CEH Certified Ethical Hacking Review
Questions and Correct Answers
White hat ✅If you have been contracted to perform an attack against a target system,
you are what type of hacker?
Hacktivist ✅Which of the following describes an attacker who goes after a target to
draw attention to a cause?
Low ✅What level of knowledge about hacking does a script kiddie have?
Permission ✅Which of the following does an ethical hacker require to start evaluating
a system?
Complete knowledge ✅A white-box test means the tester has which of the following?
Suicide hacker ✅Which of the following describes a hacker who attacks without regard
for being caught or punished?
A description of expected behavior ✅What is a code of ethics?
Hacktivists ✅The group Anonymous is an example of what?
Legal reasons
Regulatory reasons
To perform an audit ✅Companies may require a penetration test for which of the
following reasons?
Get permission ✅What should a pentester do prior to initiating a new penetration test?
Hacks for political reasons ✅Which of the following best describes what a hacktivist
does?
Hacks without stealth ✅Which of the following best describes what a suicide hacker
does?
Gray hat ✅Which type of hacker may use their skills for both benign and malicious
goals at different times?
A lack of fear of being caught ✅What separates a suicide hacker from other attackers?
,White hat ✅Which of the following would most likely engage in the pursuit of
vulnerability research?
Passively uncovering vulnerabilities ✅Vulnerability research deals with which of the
following?
With no knowledge ✅How is black-box testing performed?
Gives proof ✅A contract is important because it does what?
Target of evaluation ✅What does TOE stand for?
A weakness ✅Which of the following best describes a vulnerability?
Application ✅At which layer of the OSI model does a proxy operate?
Layer 2 ✅If a device is using node MAC addresses to funnel traffic, what layer of the
OSI model is this device working in?
Windows ✅Which OS holds 90 percent of the desktop market and is one of our largest
attack surfaces?
443 ✅Which port uses SSL to secure web traffic?
Collision domain ✅What kind of domain resides on a single switchport?
Ring ✅Which network topology uses a token-based access methodology?
Layer 1 ✅Hubs operate at what layer of the OSI model?
SYN, SYN-ACK, ACK ✅What is the proper sequence of the TCP three-way-
handshake?
TCP ✅Which of these protocols is a connection-oriented protocol?
Telnet ✅A scan of a network client shows that port 23 is open; what protocol is this
aligned with?
49152 to 65535 ✅What port range is an obscure third-party application most likely to
use?
Packet ✅Which category of firewall filters is based on packet header data only?
,IDS ✅An administrator has just been notified of irregular network activity; what
appliance functions in this manner?
Mesh ✅Which topology has built-in redundancy because of its many client
connections?
All nodes attached to the same port ✅When scanning a network via a hardline
connection to a wired-switch NIC in promiscuous mode, what would be the extent of
network traffic you would expect to see?
Proxy ✅What device acts as an intermediary between an internal client and a web
resource?
NAT ✅Which technology allows the use of a single public address to support many
internal clients while also preventing exposure of internal IP addresses to the outside
world?
IPS ✅What network appliance senses irregularities and plays an active role in
stopping that irregular activity from continuing?
SMTP ✅You have selected the option in your IDS to notify you via email if it senses
any network irregularities. Checking the logs, you notice a few incidents but you didn't
receive any alerts. What protocol needs to be configured on the IDS?
Application firewall ✅Choosing a protective network appliance, you want a device that
will inspect packets at the most granular level possible while providing improved traffic
efficiency. What appliance would satisfy these requirements?
Shared key cryptography ✅Symmetric cryptography is also known as __________.
Certificate authority ✅Which of the following manages digital certificates?
Public key ✅Asymmetric encryption is also referred to as which of the following?
Nonreversible ✅Which of the following best describes hashing?
Hashing ✅A message digest is a product of which kind of algorithm?
Two keys ✅A public and private key system differs from symmetric because it uses
which of the following?
PKI system ✅A public key is stored on the local computer by its owner in a
__________.
, Number of keys ✅Symmetric key systems have key distribution problems due to
__________.
Integrity ✅What does hashing preserve in relation to data?
MD5 ✅Which of the following is a common hashing protocol?
A way of encrypting data in a reversible method ✅Which of the following best
describes PGP?
Securing transmitted data ✅SSL is a mechanism for which of the following?
PKI ✅Which system does SSL use to function?
Level 3 ✅In IPsec, encryption and other processes happen at which layer of the OSI
model?
Authentication services ✅In IPsec, what does Authentication Header (AH) provide?
Data security ✅In IPsec, what does Encapsulating Security Payload (ESP) provide?
During transmission ✅At what point can SSL be used to protect data?
PKI ✅Which of the following does IPsec use?
Netscape ✅Who first developed SSL?
AH/ESP ✅IPsec uses which two modes?
Investigation of a target ✅Which of the following best describes footprinting?
Port scanning ✅Which of the following is not typically used during footprinting?
To fine-tune search results ✅Why use Google hacking?
To gain information from human beings ✅What is the role of social engineering?
Check financial filings ✅What is EDGAR used to do?
Operators ✅Which of the following can be used to tweak or fine-tune search results?
Job boards ✅Which of the following can an attacker use to determine the technology
and structure within an organization?
