CERTIFIED ETHICAL HACKER (CEH) – PRACTICE QUESTIONS AND CORRECT
ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT
DOWNLOAD PDF.
Core Domains
- Information Security and Ethical Hacking Overview
- Reconnaissance Techniques and Footprinting
- System Hacking and Vulnerability Analysis
- Network and Perimeter Hacking
- Web Application and Database Attacks
- Wireless, Mobile, and IoT Security
- Cloud Computing and Cryptography
- Incident Response and Forensic Analysis
Introduction
The purpose of this comprehensive assessment is to evaluate a candidate’s
proficiency in the tools, techniques, and methodologies required for ethical hacking.
This exam assesses skills in identifying vulnerabilities, securing networks, and
understanding the legal and ethical frameworks of cybersecurity. The assessment is
structured using multiple-choice and scenario-based questions that mirror the
,complexity of modern threat environments. With a strong emphasis on real-world
application, candidates must demonstrate critical thinking and decision-making
capabilities to mitigate risks effectively. Success in this assessment validates a deep
understanding of offensive security strategies and defensive countermeasures.
SECTION ONE: QUESTIONS 1–100
1. Which phase of the hacking process involves gathering information about a
target without directly interacting with the target systems?
A. Scanning
B. Gaining Access
C. Reconnaissance
D. Maintaining Access
🟢 Correct answer C. Reconnaissance
🔴 RATIONALE: Reconnaissance is the preliminary phase where an attacker gathers
information about a target, often using passive methods like searching public records
or social media.
2. A security professional is performing a penetration test and uses the tool Nmap
to identify open ports on a server. Which type of activity is this?
,A. Passive Footprinting
B. Active Scanning
C. Enumeration
D. Vulnerability Assessment
🟢 Correct answer B. Active Scanning
🔴 RATIONALE: Active scanning involves direct interaction with the target system,
such as sending packets to ports to determine their status.
3. Under the EC-Council Code of Ethics, what is a primary responsibility of a
Certified Ethical Hacker?
A. Disclosing all vulnerabilities to the public immediately
B. Protecting intellectual property of the employer or client
C. Using discovered exploits for personal financial gain
D. Avoiding the use of open-source security tools
🟢 Correct answer B. Protecting intellectual property of the employer or client
🔴 RATIONALE: Ethical hackers are bound to protect the confidentiality and
intellectual property of their clients and employers as part of their professional
conduct.
, 4. Which of the following is a legal document that outlines the specific systems to
be tested and the limitations of a penetration test?
A. Non-Disclosure Agreement (NDA)
B. Terms of Service (ToS)
C. Rules of Engagement (RoE)
D. Master Service Agreement (MSA)
🟢 Correct answer C. Rules of Engagement (RoE)
🔴 RATIONALE: The Rules of Engagement define the technical boundaries,
schedule, and authorized actions allowed during a security assessment.
5. An attacker uses a fraudulent email to trick a high-level executive into revealing
corporate credentials. What is this specific type of attack called?
A. Phishing
B. Vishing
C. Whaling
D. Smishing
🟢 Correct answer C. Whaling
🔴 RATIONALE: Whaling is a specific form of phishing that targets high-profile
individuals, such as C-level executives, within an organization.
ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT
DOWNLOAD PDF.
Core Domains
- Information Security and Ethical Hacking Overview
- Reconnaissance Techniques and Footprinting
- System Hacking and Vulnerability Analysis
- Network and Perimeter Hacking
- Web Application and Database Attacks
- Wireless, Mobile, and IoT Security
- Cloud Computing and Cryptography
- Incident Response and Forensic Analysis
Introduction
The purpose of this comprehensive assessment is to evaluate a candidate’s
proficiency in the tools, techniques, and methodologies required for ethical hacking.
This exam assesses skills in identifying vulnerabilities, securing networks, and
understanding the legal and ethical frameworks of cybersecurity. The assessment is
structured using multiple-choice and scenario-based questions that mirror the
,complexity of modern threat environments. With a strong emphasis on real-world
application, candidates must demonstrate critical thinking and decision-making
capabilities to mitigate risks effectively. Success in this assessment validates a deep
understanding of offensive security strategies and defensive countermeasures.
SECTION ONE: QUESTIONS 1–100
1. Which phase of the hacking process involves gathering information about a
target without directly interacting with the target systems?
A. Scanning
B. Gaining Access
C. Reconnaissance
D. Maintaining Access
🟢 Correct answer C. Reconnaissance
🔴 RATIONALE: Reconnaissance is the preliminary phase where an attacker gathers
information about a target, often using passive methods like searching public records
or social media.
2. A security professional is performing a penetration test and uses the tool Nmap
to identify open ports on a server. Which type of activity is this?
,A. Passive Footprinting
B. Active Scanning
C. Enumeration
D. Vulnerability Assessment
🟢 Correct answer B. Active Scanning
🔴 RATIONALE: Active scanning involves direct interaction with the target system,
such as sending packets to ports to determine their status.
3. Under the EC-Council Code of Ethics, what is a primary responsibility of a
Certified Ethical Hacker?
A. Disclosing all vulnerabilities to the public immediately
B. Protecting intellectual property of the employer or client
C. Using discovered exploits for personal financial gain
D. Avoiding the use of open-source security tools
🟢 Correct answer B. Protecting intellectual property of the employer or client
🔴 RATIONALE: Ethical hackers are bound to protect the confidentiality and
intellectual property of their clients and employers as part of their professional
conduct.
, 4. Which of the following is a legal document that outlines the specific systems to
be tested and the limitations of a penetration test?
A. Non-Disclosure Agreement (NDA)
B. Terms of Service (ToS)
C. Rules of Engagement (RoE)
D. Master Service Agreement (MSA)
🟢 Correct answer C. Rules of Engagement (RoE)
🔴 RATIONALE: The Rules of Engagement define the technical boundaries,
schedule, and authorized actions allowed during a security assessment.
5. An attacker uses a fraudulent email to trick a high-level executive into revealing
corporate credentials. What is this specific type of attack called?
A. Phishing
B. Vishing
C. Whaling
D. Smishing
🟢 Correct answer C. Whaling
🔴 RATIONALE: Whaling is a specific form of phishing that targets high-profile
individuals, such as C-level executives, within an organization.
