CEH – Certified Ethical Hacker
Level 3 – Advanced (Exam 3)
Time allowed: 1 hour
Total marks: 40
Pass mark: 26 (65%)
Instructions: Answer all questions. Write your answers in the spaces provided. Marks are
shown in brackets [ ] at the end of each question.
Section A: Multiple Choice (10 marks)
Circle the correct answer.
1. Which Nmap script engine (NSE) category contains scripts that could be disruptive or cause
denial of service?
A) safe
B) intrusive
C) version
D) discovery
[1 mark]
2. What is the purpose of Mimikatz?
A) Network scanning
B) Credential extraction from Windows memory (e.g., LSASS)
C) Wireless password cracking
D) Web application fuzzing
[1 mark]
3. Which of the following is an example of a passive sniffing technique?
A) ARP poisoning
B) Capturing traffic on a hub network
C) MAC flooding
D) DHCP spoofing
[1 mark]
4. What does the HTTP response code 403 indicate?
A) Page found
B) Page moved permanently
C) Forbidden – access denied
, D) Internal server error
[1 mark]
5. Which tool is used to perform Wi-Fi deauthentication attacks?
A) Aircrack-ng
B) John the Ripper
C) Metasploit
D) Wireshark
[1 mark]
6. What type of attack sends fragmented packets to evade IDS/IPS detection?
A) Fragmentation attack
B) Session hijacking
C) DNS spoofing
D) ARP poisoning
[1 mark]
7. Which tool is commonly used for web application fuzzing?
A) Burp Suite Intruder
B) Nmap
C) Wireshark
D) Hydra
[1 mark]
8. What is the purpose of a reverse shell?
A) The target connects back to the attacker's machine
B) The attacker connects directly to the target
C) The shell is encrypted
D) The shell is hidden from process lists
[1 mark]
9. Which of the following is a post‑exploitation activity?
A) Port scanning
B) Password cracking of captured hashes
C) Pivoting to other network segments
D) SYN scan
[1 mark]
10. What does the -w option in Nmap control?
A) Scan delay
B) Script scan
C) Timing template
D) Port range
[1 mark]
Level 3 – Advanced (Exam 3)
Time allowed: 1 hour
Total marks: 40
Pass mark: 26 (65%)
Instructions: Answer all questions. Write your answers in the spaces provided. Marks are
shown in brackets [ ] at the end of each question.
Section A: Multiple Choice (10 marks)
Circle the correct answer.
1. Which Nmap script engine (NSE) category contains scripts that could be disruptive or cause
denial of service?
A) safe
B) intrusive
C) version
D) discovery
[1 mark]
2. What is the purpose of Mimikatz?
A) Network scanning
B) Credential extraction from Windows memory (e.g., LSASS)
C) Wireless password cracking
D) Web application fuzzing
[1 mark]
3. Which of the following is an example of a passive sniffing technique?
A) ARP poisoning
B) Capturing traffic on a hub network
C) MAC flooding
D) DHCP spoofing
[1 mark]
4. What does the HTTP response code 403 indicate?
A) Page found
B) Page moved permanently
C) Forbidden – access denied
, D) Internal server error
[1 mark]
5. Which tool is used to perform Wi-Fi deauthentication attacks?
A) Aircrack-ng
B) John the Ripper
C) Metasploit
D) Wireshark
[1 mark]
6. What type of attack sends fragmented packets to evade IDS/IPS detection?
A) Fragmentation attack
B) Session hijacking
C) DNS spoofing
D) ARP poisoning
[1 mark]
7. Which tool is commonly used for web application fuzzing?
A) Burp Suite Intruder
B) Nmap
C) Wireshark
D) Hydra
[1 mark]
8. What is the purpose of a reverse shell?
A) The target connects back to the attacker's machine
B) The attacker connects directly to the target
C) The shell is encrypted
D) The shell is hidden from process lists
[1 mark]
9. Which of the following is a post‑exploitation activity?
A) Port scanning
B) Password cracking of captured hashes
C) Pivoting to other network segments
D) SYN scan
[1 mark]
10. What does the -w option in Nmap control?
A) Scan delay
B) Script scan
C) Timing template
D) Port range
[1 mark]
