. Mimic
C. IDA Pro
D. CCleaner - ANSWER C
Which of the following techniques scans the headers of IP packets leaving a
network and ensures that unauthorized or malicious traffic never leaves the internal
network?
A. Ingress filtering
B. TCP intercept
C. Rate limiting
D. Egress filtering - ANSWER D
TechSoft Inc. recently experienced many cyberattacks. The management of the
organization instructed David, a security engineer, to strengthen the security of the
organization. In this process, David employed a tool for detecting session hijacking
attempts and performed asset discovery, intrusion detection, threat intelligence,
and vulnerability assessment using that tool.
,Which of the following tools did David employ in the above scenario?
A. USM Anywhere
B. Dependency Walker
C. Weevely
D. API Monitor - ANSWER A
In which of the following types of vulnerability assessment does an organization
assess the assets situated at multiple locations, such as client and server
applications, simultaneously through appropriate synchronization techniques?
A. Internal assessment
B. Network-based assessment
C. Credentialed assessment
D. Distributed assessment - ANSWER D
Cooper, a certified hacker, targeted multiple user accounts of an organization's
work group to crack their passwords. In this process, he used a single commonly
used password on multiple accounts simultaneously and waited for responses
before initiating another password on the same accounts. This technique allowed
Cooper to attempt more passwords without being affected by automatic lockout
mechanisms.
Identify the type of password cracking attack performed by Cooper in the above
scenario.
A. Password guessing
B. Password spraying attack
C. Pass-the-ticket attack
D. GPU-based attack - ANSWER B
, Which of the following modbus-cli commands is used by attackers to manipulate
the register values in a target PLC device?
A. modbus write <Target IP> 101 1 1 1 1 1 1 1 1 1 1 modbus write <Target IP>
%M100 1 1 1 1 1 1 1 1 1 1
B. modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2 modbus write <Target IP>
400101 2 2 2 2 2 2 2 2
C. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10
D. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 -
ANSWER B
In which of the following security risks does an API accidentally expose internal
variables or objects because of improper binding and filtering based on a whitelist,
allowing attackers with unauthorized access to modify object properties?
A. Broken object-level authorization
B. Broken object-level authorization
C. Broken object-level authorization
D. Injection - ANSWER B
Identify the type of cluster computing in which work is distributed among nodes to
avoid overstressing a single node and periodic health checks are performed on each
node to identify node failures and reroute the incoming traffic to another node.
A.Fail-over
B.Load balancing
C.Highly available
D.High-performance computing - ANSWER B
Which of the following is an attack technique where the only information available
to the attacker is some plaintext blocks along with the corresponding ciphertext
and algorithm used to encrypt and decrypt the text?
A. Ciphertext-only attack
