CEH EXAM QUESTIONS AND ANSWERS
Which of the following is the warfare category in which viruses, worms, Trojan horses,
or sniffers are used to make systems shut down automatically, corrupt data, steal
information or services, send fraudulent messages, and access unauthorized data?
A. Hacker Warfare
B. Psychological Warfare
C. C2 Warfare
D. Electronic Warfare - Answers :Hacker Warfare
Which of the following techniques is a close-in attack where an attacker simply
examines an organization's trash for any discarded sensitive information such as
usernames, passwords, credit-card statements, bank statements, ATM receipts, social
security numbers, and private telephone numbers?
A. Shoulder surfing
B. Dumpster diving
C. Wiretapping
D. Pod slurping - Answers :Dumpster Diving
Bob recently joined an organization and completed his training. His work involved
dealing with important documents of the organization. On one Sunday, he connected to
the corporate network by providing authentication credentials to access a file online
from his residence.
Which of the following elements of information security was demonstrated in the above
scenario?
A. Integrity
B. Non-repudiation
C. Authenticity
D. Availability - Answers :Availability: Assurance that the systems responsible for
delivering, storing, and processing information are accessible when required by the
authorized users.
Sam, an attacker, was hired to launch an attack on an organization to disrupt its
operations and gain access to a remote system for compromising the organization's
internal network. In the process, Sam launched an attack to tamper with the data in
transit to break into the organization's network.
What is the type of attack Sam has performed against the target organization?
A. Passive attack
B. Insider Attack
C. Active Attack
D. Distribution attack - Answers :Active Attack
,Don, a professional hacker, was hired to break into an organization's network and
extract sensitive data. In the attack process, Don found that the organization has
purchased new hardware. He accessed the new hardware while it was in transit and
tampered with it to launch further attacks on the target organization.
What is the type of attack Don has performed on the target organization?
A. Passive attack
B. Insider Attack
C. Active Attack
D. Distribution attack - Answers :Distribution attack
Which of the following categories of information warfare is a sensor-based technology
that directly corrupts technological systems?
A. economic warfare
B. electronic warfare
C. command-and-control warfare (C2 warfare)
D. intelligence-based warfare - Answers :Intelligence-based warfare: Intelligence-based
warfare is a sensor-based technology that directly corrupts technological systems.
Intelligence-based warfare is a warfare that consists of the design, protection, and
denial of systems that seek sufficient knowledge to dominate the battlespace.
Which of the following techniques does an attacker use to snoop on the communication
between users or devices and record private information to launch passive attacks?
A. eavesdropping
B. spoofing
C. Privilege escalation
D. Session hjacking - Answers :eavesdropping
Which of the following categories of information warfare is a sensor-based technology
that can directly disrupt technological systems?
A. Economic warfare
B. Electronic warfare
C. Psychological warfare
D. Intelligence-based warfare - Answers :Intelligence-based warfare: Intelligence-based
warfare is a sensor-based technology that directly corrupts technological systems.
According to Libicki, "intelligence-based warfare" is warfare that consists of the design,
protection, and denial of systems that seek sufficient
Which of the following information security elements includes a checksum and access
control to verify that a given block of data is not changed in transit and ensures that only
authorized personnel can update, add, or delete data?
,A. non-repudiation
B. confidentiality
C. Availability
D. integrity - Answers :Integrity
Which of the following close-in attacks is performed by an attacker to gather information
by observing the target's activity at the closest proximity?
A. DNS Spoofing
B. DNS
C. ARP poisoning
D. Shoulder Surfing - Answers :Shoulder Surfing
James, a professional hacker, is performing an attack on a target organization. He
succeeded in gathering information about the target and identified vulnerabilities
existing in the target network. He is now in the process of exploiting the vulnerabilities to
enter the target's network and escalate privileges so that he can have complete access
to the target system.
Which of the following phases of hacking is James currently in?
A. maintaining access
B. reconnanissance
C. scanning
D. gaining access - Answers :Gaining access
In which of the following hacking phases does an attacker try to detect listening ports to
find information about the nature of services running on the target machine?
