Certified Ethical Hacker (CEH) Exam Questions and Answers Sample for Practice

CEH Test Questions and Answers for Certification Exam Prep

A Certified Ethical Hacker (CEH) certification helps you to master the hacking techniques and tools. You will learn to scan, test, secure your systems and even hack to maintain robust security systems. You can start your career into cybersecurity as an all-rounder in cybersecurity. A certification in ethical hacking will give you technical and business knowledge. The CEH exam is very challenging to pass, and hence a ceh certification will get you global recognition in the domain of cybersecurity.  We acknowledge your dedication and hard work to pass the CEH certification exam. To ease out your test preparation for the CEH certification exam, we have compiled CEH question and answers which is similar to the exam format along with the correct answer and explanation for the correct answer.

These ethical hacking exam questions will help you to take a practice test before appearing at the Certified Ethical Hacker exam. By attending these ceh exam practice questions you can evaluate your passing score to improve or to gain the confidence to earn Ethical Hacker certification. The objective of free certified ethical hacker sample questions dump is to make test-takers to pass the exam.

Wish you good luck.

Exam details:

Duration: 240 minutes

No. of questions: 125

Passing score: 70%

Format: Multiple choice questions

Exam price: $500

--------------------------------------------------------------------------------------------------------------------------

1. From the below-mentioned option, what are the advantages of hacking?

A. Hacking helps to prevent data from theft.

B. It is used for spoiling security attack.

C. It is useful for plugging the loopholes and bugs.

D. Hacking helps in a malicious attack by preventing it.

E. All of the above.

Explanation- hacking is useful for all the above four mentioned option. It helps in false security attack, plugging the bugs and loopholes, helps for preventing data theft, it also prevent from malicious attack. 

 ---------------------------------------------------------------------------------------------------------------------------

2. From the below-mentioned option, What are the disadvantages of hacking?

A. It helps high-security issue which is quite confusing

B. It has an unauthorized system access

C. Hacking creates insecurity for private information as it is stolen.

D. It results in breaking of privacy regulations

E. All of the above.

Explanation- as the above-mentioned option all are included as a disadvantage of hacking that is, massive security issues, unauthorized access to a system, stealing of private information and violation of privacy rules and regulations.

---------------------------------------------------------------------------------------------------------------------------

3. From the below-mentioned option in which type of hacking Amit will be included if he has contracted for performing an attack against the target system.

A. White hat

B. Grey hat

C. Black hat

D. Red Hat

Explanation-anyone performing attack against target system comes under the White hat. Whereas a cracker who destroy the security of the computer is termed as Grey hat hacker. Red hat hacker is not considered as a hacker because it is a leading software company. Black hat hacker is the person working for personal financial gain.

---------------------------------------------------------------------------------------------------------------------------

4. From the below-mentioned option, anil will be described as an attacker who is performing a target from drawing the attention of cause. Which of the word will describe him correctly?

A. Criminal

B. Terrorist

C. Hacktivist

D. Script kiddie

Explanation- for performing hacking and various disruptive activity where the intention is for drawing the attention for a definite cause or message.

---------------------------------------------------------------------------------------------------------------------------

5. For a person having a script kiddie, knowledge hacking is termed as a person having a ---- level of knowledge.

A. High

B. Average

C. Low

D. Advance

Explanation- script kiddie is an easy job which can be done by anyone. The person having no knowledge about hacking can also perform this it but it will be but dangerous. Hence for performing script kiddie at least low-level knowledge is necessary.

---------------------------------------------------------------------------------------------------------------------------

6. From the below-mentioned option for starting and evaluating a system what does an ethical hacker will need?

A. Training

B. Permission

C. Planning

D. All of the above

Explanation- as the name only reflects the place that the permission is must for an ethical hacker. An ethical hacker can never perform any job or service without the explicit permission of the owner of that system against the target.

---------------------------------------------------------------------------------------------------------------------------

7. Which of the following is included in tester of a white box test?

A. Some knowledge

B. Complete Knowledge

C. No knowledge

D. Permission

Explanation- for performing a white box test the tester should have complete knowledge about the environment where they have to attack or where they have to perform the task.

---------------------------------------------------------------------------------------------------------------------------

8. What is the difference between asymmetric and symmetric encryption?

A. Asymmetric encryption for performing encryption and decryption uses different keys. Whereas symmetric encryption for performing encryption and decryption uses the same key.

B. Asymmetric encryption is slower on the other hand symmetric encryption works faster.

C. For asymmetric encryption hybrid approach is chosen whereas for symmetric encryption unencrypted channel is used.

D. All of the above.

Explanation- above mentioned differences are all true as they all are basic differences of asymmetric and symmetric encryption.