Questions and Correct Answers
White hat ✅If you have been contracted to perform an attack against a target system,
you are what type of hacker?
Hacktivist ✅Which of the following describes an attacker who goes after a target to
draw attention to a cause?
Low ✅What level of knowledge about hacking does a script kiddie have?
Permission ✅Which of the following does an ethical hacker require to start evaluating
a system?
Complete knowledge ✅A white-box test means the tester has which of the following?
Suicide hacker ✅Which of the following describes a hacker who attacks without regard
for being caught or punished?
A description of expected behavior ✅What is a code of ethics?
Hacktivists ✅The group Anonymous is an example of what?
Legal reasons
Regulatory reasons
To perform an audit ✅Companies may require a penetration test for which of the
following reasons?
Get permission ✅What should a pentester do prior to initiating a new penetration test?
Hacks for political reasons ✅Which of the following best describes what a hacktivist
does?
Hacks without stealth ✅Which of the following best describes what a suicide hacker
does?
Gray hat ✅Which type of hacker may use their skills for both benign and malicious
goals at different times?
A lack of fear of being caught ✅What separates a suicide hacker from other attackers?
,White hat ✅Which of the following would most likely engage in the pursuit of
vulnerability research?
Passively uncovering vulnerabilities ✅Vulnerability research deals with which of the
following?
With no knowledge ✅How is black-box testing performed?
Gives proof ✅A contract is important because it does what?
Target of evaluation ✅What does TOE stand for?
A weakness ✅Which of the following best describes a vulnerability?
Application ✅At which layer of the OSI model does a proxy operate?
Layer 2 ✅If a device is using node MAC addresses to funnel traffic, what layer of the
OSI model is this device working in?
Windows ✅Which OS holds 90 percent of the desktop market and is one of our largest
attack surfaces?
443 ✅Which port uses SSL to secure web traffic?
Collision domain ✅What kind of domain resides on a single switchport?
Ring ✅Which network topology uses a token-based access methodology?
Layer 1 ✅Hubs operate at what layer of the OSI model?
SYN, SYN-ACK, ACK ✅What is the proper sequence of the TCP three-way-
handshake?
TCP ✅Which of these protocols is a connection-oriented protocol?
Telnet ✅A scan of a network client shows that port 23 is open; what protocol is this
aligned with?
49152 to 65535 ✅What port range is an obscure third-party application most likely to
use?
Packet ✅Which category of firewall filters is based on packet header data only?
,IDS ✅An administrator has just been notified of irregular network activity; what
appliance functions in this manner?
Mesh ✅Which topology has built-in redundancy because of its many client
connections?
All nodes attached to the same port ✅When scanning a network via a hardline
connection to a wired-switch NIC in promiscuous mode, what would be the extent of
network traffic you would expect to see?
Proxy ✅What device acts as an intermediary between an internal client and a web
resource?
NAT ✅Which technology allows the use of a single public address to support many
internal clients while also preventing exposure of internal IP addresses to the outside
world?
IPS ✅What network appliance senses irregularities and plays an active role in
stopping that irregular activity from continuing?
SMTP ✅You have selected the option in your IDS to notify you via email if it senses
any network irregularities. Checking the logs, you notice a few incidents but you didn't
receive any alerts. What protocol needs to be configured on the IDS?
Application firewall ✅Choosing a protective network appliance, you want a device that
will inspect packets at the most granular level possible while providing improved traffic
efficiency. What appliance would satisfy these requirements?
Shared key cryptography ✅Symmetric cryptography is also known as __________.
Certificate authority ✅Which of the following manages digital certificates?
Public key ✅Asymmetric encryption is also referred to as which of the following?
Nonreversible ✅Which of the following best describes hashing?
Hashing ✅A message digest is a product of which kind of algorithm?
Two keys ✅A public and private key system differs from symmetric because it uses
which of the following?
PKI system ✅A public key is stored on the local computer by its owner in a
__________.
, Number of keys ✅Symmetric key systems have key distribution problems due to
__________.
Integrity ✅What does hashing preserve in relation to data?
MD5 ✅Which of the following is a common hashing protocol?
A way of encrypting data in a reversible method ✅Which of the following best
describes PGP?
Securing transmitted data ✅SSL is a mechanism for which of the following?
PKI ✅Which system does SSL use to function?
Level 3 ✅In IPsec, encryption and other processes happen at which layer of the OSI
model?
Authentication services ✅In IPsec, what does Authentication Header (AH) provide?
Data security ✅In IPsec, what does Encapsulating Security Payload (ESP) provide?
During transmission ✅At what point can SSL be used to protect data?
PKI ✅Which of the following does IPsec use?
Netscape ✅Who first developed SSL?
AH/ESP ✅IPsec uses which two modes?
Investigation of a target ✅Which of the following best describes footprinting?
Port scanning ✅Which of the following is not typically used during footprinting?
To fine-tune search results ✅Why use Google hacking?
To gain information from human beings ✅What is the role of social engineering?
Check financial filings ✅What is EDGAR used to do?
Operators ✅Which of the following can be used to tweak or fine-tune search results?
Job boards ✅Which of the following can an attacker use to determine the technology
and structure within an organization?
