1
For Expert help and assignment solutions, +254707240657
CEH Practice Exam Questions and Answers
(100% Correct Answers) Already Graded A+
Q: A Certified Ethical Hacker follows a specific methodology for testing a system.
Which step comes after footprinting in the CEH methodology?
Ans✅ ✅: Scanning
Q: You've been hired as part of a pen test team. During the in brief, you learn
© 2025 Assignment Expert
the client wants the pen test attack to simulate a normal user who finds ways to
elevate privileges and create attacks. Which test type does the client want?
Ans✅ ✅: Gray box
Guru01 - Stuvia
Q: Which of the following is true regarding an ethical hacker?
Ans✅ ✅: The ethical hacker has authorization to proceed from the target owner.
Q: You begin your first pen-test assignment by checking out IP address ranges
owned by the target as well as details of their domain name registration.
Additionally, you visit job boards and financial websites to gather any technical
information online. What activity are you performing?
Ans✅ ✅: Passive footprinting
Q: You send a message across a network and are primarily concerned that it is
not altered during transit. Which security element ensures a message arrives at
its destination with no alteration?
Ans✅ ✅: Integrity
Q: An ethical hacker is given no prior knowledge of the network and has a
specific framework in which to work. The agreement specifies boundaries,
nondisclosure agreements, and a completion date definition. Which of the
following statements are true?
, 2
For Expert help and assignment solutions, +254707240657
Ans✅ ✅: A white hat is attempting a black box test.
Q: Which of the following attacks is considered an integrity attack, where the
attacker is not concerned with deciphering the entirety of a plaintext message?
Ans✅ ✅: Bit flipping
Q: As part of a pen test on a U.S. Government system, you discover files
containing social security numbers and other PII (Personally Identifiable
Information) sensitive information. You are asked about controls placed on
dissemination of this information. Which of the following acts should you check?
Ans✅ ✅: Privacy Act
© 2025 Assignment Expert
Q: Joe has spent a large amount of time learning hacking tools and techniques,
and has even passed certification exams to promote himself in the ethical hacking
field. Joe uses his talents during the election season to deface websites and launch
Guru01 - Stuvia
denial of service attacks against opponents of his candidate. Which answer most
closely correlates with Joe's actions?
Ans✅ ✅: Hactivism
Q: A hacker is attempting to gain access to a target inside a business. After
trying several methods, he gets frustrated and starts a denial of service attack
against a server attached to the target. Which security control is the hacker
affecting?
Ans✅ ✅: Availability
Q: The security, functionality, and ease of use (SFE) triangle states which of the
following as true?
Ans✅ ✅: As security increases, ease of use decreases and functionality decreases.
Q: In which phase of the ethical hacking methodology would a hacker discover
available targets on a network?
Ans✅ ✅: Scanning and enumeration
, 3
For Expert help and assignment solutions, +254707240657
Q: Which of the following are potential drawbacks to a black box test? (Choose
all that apply.)
Ans✅ ✅: The client does not get a full picture of an internal attacker focused on
their systems. ; This test takes the longest amount of time to complete.
Q: In which phase of a penetration test would an ethical hacker perform
footprinting?
Ans✅ ✅: Assessment
Q: Which of the following would not be considered passive reconnaissance?
Ans✅ ✅: Ping sweeping a range of IP addresses found through a DNS lookup
© 2025 Assignment Expert
Q: As part of the preparation phase for a pen test that you are participating in,
the client relays their intent to discover security flaws and possible remediation.
They seem particularly concerned about external threats and do not mention
Guru01 - Stuvia
internal threats at all. When defining scope, the threat of internal users is not
added as part of the test. Which test is this client ignoring?
Ans✅ ✅: Gray box
Q: In which phase of an attack would vulnerability mapping occur?
Ans✅ ✅: Scanning and enumeration
Q: While performing a pen test, you find success in exploiting a machine. Your
attack vector took advantage of a common mistake—the Windows 7 installer
script used to load the machine left the administrative account with a default
password. Which attack did you successfully execute?
Ans✅ ✅: Operating system
Q: A machine in your environment uses an open X-server to allow remote
access. The X-server access control is disabled, allowing connections from almost
anywhere and with little to no authentication measures. Which of the following
are true statements regarding this situation? (Choose all that apply.) A. An
external vulnerability can take advantage of the misconfigured X-server threat.
