CEH V12 EXAM VERSION 4 2026
CERTIFICATION TEST QUESTIONS AND
ANSWERS UPDATED
◉ Which of the following is NOT true of cryptography? Answer: An
effective way of protecting sensitive information in storage but not
in transit
◉ What ICMP message types are used by the ping command?
Answer: Echo request (8) and Echo reply (0)
◉ Which of the following would not respond correctly to an nmap
XMAS scan? Answer: Windows 2000 Server running IIS 5
◉ What type of attack changes its signature and/or payload to
thwartdetection by antivirus
programs? Answer: Polymorphic
◉ You may be able to identify the IP addresses and machine names
for the firewall, and the names
of internal mail servers by: Answer: Examining the SMTP header
information generated in response to an e-mail message sent to
an invalid address
,◉ Which of the following is true of the wireless Service Set ID
(SSID)? Answer: Identifies the wireless network and Acts as a
password for network access
◉ Which of the following is the best way an attacker can passively
learn about technologies used in
an organization? Answer: By searching regional newspapers and job
databases for skill sets technology hires need to
possess in the organization
◉ You are scanning into the target network for the first time. You are
unsure of what protocols are
being used. You need to discover as many different protocols as
possible. Which kind of scan
would you use to do this? Answer: Nmap with the -sO (Raw IP
packets) switch
◉ Central Frost Bank was a medium-sized, regional financial
institution in New York. The bank
recently deployed a new Internet-accessible Web application. Using
this application, Central
Frost's customers could access their account balances, transfer
money between accounts, pay
,bills and conduct online financial business through a Web browser.
John Stevens was in charge
of information security at Central Frost Bank. After one month in
production, the Internet
bansheets application was the subject of several customer
complaints. Mysteriously, the account
balances ofmany of Central Frost's customers had been changed!
However, moneyhadn't been
removed from the bank. Instead, money was transferred between
accounts. Given this attack
profile, John Stevens reviewed the Web application's logs and found
the following entries:
Attempted login of unknown user: johnm
Attempted login of unknown user: susaR
Attempted login of unkno Answer: The Hacker attempted SQL
Injection technique to gain access to a valid bank login ID.
◉ Because UDP is a connectionless protocol: Answer: There is no
guarantee that the packets will arrive at their destination and ICMP
port unreachable messages may not be returned successfully
◉ A very useful resource for passively gathering information about a
target company is: Answer: Whois search
, ◉ Which of the following is NOT a reason 802.11 WEP encryption is
vulnerable? Answer: The standard does not provide for centralized
key management
◉ 000 00 00 BA 5E BA 11 00 A0 C9 B0 5E BD 08 00 45 00 ...^......^...E.
010 05 DC 1D E4 40 00 7F 06 C2 6D 0A 00 00 02 0A 00 ....@....m......
020 01 C9 00 50 07 75 05 D0 00 C0 04 AE 7D F5 50 10 ...P.u......}.P.
030 70 79 8F 27 00 00 48 54 54 50 2F 31 2E 31 20 32
py.'..HTTP/1.1.2
040 30 30 20 4F 4B 0D 0A 56 69 61 3A 20 31 2E 30 20
00.OK..Via:.1.0.
050 53 54 52 49 44 45 52 0D 0A 50 72 6F 78 79 2D 43
STRIDER..Proxy-C
060 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D
onnection:.Keep-
070 41 6C 69 76 65 0D 0A 43 6F 6E 74 65 6E 74 2D 4C
Alive..Content-L
080 65 6E 67 74 68 3A 20 32 39 36 37 34 0D 0A 43 6F
ength:.29674..Co
090 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 ntent-
Type:.text
0A0 2F 68 74 6D 6C 0D 0A 53 65 72 76 65 72 3A 20 4D
/html..Server:.
0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30 ..Microsoft
CERTIFICATION TEST QUESTIONS AND
ANSWERS UPDATED
◉ Which of the following is NOT true of cryptography? Answer: An
effective way of protecting sensitive information in storage but not
in transit
◉ What ICMP message types are used by the ping command?
Answer: Echo request (8) and Echo reply (0)
◉ Which of the following would not respond correctly to an nmap
XMAS scan? Answer: Windows 2000 Server running IIS 5
◉ What type of attack changes its signature and/or payload to
thwartdetection by antivirus
programs? Answer: Polymorphic
◉ You may be able to identify the IP addresses and machine names
for the firewall, and the names
of internal mail servers by: Answer: Examining the SMTP header
information generated in response to an e-mail message sent to
an invalid address
,◉ Which of the following is true of the wireless Service Set ID
(SSID)? Answer: Identifies the wireless network and Acts as a
password for network access
◉ Which of the following is the best way an attacker can passively
learn about technologies used in
an organization? Answer: By searching regional newspapers and job
databases for skill sets technology hires need to
possess in the organization
◉ You are scanning into the target network for the first time. You are
unsure of what protocols are
being used. You need to discover as many different protocols as
possible. Which kind of scan
would you use to do this? Answer: Nmap with the -sO (Raw IP
packets) switch
◉ Central Frost Bank was a medium-sized, regional financial
institution in New York. The bank
recently deployed a new Internet-accessible Web application. Using
this application, Central
Frost's customers could access their account balances, transfer
money between accounts, pay
,bills and conduct online financial business through a Web browser.
John Stevens was in charge
of information security at Central Frost Bank. After one month in
production, the Internet
bansheets application was the subject of several customer
complaints. Mysteriously, the account
balances ofmany of Central Frost's customers had been changed!
However, moneyhadn't been
removed from the bank. Instead, money was transferred between
accounts. Given this attack
profile, John Stevens reviewed the Web application's logs and found
the following entries:
Attempted login of unknown user: johnm
Attempted login of unknown user: susaR
Attempted login of unkno Answer: The Hacker attempted SQL
Injection technique to gain access to a valid bank login ID.
◉ Because UDP is a connectionless protocol: Answer: There is no
guarantee that the packets will arrive at their destination and ICMP
port unreachable messages may not be returned successfully
◉ A very useful resource for passively gathering information about a
target company is: Answer: Whois search
, ◉ Which of the following is NOT a reason 802.11 WEP encryption is
vulnerable? Answer: The standard does not provide for centralized
key management
◉ 000 00 00 BA 5E BA 11 00 A0 C9 B0 5E BD 08 00 45 00 ...^......^...E.
010 05 DC 1D E4 40 00 7F 06 C2 6D 0A 00 00 02 0A 00 ....@....m......
020 01 C9 00 50 07 75 05 D0 00 C0 04 AE 7D F5 50 10 ...P.u......}.P.
030 70 79 8F 27 00 00 48 54 54 50 2F 31 2E 31 20 32
py.'..HTTP/1.1.2
040 30 30 20 4F 4B 0D 0A 56 69 61 3A 20 31 2E 30 20
00.OK..Via:.1.0.
050 53 54 52 49 44 45 52 0D 0A 50 72 6F 78 79 2D 43
STRIDER..Proxy-C
060 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D
onnection:.Keep-
070 41 6C 69 76 65 0D 0A 43 6F 6E 74 65 6E 74 2D 4C
Alive..Content-L
080 65 6E 67 74 68 3A 20 32 39 36 37 34 0D 0A 43 6F
ength:.29674..Co
090 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 ntent-
Type:.text
0A0 2F 68 74 6D 6C 0D 0A 53 65 72 76 65 72 3A 20 4D
/html..Server:.
0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30 ..Microsoft