A. clearing tracks
b. scanning
c. maintaining access
d. gaining access - Answers :scanning
In which of the following hacking phases does an attacker create a profile of the target
organization and obtain information such as its IP address range, namespace, and
employees?
a. vulnerability analysis
b. scanning
c. enumeration
d. footprinting - Answers :footprinting
In which of the following hacking stages does an attacker use Trojans, spyware,
backdoors, and keyloggers to create and maintain remote access to a system?
a. covering tracks
b. executing apps
, c. gaining access
d. escalating privileges - Answers :executing apps
Which of the following techniques is used by an attacker for identifying the active hosts,
open ports, and unnecessary services enabled on target hosts?
a. scanning
b. vulnerability analysis
c. footprinting
d. enumeration - Answers :scanning
Enumeration - Answers :Enumeration is a method of intrusive probing, through which
attackers gather information such as network user lists, routing tables, security flaws,
and Simple Network Management Protocol (SNMP) data. This is of significance,
because the attacker ranges over the target territory to glean information about the
network, and shared users, groups, applications, and banners.
Scanning - Answers :Scanning is a procedure used for identifying active hosts, open
ports, and unnecessary services enabled on particular hosts. Attackers use different
types of scanning methods for host discovery, port and service discovery, operating
system (OS) discovery, and evading endpoint security devices such as intrusion
detection systems (IDSs) and firewalls.
Joel, a professional hacker, has targeted an organization to steal sensitive information
remotely. He was successful in the attack and was able to access sensitive data of the
organization. He is now trying to wipe out the entries corresponding to his activities in
the system to remain undetected.
Which of the following hacking steps is Joel performing now?
A. clearing logs
b. gaining access
c. maintaining access
d. escalating privileges - Answers :clearing logs
In which of the following phases of the cyber kill chain methodology does an adversary
select or create a tailored deliverable malicious payload using an exploit and a backdoor
to send it to the victim?
a. delivery
b. reconnaissance
c. installation
d. weaponization - Answers :weaponization
Which of the following IoC categories is useful for command and control, malware
delivery, and identifying details about the operating system, browser type, and other
computer-specific information?
Which of the following is the warfare category in which viruses, worms, Trojan horses,
or sniffers are used to make systems shut down automatically, corrupt data, steal
information or services, send fraudulent messages, and access unauthorized data?
A. Hacker Warfare
B. Psychological Warfare
C. C2 Warfare
D. Electronic Warfare - Answers :Hacker Warfare
Which of the following techniques is a close-in attack where an attacker simply
examines an organization's trash for any discarded sensitive information such as
usernames, passwords, credit-card statements, bank statements, ATM receipts, social
security numbers, and private telephone numbers?
A. Shoulder surfing
B. Dumpster diving
C. Wiretapping
D. Pod slurping - Answers :Dumpster Diving
Bob recently joined an organization and completed his training. His work involved
dealing with important documents of the organization. On one Sunday, he connected to
the corporate network by providing authentication credentials to access a file online
from his residence.
Which of the following elements of information security was demonstrated in the above
scenario?
A. Integrity
B. Non-repudiation
C. Authenticity
D. Availability - Answers :Availability: Assurance that the systems responsible for
delivering, storing, and processing information are accessible when required by the
authorized users.
Sam, an attacker, was hired to launch an attack on an organization to disrupt its
operations and gain access to a remote system for compromising the organization's
internal network. In the process, Sam launched an attack to tamper with the data in
transit to break into the organization's network.
What is the type of attack Sam has performed against the target organization?
A. Passive attack
B. Insider Attack
C. Active Attack
D. Distribution attack - Answers :Active Attack
,Don, a professional hacker, was hired to break into an organization's network and
extract sensitive data. In the attack process, Don found that the organization has
purchased new hardware. He accessed the new hardware while it was in transit and
tampered with it to launch further attacks on the target organization.
What is the type of attack Don has performed on the target organization?
A. Passive attack
B. Insider Attack
C. Active Attack
D. Distribution attack - Answers :Distribution attack
Which of the following categories of information warfare is a sensor-based technology
that directly corrupts technological systems?
