Certified Ethical Hacker (CEH) Questions and
Correct Answers (Verified Answers) Plus
Rationales 2026 Q&A | Instant Download Pdf
1. Which of the following is the primary purpose of ethical hacking?
A. To steal confidential information
B. To identify and fix security vulnerabilities
C. To bypass security laws
D. To disrupt system operations
Ethical hacking involves legally testing systems to find vulnerabilities
before malicious hackers exploit them, helping organizations
strengthen their security posture.
2. Which phase of ethical hacking involves gathering information
about the target system?
A. Scanning
B. Exploitation
C. Reconnaissance
D. Reporting
,Reconnaissance is the initial phase where the hacker gathers as much
information as possible about the target, such as IP addresses, domain
names, and network topology.
3. What is footprinting in the context of ethical hacking?
A. Exploiting vulnerabilities
B. Collecting information about a target system
C. Denial-of-service attacks
D. Installing malware
Footprinting is the process of collecting publicly available information
about a target to understand its structure and potential weaknesses.
4. Which tool is commonly used for network scanning?
A. Wireshark
B. Nmap
C. John the Ripper
D. Netcat
Nmap (Network Mapper) is widely used to discover hosts, services,
and vulnerabilities on a network.
5. Social engineering attacks primarily exploit:
A. Hardware vulnerabilities
B. Software bugs
, C. Human psychology
D. Encryption algorithms
Social engineering relies on manipulating human behavior, such as
tricking someone into revealing passwords or clicking malicious links.
6. Which type of scanning attempts to determine the operating
system of a target host?
A. Port scanning
B. OS fingerprinting
C. Vulnerability scanning
D. Packet sniffing
OS fingerprinting analyzes responses from a target system to
determine its operating system, which helps in planning attacks or
defenses.
7. Which attack sends forged ARP messages to a local network?
A. Smurf attack
B. SYN flood
C. ARP poisoning
D. DNS spoofing
ARP poisoning (or ARP spoofing) involves sending false ARP messages
to associate the attacker’s MAC address with the IP of another device,
allowing interception of traffic.
, 8. What is the main purpose of a penetration test?
A. To crash a system
B. To evaluate system security by simulating an attack
C. To monitor employee behavior
D. To replace antivirus software
Penetration testing is a controlled, authorized attempt to exploit
vulnerabilities to understand the security level of a system.
9. Which of the following is a passive reconnaissance technique?
A. Port scanning
B. Google hacking
C. Vulnerability scanning
D. Exploitation
Passive reconnaissance collects information without directly
interacting with the target system, such as using search engines to
find sensitive data.
10. Which protocol is primarily used to securely manage
network devices remotely?
A. Telnet
B. HTTP
C. FTP
D. SSH
Correct Answers (Verified Answers) Plus
Rationales 2026 Q&A | Instant Download Pdf
1. Which of the following is the primary purpose of ethical hacking?
A. To steal confidential information
B. To identify and fix security vulnerabilities
C. To bypass security laws
D. To disrupt system operations
Ethical hacking involves legally testing systems to find vulnerabilities
before malicious hackers exploit them, helping organizations
strengthen their security posture.
2. Which phase of ethical hacking involves gathering information
about the target system?
A. Scanning
B. Exploitation
C. Reconnaissance
D. Reporting
,Reconnaissance is the initial phase where the hacker gathers as much
information as possible about the target, such as IP addresses, domain
names, and network topology.
3. What is footprinting in the context of ethical hacking?
A. Exploiting vulnerabilities
B. Collecting information about a target system
C. Denial-of-service attacks
D. Installing malware
Footprinting is the process of collecting publicly available information
about a target to understand its structure and potential weaknesses.
4. Which tool is commonly used for network scanning?
A. Wireshark
B. Nmap
C. John the Ripper
D. Netcat
Nmap (Network Mapper) is widely used to discover hosts, services,
and vulnerabilities on a network.
5. Social engineering attacks primarily exploit:
A. Hardware vulnerabilities
B. Software bugs
, C. Human psychology
D. Encryption algorithms
Social engineering relies on manipulating human behavior, such as
tricking someone into revealing passwords or clicking malicious links.
6. Which type of scanning attempts to determine the operating
system of a target host?
A. Port scanning
B. OS fingerprinting
C. Vulnerability scanning
D. Packet sniffing
OS fingerprinting analyzes responses from a target system to
determine its operating system, which helps in planning attacks or
defenses.
7. Which attack sends forged ARP messages to a local network?
A. Smurf attack
B. SYN flood
C. ARP poisoning
D. DNS spoofing
ARP poisoning (or ARP spoofing) involves sending false ARP messages
to associate the attacker’s MAC address with the IP of another device,
allowing interception of traffic.
, 8. What is the main purpose of a penetration test?
A. To crash a system
B. To evaluate system security by simulating an attack
C. To monitor employee behavior
D. To replace antivirus software
Penetration testing is a controlled, authorized attempt to exploit
vulnerabilities to understand the security level of a system.
9. Which of the following is a passive reconnaissance technique?
A. Port scanning
B. Google hacking
C. Vulnerability scanning
D. Exploitation
Passive reconnaissance collects information without directly
interacting with the target system, such as using search engines to
find sensitive data.
10. Which protocol is primarily used to securely manage
network devices remotely?
A. Telnet
B. HTTP
C. FTP
D. SSH
