CEH Exam | Brand new Expert Exam
Questions with Clear Correct Verified
Answers| All Graded A+|Latest
Premium Update(2025-2026)| 100%
Guaranteed Success.
Which of the following scans only work if the operating system's TCP/IP
implementation is based on RFC 793?
A) NULL Scan
B) IDLE Scan
C)TCP Connection Scan
D)FTP Bounce Scan - Answer✅✅A) NULL Scan
OS Fingerprinting is the method used to determine the OS running on a remote
target system. Active stack fingerprinting is one of the types of OS Finger printing.
Which of the following is true about active stack fingerprinting?
A) Uses password crackers to escalate system privileges
B)Is based on the fact that various vendors of OS implement the TCP stack differently
C) TCP Connect Scan - Answer✅✅B)Is based on the fact that various vendors of OS
implement the TCP stack differently
Network Time Protocol(NTP) is designed to sync clocks of networked computers.
Which of the following ports does NTP use as its primary means of communication?
A) UDP 123
B) UDP 113
C) UDP 161
,D) UDP 320 - Answer✅✅A) UDP 123
Rootkits are kernel programs that have the ability to hide themselves and cover
their traces. It replaces certain OS calls and utilities with its own modified versions of
those routines. Which of the following rootkits modifies the boot sequence of the
machine to load themselves instead of the original virtual machine monitor or OS?
A) Hypervisor Rootkit
B) Kernel Rootkit
C) Boot Loader Rootkit
D) Library Rootkit - Answer✅✅A) Hypervisor Rootkit
Steganography is the technique of hiding a secret message within an ordinary
message and extracting it at the destination to maintain confidentiality of data.
Which of the following steganography techniques embed the decret message in the
frequency domain of a signal?
A) Substitution
B) Transform Domain
C) Spread Spectrum
D) Domain Distortion - Answer✅✅B) Transform Domain
A sniffer turns the NIC to promiscuous mode to listen to all of the data transmitted
on its segment. It can constantly read all the information entering the PC through
the NIC by decoding the information encapsulated in the data packet. Passive
sniffing is one of the types of sniffing. Passive sniffing refers to:
A) Sniffing through a hub
B) Sniffing through a router
C) Sniffing through a switch
D) Sniffing through a bridge - Answer✅✅A) Sniffing through a hub
Address Resolution Protocol(ARP) is a protocol for mapping an IP address to a
physical machine address that is recognized on the local network. ARP spoofing
involves constructing a large number of forged ARP requests and reply packets to
overload:
A) Switch
B) Router
C) Hub
D) Bridge - Answer✅✅A) Switch
Which wireless standard has bandwidth up to 54mbps and signals in a regulated
frequency spectrum around 5GHz?
A) 802.11a
B) 802.11b
C) 802.11g
D) 802.11i - Answer✅✅A) 802.11a
RSA is a public-key cryptosystem. Identify the statement that is true for the RC6
algorithm:
, A) Is a variable key-size stream cipher with byte-oriented operations and is based on
the used of random permutation
B) Includes integer multiplication and the use of four 4-bit working registers
C) Is a parameterized algorithm, with variable block size, key size, and a variable
number of rounds.
D) Is a 64-bit blick cipher that uses key length that can vary between 32 and 448 bits.
- Answer✅✅B) Includes integer multiplication and the use of four 4-bit working
registers
Enumeration is defined as the process of extracting usernames, machine names,
network resources, shares, and services from a system. Which of the following
enumerations does an attacker use to obtain a list of PCs that belong to a domain?
A) Netbios
B) SNMP
C) NTP
D) SMTP - Answer✅✅A) Netbios
Lawful intercept is a process that enables a Law Enforcement Agency(LEA) to
perform electronic surveillance on a target as authorized by a judicial or
adiminstrative order. Which of the following is true for lawful intercept?
A) Affects the subscriber's services on the router
B) Hides information about lawful intercept from all but the most privileged users
C) Does not allow multiple LEAs to run a lawful intercept on the same target without
each others knowledge
D) Allows wiretaps only for outgoing communication - Answer✅✅B) Hides
information about lawful intercept from all but the most privileged users
Secure Hashing Algorithm(SHA)-512 uses what size word block?
A) 32
B) 64
C) 128
D) 256 - Answer✅✅B) 64
Which of the following is a mutation technique used for writing buffer overflow
exploits in order to avoid IDS and other filtering mechanism?
A) Assuming that a string function is exploited, send a long string as the input
B) Randomly replace the NOPs with functionally equivalent segments of the code
(e.g.: x++; x-; ? NOP NOP)
C) Pad the Beginning of the intended buffer overflow with a longer run of NOP
instructions (a NOP slide or sled) so the CPU will do nothing until it gets to the "main
event"
D) Makes a buffer to overflow on the lower part of the heap, overwriting other
dynamic variables which can have unexpected and unwanted effects. - Answer✅✅B)
Randomly replace the NOPs with functionally equivalent segments of the code (e.g.:
x++; x-; ? NOP NOP)
Which of the following IDS evasion technique relies on TTL in TCP/IP packets?
