6/28/25, 2:04
PM
CEH v11 exam questions and answers with
complete solutions verified graded a++
latest update 2025/2026
Terms in this set (201)
An attacker changes Cross-Site Request Forgery (CSRF)
the profile information
of a particular user
(victim) on the target
website. The attacker
uses this string to
update the victim's
profile to a text file
and then submit the
data to the attacker's
database.
< iframe
src="http://www.vulnwe
b.c om/updateif.php"
style="display:none" >
<
/iframe >
What is this type of
attack (that can use
either HTTP GET or
1/66
,6/28/25, 2:04
PM
HTTP POST)
called?
2/66
,6/28/25, 2:04
PM
You have Install cryptcat and encrypt traffic
compromised a server
and successfully
gained a root access.
You want to pivot and
pass traffic
undetected over the
network and evade
any possible Intrusion
Detection System.
What is
the best approach?
While browsing his Matt inadvertently provided the answers to his
Facebook feed, Matt security questions when responding to the
sees a picture one of post
his friends posted with
the caption, Learn
more about your
friends, as well as a
number of personal
questions. Matt is
suspicious and texts
his friend, who
confirms that he did
indeed post it. With
assurance that the
post is legitimate,
Matt responds to the
questions on the post.
A few days later,
Matt's bank account
has been accessed,
and the password has
been changed. What
3/66
, 6/28/25, 2:04
PM
most likely happened?
4/66
PM
CEH v11 exam questions and answers with
complete solutions verified graded a++
latest update 2025/2026
Terms in this set (201)
An attacker changes Cross-Site Request Forgery (CSRF)
the profile information
of a particular user
(victim) on the target
website. The attacker
uses this string to
update the victim's
profile to a text file
and then submit the
data to the attacker's
database.
< iframe
src="http://www.vulnwe
b.c om/updateif.php"
style="display:none" >
<
/iframe >
What is this type of
attack (that can use
either HTTP GET or
1/66
,6/28/25, 2:04
PM
HTTP POST)
called?
2/66
,6/28/25, 2:04
PM
You have Install cryptcat and encrypt traffic
compromised a server
and successfully
gained a root access.
You want to pivot and
pass traffic
undetected over the
network and evade
any possible Intrusion
Detection System.
What is
the best approach?
While browsing his Matt inadvertently provided the answers to his
Facebook feed, Matt security questions when responding to the
sees a picture one of post
his friends posted with
the caption, Learn
more about your
friends, as well as a
number of personal
questions. Matt is
suspicious and texts
his friend, who
confirms that he did
indeed post it. With
assurance that the
post is legitimate,
Matt responds to the
questions on the post.
A few days later,
Matt's bank account
has been accessed,
and the password has
been changed. What
3/66
, 6/28/25, 2:04
PM
most likely happened?
4/66
