6/28/25, 2:01
PM
CEH V12 EXAM QUESTIONS AND CORRECT ANSWERS WITH
COMPLETE DETAILED SOLUTIONS 100% VERIFIED GRADED A+
LATEST UPDATED VERSION 2025/2026
Terms in this set (293)
A state of well-being of information and infrastructure
Information Security
in which the possibility of theft, tampering, and
disruption of information and services is low or
tolerable.
Confidentiality Assurance that the information is accessible only to those
authorized to have access.
The trustworthiness of data or resources in terms of
Integrity
preventing improper or unauthorized changes.
Assurance that the systems responsible for delivering,
Availability
storing, and processing information are accessible
when required by the authorized users.
The characteristic of a communication, document,
Authenticity
or any data that ensures the quality of being
genuine.
A guarantee that the sender of a message cannot later
Non-Repudiation
deny having sent the message and that the recipient
cannot deny having received the message.
Attacks Motive (Goal) + Method + Vulnerability.
1/46
,6/28/25, 2:01
PM
Originates out of the notion that the target system
Motive
stores or processes something valuable, and this leads
to the threat of an attack on the system.
Do not tamper with the data and involve intercepting
Passive Attacks
and monitoring network traffic and data flow on the
target network.
Tamper with the data in transit or disrupt
Active Attacks
communication or services between the systems to
bypass or break into secured systems.
Performed when the attacker is in close physical
Close-in Attacks
proximity with the target system or network in order to
gather, modify, or disrupt access to information.
Involve using privileged access to violate rules or
Insider Attacks
intentionally cause a threat to the organization's
information or information systems.
Distribution Attacks Occur when attackers tamper with hardware or software prior to
installation.
2/46
,6/28/25, 2:01
PM
Refers to the use of
information and communication
Information Warfare (InfoWar) technologies (ICT) to take
competitive advantages over an
opponent.
ICT Information and Communication Technology
Refers to all strategies and
actions designed to defend
Defensive Information Warfare against attacks on ICT assets.
Refers to information warfare that
involves attacks against the ICT
Offensive Information Warfare assets of an opponent.
Defines the step-by-step
process to perform ethical
CEH Hacking Methodology hacking. It follows the same
(CHM) process as that of an attacker,
and the only differences are in
it's hacking goals and
strategies.
Constitutes the preparatory phase, the first phase of
Footprinting hacking in which an attacker gathers as much
information as possible about the target prior to the
scanning phase in launching an attack.
Used to identify active hosts, open ports, and
unnecessary services enabled on particular hosts. In
3/46
, 6/28/25, 2:01
PM
Scanning this phase, the attacker uses the details gathered
during reconnaissance to scan the network for
specific information.
Used to identify active hosts, open ports, and
Enumeration unnecessary services enabled on particular hosts. In
this phase, the attacker uses the details gathered
during reconnaissance to scan the network for
specific information.
The examination of the ability of a system or
Vulnerability Analysis application, including its current security procedures
and controls, to withstand assault. It recognizes,
measures, and classifies security vulnerabilities in
computer systems, networks, and communication
channels.
Attackers follow a certain methodology to hack a
System Hacking system. They first obtain information during the
footprinting, scanning, enumeration, and vulnerability
analysis phases, which they then use to exploit the
target system.
This is the phase in which actual hacking occurs. The
previous phases help attackers identify security
Gaining Access loopholes and vulnerabilities in the target
organizational IT assets. the point at which the
attacker obtains access to the operating system (OS)
or applications on a computer or network.
After gaining access to a system using a low-privilege
4/46
PM
CEH V12 EXAM QUESTIONS AND CORRECT ANSWERS WITH
COMPLETE DETAILED SOLUTIONS 100% VERIFIED GRADED A+
LATEST UPDATED VERSION 2025/2026
Terms in this set (293)
A state of well-being of information and infrastructure
Information Security
in which the possibility of theft, tampering, and
disruption of information and services is low or
tolerable.
Confidentiality Assurance that the information is accessible only to those
authorized to have access.
The trustworthiness of data or resources in terms of
Integrity
preventing improper or unauthorized changes.
Assurance that the systems responsible for delivering,
Availability
storing, and processing information are accessible
when required by the authorized users.
The characteristic of a communication, document,
Authenticity
or any data that ensures the quality of being
genuine.
A guarantee that the sender of a message cannot later
Non-Repudiation
deny having sent the message and that the recipient
cannot deny having received the message.
Attacks Motive (Goal) + Method + Vulnerability.
1/46
,6/28/25, 2:01
PM
Originates out of the notion that the target system
Motive
stores or processes something valuable, and this leads
to the threat of an attack on the system.
Do not tamper with the data and involve intercepting
Passive Attacks
and monitoring network traffic and data flow on the
target network.
Tamper with the data in transit or disrupt
Active Attacks
communication or services between the systems to
bypass or break into secured systems.
Performed when the attacker is in close physical
Close-in Attacks
proximity with the target system or network in order to
gather, modify, or disrupt access to information.
Involve using privileged access to violate rules or
Insider Attacks
intentionally cause a threat to the organization's
information or information systems.
Distribution Attacks Occur when attackers tamper with hardware or software prior to
installation.
2/46
,6/28/25, 2:01
PM
Refers to the use of
information and communication
Information Warfare (InfoWar) technologies (ICT) to take
competitive advantages over an
opponent.
ICT Information and Communication Technology
Refers to all strategies and
actions designed to defend
Defensive Information Warfare against attacks on ICT assets.
Refers to information warfare that
involves attacks against the ICT
Offensive Information Warfare assets of an opponent.
Defines the step-by-step
process to perform ethical
CEH Hacking Methodology hacking. It follows the same
(CHM) process as that of an attacker,
and the only differences are in
it's hacking goals and
strategies.
Constitutes the preparatory phase, the first phase of
Footprinting hacking in which an attacker gathers as much
information as possible about the target prior to the
scanning phase in launching an attack.
Used to identify active hosts, open ports, and
unnecessary services enabled on particular hosts. In
3/46
, 6/28/25, 2:01
PM
Scanning this phase, the attacker uses the details gathered
during reconnaissance to scan the network for
specific information.
Used to identify active hosts, open ports, and
Enumeration unnecessary services enabled on particular hosts. In
this phase, the attacker uses the details gathered
during reconnaissance to scan the network for
specific information.
The examination of the ability of a system or
Vulnerability Analysis application, including its current security procedures
and controls, to withstand assault. It recognizes,
measures, and classifies security vulnerabilities in
computer systems, networks, and communication
channels.
Attackers follow a certain methodology to hack a
System Hacking system. They first obtain information during the
footprinting, scanning, enumeration, and vulnerability
analysis phases, which they then use to exploit the
target system.
This is the phase in which actual hacking occurs. The
previous phases help attackers identify security
Gaining Access loopholes and vulnerabilities in the target
organizational IT assets. the point at which the
attacker obtains access to the operating system (OS)
or applications on a computer or network.
After gaining access to a system using a low-privilege
4/46
