CEH exam prep Questions and Answers Already Passed Latest Update 2025-2026
Web Application Vulnerability Scanners - Answers OAWSP ZAP, WebInspect, IBM Security
AppScan, Qualys, Vega
helps identify the security weaknesses that are introduced while installing software on Windows,
Linux, or macOS. - Answers Attack Surface Analyzer (ASA)
helps a network defender recognize how the identified Indicator of Exposure (IoE) could
become an exploit - Answers Attack simulation
infection monkey/ Cymulate
It enables all types of attacks that affect the client-server architecture or the service interface
exposed towards clients. This is the most important attack surface of a Cloud solution.
Common attacks in client-server architecture are buffer overflow attacks, SQL injection, and
privilege escalation, among others. - Answers Service to User
It is the attack surface that the client program (User service) provides towards the service
(server). Common attacks to this surface affect are browser-based applications, attacks on
browser caches, and phishing attacks on email client, among others. - Answers User to Service
It is related to exposing Cloud resources/interfaces to service instances. The interface between
a service and the Cloud is complex, and separating the service and Cloud is slightly tricky. This
is because the Cloud's attack surface to the service covers the service instance's attacks
against its Cloud host solution. For example, resource exhaustion, triggering the Cloud provider
to provide more resources or end up in a Denial-of-Service (DoS), and attacks on the Cloud
system hypervisor. - Answers Cloud to Service
It is related to exposing the service instance to the Cloud provider. The Cloud provider performs
all types of attacks on a service running on it. This is the most critical attack surface as it is
easy to exploit and has a high attack impact. - Answers Service to Cloud
A service exists between Cloud provider and the user that pertains to Cloud control (adding new
services or requiring more service instances that are in use and deleting service instances,
among others). This makes it difficult to define this attack surface. This attack surface refers to
the attacks that a Cloud service faces from a user's point of view. - Answers Cloud to User
This pertains to the different types of attack vectors that target a user. It has its origins in the
Cloud system. For example, phishing-like attempts that present users a fake usage bill of the
Cloud provider - Answers User to Cloud
defined as the collection and analysis of information about threats and adversaries that helps in
making informed decisions on the preparedness for, prevention of, and response actions
against various cyber-attacks . Indicators of compromise (IoCs) and Indicators of attack (IoAs)
, are two indicators of threat intelligence, allows network defenders to understand what an
attacker is doing and how to stop or prevent an attack - Answers cyber threat intelligence
provides high-level information regarding cybersecurity posture, threats, details about the
financial impact of various cyber activities, attack trends, and the impact of high-level business
decisions. This information is consumed by high-level executives and the management of
organizations, such as the IT management and chief information security officer (CISO).
intelligence is collected from sources such as open-source intelligence (OSINT), CTI vendors,
and Information Sharing and Analysis Organizations (ISAOs)/Information Sharing and Analysis
Centers (ISACs). - Answers Strategic threat intelligence
plays a major role in protecting the resources of an organization. It provides information related
to the TTPs used by threat actors (attackers) to perform attacks. Tactical threat intelligence is
consumed by cybersecurity professionals such as IT service managers, security operations
managers, network operations center staff, administrators, and architects, collection sources
include campaign reports, malware, incident reports, attack group reports, and human
intelligence. white/technical papers, communicating with other organizations, or purchasing
intelligence from third parties. - Answers Tactical threat intelligence
provides information about specific threats against an organization. It provides contextual
information about security events and incidents that help defenders disclose potential risks,
provide insight into attacker methodologies, identify past malicious activities, and efficiently
perform investigations on malicious activity. It is consumed by security managers or heads of
incident response (IR), network defenders, security forensics, and fraud detection teams,
collected from sources such as humans, social media, and chat rooms, as well as from real-
world activities and events that result in cyber-attacks. - Answers Operational threat intelligence
clues, artifacts, or evidence that indicate a potential intrusion or malicious activity in an
organization's infrastructure. They are digital footprints of cyber threats or adversaries. -
Answers Indicators of Compromise
strategic indicators discovered through the attackers' intention and end goal as well as a series
of actions that an attacker must take before being able to successfully launch an attack. It
reveals an active attack before IoCs become visible - Answers Indicators of Attack
Intelligence from the data about past incidents and network monitoring - Answers Internal
intelligence obtained directly from attackers through honeypots, dark web, etc - Answers
Counter
Intelligence from the Internet Data from professional communities such as Financial Services
Information Sharing and Analysis Center (FS-ISAC) Data from security news, blogs, forums, etc.
