CEH – Certified Ethical Hacker
Level 1 – Foundation (Exam 1)
Time allowed: 1 hour
Total marks: 40
Pass mark: 26 (65%)
Instructions: Answer all questions. Write your answers in the spaces provided. Marks are
shown in brackets [ ] at the end of each question.
Section A: Multiple Choice (10 marks)
Circle the correct answer.
1. What is the primary difference between ethical hacking and malicious hacking?
A) Ethical hackers use different tools
B) Ethical hackers have written permission and authorisation
C) Malicious hackers are more skilled
D) Ethical hackers only test network security
[1 mark]
2. During which phase of ethical hacking does the tester gather information about the target
without directly interacting with the target systems?
A) Scanning
B) Gaining Access
C) Passive Reconnaissance
D) Maintaining Access
[1 mark]
3. Which type of scan sends a packet with the FIN flag set to determine if a port is open?
A) TCP Connect scan
B) SYN scan
C) XMAS scan
D) FIN scan
[1 mark]
4. A NULL scan sends a TCP packet with:
A) SYN flag set
B) ACK flag set
C) No flags set
, D) FIN and PSH flags set
[1 mark]
5. What is the default port for Nmap when no port is specified?
A) 1-100
B) 1-500
C) 1-1000
D) 1-1024
[1 mark]
6. Which Nmap option performs a stealth SYN scan?
A) -sT
B) -sS
C) -sU
D) -sA
[1 mark]
7. Which tool is commonly used for password cracking?
A) Nmap
B) Wireshark
C) John the Ripper
D) Metasploit
[1 mark]
8. What is the purpose of a packet sniffer like Wireshark?
A) To crack passwords
B) To capture and analyse network traffic
C) To scan for open ports
D) To exploit vulnerabilities
[1 mark]
9. Which of the following is a footprinting technique?
A) Port scanning
B) WHOIS lookup
C) Password cracking
D) Buffer overflow exploitation
[1 mark]
10. What does OSINT stand for?
A) Operating System Intelligence
B) Open Source Intelligence
C) Online Security Information
D) Offensive Security Intelligence
[1 mark]
Level 1 – Foundation (Exam 1)
Time allowed: 1 hour
Total marks: 40
Pass mark: 26 (65%)
Instructions: Answer all questions. Write your answers in the spaces provided. Marks are
shown in brackets [ ] at the end of each question.
Section A: Multiple Choice (10 marks)
Circle the correct answer.
1. What is the primary difference between ethical hacking and malicious hacking?
A) Ethical hackers use different tools
B) Ethical hackers have written permission and authorisation
C) Malicious hackers are more skilled
D) Ethical hackers only test network security
[1 mark]
2. During which phase of ethical hacking does the tester gather information about the target
without directly interacting with the target systems?
A) Scanning
B) Gaining Access
C) Passive Reconnaissance
D) Maintaining Access
[1 mark]
3. Which type of scan sends a packet with the FIN flag set to determine if a port is open?
A) TCP Connect scan
B) SYN scan
C) XMAS scan
D) FIN scan
[1 mark]
4. A NULL scan sends a TCP packet with:
A) SYN flag set
B) ACK flag set
C) No flags set
, D) FIN and PSH flags set
[1 mark]
5. What is the default port for Nmap when no port is specified?
A) 1-100
B) 1-500
C) 1-1000
D) 1-1024
[1 mark]
6. Which Nmap option performs a stealth SYN scan?
A) -sT
B) -sS
C) -sU
D) -sA
[1 mark]
7. Which tool is commonly used for password cracking?
A) Nmap
B) Wireshark
C) John the Ripper
D) Metasploit
[1 mark]
8. What is the purpose of a packet sniffer like Wireshark?
A) To crack passwords
B) To capture and analyse network traffic
C) To scan for open ports
D) To exploit vulnerabilities
[1 mark]
9. Which of the following is a footprinting technique?
A) Port scanning
B) WHOIS lookup
C) Password cracking
D) Buffer overflow exploitation
[1 mark]
10. What does OSINT stand for?
A) Operating System Intelligence
B) Open Source Intelligence
C) Online Security Information
D) Offensive Security Intelligence
[1 mark]