A. economic warfare
B. electronic warfare
C. command-and-control warfare (C2 warfare)
D. intelligence-based warfare - Answers :Intelligence-based warfare: Intelligence-based
warfare is a sensor-based technology that directly corrupts technological systems.
Intelligence-based warfare is a warfare that consists of the design, protection, and
denial of systems that seek sufficient knowledge to dominate the battlespace.
Which of the following techniques does an attacker use to snoop on the communication
between users or devices and record private information to launch passive attacks?
A. eavesdropping
B. spoofing
C. Privilege escalation
D. Session hjacking - Answers :eavesdropping
Which of the following categories of information warfare is a sensor-based technology
that can directly disrupt technological systems?
A. Economic warfare
B. Electronic warfare
C. Psychological warfare
D. Intelligence-based warfare - Answers :Intelligence-based warfare: Intelligence-based
warfare is a sensor-based technology that directly corrupts technological systems.
According to Libicki, "intelligence-based warfare" is warfare that consists of the design,
protection, and denial of systems that seek sufficient
Which of the following information security elements includes a checksum and access
control to verify that a given block of data is not changed in transit and ensures that only
authorized personnel can update, add, or delete data?
,A. non-repudiation
B. confidentiality
C. Availability
D. integrity - Answers :Integrity
Which of the following close-in attacks is performed by an attacker to gather information
by observing the target's activity at the closest proximity?
A. DNS Spoofing
B. DNS
C. ARP poisoning
D. Shoulder Surfing - Answers :Shoulder Surfing
James, a professional hacker, is performing an attack on a target organization. He
succeeded in gathering information about the target and identified vulnerabilities
existing in the target network. He is now in the process of exploiting the vulnerabilities to
enter the target's network and escalate privileges so that he can have complete access
to the target system.
Which of the following phases of hacking is James currently in?
A. maintaining access
B. reconnanissance
C. scanning
D. gaining access - Answers :Gaining access
In which of the following hacking phases does an attacker try to detect listening ports to
find information about the nature of services running on the target machine?
A. clearing tracks
b. scanning
c. maintaining access
d. gaining access - Answers :scanning
In which of the following hacking phases does an attacker create a profile of the target
organization and obtain information such as its IP address range, namespace, and
employees?
a. vulnerability analysis
b. scanning
c. enumeration
d. footprinting - Answers :footprinting
In which of the following hacking stages does an attacker use Trojans, spyware,
backdoors, and keyloggers to create and maintain remote access to a system?
a. covering tracks
b. executing apps
, c. gaining access
d. escalating privileges - Answers :executing apps
Which of the following techniques is used by an attacker for identifying the active hosts,
open ports, and unnecessary services enabled on target hosts?
a. scanning
b. vulnerability analysis
c. footprinting
d. enumeration - Answers :scanning
Enumeration - Answers :Enumeration is a method of intrusive probing, through which
attackers gather information such as network user lists, routing tables, security flaws,
and Simple Network Management Protocol (SNMP) data. This is of significance,
because the attacker ranges over the target territory to glean information about the
network, and shared users, groups, applications, and banners.
Scanning - Answers :Scanning is a procedure used for identifying active hosts, open
ports, and unnecessary services enabled on particular hosts. Attackers use different
types of scanning methods for host discovery, port and service discovery, operating
system (OS) discovery, and evading endpoint security devices such as intrusion
detection systems (IDSs) and firewalls.
Joel, a professional hacker, has targeted an organization to steal sensitive information
remotely. He was successful in the attack and was able to access sensitive data of the
organization. He is now trying to wipe out the entries corresponding to his activities in
the system to remain undetected.
Which of the following hacking steps is Joel performing now?
A. clearing logs
b. gaining access
c. maintaining access
d. escalating privileges - Answers :clearing logs
In which of the following phases of the cyber kill chain methodology does an adversary
select or create a tailored deliverable malicious payload using an exploit and a backdoor
to send it to the victim?
a. delivery
b. reconnaissance
c. installation
d. weaponization - Answers :weaponization
Which of the following IoC categories is useful for command and control, malware
delivery, and identifying details about the operating system, browser type, and other
computer-specific information?
