Practice Exam||questions and
answers with rationales/graded
A+/2026 update/100% correct
/instant download
Instructions: Choose the best possible answer. Correct answers are highlighted in
bold with a rationale provided.
Module 1: AI-Driven Ethical Hacking & Fundamentals (6-7% of Exam)
1. The CEH v13 curriculum introduces a strong focus on AI-driven
penetration testing. Which of the following describes the PRIMARY
advantage of using AI in the "Gaining Access" phase?
a) It helps delete system logs faster to avoid detection.
b) It automates complex attack strategies and adapts to security defenses in
real-time.
c) It replaces the need for manual reconnaissance.
d) It strictly focuses on brute-force password cracking.
Rationale: The CEH v13 blueprint explicitly states that AI enhances "Gaining
Access" by automating complex exploitation techniques and adapting to defenses
as they are encountered, making attacks more efficient.
2. In CEH v13, the "5 Phases of Ethical Hacking" remain foundational. An
AI-powered tool that mimics legitimate user behavior to blend in with traffic
and avoid log alerts is primarily assisting which phase?
a) Gaining Access
b) Scanning
c) Reconnaissance
d) Covering Tracks
,Rationale: Covering Tracks involves erasing evidence. AI helps by mimicking
legitimate user behavior to make intrusion appear as normal traffic, thus avoiding
detection.
3. A security analyst uses an AI tool to analyze vast amounts of OSINT data to
identify potential vulnerabilities in a target network without actively engaging
the target. Which phase of ethical hacking is being performed?
a) Scanning
b) Maintaining Access
c) Reconnaissance
d) Gaining Access
Rationale: Reconnaissance (or Footprinting) is the phase of gathering information
passively. AI assists by processing large datasets to detect patterns and weaknesses
before scanning begins.
4. Which of the following represents a legitimate ethical concern specific to
using AI in cybersecurity as covered in CEH v13?
a) AI reduces the need for firewalls.
b) Attackers can use AI to generate polymorphic malware and deepfake social
engineering attacks.
c) AI cannot process network traffic.
d) AI eliminates the need for human oversight entirely.
Rationale: A major emerging threat is the use of AI for malicious purposes, such
as creating deepfakes (voice/video impersonation) or generating malware that
changes its code to evade detection.
5. An ethical hacker is testing a web application's resilience to AI-powered
threats. They input a carefully crafted prompt designed to bypass content
filters and make the AI model perform an action outside its intended scope.
What is this technique called?
a) Model Poisoning
b) Data Leakage
c) Prompt Injection
d) Evasion Clustering
Rationale: Prompt injection is an AI-specific vulnerability where an attacker
manipulates the input (prompt) to trick an AI model (like an LLM) into ignoring its
, original instructions or restrictions. This is distinct from model poisoning (altering
the training data).
Module 2-4: Reconnaissance, Scanning & Enumeration (17% of Exam)
6. A network administrator notices unusually high traffic on port 445. During
an authorized penetration test, you identify that this port is open on a critical
server. What service is primarily running on this port, and what attack vector
does it present?
a) SSH – Remote command execution
b) SMB – Enumerating shares and users
c) SNMP – Enumerating network devices
d) RDP – Remote Desktop Protocol
Rationale: Port 445 is used by SMB (Server Message Block). Attackers use tools
like enum4linux to enumerate shared resources, users, groups, and policies via
SMB.
7. You are performing a ping sweep to discover live hosts on a network
without performing a full port scan. Which Nmap command accomplishes
this?
a) nmap -p 80,443 192.168.1.1
b) nmap -sV 192.168.1.0/24
c) nmap -sn 192.168.1.0/24
d) nmap -O 192.168.1.1
Rationale: The -sn flag (No port scan) tells Nmap to only send ICMP echo
requests, TCP SYN to port 443, TCP ACK to port 80, and ICMP timestamp
requests to determine which hosts are up.
8. Which search engine is specifically designed to index internet-connected
devices (IoT, cameras, servers) based on banners and open ports, making it a
powerful tool for reconnaissance?
a) Bing
b) Yahoo
c) Shodan
d) DuckDuckGo