CERTIFIED ETHICAL HACKER (CEH)
FINAL EXAM — 300 REVISION MCQs
( TEST BANK )
These 300 questions cover all major CEH domains: Reconnaissance, Scanning, Enumeration,
System Hacking, Malware, Sniffing, Social Engineering, DoS/DDoS, Session Hijacking, Web
Application Hacking, Cryptography, Wireless Security, Cloud Security, IoT, and more.
1. What is the primary goal of ethical hacking?
A. To steal sensitive data from organisations B. To identify and exploit vulnerabilities before
malicious hackers do C. To develop malware for testing purposes D. To bypass all security
controls permanently
(B) Correct Answer: To identify and exploit vulnerabilities before malicious hackers do
Rationale: Ethical hacking (penetration testing) is an authorised attempt to identify
security weaknesses in systems, networks, and applications so organisations can fix them
before malicious attackers exploit them.
2. Which of the following best defines a "vulnerability" in cybersecurity?
A. A successful attack on a system B. A weakness in a system that can be exploited by a threat
C. A type of malware D. An unauthorised user on a network
(B) Correct Answer: A weakness in a system that can be exploited by a threat
Rationale: A vulnerability is a flaw or weakness in a system's design, implementation, or
configuration that could be exploited by a threat actor to compromise security. Risk =
Threat × Vulnerability × Impact.
3. Which phase of ethical hacking involves gathering information about a target without
directly interacting with it?
A. Scanning B. Gaining access C. Passive reconnaissance D. Maintaining access
,(C) Correct Answer: Passive reconnaissance
Rationale: Passive reconnaissance involves collecting information about a target using
public sources (e.g., WHOIS, Google, social media) without directly interacting with the
target system, making it difficult to detect.
4. What does the acronym "CIA" stand for in information security?
A. Central Intelligence Agency B. Confidentiality, Integrity, Availability C. Control,
Identification, Authentication D. Cyber, Infrastructure, Access
(B) Correct Answer: Confidentiality, Integrity, Availability
Rationale: The CIA Triad is the foundational model of information security.
Confidentiality ensures data is accessed only by authorised users; Integrity ensures data
accuracy; Availability ensures systems are accessible when needed.
5. Which tool is most commonly used for network port scanning?
A. Metasploit B. Wireshark C. Nmap D. Burp Suite
(C) Correct Answer: Nmap
Rationale: Nmap (Network Mapper) is the industry-standard open-source tool for network
discovery and security auditing, used to scan hosts, identify open ports, detect operating
systems, and enumerate services.
6. What type of attack involves sending more data to a buffer than it can handle?
A. SQL injection B. Buffer overflow C. Cross-site scripting D. Man-in-the-middle
(B) Correct Answer: Buffer overflow
Rationale: A buffer overflow occurs when a program writes more data to a buffer than it is
allocated, overwriting adjacent memory. This can allow attackers to execute arbitrary code
or crash systems.
7. Which of the following is an example of social engineering?
,A. Port scanning a target network B. Exploiting a zero-day vulnerability C. Phishing emails that
trick users into revealing passwords D. SQL injection on a web application
(C) Correct Answer: Phishing emails that trick users into revealing passwords
Rationale: Social engineering manipulates people rather than systems, exploiting human
psychology to obtain confidential information. Phishing is the most common form —
sending deceptive emails to trick users into disclosing credentials.
8. What is a "zero-day" vulnerability?
A. A vulnerability that has been patched within 24 hours B. A vulnerability that is publicly
unknown and has no available patch C. An attack that occurs at midnight D. A vulnerability with
zero impact on the system
(B) Correct Answer: A vulnerability that is publicly unknown and has no available patch
Rationale: A zero-day vulnerability is a security flaw unknown to the vendor, for which no
patch exists. It is extremely dangerous because defenders have had zero days to address it
before it can be exploited.
9. Which of the following describes a "man-in-the-middle" (MITM) attack?
A. An attacker floods a server with traffic B. An attacker intercepts and potentially alters
communication between two parties C. An attacker injects malicious code into a database D. An
attacker installs ransomware on a system
(B) Correct Answer: An attacker intercepts and potentially alters communication between
two parties
Rationale: In a MITM attack, the attacker secretly positions themselves between two
communicating parties, intercepting, reading, and potentially modifying data in transit —
without either party's knowledge.
