Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

CEH V12 Complete Exam (Latest 2025/ 2026 Update) Certified Ethical Hacker | Questions and Answers | Grade A| 100% Correct (Verified Elaborations)

Rating
-
Sold
-
Pages
16
Grade
A+
Uploaded on
30-06-2025
Written in
2024/2025

CEH V12 Complete Exam (Latest 2025/ 2026 Update) Certified Ethical Hacker | Questions and Answers | Grade A| 100% Correct (Verified Elaborations) Question: During a recent review of the events on your company's network, you discover that an attacker used Nmap to perform a ping sweep on your company's network. Which statement is true regarding this type of scan? Answer: It detects which computers are online Question: As an ethical hacker, you are using Nmap port scanning and must try to evade a certain type of device. You are using the following techniques: 1. Break the network scans up into smaller ranges, with delays in between each scan. 2. Break up IP packets into fragments. Which type of device are you most likely attempting to evade? Answer: IDS Question: An attacker is using the traceroute tool to carry out network footprinting. Which of the following may NOT be discovered using this tool? Answer: FQDNs of all intermediary devices Question: Which of the following action does vulnerability scanning NOT perform? Answer: Notifies of threats based on active attack signatures Question: You are running a high-level vulnerability scan using the Nmap utility. The network systems include Windows machines running Internet Information Service (IIS). Which switch should you use to automate and customize vulnerability scanning for different Windows OS and SSL vulnerabilities? Answer: -sC Question: Your company has a monthly requirement to test corporate compliance with host application usage and security policies. You need to use the appropriate tool to fulfill this requirement. Which tool should you use? Answer: Nessus Question: Your company's web site is updated on a regular basis. Over the past three years, the web site has undergone four major updates in response to security issues. One of those major updates was to address a JavaScript vulnerability that allowed SQL injection attacks to occur. A new developer has requested to go back and see the code for the JavaScript vulnerability. However, he discovers that there is retention of the code for the previous web site versions. How can the developer go back and review the code? Answer: Go to Question: Your company wants to implement a three-factor access control system. Which of the following would qualify for this implementation? Answer: Password, smart card, retina scan Question: What is the broadcast address for the subnet 191.43.164.0/22? Answer: 191.43.167.255 Question: You run the following command on a Windows computer: FOR /L %H IN (1 1 10) DO ping -n 1 192.168.1.%H | FIND /I "reply" What is the result? Answer: Enumeration of the alive systems in first ten IP addresses in the 192.168.1.0 network via ICMP Question: Which of the following is the BEST example of defense in depth? Answer: ACLs on the router and NTFS permissions on files Question: While researching specific security issues for your company, you want to use an anonymizer to ensure that your privacy is protected. Which of the following is NOT an anonymizer? Answer: Tails Question: You run the following command: nmap -p21, 80,443 -sV -0 45.33.32.156 What is the most likely partial output? Answer: Host is up (0.029s latency). PORT STATE SERVICE VERSION 21/tcp closed ftp 80/tcp open http Apache httpd 2.4.7 ((Ubuntu)) 443/tcp filtered https Device type: general purpose| firewall| router | broadband router | WAP| terminal Running: Linux 3.x| 2.6.x|2.4.X Network Distance: 12 hops Question: Joe, who does not work for your company, was able to steal an employee badge from a car in the parking lot and use it to enter the facility. What type of threat does Joe present? Answer: Outside affiliate Question: Which two of the following are key components of the Common Criteria evaluation system? Answer: Protections profiles Evaluation assurance levels Question: You are configuring a firewall to allow the CTO to connect remotely to a number of workstations located in the corporate network. The CTO will use his company-issued notebook with a remote IP address of 220.60.6.6. The corporate network contains hosts in the 192.168.5.62/29 range. Which firewall rule should be added to allow the required RDP connections? Answer: permit 220.60.6.6 192.168.5.62/29 RDP 3389 Question: You have been asked to perform a thorough vulnerability assessment for your company's file server. You must ensure that you complete all of the appropriate steps for the assessment. What is the first step or phase? Answer: Acquisition Question: You need to perform a thorough audit of your company's infrastructure configuration. The proposed security policy will require detailed vulnerability assessment and compliance with industry-accepted best practices, including SOX and PCI. Enterprise assessments, reporting, and patch management must be centralized. Which tool will BEST meet these requirements? Answer: Ecora Auditor Professional Question: While implementing a demilitarized zone (DMZ) to protect several network resources, your company decides to implement a bastion host. What is the BEST description of this device? Answer: Gateway between an inside and outside network that is located on the public side of the DMZ and is designed to defend against attacks aimed at the inside network Question: Your organization is concerned that patches and updates aren't being deployed in a timely manner. You need to deploy a system that will help with this problem. Which type of system should you deploy? Answer: Vulnerability Protection System Question: You routinely test network connectivity using the ping command. Recently, you noticed that a router discarded an ICMP packet and sent a time exceeded message to the source host. Which of the following conditions would cause this to occur? Answer: The TTL value is 1, and the destination host is several hops away Question: You are concerned about an employee's use of Telnet when connecting to routers and switches to administer these devices. You would like to perform a port scan on all of these devices to identify any that are still enabled for Telnet. Which open port number(s) are you looking for in the results? Answer: 23 Question: During the presentation of bids for penetrations testing work, which of the following additions to a proposal would be unethical to submit? Answer: Results of past audits as examples of previous work Question: You are implementing MD5 hashing for all read-only files on critical company servers. If any files are tampered with, then the MD5 hash value will not match. Which element of information security does MD5 hashing provide? Answer: Integrity Question: You are your company's security administrator. Your company has recently opened a new division. The division head explains to your the Privacy