---------------------------------------------------------------------------------------------------------------------------

9. For operating the proxy of the OSI model which layer is needed?

A. Network layer

B. Physical layer

C. Data link layer

D. Application layer

Explanation- for OSI model application model is termed as a 7th layer. And as proxy operates at 7th layer it needs application layer. Proxies are enabled of filtering network traffic which depends on content like phrases, keywords, etc, etc. Due to this a proxy performs digging down farthest in comparison to a packet's header and performs reviving of the data inside the packed.

---------------------------------------------------------------------------------------------------------------------------

10. Which layer of the OSI model is required for using node MAC addresses to funnel traffic?

A. Layer 1

B. Layer 2

C. Layer 3

D. Layer 4

Explanation- a device which is using MAC addresses for directing to funnel traffic is staying on layer 2 in the OSI model. In layer 3 of OSI, model networking occurs to direct traffic to IP addresses, for example, routers.

---------------------------------------------------------------------------------------------------------------------------

11. What is another name for symmetric cryptography?

A. Hashing

B. Shared key Cryptography

C. Public key Cryptography

D. Steganography

Explanation-from the above-mentioned option the another defined name for symmetric cryptography is Shared key Cryptography.

---------------------------------------------------------------------------------------------------------------------------

12. From the below-mentioned option which is responsible for managing the digital certificate?

A. Key

B. Certificate authority

C. Hub

D. Public key

Explanation- from the above-mentioned option it is the responsibility of certificate authority to issue and manage digital certificate. Not only this but also certificate authority manages the key for a digital certificate.

---------------------------------------------------------------------------------------------------------------------------

13. From the below-mentioned option, the best description about footprinting is described by the following?

A. Discussion with people

B. Enumeration of services

C. Invention of services

D. Investigation of a target

Explanation- meaning of footprinting is to find out the information about an intended target. Before performing any action it tries to take out the detail information about the target.

---------------------------------------------------------------------------------------------------------------------------

14. While performing footprinting which of the following is not used?

A. Email

B. Search engines

C. Post-scanning

D. Google hacking

Explanation- since post scanning is used at later stages in the attack process this step is not used during footprinting. It is reserved for the future. 

---------------------------------------------------------------------------------------------------------------------------

15. What are the requirements for Google hacking?

A. Google hacking required for fine-tune search results.

B. Google hacking is used speeding the searches.

C. For targeting a domain Google hacking is required.

D. For finding out the information related to the Google we need Google hacking.

Explanation- it is not possible for normal searches to provide a result for a targeted and useful search for this we required Google hacking hence the correct option is Google hacking is required for fine-tune search results.

---------------------------------------------------------------------------------------------------------------------------

16. From the below-mentioned option which role is played by social engineering?

A. Social engineering helps to give information about the computer.

B. For getting information about social media we need social engineering.

C. Social engineering helps to provide information about a human being.

D. For getting information about post and cameras social engineering is used.

Explanation- social engineering give information about computer, social media, post and camera but that information is an indirect way. As social engineering directly interact with people and take out the information about the above things like computer, cameras, etc. Hence the role of social engineering is to gain information from a human being.

---------------------------------------------------------------------------------------------------------------------------

7.   Are pharming and defacement is the same?

A. Yes.

B. No

C. Partly yes partly no

D. None of the above

Explanation- pharming and defacement are two strategies used by the attacker. In pharming, the attacker compromises with DNS (domain name system) server. Not only this but also the attacker adjust with the user PC's goal of trafficking which is directed towards the various malicious site. On the other hand, defacement is the strategy in which the attacker modifies the alternative face with the firm site. The site contains hackers name, images, background music, etc. It may also include incorporated messages.

---------------------------------------------------------------------------------------------------------------------------

18. What is the use of vulnerability assessment?

A. Vulnerability assessment is used for finding the fault in any application on the network.

B. It is used for finding an exploitable vulnerability. For example like digging for gold.

C. A and B both

D. None of the above

Explanation- since penetration testing is used for finding exploitable vulnerability hence the option B is the wrong option and for finding false in application network vulnerability assessment approach is used.

---------------------------------------------------------------------------------------------------------------------------

19. What is penetration testing?

A. Vulnerability assessment is used for finding the fault in any application on the network.

B. It is used for finding an exploitable vulnerability. For example like digging for gold.

C. A and B both

D. None of the above

Explanation- as for finding false in an application network vulnerability assessment approach is used. Hence option A is the wrong option. For finding exploitable vulnerability penetration testing is used. Hence the correct option is option B.

---------------------------------------------------------------------------------------------------------------------------

20. From the below-mentioned option, what are the stages of hacking?

A. Surveillance

B. Scanning

C. Getting access

D. Access maintenance and covering tracks

E. All of the above.

Explanation- all this are the five stages of hacking for surveillance which is the basic principle stage in which the finding of the information or the data about the target is done. The second stage is scanning In which the accumulated data's exploitation is done and the inspection is done. Post scanner, mappers and vulnerability scanners are incorporated in the scanning stage. At this stage, accurate hacking occurs that real exploitation of data is attempted by a hacker and the access is given to pre-stages that are surveillance and scanning. Access maintenance - after having an access hacker need to maintain the access. There may be requirements for exclusive access such as back door, rootkits and trojans may be required which can be achieved by maintaining the old access. After this, all process is done and hackers are in the stage of maintaining access they get to the right track and maintain safety from counting red-handed. This was all about the hacking stages. Hence all five stages are included in hacking stages.

