CERTIFIED ETHICAL HACKER (CEH)
EXAMINATION QUESTION AND
CORRECT ANSWERS (VERIFIED
ANSWERS) PLUS RATIONALES 2026 Q&A
INSTANT DOWNLOAD PDF
1. Which phase of ethical hacking involves gathering information without
directly interacting with the target system?
A. Scanning
B. Enumeration
C. Exploitation
D. Footprinting
Answer: D
Rationale: Footprinting is the passive information-gathering phase where
attackers collect data from public sources without touching the target directly.
2. What type of hacker is employed by organizations to test security defenses
legally?
A. Black hat
B. Grey hat
C. Script kiddie
D. White hat
Answer: D
Rationale: White hat hackers are authorized professionals who conduct ethical
hacking to improve security.
, 3. Which tool is commonly used for network packet analysis?
A. Nmap
B. Metasploit
C. Wireshark
D. Nessus
Answer: C
Rationale: Wireshark captures and analyzes network packets to inspect traffic
and troubleshoot issues.
4. What does Nmap primarily help identify?
A. Password hashes
B. Open ports and services
C. Malware signatures
D. File permissions
Answer: B
Rationale: Nmap is a network scanner used to discover hosts, open ports, and
running services.
5. Which attack involves sending excessive requests to exhaust system
resources?
A. SQL injection
B. Phishing
C. Denial-of-Service
D. Sniffing
Answer: C
Rationale: DoS attacks overwhelm resources, making systems unavailable to
legitimate users.
, 6. What protocol is used to securely transfer files over SSH?
A. FTP
B. TFTP
C. SCP
D. HTTP
Answer: C
Rationale: SCP (Secure Copy Protocol) uses SSH to securely transfer files.
7. Which technique maps out user accounts and network resources?
A. Footprinting
B. Scanning
C. Enumeration
D. Exploitation
Answer: C
Rationale: Enumeration extracts detailed information such as users, groups, and
shares.
8. Which attack targets weaknesses in web application databases?
A. Cross-site scripting
B. SQL injection
C. Session hijacking
D. ARP poisoning
Answer: B
Rationale: SQL injection exploits poor input validation to manipulate backend
databases.
9. What is the primary goal of penetration testing?
A. Cause damage
B. Steal data
EXAMINATION QUESTION AND
CORRECT ANSWERS (VERIFIED
ANSWERS) PLUS RATIONALES 2026 Q&A
INSTANT DOWNLOAD PDF
1. Which phase of ethical hacking involves gathering information without
directly interacting with the target system?
A. Scanning
B. Enumeration
C. Exploitation
D. Footprinting
Answer: D
Rationale: Footprinting is the passive information-gathering phase where
attackers collect data from public sources without touching the target directly.
2. What type of hacker is employed by organizations to test security defenses
legally?
A. Black hat
B. Grey hat
C. Script kiddie
D. White hat
Answer: D
Rationale: White hat hackers are authorized professionals who conduct ethical
hacking to improve security.
, 3. Which tool is commonly used for network packet analysis?
A. Nmap
B. Metasploit
C. Wireshark
D. Nessus
Answer: C
Rationale: Wireshark captures and analyzes network packets to inspect traffic
and troubleshoot issues.
4. What does Nmap primarily help identify?
A. Password hashes
B. Open ports and services
C. Malware signatures
D. File permissions
Answer: B
Rationale: Nmap is a network scanner used to discover hosts, open ports, and
running services.
5. Which attack involves sending excessive requests to exhaust system
resources?
A. SQL injection
B. Phishing
C. Denial-of-Service
D. Sniffing
Answer: C
Rationale: DoS attacks overwhelm resources, making systems unavailable to
legitimate users.
, 6. What protocol is used to securely transfer files over SSH?
A. FTP
B. TFTP
C. SCP
D. HTTP
Answer: C
Rationale: SCP (Secure Copy Protocol) uses SSH to securely transfer files.
7. Which technique maps out user accounts and network resources?
A. Footprinting
B. Scanning
C. Enumeration
D. Exploitation
Answer: C
Rationale: Enumeration extracts detailed information such as users, groups, and
shares.
8. Which attack targets weaknesses in web application databases?
A. Cross-site scripting
B. SQL injection
C. Session hijacking
D. ARP poisoning
Answer: B
Rationale: SQL injection exploits poor input validation to manipulate backend
databases.
9. What is the primary goal of penetration testing?
A. Cause damage
B. Steal data