10. Which of the following is the correct order of the CEH hacking methodology?
A. Gaining Access → Reconnaissance → Scanning → Maintaining Access → Covering Tracks
B. Reconnaissance → Scanning → Gaining Access → Maintaining Access → Covering Tracks
C. Scanning → Reconnaissance → Gaining Access → Covering Tracks → Maintaining Access
D. Reconnaissance → Gaining Access → Scanning → Covering Tracks → Maintaining Access
, (B) Correct Answer: Reconnaissance → Scanning → Gaining Access → Maintaining
Access → Covering Tracks
Rationale: The five phases of ethical hacking are: (1) Reconnaissance (information
gathering), (2) Scanning (identifying open ports/vulnerabilities), (3) Gaining Access
(exploitation), (4) Maintaining Access (persistence), (5) Covering Tracks (removing
evidence).
11. What does "footprinting" refer to in ethical hacking?
A. Installing keyloggers on target systems B. Systematically collecting information about a target
organisation C. Scanning for open ports on a network D. Exploiting web application
vulnerabilities
(B) Correct Answer: Systematically collecting information about a target organisation
Rationale: Footprinting is the first step in ethical hacking — collecting detailed
information about the target (IP ranges, domain names, employee info, technologies used)
to plan the attack strategy.
12. Which of the following tools is used for password cracking?
A. Nmap B. Wireshark C. John the Ripper D. Netcat
(C) Correct Answer: John the Ripper
Rationale: John the Ripper is a popular open-source password cracking tool that uses
dictionary attacks, brute force, and rainbow table attacks to crack password hashes. Other
common tools include Hashcat and THC Hydra.
13. What is a "denial of service" (DoS) attack?
A. An attack that steals user credentials B. An attack that overwhelms a system with traffic,
making it unavailable to legitimate users C. An attack that intercepts network packets D. An
attack that modifies database records
(B) Correct Answer: An attack that overwhelms a system with traffic, making it
unavailable to legitimate users
FINAL EXAM — 300 REVISION MCQs
( TEST BANK )
These 300 questions cover all major CEH domains: Reconnaissance, Scanning, Enumeration,
System Hacking, Malware, Sniffing, Social Engineering, DoS/DDoS, Session Hijacking, Web
Application Hacking, Cryptography, Wireless Security, Cloud Security, IoT, and more.
1. What is the primary goal of ethical hacking?
A. To steal sensitive data from organisations B. To identify and exploit vulnerabilities before
malicious hackers do C. To develop malware for testing purposes D. To bypass all security
controls permanently
(B) Correct Answer: To identify and exploit vulnerabilities before malicious hackers do
Rationale: Ethical hacking (penetration testing) is an authorised attempt to identify
security weaknesses in systems, networks, and applications so organisations can fix them
before malicious attackers exploit them.
2. Which of the following best defines a "vulnerability" in cybersecurity?
A. A successful attack on a system B. A weakness in a system that can be exploited by a threat
C. A type of malware D. An unauthorised user on a network
(B) Correct Answer: A weakness in a system that can be exploited by a threat
Rationale: A vulnerability is a flaw or weakness in a system's design, implementation, or
configuration that could be exploited by a threat actor to compromise security. Risk =
Threat × Vulnerability × Impact.
3. Which phase of ethical hacking involves gathering information about a target without
directly interacting with it?
A. Scanning B. Gaining access C. Passive reconnaissance D. Maintaining access
,(C) Correct Answer: Passive reconnaissance
Rationale: Passive reconnaissance involves collecting information about a target using
public sources (e.g., WHOIS, Google, social media) without directly interacting with the
target system, making it difficult to detect.
4. What does the acronym "CIA" stand for in information security?
A. Central Intelligence Agency B. Confidentiality, Integrity, Availability C. Control,
Identification, Authentication D. Cyber, Infrastructure, Access
(B) Correct Answer: Confidentiality, Integrity, Availability
Rationale: The CIA Triad is the foundational model of information security.