For Expert help and assignment solutions, +254707240657
CEH Practice Exam Questions and Answers
(100% Correct Answers) Already Graded A+
Q: A Certified Ethical Hacker follows a specific methodology for testing a system.
Which step comes after footprinting in the CEH methodology?
Ans✅ ✅: Scanning
Q: You've been hired as part of a pen test team. During the in brief, you learn
© 2025 Assignment Expert
the client wants the pen test attack to simulate a normal user who finds ways to
elevate privileges and create attacks. Which test type does the client want?
Ans✅ ✅: Gray box
Guru01 - Stuvia
Q: Which of the following is true regarding an ethical hacker?
Ans✅ ✅: The ethical hacker has authorization to proceed from the target owner.
Q: You begin your first pen-test assignment by checking out IP address ranges
owned by the target as well as details of their domain name registration.
Additionally, you visit job boards and financial websites to gather any technical
information online. What activity are you performing?
Ans✅ ✅: Passive footprinting
Q: You send a message across a network and are primarily concerned that it is
not altered during transit. Which security element ensures a message arrives at
its destination with no alteration?
Ans✅ ✅: Integrity
Q: An ethical hacker is given no prior knowledge of the network and has a
specific framework in which to work. The agreement specifies boundaries,
nondisclosure agreements, and a completion date definition. Which of the
following statements are true?
, 2
For Expert help and assignment solutions, +254707240657
Ans✅ ✅: A white hat is attempting a black box test.
Q: Which of the following attacks is considered an integrity attack, where the
attacker is not concerned with deciphering the entirety of a plaintext message?
Ans✅ ✅: Bit flipping
Q: As part of a pen test on a U.S. Government system, you discover files
containing social security numbers and other PII (Personally Identifiable
Information) sensitive information. You are asked about controls placed on
dissemination of this information. Which of the following acts should you check?
Ans✅ ✅: Privacy Act
© 2025 Assignment Expert
Q: Joe has spent a large amount of time learning hacking tools and techniques,
and has even passed certification exams to promote himself in the ethical hacking
field. Joe uses his talents during the election season to deface websites and launch
Guru01 - Stuvia
denial of service attacks against opponents of his candidate. Which answer most
closely correlates with Joe's actions?
Ans✅ ✅: Hactivism
Q: A hacker is attempting to gain access to a target inside a business. After
trying several methods, he gets frustrated and starts a denial of service attack
against a server attached to the target. Which security control is the hacker
affecting?
Ans✅ ✅: Availability
Q: The security, functionality, and ease of use (SFE) triangle states which of the
following as true?
Ans✅ ✅: As security increases, ease of use decreases and functionality decreases.
Q: In which phase of the ethical hacking methodology would a hacker discover
available targets on a network?
Ans✅ ✅: Scanning and enumeration
, 3
For Expert help and assignment solutions, +254707240657
Q: Which of the following are potential drawbacks to a black box test? (Choose
all that apply.)
Ans✅ ✅: The client does not get a full picture of an internal attacker focused on
their systems. ; This test takes the longest amount of time to complete.
Q: In which phase of a penetration test would an ethical hacker perform
footprinting?
Ans✅ ✅: Assessment
Q: Which of the following would not be considered passive reconnaissance?
Ans✅ ✅: Ping sweeping a range of IP addresses found through a DNS lookup
© 2025 Assignment Expert
Q: As part of the preparation phase for a pen test that you are participating in,
the client relays their intent to discover security flaws and possible remediation.
They seem particularly concerned about external threats and do not mention
Guru01 - Stuvia
internal threats at all. When defining scope, the threat of internal users is not
added as part of the test. Which test is this client ignoring?
Ans✅ ✅: Gray box
Q: In which phase of an attack would vulnerability mapping occur?
Ans✅ ✅: Scanning and enumeration
Q: While performing a pen test, you find success in exploiting a machine. Your
attack vector took advantage of a common mistake—the Windows 7 installer
script used to load the machine left the administrative account with a default
password. Which attack did you successfully execute?
Ans✅ ✅: Operating system
Q: A machine in your environment uses an open X-server to allow remote
access. The X-server access control is disabled, allowing connections from almost
anywhere and with little to no authentication measures. Which of the following
are true statements regarding this situation? (Choose all that apply.) A. An
external vulnerability can take advantage of the misconfigured X-server threat.
