CEH – Certified Ethical Hacker
Level 2 – Intermediate (Exam 2)
Time allowed: 1 hour
Total marks: 40
Pass mark: 26 (65%)
Instructions: Answer all questions. Write your answers in the spaces provided. Marks are
shown in brackets [ ] at the end of each question.
Section A: Multiple Choice (10 marks)
Circle the correct answer.
1. Which Nmap option is used to detect operating system information?
A) -sV
B) -O
C) -A
D) -sS
[1 mark]
2. What is the purpose of Netcat (nc)?
A) Port scanning only
B) TCP/IP swiss army knife – reading/writing data across network connections
C) Password cracking
D) Packet sniffing only
[1 mark]
3. Which tool is part of the Metasploit Framework and is used to deliver exploit payloads?
A) Nmap
B) John the Ripper
C) Msfvenom
D) Wireshark
[1 mark]
4. What type of attack sends ICMP echo requests to broadcast addresses with a spoofed
source IP?
A) SYN flood
B) Smurf attack
C) Ping of death
, D) DNS amplification
[1 mark]
5. Which of the following is a cryptographic hash function commonly used for password
hashing?
A) AES
B) RSA
C) bcrypt
D) RC4
[1 mark]
6. What does the XMAS scan send?
A) SYN, ACK, RST flags
B) FIN, PSH, URG flags
C) SYN, FIN, ACK flags
D) RST, ACK, FIN flags
[1 mark]
7. Which type of malware self-replicates without attaching to a host file?
A) Virus
B) Worm
C) Trojan
D) Rootkit
[1 mark]
8. What is the purpose of John the Ripper?
A) Network scanning
B) Password cracking
C) Packet analysis
D) Vulnerability exploitation
[1 mark]
9. Which of the following is a common default port for Microsoft SMB (Server Message
Block)?
A) 21
B) 139
C) 443
D) 3389
[1 mark]
10. What does CVE stand for?
A) Common Vulnerability and Exposure
B) Certified Vulnerability Exploit
C) Critical Vulnerability Enumeration
D) Common Vulnerability Exploit
[1 mark]
Level 2 – Intermediate (Exam 2)
Time allowed: 1 hour
Total marks: 40
Pass mark: 26 (65%)
Instructions: Answer all questions. Write your answers in the spaces provided. Marks are
shown in brackets [ ] at the end of each question.
Section A: Multiple Choice (10 marks)
Circle the correct answer.
1. Which Nmap option is used to detect operating system information?
A) -sV
B) -O
C) -A
D) -sS
[1 mark]
2. What is the purpose of Netcat (nc)?
A) Port scanning only
B) TCP/IP swiss army knife – reading/writing data across network connections
C) Password cracking
D) Packet sniffing only
[1 mark]
3. Which tool is part of the Metasploit Framework and is used to deliver exploit payloads?
A) Nmap
B) John the Ripper
C) Msfvenom
D) Wireshark
[1 mark]
4. What type of attack sends ICMP echo requests to broadcast addresses with a spoofed
source IP?
A) SYN flood
B) Smurf attack
C) Ping of death
, D) DNS amplification
[1 mark]
5. Which of the following is a cryptographic hash function commonly used for password
hashing?
A) AES
B) RSA
C) bcrypt
D) RC4
[1 mark]
6. What does the XMAS scan send?
A) SYN, ACK, RST flags
B) FIN, PSH, URG flags
C) SYN, FIN, ACK flags
D) RST, ACK, FIN flags
[1 mark]
7. Which type of malware self-replicates without attaching to a host file?
A) Virus
B) Worm
C) Trojan
D) Rootkit
[1 mark]
8. What is the purpose of John the Ripper?
A) Network scanning
B) Password cracking
C) Packet analysis
D) Vulnerability exploitation
[1 mark]
9. Which of the following is a common default port for Microsoft SMB (Server Message
Block)?
A) 21
B) 139
C) 443
D) 3389
[1 mark]
10. What does CVE stand for?
A) Common Vulnerability and Exposure
B) Certified Vulnerability Exploit
C) Critical Vulnerability Enumeration
D) Common Vulnerability Exploit
[1 mark]
