CEH Study Guide comprehensive
-exam elaborations with 100% verified answer/solutions-
Excel & Succeed - academic year (2026-2027)
447 Q&A
Marin is using the mitmf tool during a penetration test and after few
minutes this is what pops up on the screen.
https://gyazo.com/f236b38e6142c7a952aaeb131b191dbf
A few seconds later though, the hash is different.
https://gyazo.com/1a8ef848907300ff5af44c0d94de9a75
(A) This is Microsoft NTLMv2 hash—it's salted, so it will be different for
every new request.
(B) This is Microsoft NTLMv2 hash. It's different because this is another
user accessing the website.
(C) This is Microsoft NTLMv2 hash. It's different because user is visiting
another website. Each website will have its own unique hash.
(D) This is Microsoft NTLMv2 hash. It's different because user changed
the password in the meantime
A
Juan is the administrator of a Windows domain for a global
corporation. He uses his knowledge to scan the internal network to
find vulnerabilities without the authorization of his boss; he tries to
perform an attack and gain access to an AIX server to show the
results to his boss. What kind of role is shown in the scenario?
(A) Gray Hat hacker
,(B) White Hat hacker
(C) Annoying Employee
(D) Black Hat hacker
A
A computer technician is using the latest version of a word-
processing software and discovers that a particular sequence of
characters is causing the entire computer to crash. The technician
researches the bug and discovers that no one else has
experienced the problem. What is the appropriate next step?
(A) Find an underground bulletin board and attempt to sell the bug to the
highest bidder
(B) Ignore the problem completely and let someone else deal with it
(C) Create a document that will crash the computer when opened and
send it to friends
(D) Notify the vendor of the bug and do not disclose it until the vendor
gets a chance to issue a fix
D
Stephany is the leader of an information security team of a global
corporation that has several branch offices around the world. In the past
six months, the company has suffered several security incidents. The
CSIRT explains to Stephany that the incidents have something in
common: the source IP addresses of all the incidents are from one of the
new branches. A lot of the outsourcing staff come to this office to
connect their computers to the LAN. What is the most accurate security
control to implement to resolve the primary source of the incidents?
(A) Internal Firewall
(B) Network access control (NAC)
(C) Antimalware application
(D) Awareness to employees
B
A CEH is approached by a friend who believes her husband is cheating.
She offers to pay to break into her husband's email account in order to
find proof so she can take him to court. What is the ethical response?
,(A) Say yes; do the job for free
(B) Say no; make sure the friend knows the risk she's asking the CEH to
take
(C) Say no; the friend is not the owner of the account
(D) Say yes; the friend needs help to gather evidence
C
A security consultant is trying to bid on a large contract that
involves penetration testing and reporting. The company accepting
bids wants proof of work, so the consultant prints out several audits
that they have performed for previous companies. Which of the
following is likely to occur as a result?
(A) The consultant may expose vulnerabilities of other companies.
(B) The consultant will ask for money on the bid because of the great
work
(C) The company accepting bids will hire the consultant because of the
great work performed
(D) The company accepting bids will want the same type of format of
testing
A
Anonymous, a known hacker group, claim to have taken down
20,000 Twitter accounts linked to Islamic State in response to the
Paris attacks that left 130 people dead. How can you categorize
this attack by Anonymous?
(A) Cracking
(B) Spoofing
(C) Hacktivism
(D) Social Engineering
C
In which of the following hacking phases does an attacker try to
detect listening ports to find information about the nature of
services running on the target machine?
(A) Maintaining Access
(B) Cleaning Tracks
, (C) Scanning
(D) Gaining access
C
What is the correct order of steps in the system hacking cycle?
(A) Escalating Privileges -> Gaining Access -> Executing Applications ->
Covering Tracks -> Hiding Files
(B) Gaining Access -> Escalating Privileges -> Executing Applications ->
Hiding Files -> Covering Tracks
(C) Executing Applications -> Gaining Access -> Covering Tracks ->
Escalating Privileges -> Hiding Files
(D) Covering Tracks -> Hiding Files -> Escalating Privileges -> Executing
Applications -> Gaining Access
B
What is the objective of a reconnaissance phase in a hacking life-
cycle?
(A) Gaining access to the target system with admin/root level privileges
(B) Gaining access to the target system and network
(C) Gathering as much information as possible about the target
(D) Identifying specific vulnerabilities in the target network
C
Which of the following is an active reconnaissance technique?
(A) Scanning a system by using tools to detect open port
(B) Collecting information about a target from search engines
(C) Collecting contact information from yellow pages
(D) Performing Dumpster Diving
A
An ethical hacker for a large security research firm performs penetration
tests, vulnerability tests, and risk assessments. A friend recently started
a company and asks the hacker to perform a penetration test and
vulnerability assessment of the new company as a favor.
What should the hacker's next step be before starting work on this job?