Questions with Clear Correct Verified
Answers| All Graded A+|Latest
Premium Update(2025-2026)| 100%
Guaranteed Success.
Which of the following scans only work if the operating system's TCP/IP
implementation is based on RFC 793?
A) NULL Scan
B) IDLE Scan
C)TCP Connection Scan
D)FTP Bounce Scan - Answer✅✅A) NULL Scan
OS Fingerprinting is the method used to determine the OS running on a remote
target system. Active stack fingerprinting is one of the types of OS Finger printing.
Which of the following is true about active stack fingerprinting?
A) Uses password crackers to escalate system privileges
B)Is based on the fact that various vendors of OS implement the TCP stack differently
C) TCP Connect Scan - Answer✅✅B)Is based on the fact that various vendors of OS
implement the TCP stack differently
Network Time Protocol(NTP) is designed to sync clocks of networked computers.
Which of the following ports does NTP use as its primary means of communication?
A) UDP 123
B) UDP 113
C) UDP 161
,D) UDP 320 - Answer✅✅A) UDP 123
Rootkits are kernel programs that have the ability to hide themselves and cover
their traces. It replaces certain OS calls and utilities with its own modified versions of
those routines. Which of the following rootkits modifies the boot sequence of the
machine to load themselves instead of the original virtual machine monitor or OS?
A) Hypervisor Rootkit
B) Kernel Rootkit
C) Boot Loader Rootkit
D) Library Rootkit - Answer✅✅A) Hypervisor Rootkit
Steganography is the technique of hiding a secret message within an ordinary
message and extracting it at the destination to maintain confidentiality of data.
Which of the following steganography techniques embed the decret message in the
frequency domain of a signal?
A) Substitution
B) Transform Domain
C) Spread Spectrum
D) Domain Distortion - Answer✅✅B) Transform Domain
A sniffer turns the NIC to promiscuous mode to listen to all of the data transmitted
on its segment. It can constantly read all the information entering the PC through
the NIC by decoding the information encapsulated in the data packet. Passive
sniffing is one of the types of sniffing. Passive sniffing refers to:
A) Sniffing through a hub
B) Sniffing through a router
C) Sniffing through a switch
D) Sniffing through a bridge - Answer✅✅A) Sniffing through a hub
Address Resolution Protocol(ARP) is a protocol for mapping an IP address to a
physical machine address that is recognized on the local network. ARP spoofing
involves constructing a large number of forged ARP requests and reply packets to
overload:
A) Switch
B) Router
C) Hub
D) Bridge - Answer✅✅A) Switch
Which wireless standard has bandwidth up to 54mbps and signals in a regulated
frequency spectrum around 5GHz?
A) 802.11a
B) 802.11b
C) 802.11g
D) 802.11i - Answer✅✅A) 802.11a
RSA is a public-key cryptosystem. Identify the statement that is true for the RC6
algorithm:
, A) Is a variable key-size stream cipher with byte-oriented operations and is based on
the used of random permutation
B) Includes integer multiplication and the use of four 4-bit working registers
C) Is a parameterized algorithm, with variable block size, key size, and a variable
number of rounds.
D) Is a 64-bit blick cipher that uses key length that can vary between 32 and 448 bits.
- Answer✅✅B) Includes integer multiplication and the use of four 4-bit working
registers
Enumeration is defined as the process of extracting usernames, machine names,
network resources, shares, and services from a system. Which of the following
enumerations does an attacker use to obtain a list of PCs that belong to a domain?
A) Netbios
B) SNMP
C) NTP
D) SMTP - Answer✅✅A) Netbios
Lawful intercept is a process that enables a Law Enforcement Agency(LEA) to
perform electronic surveillance on a target as authorized by a judicial or
adiminstrative order. Which of the following is true for lawful intercept?
A) Affects the subscriber's services on the router
B) Hides information about lawful intercept from all but the most privileged users
C) Does not allow multiple LEAs to run a lawful intercept on the same target without
each others knowledge
D) Allows wiretaps only for outgoing communication - Answer✅✅B) Hides
information about lawful intercept from all but the most privileged users
Secure Hashing Algorithm(SHA)-512 uses what size word block?
A) 32
B) 64
C) 128
D) 256 - Answer✅✅B) 64
Which of the following is a mutation technique used for writing buffer overflow
exploits in order to avoid IDS and other filtering mechanism?
A) Assuming that a string function is exploited, send a long string as the input
B) Randomly replace the NOPs with functionally equivalent segments of the code
(e.g.: x++; x-; ? NOP NOP)
C) Pad the Beginning of the intended buffer overflow with a longer run of NOP
instructions (a NOP slide or sled) so the CPU will do nothing until it gets to the "main
event"
D) Makes a buffer to overflow on the lower part of the heap, overwriting other
dynamic variables which can have unexpected and unwanted effects. - Answer✅✅B)
Randomly replace the NOPs with functionally equivalent segments of the code (e.g.:
x++; x-; ? NOP NOP)
Which of the following IDS evasion technique relies on TTL in TCP/IP packets?