Confidentiality ensures data is accessed only by authorised users; Integrity ensures data
accuracy; Availability ensures systems are accessible when needed.
5. Which tool is most commonly used for network port scanning?
A. Metasploit B. Wireshark C. Nmap D. Burp Suite
(C) Correct Answer: Nmap
Rationale: Nmap (Network Mapper) is the industry-standard open-source tool for network
discovery and security auditing, used to scan hosts, identify open ports, detect operating
systems, and enumerate services.
6. What type of attack involves sending more data to a buffer than it can handle?
A. SQL injection B. Buffer overflow C. Cross-site scripting D. Man-in-the-middle
(B) Correct Answer: Buffer overflow
Rationale: A buffer overflow occurs when a program writes more data to a buffer than it is
allocated, overwriting adjacent memory. This can allow attackers to execute arbitrary code
or crash systems.
7. Which of the following is an example of social engineering?
,A. Port scanning a target network B. Exploiting a zero-day vulnerability C. Phishing emails that
trick users into revealing passwords D. SQL injection on a web application
(C) Correct Answer: Phishing emails that trick users into revealing passwords
Rationale: Social engineering manipulates people rather than systems, exploiting human
psychology to obtain confidential information. Phishing is the most common form —
sending deceptive emails to trick users into disclosing credentials.
8. What is a "zero-day" vulnerability?
A. A vulnerability that has been patched within 24 hours B. A vulnerability that is publicly
unknown and has no available patch C. An attack that occurs at midnight D. A vulnerability with
zero impact on the system
(B) Correct Answer: A vulnerability that is publicly unknown and has no available patch
Rationale: A zero-day vulnerability is a security flaw unknown to the vendor, for which no
patch exists. It is extremely dangerous because defenders have had zero days to address it
before it can be exploited.
9. Which of the following describes a "man-in-the-middle" (MITM) attack?
A. An attacker floods a server with traffic B. An attacker intercepts and potentially alters
communication between two parties C. An attacker injects malicious code into a database D. An
attacker installs ransomware on a system
(B) Correct Answer: An attacker intercepts and potentially alters communication between
two parties
Rationale: In a MITM attack, the attacker secretly positions themselves between two
communicating parties, intercepting, reading, and potentially modifying data in transit —
without either party's knowledge.
10. Which of the following is the correct order of the CEH hacking methodology?
A. Gaining Access → Reconnaissance → Scanning → Maintaining Access → Covering Tracks
B. Reconnaissance → Scanning → Gaining Access → Maintaining Access → Covering Tracks
C. Scanning → Reconnaissance → Gaining Access → Covering Tracks → Maintaining Access
D. Reconnaissance → Gaining Access → Scanning → Covering Tracks → Maintaining Access
, (B) Correct Answer: Reconnaissance → Scanning → Gaining Access → Maintaining
Access → Covering Tracks
Rationale: The five phases of ethical hacking are: (1) Reconnaissance (information
gathering), (2) Scanning (identifying open ports/vulnerabilities), (3) Gaining Access
(exploitation), (4) Maintaining Access (persistence), (5) Covering Tracks (removing
evidence).
11. What does "footprinting" refer to in ethical hacking?
A. Installing keyloggers on target systems B. Systematically collecting information about a target
organisation C. Scanning for open ports on a network D. Exploiting web application
vulnerabilities
(B) Correct Answer: Systematically collecting information about a target organisation
Rationale: Footprinting is the first step in ethical hacking — collecting detailed
information about the target (IP ranges, domain names, employee info, technologies used)
to plan the attack strategy.
12. Which of the following tools is used for password cracking?
A. Nmap B. Wireshark C. John the Ripper D. Netcat
(C) Correct Answer: John the Ripper
Rationale: John the Ripper is a popular open-source password cracking tool that uses
dictionary attacks, brute force, and rainbow table attacks to crack password hashes. Other
common tools include Hashcat and THC Hydra.
13. What is a "denial of service" (DoS) attack?
A. An attack that steals user credentials B. An attack that overwhelms a system with traffic,
making it unavailable to legitimate users C. An attack that intercepts network packets D. An
attack that modifies database records
(B) Correct Answer: An attack that overwhelms a system with traffic, making it
unavailable to legitimate users