---------------------------------------------------------------------------------------------------------------------------

21. From the below-memtioned option which is the correct biometric system used for entryways and also visible on laptops these days?

A. Retina system

B. Fingerprint system

C. Iris system

D. Voice recognition system

explanation :

---------------------------------------------------------------------------------------------------------------------------

22. From the below-mentioned components, which is needed in an alarm system?

A. A visual alerting method

B. An audio alerting method

C. Automatic dialup

D. Both visual alerting and an audio alerting method.

Explanation: For alarm system, audio and visual both system are required. Both alerting method helps in the successful working of alarm system. 

------------------------------------------------------------------------------------------------------------------------------

23. From the below-mentioned components which are at least quantity in lock-pick sets?

A. Tension wrenches as well as screwdrivers

B. A pick

C. A pick in addition to a driver

D. A pick and also a tension wrench

explanation: in a lock-pick kit a pick and a tension wrench is required at minimum quantity in comparison to other components mentioned in the options above.

Top of Form

Bottom of Form

A. Our phone number may be publically exposed.

B. The fax machine is totally unsecured and is open.

C. It is difficult for setting a fax in a print tray.

D. A ribbon is used in a fax machine.

Explanation: A phone number is not so highly risky as the machine works with various information from a different location. 

---------------------------------------------------------------------------------------------------------------------------

Top of Form

Bottom of Form

A. A false ceiling

B. A tiled ceiling

C. An insulated ceiling

D. A weak ceiling

Explanation: As from the above-mentioned options, the other name for the drop ceiling is a false ceiling.

---------------------------------------------------------------------------------------------------------------------------26.From the below-mentioned option, what is used as a tool for ethical hacking?

A. Nmap

B. Metasploit

C. Burp suit

D. All of the above

Explanation: As a tool for ethical hacking is six, from these six tools three of them are Nmap, Metasploit, and burp suit.

A. Nmap: full form of nmap is network plotter. For performing network discovery and security auditing we need nmap tool.

Whereas the Metasploit tool is used for performing the penetration test.

On the other hand, burp suit is used for testing the playing security of applications on the internet.

Hence the correct option is d.all of the above.

7.   What is the use of Nmap tool for ethical hacking?

A. For performing network discovery and security auditing

B. It is used for performing the penetration test.

C. It is used for testing the playing security of applications on the internet. 

D. All of the above

Explanation: Because the Metasploit tool is used for performing a penetration test.

On the other hand, burp suit is used for testing the playing security of applications on the internet.

Hence the correct option is a. Nmap tool for ethical hacking is used for performing network discovery and security auditing.

---------------------------------------------------------------------------------------------------------------------------

28. From the below-mentioned option, what are the characteristics which are a disadvantage of USB flash drives that leads to a security issue?

A. USB flash drives are encrypted

B. The USB flash drives easily hidden the data

C. USB flash drives are portable

D. The USB flash drives working is  slow

Explanation: USB flash drives are encrypted, USB flash drives are portable and USB flash drives working is slow are the advantages of USB drive flash. The only disadvantage is USB flash drives easily hidden the data and can carry huge data. 

---------------------------------------------------------------------------------------------------------------------------

29. For deterring theft of hard drives, which of the below-mentioned mechanism is intended?

A. Locks

B. Backups

C. Encryption

D. Size

Explanation: in encryption, the whole drive's data,s value is diluted under the situation when the drive is in the condition of theft. This is not considered as the physical stolen off the drive.

---------------------------------------------------------------------------------------------------------------------------

30. For encountering, which physical intruder is used as a first defense

From the below-mentioned option?

A. Fences

B. Walls

C. Bollards

D. Cameras

Explanation: as per the guidelines and cases, it is found that the physical intruder used as the first defense for the encounter is fenced.

---------------------------------------------------------------------------------------------------------------------------

31. From the below-mentioned lock s, which of the following is included in combination lock's type?

A. Key lock

B. Card lock

C. Cipher lock

D. Trucker lock

E. All of the above

Explanation: for opening a door by entering a code, the combination lock is required which is a cipher lock.

---------------------------------------------------------------------------------------------------------------------------

32. From the below-mentioned options, what is another synomns for portals?

A. Doors

B. Mantraps

C. Glados

D. Booths

---------------------------------------------------------------------------------------------------------------------------

33. For securing web traffic, which of the following port is used by  SSL?

A. 443

B. 255

C. 23

D. 80

Explanation:  For securing web traffic, port 443 is used by ssl. It is also used for https traffic.