- Answers Open-source
Intelligence obtained by discovering vulnerabilities through exploration; understanding malware
Web Application Vulnerability Scanners - Answers OAWSP ZAP, WebInspect, IBM Security
AppScan, Qualys, Vega
helps identify the security weaknesses that are introduced while installing software on Windows,
Linux, or macOS. - Answers Attack Surface Analyzer (ASA)
helps a network defender recognize how the identified Indicator of Exposure (IoE) could
become an exploit - Answers Attack simulation
infection monkey/ Cymulate
It enables all types of attacks that affect the client-server architecture or the service interface
exposed towards clients. This is the most important attack surface of a Cloud solution.
Common attacks in client-server architecture are buffer overflow attacks, SQL injection, and
privilege escalation, among others. - Answers Service to User
It is the attack surface that the client program (User service) provides towards the service
(server). Common attacks to this surface affect are browser-based applications, attacks on
browser caches, and phishing attacks on email client, among others. - Answers User to Service
It is related to exposing Cloud resources/interfaces to service instances. The interface between
a service and the Cloud is complex, and separating the service and Cloud is slightly tricky. This
is because the Cloud's attack surface to the service covers the service instance's attacks
against its Cloud host solution. For example, resource exhaustion, triggering the Cloud provider
to provide more resources or end up in a Denial-of-Service (DoS), and attacks on the Cloud
system hypervisor. - Answers Cloud to Service
It is related to exposing the service instance to the Cloud provider. The Cloud provider performs
all types of attacks on a service running on it. This is the most critical attack surface as it is
easy to exploit and has a high attack impact. - Answers Service to Cloud
A service exists between Cloud provider and the user that pertains to Cloud control (adding new
services or requiring more service instances that are in use and deleting service instances,
among others). This makes it difficult to define this attack surface. This attack surface refers to
the attacks that a Cloud service faces from a user's point of view. - Answers Cloud to User
This pertains to the different types of attack vectors that target a user. It has its origins in the
Cloud system. For example, phishing-like attempts that present users a fake usage bill of the
Cloud provider - Answers User to Cloud
defined as the collection and analysis of information about threats and adversaries that helps in
making informed decisions on the preparedness for, prevention of, and response actions
against various cyber-attacks . Indicators of compromise (IoCs) and Indicators of attack (IoAs)
, are two indicators of threat intelligence, allows network defenders to understand what an
attacker is doing and how to stop or prevent an attack - Answers cyber threat intelligence
provides high-level information regarding cybersecurity posture, threats, details about the
financial impact of various cyber activities, attack trends, and the impact of high-level business
decisions. This information is consumed by high-level executives and the management of
organizations, such as the IT management and chief information security officer (CISO).
intelligence is collected from sources such as open-source intelligence (OSINT), CTI vendors,
and Information Sharing and Analysis Organizations (ISAOs)/Information Sharing and Analysis
Centers (ISACs). - Answers Strategic threat intelligence
plays a major role in protecting the resources of an organization. It provides information related
to the TTPs used by threat actors (attackers) to perform attacks. Tactical threat intelligence is
consumed by cybersecurity professionals such as IT service managers, security operations
managers, network operations center staff, administrators, and architects, collection sources
include campaign reports, malware, incident reports, attack group reports, and human
intelligence. white/technical papers, communicating with other organizations, or purchasing
intelligence from third parties. - Answers Tactical threat intelligence
provides information about specific threats against an organization. It provides contextual
information about security events and incidents that help defenders disclose potential risks,
provide insight into attacker methodologies, identify past malicious activities, and efficiently
perform investigations on malicious activity. It is consumed by security managers or heads of
incident response (IR), network defenders, security forensics, and fraud detection teams,
collected from sources such as humans, social media, and chat rooms, as well as from real-
world activities and events that result in cyber-attacks. - Answers Operational threat intelligence
clues, artifacts, or evidence that indicate a potential intrusion or malicious activity in an
organization's infrastructure. They are digital footprints of cyber threats or adversaries. -
Answers Indicators of Compromise
strategic indicators discovered through the attackers' intention and end goal as well as a series
of actions that an attacker must take before being able to successfully launch an attack. It
reveals an active attack before IoCs become visible - Answers Indicators of Attack
Intelligence from the data about past incidents and network monitoring - Answers Internal
intelligence obtained directly from attackers through honeypots, dark web, etc - Answers
Counter
Intelligence from the Internet Data from professional communities such as Financial Services
Information Sharing and Analysis Center (FS-ISAC) Data from security news, blogs, forums, etc.
- Answers Open-source
Intelligence obtained by discovering vulnerabilities through exploration; understanding malware