Rule for HIPAA. Which type or record is affected by this? Answer: Healthcare records Question: As your company's ethical hacker, you often perform routine penetration tests to check the security for your company's network. Last week, an attacker posted details obtained through operating system fingerprinting about your company's servers. You need to perform the same type of check to verify what information is available. Which tool should you use? Answer: Question: During a penetration test, a tester conducts the following scan: hping3 -A 209.15.13.134 -p 80 You receive back no response, indicating the port is filtered. Which type of network interface is being scanned? Answer: External interface of DMZ firewall Question: You capture the following TCP frames using Wireshark: 343 61..44.193.36 192.168.1.3 TCP (TCP segment of a reassembled PDU] 344 61..168.1.3 208.44.193.36 TCP 3202 http [FIN, ACK] Seq=986 Ack=25462 Win=17520 Len=0 345 61..44.193.36 192.168.1.3 HTTP HTTP/1.1 404 Not Found (text/html) 346 61..168.1.3 208.44.193.36 TCP 3203 http [RST, ACK] Seq=987 Ack=25797 Win=0 Len=0 347 66..168.1.3 208.44.193.36 TCP 3206 http [SYN] Seq=0 Len=0 MSS=1460 348 66..44.193.36 192.168.1.3 TCP http 3206 [SYN, ACK] Seq=0 Ack=1 Win=1460 Len=0 MSS=1460 349 66..168.1.3 208.44.193.36 TCP 3206 http [ACK] Seq=1 Ack=1 Win=17520 Len=0 350 66..168.1.3 208.44.193.36 HTTP GET /images/product-images/practicetest/Image: HTTP/1.1 351 66..44.193.36 192.168.1.3 TCP http 3206 [ACK] Seq=1 Ack=625 Win=63616 Len=0 352 66..44.193.36 192.168 Acknowledgement of a data packet Question: which of the following statements is NOT true about RSA SecurID? Answer: It is a form of mutual authentication Question: When handling residual risk, which of the following is NOT an acceptable approach? Answer: Ignore the risk Question: An attacker recently used Nmap to SYN scan your network. You discover that he adjusted the timing options of the scan, thereby avoiding detection by your network intrusion detection system (IDS). How does adjusting the timing options affect the Nmap scan? Answer: Decrease the packet send frequency of the scan Question: What information is measured in a retina scan? Answer: Blood vessels Question: Your organization has contracted with a third party to perform a penetration test. You have been allowed to observe and ask questions as the test proceeds. At one point you see that the tester is performing a scan of the network from the Internet and tunneling the scan through SSH. What is the purpose of this extra step? Answer: It will allow the scan to evade your border sensor Question: Which of the following does NOT occur during risk assessment? Answer: Attack profile Question: Which statement best describes the purpose of the incident management? Answer: Restore systems to normal service operation as quickly as possible Question: Which of the following organizations provides incident response services in partnership with the Department of Homeland Security? Answer: CSIRT Question: Which biometric scan focuses on the colored portion of the user's eye? Answer: Iris Question: One of your company's IT technicians provides you with a report that lists SNMP-enabled devices on a network. Which tool most likely provided this information? Answer: SNScan Question: Your security team has implemented the following controls: 1. Sensitive data is encrypted 2. Interactive logon privileges are restricted 3. Services run as unprivileged accounts 4. Users and applications operate with the least privileges Which of the following vulnerabilities are these controls designed to mitigate? Answer: Privilege escalation Question: You are investigating the header contents of a victim's email message. Which of the following is NOT information you could collect from the email header? Answer: Sender's firewall type Question: Which tool can help identify out-of-date software versions, missing patches, or system upgrades? Answer: Vulnerability scanner Question: Which documentation provides an ethical hacker with the scope of targets and allowed testing techniques and tools? Answer: ROE Question: You are consulting with a company on how best to implement a firewall architecture to meet their needs. The company is a cloud service provider that must allow access to virtual machines and other virtual services while denying access to development and other internal services. Only paying customers and their clients should be allowed access to virtual services. The company requires the highest security solution to optimize availability to their paying customers. Which boundary protection appliance should you recommend they include to meet their requirements? Answer: Triple-homed bastion host Question: Your network has increasingly come under attack. Management has asked you to take measures to detect and prevent future attacks. You need to purchase a tool or device that provides intrusion detection, packet sniffing, and logging. Which tool should you recommend? Answer: Snort Question: Using an Advanced Google search, you type: site *: -inurl:www What are you searching for? Answer: The target's sub-domains Question: During a risk assessment, which of the following roles is responsible for providing the security architecture to the risk assessor? Answer: IT security analyst Question: Your organization has decided to implement IPSec. One of the important functions you want to implement is its ability to prove where a message originates. Which feature of IPsec provides this function? Answer: Non-repudiation Question: Your company needs to implement a firewall. It must be able to discard TCP segments arriving at an open port when they have the header flag of FIN enabled, provided they are the first packet received from the source. Which type of firewall should be implemented? Answer: Stateful inspection firewall Question: You are using traceroute to map the route packets travel over a network. Which of the following statements is true when using this tool? Answer: The host decrements the TTL value by one and forwards the packet to the next host. Question: You have been hired as an ethical hacker by your company. You are currently involved in footprinting from outside your company's network. During the most recent analysis, you obtain SNMP information, user, computer and group names and user passwords. Which footprinting objective are you completing? Answer: Collection system information Question: Which preliminary activities differentiates a penetration test performed by a white hat hacker and a gray hat hacker? Answer: Gaining permission form concerned authorities Question: What is Nessus? Answer: Automated vulnerability assessment tool Question: You are describing to a team member how multiprotocol label switching (MPLS) is implemented to handle VPN traffic across the Internet. MPLS prefixes label stack entries to each network packet. Which fields comprise a label stack entry? (Choose all that apply.) Answer: traffic class time to live bottom of stack label

