Certified Ethical Hacker (CEH) Questions
and Answers | Latest Update | 2024/2025
| 100% Pass
How do attackers use steganography to conceal malicious data?
✔✔ Attackers use steganography to hide malicious code within seemingly harmless files, such as
images or audio, to bypass detection.
What is the significance of time-based password authentication in enhancing security?
✔✔ Time-based password authentication adds an additional layer of security by generating
passwords that are only valid for a limited time, reducing the risk of compromise.
How can an attacker leverage DNS tunneling for data exfiltration?
✔✔ DNS tunneling is used to disguise malicious traffic as normal DNS queries, allowing
attackers to extract data from a network without detection.
How does an attacker perform a watering hole attack?
✔✔ A watering hole attack involves compromising a website frequently visited by the target,
embedding malware to infect users who visit the site.
1
,What is a common countermeasure for mitigating man-in-the-browser attacks?
✔✔ Implementing secure browser extensions and end-to-end encryption helps prevent attackers
from manipulating browser sessions.
How do attackers evade detection with polymorphic malware?
✔✔ Polymorphic malware changes its code each time it executes, making it harder for signature-
based detection systems to identify.
Why is memory analysis important during an incident investigation?
✔✔ Memory analysis can uncover artifacts such as running processes, malware traces, and
network connections that are not stored on disk, providing critical evidence.
What is the role of command and control (C2) servers in botnet attacks?
✔✔ C2 servers manage infected machines (bots) in a botnet, allowing attackers to issue
commands, exfiltrate data, or launch attacks remotely.
What does fuzz testing involve in vulnerability discovery?
✔✔ Fuzz testing involves providing random or unexpected inputs to a program to identify
potential vulnerabilities by observing how it handles the input.
2
,How does an attacker use SQL injection to retrieve unauthorized data from a database?
✔✔ SQL injection allows an attacker to manipulate database queries by injecting malicious SQL
code into an input field, retrieving or modifying data.
What are some signs that a system may have been compromised by rootkit malware?
✔✔ Signs include hidden processes, missing system files, unusual system performance, and
tampered security software.
What is the impact of DNS spoofing in a network attack?
✔✔ DNS spoofing redirects users to malicious websites by altering DNS records, enabling
attackers to steal sensitive data or install malware.
How does an attacker use session hijacking to gain unauthorized access?
✔✔ Session hijacking involves stealing a user’s session token, allowing the attacker to
impersonate the user and gain access to their accounts or services.
How does a reverse shell work in a cyber attack?
3
, ✔✔ A reverse shell allows an attacker to gain control over a compromised machine by making
the machine initiate a connection back to the attacker’s server.
How does a blue team defend against privilege escalation attacks?
✔✔ The blue team defends by implementing least privilege access, monitoring system logs, and
patching vulnerabilities that could be exploited for privilege escalation.
What is the impact of a cross-site request forgery (CSRF) attack on web applications?
✔✔ CSRF tricks a user into performing unwanted actions on a web application where they are
authenticated, allowing attackers to alter data or execute actions.
How do attackers use spear-phishing for highly targeted attacks?
✔✔ Spear-phishing involves sending tailored, malicious emails to specific individuals, often
using personal information to trick them into revealing credentials or downloading malware.
What is the significance of log correlation in threat detection?
✔✔ Log correlation combines data from various sources to identify patterns, anomalies, or
malicious activity that might go unnoticed in isolated logs.
4
and Answers | Latest Update | 2024/2025
| 100% Pass
How do attackers use steganography to conceal malicious data?
✔✔ Attackers use steganography to hide malicious code within seemingly harmless files, such as
images or audio, to bypass detection.
What is the significance of time-based password authentication in enhancing security?
✔✔ Time-based password authentication adds an additional layer of security by generating
passwords that are only valid for a limited time, reducing the risk of compromise.
How can an attacker leverage DNS tunneling for data exfiltration?
✔✔ DNS tunneling is used to disguise malicious traffic as normal DNS queries, allowing
attackers to extract data from a network without detection.
How does an attacker perform a watering hole attack?
✔✔ A watering hole attack involves compromising a website frequently visited by the target,
embedding malware to infect users who visit the site.
1
,What is a common countermeasure for mitigating man-in-the-browser attacks?
✔✔ Implementing secure browser extensions and end-to-end encryption helps prevent attackers
from manipulating browser sessions.
How do attackers evade detection with polymorphic malware?
✔✔ Polymorphic malware changes its code each time it executes, making it harder for signature-
based detection systems to identify.
Why is memory analysis important during an incident investigation?
✔✔ Memory analysis can uncover artifacts such as running processes, malware traces, and
network connections that are not stored on disk, providing critical evidence.
What is the role of command and control (C2) servers in botnet attacks?
✔✔ C2 servers manage infected machines (bots) in a botnet, allowing attackers to issue
commands, exfiltrate data, or launch attacks remotely.
What does fuzz testing involve in vulnerability discovery?
✔✔ Fuzz testing involves providing random or unexpected inputs to a program to identify
potential vulnerabilities by observing how it handles the input.
2
,How does an attacker use SQL injection to retrieve unauthorized data from a database?
✔✔ SQL injection allows an attacker to manipulate database queries by injecting malicious SQL
code into an input field, retrieving or modifying data.
What are some signs that a system may have been compromised by rootkit malware?
✔✔ Signs include hidden processes, missing system files, unusual system performance, and
tampered security software.
What is the impact of DNS spoofing in a network attack?
✔✔ DNS spoofing redirects users to malicious websites by altering DNS records, enabling
attackers to steal sensitive data or install malware.
How does an attacker use session hijacking to gain unauthorized access?
✔✔ Session hijacking involves stealing a user’s session token, allowing the attacker to
impersonate the user and gain access to their accounts or services.
How does a reverse shell work in a cyber attack?
3
, ✔✔ A reverse shell allows an attacker to gain control over a compromised machine by making
the machine initiate a connection back to the attacker’s server.
How does a blue team defend against privilege escalation attacks?
✔✔ The blue team defends by implementing least privilege access, monitoring system logs, and
patching vulnerabilities that could be exploited for privilege escalation.
What is the impact of a cross-site request forgery (CSRF) attack on web applications?
✔✔ CSRF tricks a user into performing unwanted actions on a web application where they are
authenticated, allowing attackers to alter data or execute actions.
How do attackers use spear-phishing for highly targeted attacks?
✔✔ Spear-phishing involves sending tailored, malicious emails to specific individuals, often
using personal information to trick them into revealing credentials or downloading malware.
What is the significance of log correlation in threat detection?
✔✔ Log correlation combines data from various sources to identify patterns, anomalies, or
malicious activity that might go unnoticed in isolated logs.
4