-exam elaborations with 100% verified answer/solutions-
Excel & Succeed - academic year (2026-2027)
447 Q&A
Marin is using the mitmf tool during a penetration test and after few
minutes this is what pops up on the screen.
https://gyazo.com/f236b38e6142c7a952aaeb131b191dbf
A few seconds later though, the hash is different.
https://gyazo.com/1a8ef848907300ff5af44c0d94de9a75
(A) This is Microsoft NTLMv2 hash—it's salted, so it will be different for
every new request.
(B) This is Microsoft NTLMv2 hash. It's different because this is another
user accessing the website.
(C) This is Microsoft NTLMv2 hash. It's different because user is visiting
another website. Each website will have its own unique hash.
(D) This is Microsoft NTLMv2 hash. It's different because user changed
the password in the meantime
A
Juan is the administrator of a Windows domain for a global
corporation. He uses his knowledge to scan the internal network to
find vulnerabilities without the authorization of his boss; he tries to
perform an attack and gain access to an AIX server to show the
results to his boss. What kind of role is shown in the scenario?
(A) Gray Hat hacker
,(B) White Hat hacker
(C) Annoying Employee
(D) Black Hat hacker
A
A computer technician is using the latest version of a word-
processing software and discovers that a particular sequence of
characters is causing the entire computer to crash. The technician
researches the bug and discovers that no one else has
experienced the problem. What is the appropriate next step?
(A) Find an underground bulletin board and attempt to sell the bug to the
highest bidder
(B) Ignore the problem completely and let someone else deal with it
(C) Create a document that will crash the computer when opened and
send it to friends
(D) Notify the vendor of the bug and do not disclose it until the vendor
gets a chance to issue a fix
D
Stephany is the leader of an information security team of a global
corporation that has several branch offices around the world. In the past
six months, the company has suffered several security incidents. The
CSIRT explains to Stephany that the incidents have something in
common: the source IP addresses of all the incidents are from one of the
new branches. A lot of the outsourcing staff come to this office to
connect their computers to the LAN. What is the most accurate security
control to implement to resolve the primary source of the incidents?
(A) Internal Firewall
(B) Network access control (NAC)
(C) Antimalware application
(D) Awareness to employees
B
A CEH is approached by a friend who believes her husband is cheating.
She offers to pay to break into her husband's email account in order to
find proof so she can take him to court. What is the ethical response?
,(A) Say yes; do the job for free
(B) Say no; make sure the friend knows the risk she's asking the CEH to
take
(C) Say no; the friend is not the owner of the account
(D) Say yes; the friend needs help to gather evidence
C
A security consultant is trying to bid on a large contract that
involves penetration testing and reporting. The company accepting
bids wants proof of work, so the consultant prints out several audits
that they have performed for previous companies. Which of the
following is likely to occur as a result?
(A) The consultant may expose vulnerabilities of other companies.
(B) The consultant will ask for money on the bid because of the great
work
(C) The company accepting bids will hire the consultant because of the
great work performed
(D) The company accepting bids will want the same type of format of
testing
A
Anonymous, a known hacker group, claim to have taken down
20,000 Twitter accounts linked to Islamic State in response to the
Paris attacks that left 130 people dead. How can you categorize
this attack by Anonymous?
(A) Cracking
(B) Spoofing
(C) Hacktivism
(D) Social Engineering
C
In which of the following hacking phases does an attacker try to
detect listening ports to find information about the nature of
services running on the target machine?
(A) Maintaining Access
(B) Cleaning Tracks
, (C) Scanning
(D) Gaining access
C
What is the correct order of steps in the system hacking cycle?
(A) Escalating Privileges -> Gaining Access -> Executing Applications ->
Covering Tracks -> Hiding Files
(B) Gaining Access -> Escalating Privileges -> Executing Applications ->
Hiding Files -> Covering Tracks
(C) Executing Applications -> Gaining Access -> Covering Tracks ->
Escalating Privileges -> Hiding Files
(D) Covering Tracks -> Hiding Files -> Escalating Privileges -> Executing
Applications -> Gaining Access
B
What is the objective of a reconnaissance phase in a hacking life-
cycle?
(A) Gaining access to the target system with admin/root level privileges
(B) Gaining access to the target system and network
(C) Gathering as much information as possible about the target
(D) Identifying specific vulnerabilities in the target network
C
Which of the following is an active reconnaissance technique?
(A) Scanning a system by using tools to detect open port
(B) Collecting information about a target from search engines
(C) Collecting contact information from yellow pages
(D) Performing Dumpster Diving
A
An ethical hacker for a large security research firm performs penetration
tests, vulnerability tests, and risk assessments. A friend recently started
a company and asks the hacker to perform a penetration test and
vulnerability assessment of the new company as a favor.
What should the hacker's next step be before starting work on this job?