Show more Read less
Institution
CEH V12
Course
CEH V12

Content preview

CEH V12 Complete Exam (Latest 2025/ 2026 Update)
Certified Ethical Hacker | Questions and Answers | Grade A|
100% Correct (Verified Elaborations)

Question:
During a recent review of the events on your company's network, you discover that an attacker
used Nmap to perform a ping sweep on your company's network. Which
statement is true regarding this type of scan?

Answer:
It detects which computers are online




Question:
As an ethical hacker, you are using Nmap port scanning and must try to evade a certain type of
device. You are using the following techniques:
1. Break the network scans up into smaller ranges, with delays in between each scan.
2. Break up IP packets into fragments.
Which type of device are you most likely attempting to evade?

Answer:
IDS




Question:
An attacker is using the traceroute tool to carry out network footprinting. Which of the following
may NOT be discovered using this tool?

Answer:
FQDNs of all intermediary devices

,Question:
Which of the following action does vulnerability scanning NOT perform?

Answer:
Notifies of threats based on active attack signatures




Question:
You are running a high-level vulnerability scan using the Nmap utility. The network systems
include Windows machines running Internet Information Service (IIS).
Which switch should you use to automate and customize vulnerability scanning for different
Windows OS and SSL vulnerabilities?

Answer:
-sC




Question:
Your company has a monthly requirement to test corporate compliance with host application
usage and security policies. You need to use the appropriate tool to fulfill
this requirement.
Which tool should you use?

Answer:
Nessus




Question:
Your company's web site is updated on a regular basis. Over the past three years, the web site
has undergone four major updates in response to security issues. One

, of those major updates was to address a JavaScript vulnerability that allowed SQL injection
attacks to occur.
A new developer has requested to go back and see the code for the JavaScript vulnerability.
However, he discovers that there is retention of the code for the previous
web site versions. How can the developer go back and review the code?

Answer:
Go to archive.org




Question:
Your company wants to implement a three-factor access control system. Which of the following
would qualify for this implementation?

Answer:
Password, smart card, retina scan




Question:
What is the broadcast address for the subnet 191.43.164.0/22?

Answer:
191.43.167.255




Question:
You run the following command on a Windows computer:
FOR /L %H IN (1 1 10) DO ping -n 1 192.168.1.%H | FIND /I "reply"
What is the result?

Answer:
Enumeration of the alive systems in first ten IP addresses in the 192.168.1.0 network via ICMP

Written for

Institution
CEH V12
Course
CEH V12

Document information

Uploaded on
June 30, 2025
Number of pages
16
Written in
2024/2025
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$11.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF


Also available in package deal

Thumbnail
Package deal
CEH V12 Exams | Certified Ethical Hacker (Latest 2025/ 2026 Updates STUDY BUNDLE PACKAGE WITH SOLUTIONS) Questions and Answers | Grade A | 100% Correct (Verified Elaborations)
-
5 2025
$ 24.07 More info

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
EliteStudyDocs Rasmussen College
View profile
Follow You need to be logged in order to follow users or courses
Sold
3582
Member since
5 year
Number of followers
2869
Documents
9117
Last sold
6 hours ago
High Quality Exams, Study guides, Reviews, Notes, Case Studies

Welcome to EliteStudyDocs, your ultimate destination for high-quality, verified study materials trusted by students, educators, and professionals across the globe. I specialize in providing A+ graded exam files, practice questions, complete study guides, and certification prep tailored to a wide range of academic and professional fields. P/S: CHECK OUT THE PACKAGE DEALS

4.0

699 reviews

5
383
4
128
3
78
2
39
1
71

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions