CEH PRACTICE EXAM 2025 QUESTIONS
AND ANSWERS
A Certified Ethical Hacker follows a specific methodology for testing a system. Which step
comes after footprinting in the CEH methodology? - ANS Scanning
You've been hired as part of a pen test team. During the in brief, you learn the client wants the
pen test attack to simulate a normal user who finds ways to elevate privileges and create
attacks. Which test type does the client want? - ANS Gray box
Which of the following is true regarding an ethical hacker? - ANS The ethical hacker has
authorization to proceed from the target owner.
You begin your first pen-test assignment by checking out IP address ranges owned by the target
as well as details of their domain name registration. Additionally, you visit job boards and
financial websites to gather any technical information online. What activity are you
performing? - ANS Passive footprinting
You send a message across a network and are primarily concerned that it is not altered during
transit. Which security element ensures a message arrives at its destination with no alteration?
- ANS Integrity
An ethical hacker is given no prior knowledge of the network and has a specific framework in
which to work. The agreement specifies boundaries, nondisclosure agreements, and a
completion date definition. Which of the following statements are true? - ANS A white hat is
attempting a black box test.
1
Page
@COPYRIGHT @THEBRIGHT 2025/2026
, Which of the following attacks is considered an integrity attack, where the attacker is not
concerned with deciphering the entirety of a plaintext message? - ANS Bit flipping
As part of a pen test on a U.S. Government system, you discover files containing social security
numbers and other PII (Personally Identifiable Information) sensitive information. You are
asked about controls placed on dissemination of this information. Which of the following acts
should you check? - ANS Privacy Act
Joe has spent a large amount of time learning hacking tools and techniques, and has even
passed certification exams to promote himself in the ethical hacking field. Joe uses his talents
during the election season to deface websites and launch denial of service attacks against
opponents of his candidate. Which answer most closely correlates with Joe's actions? -
ANS Hactivism
A hacker is attempting to gain access to a target inside a business. After trying several methods,
he gets frustrated and starts a denial of service attack against a server attached to the target.
Which security control is the hacker affecting? - ANS Availability
The security, functionality, and ease of use (SFE) triangle states which of the following as true? -
ANS As security increases, ease of use decreases and functionality decreases.
In which phase of the ethical hacking methodology would a hacker discover available targets on
a network? - ANS Scanning and enumeration
Which of the following are potential drawbacks to a black box test? (Choose all that apply.) -
ANS The client does not get a full picture of an internal attacker focused on their systems. ;
This test takes the longest amount of time to complete.
In which phase of a penetration test would an ethical hacker perform footprinting? -
ANS Assessment
Which of the following would not be considered passive reconnaissance? - ANS Ping
2
sweeping a range of IP addresses found through a DNS lookup
Page
@COPYRIGHT @THEBRIGHT 2025/2026
, As part of the preparation phase for a pen test that you are participating in, the client relays
their intent to discover security flaws and possible remediation. They seem particularly
concerned about external threats and do not mention internal threats at all. When defining
scope, the threat of internal users is not added as part of the test. Which test is this client
ignoring? - ANS Gray box
In which phase of an attack would vulnerability mapping occur? - ANS Scanning and
enumeration
While performing a pen test, you find success in exploiting a machine. Your attack vector took
advantage of a common mistake—the Windows 7 installer script used to load the machine left
the administrative account with a default password. Which attack did you successfully execute?
- ANS Operating system
A machine in your environment uses an open X-server to allow remote access. The X-server
access control is disabled, allowing connections from almost anywhere and with little to no
authentication measures. Which of the following are true statements regarding this situation?
(Choose all that apply.) A. An external vulnerability can take advantage of the misconfigured X-
server threat. - ANS An external threat can take advantage of the misconfigured X-server
vulnerability. ; An internal threat can take advantage of the misconfigured X-server
vulnerability.
You are examining security logs snapshotted during a prior attack against the target. The
target's IP address is 135.17.22.15, and the attack originated from 216.88.76.5. Which of the
following correctly characterizes this attack? - ANS Outside attack
An ethical hacker needs to be aware of a variety of laws. What do Sections 1029 and 1030 of
United States Code Title 18 specify? - ANS They define most of the U.S. laws concerning
hacking and computer crime.
Which of the following should a security professional use as a possible means to verify the
integrity of a data message from sender to receiver? - ANS Hash algorithm
Which of the following describes activities taken in the conclusion phase of a penetration test? -
3
Page
ANS Reports are prepared detailing security deficiencies.
@COPYRIGHT @THEBRIGHT 2025/2026
AND ANSWERS
A Certified Ethical Hacker follows a specific methodology for testing a system. Which step
comes after footprinting in the CEH methodology? - ANS Scanning
You've been hired as part of a pen test team. During the in brief, you learn the client wants the
pen test attack to simulate a normal user who finds ways to elevate privileges and create
attacks. Which test type does the client want? - ANS Gray box
Which of the following is true regarding an ethical hacker? - ANS The ethical hacker has
authorization to proceed from the target owner.
You begin your first pen-test assignment by checking out IP address ranges owned by the target
as well as details of their domain name registration. Additionally, you visit job boards and
financial websites to gather any technical information online. What activity are you
performing? - ANS Passive footprinting
You send a message across a network and are primarily concerned that it is not altered during
transit. Which security element ensures a message arrives at its destination with no alteration?
- ANS Integrity
An ethical hacker is given no prior knowledge of the network and has a specific framework in
which to work. The agreement specifies boundaries, nondisclosure agreements, and a
completion date definition. Which of the following statements are true? - ANS A white hat is
attempting a black box test.
1
Page
@COPYRIGHT @THEBRIGHT 2025/2026
, Which of the following attacks is considered an integrity attack, where the attacker is not
concerned with deciphering the entirety of a plaintext message? - ANS Bit flipping
As part of a pen test on a U.S. Government system, you discover files containing social security
numbers and other PII (Personally Identifiable Information) sensitive information. You are
asked about controls placed on dissemination of this information. Which of the following acts
should you check? - ANS Privacy Act
Joe has spent a large amount of time learning hacking tools and techniques, and has even
passed certification exams to promote himself in the ethical hacking field. Joe uses his talents
during the election season to deface websites and launch denial of service attacks against
opponents of his candidate. Which answer most closely correlates with Joe's actions? -
ANS Hactivism
A hacker is attempting to gain access to a target inside a business. After trying several methods,
he gets frustrated and starts a denial of service attack against a server attached to the target.
Which security control is the hacker affecting? - ANS Availability
The security, functionality, and ease of use (SFE) triangle states which of the following as true? -
ANS As security increases, ease of use decreases and functionality decreases.
In which phase of the ethical hacking methodology would a hacker discover available targets on
a network? - ANS Scanning and enumeration
Which of the following are potential drawbacks to a black box test? (Choose all that apply.) -
ANS The client does not get a full picture of an internal attacker focused on their systems. ;
This test takes the longest amount of time to complete.
In which phase of a penetration test would an ethical hacker perform footprinting? -
ANS Assessment
Which of the following would not be considered passive reconnaissance? - ANS Ping
2
sweeping a range of IP addresses found through a DNS lookup
Page
@COPYRIGHT @THEBRIGHT 2025/2026
, As part of the preparation phase for a pen test that you are participating in, the client relays
their intent to discover security flaws and possible remediation. They seem particularly
concerned about external threats and do not mention internal threats at all. When defining
scope, the threat of internal users is not added as part of the test. Which test is this client
ignoring? - ANS Gray box
In which phase of an attack would vulnerability mapping occur? - ANS Scanning and
enumeration
While performing a pen test, you find success in exploiting a machine. Your attack vector took
advantage of a common mistake—the Windows 7 installer script used to load the machine left
the administrative account with a default password. Which attack did you successfully execute?
- ANS Operating system
A machine in your environment uses an open X-server to allow remote access. The X-server
access control is disabled, allowing connections from almost anywhere and with little to no
authentication measures. Which of the following are true statements regarding this situation?
(Choose all that apply.) A. An external vulnerability can take advantage of the misconfigured X-
server threat. - ANS An external threat can take advantage of the misconfigured X-server
vulnerability. ; An internal threat can take advantage of the misconfigured X-server
vulnerability.
You are examining security logs snapshotted during a prior attack against the target. The
target's IP address is 135.17.22.15, and the attack originated from 216.88.76.5. Which of the
following correctly characterizes this attack? - ANS Outside attack
An ethical hacker needs to be aware of a variety of laws. What do Sections 1029 and 1030 of
United States Code Title 18 specify? - ANS They define most of the U.S. laws concerning
hacking and computer crime.
Which of the following should a security professional use as a possible means to verify the
integrity of a data message from sender to receiver? - ANS Hash algorithm
Which of the following describes activities taken in the conclusion phase of a penetration test? -
3
Page
ANS Reports are prepared detailing security deficiencies.
@COPYRIGHT @THEBRIGHT 2025/2026
