CEH V12 EXAM VERSION 4 2026
COMPREHENSIVE STUDY GUIDE SOLVED
QUESTION SET
◉ Which of the following action does vulnerability scanning NOT
perform? Answer: Notifies of threats based on active attack signatures
◉ To attack a wireless network, an attacker sets up a wireless access
point that is configured to look exactly like a company's valid wireless
access point by using the same SSID. What kind of attack is this?
Answer: Evil twin
◉ An IT technician reports that he has discovered an unauthorized
wireless access point attached to the company network. An employee
has used the wireless access point to connect several of his personal
devices to the network. Employees are not allowed to connect any
personal devices to the network without prior consent from their
supervisor and the IT department head. The employee explains that he
used the wireless access point because he needed company data on his
personal devices.
What should you do? Answer: Enforce the company security policy.
◉ Which threat poses the highest impact to the organization by a
disgruntled employee? Answer: Disclosure of sensitive data
,◉ What should the company do to prevent this shoulder surfing attack?
Answer: Create and enforce a physical security policy for remote
employees.
◉ Which one of the following statements best describes symmetric
encryption? Answer: The same key is used to encrypt and decrypt data.
◉ Which of the following tools is a System Integrity Verifier? Answer:
Tripwire
◉ Obtained a valid session ID token via an XSS vulnerability
Confirmed that the session ID manager validates the source IP address
as well
Spoofed the required IP address
Replayed the session ID
What will be the result? Answer: Allan will be unable to establish an
interactive session
◉ You are responding to an active hacking attack and need to verify
whether an insider suspect is involved. Which type of data analysis
should you use? Answer: Time-frame analysis
◉ Which of the following would be an appropriate mitigation for
tailgating? Answer: Mantrap
, ◉ You are configuring your corporate firewall. You must prevent anyone
from outside the network from using traceroute to gather information
about your network while still allowing the use of the tool within the
network.
Which actions can you take? (Choose all that apply.) Answer: *Add a
rule to only allow ICMP Echo-Request and Echo Reply messages for
connections originating from within the network.
*Add a rule to allow TTL-Exceed and Port-Unreachable messages to
only enter the network, not to leave it.
*Add a rule to allow ICMP Fragmentation-DF-Set messages to enter the
network, but not to leave it.
◉ Which of the following is a possible mitigation to the use of fragroute
by an attacker? Answer: Host-based IDS on the exposed system
◉ The security team has been analyzing several vulnerabilities found in
the Linux kernel they are using. Any upgrades that can be delayed must
be pushed to the next fiscal year.
Which of the following describes a vulnerability that would require an
immediate kernel upgrade? Answer: No known workaround exists
◉ Which of the following WLAN security measures could be easily
defeated with the use of a wireless sniffer? (Choose all that apply.)
Answer: MAC address filters and hidden SSID
COMPREHENSIVE STUDY GUIDE SOLVED
QUESTION SET
◉ Which of the following action does vulnerability scanning NOT
perform? Answer: Notifies of threats based on active attack signatures
◉ To attack a wireless network, an attacker sets up a wireless access
point that is configured to look exactly like a company's valid wireless
access point by using the same SSID. What kind of attack is this?
Answer: Evil twin
◉ An IT technician reports that he has discovered an unauthorized
wireless access point attached to the company network. An employee
has used the wireless access point to connect several of his personal
devices to the network. Employees are not allowed to connect any
personal devices to the network without prior consent from their
supervisor and the IT department head. The employee explains that he
used the wireless access point because he needed company data on his
personal devices.
What should you do? Answer: Enforce the company security policy.
◉ Which threat poses the highest impact to the organization by a
disgruntled employee? Answer: Disclosure of sensitive data
,◉ What should the company do to prevent this shoulder surfing attack?
Answer: Create and enforce a physical security policy for remote
employees.
◉ Which one of the following statements best describes symmetric
encryption? Answer: The same key is used to encrypt and decrypt data.
◉ Which of the following tools is a System Integrity Verifier? Answer:
Tripwire
◉ Obtained a valid session ID token via an XSS vulnerability
Confirmed that the session ID manager validates the source IP address
as well
Spoofed the required IP address
Replayed the session ID
What will be the result? Answer: Allan will be unable to establish an
interactive session
◉ You are responding to an active hacking attack and need to verify
whether an insider suspect is involved. Which type of data analysis
should you use? Answer: Time-frame analysis
◉ Which of the following would be an appropriate mitigation for
tailgating? Answer: Mantrap
, ◉ You are configuring your corporate firewall. You must prevent anyone
from outside the network from using traceroute to gather information
about your network while still allowing the use of the tool within the
network.
Which actions can you take? (Choose all that apply.) Answer: *Add a
rule to only allow ICMP Echo-Request and Echo Reply messages for
connections originating from within the network.
*Add a rule to allow TTL-Exceed and Port-Unreachable messages to
only enter the network, not to leave it.
*Add a rule to allow ICMP Fragmentation-DF-Set messages to enter the
network, but not to leave it.
◉ Which of the following is a possible mitigation to the use of fragroute
by an attacker? Answer: Host-based IDS on the exposed system
◉ The security team has been analyzing several vulnerabilities found in
the Linux kernel they are using. Any upgrades that can be delayed must
be pushed to the next fiscal year.
Which of the following describes a vulnerability that would require an
immediate kernel upgrade? Answer: No known workaround exists
◉ Which of the following WLAN security measures could be easily
defeated with the use of a wireless sniffer? (Choose all that apply.)
Answer: MAC address filters and hidden SSID
