CEH Ethical Hacker Practice Exam Part 4: Cloud, Mobile, & API Security Questions
Boost your CEH exam readiness with 29 practice questions on cloud, mobile, and API security. Follow CertPunch for more certification prep and visit certpunch.com.
Chapters:
00:00 Intro
00:17 Question 1 of 29
01:10 Question 2 of 29
02:40 Question 3 of 29
04:40 Question 4 of 29
05:53 Question 5 of 29
07:02 Question 6 of 29
08:29 Question 7 of 29
10:27 Question 8 of 29
11:43 Question 9 of 29
13:11 Question 10 of 29
14:20 Question 11 of 29
15:23 Question 12 of 29
17:26 Question 13 of 29
18:08 Question 14 of 29
19:06 Question 15 of 29
20:12 Question 16 of 29
21:31 Question 17 of 29
22:47 Question 18 of 29
24:11 Question 19 of 29
26:03 Question 20 of 29
28:49 Question 21 of 29
30:32 Question 22 of 29
31:42 Question 23 of 29
33:29 Question 24 of 29
35:06 Question 25 of 29
36:25 Question 26 of 29
38:20 Question 27 of 29
39:59 Question 28 of 29
41:28 Question 29 of 29
What you will practice
- A corporation has transitioned to a public cloud service. The security team found a critical flaw in the API…
- You've been hired as a Certified Ethical Hacker (CEH) by a large multinational corporation to investigate the…
- A multinational corporation provides its employees with mobile devices to support remote work and enhance pro…
- Following an attack on its mobile infrastructure, an e-commerce company is reconsidering its mobile security…
- You are conducting a vulnerability assessment in a segmented internal network. When scanning a set of IPs usi…
- You have recently been hired as an entry-level IT technician in a large corporation. In a meeting with the IT…
Answers and explanations
Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.
Q1. A corporation has transitioned to a public cloud service. The security team found a critical flaw in the API of the cloud service provider. What is the potential threat they are most likely to face? Correct answer
Answer: A. Unauthorized access to cloud resources
An API flaw directly leads to unauthorized resource access, a fundamental cloud security risk.
Q2. You've been hired as a Certified Ethical Hacker (CEH) by a large multinational corporation to investigate the unauthorized access of sensitive data from their web application. You discover that the web application uses a custom authorizati…
Answer: B. The attacker captured a valid token before its expiry and used it to gain access.
Capturing a valid token before expiry allows an attacker to bypass the authentication mechanism successfully.
Q3. A multinational corporation provides its employees with mobile devices to support remote work and enhance productivity. Recently, the security team detected suspicious activities indicating potential vulnerabilities in the mobile platforms…
Answer: D. Remote Access Trojan (RAT) Implanting Malicious Software on Mobile Devices to Gain Unauthorized Remote Access and Monitor User Activities, such as Keystrokes and Screen Capture
A RAT provides stealthy, persistent remote access, making it highly challenging to detect on mobile devices.
Q4. Following an attack on its mobile infrastructure, an e-commerce company is reconsidering its mobile security strategies. In an event where an attacker has been able to gain partial root access to the mobile application, which of these tact…
Answer: A. Implementation of certificate pinning to protect against Man-In-The-Middle (MITM) attacks.
The correct answer is right because certificate pinning protects MITM attacks, which are a major risk after root compromise.
Q5. You are conducting a vulnerability assessment in a segmented internal network. When scanning a set of IPs using the nbtscan tool, you discover multiple devices responding with NetBIOS names, but only one of them has the entry in its respon…
Answer: A. It is the domain master browser or Primary Domain Controller (PDC).
The correct answer is right because only the PDC or master browser provides the NetBIOS name list in a Windows network.
Q6. You have recently been hired as an entry-level IT technician in a large corporation. In a meeting with the IT team, the terms "ethical hacking" and "penetration testing" are mentioned frequently. Later, a colleague explains to you that the…
Answer: A. An ethical hacker is primarily focused on securing the system, while a penetration tester tries to exploit the system's vulnerabilities.
An ethical hacker's primary focus is security through identifying and fixing vulnerabilities. Pretexting and quid pro quo are other social engineering types.
Q7. A major financial institution is experiencing persistent Denial-of-Service (DoS) attacks targeting its online banking services, causing significant disruption to customer transactions and eroding trust in the institution. The security team…
Answer: D. A zero-day exploit targeting the institution's web server software, causing buffer overflow and service unavailability through remote code execution.
Zero-day exploit is the most challenging as it uses unknown vulnerabilities for remote code execution. Other options are known techniques.
Q8. A multinational corporation recently survived a severe Distributed Denial-of-Service (DDoS) attack, which caused significant downtime and resulted in substantial financial losses. After implementing enhanced security measures, the company…
Answer: C. Load Balancing
Load balancing distributes traffic to prevent overload. Black hole routing drops traffic, while sinkholing redirects it to a null route.
Q9. You have recently joined as a cybersecurity analyst at a multinational corporation. Your role includes regular vulnerability assessments of the company's wide-ranging IT infrastructure. During one of these assessments, you employ the Nessu…
Answer: A. Without delay, apply the patch recommended by the vendor.
Patching the vulnerability immediately is critical to prevent exploitation and remote code execution.
Q10. A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows…
Answer: A. The WAP does not recognize the client's MAC address
The WAP likely has MAC filtering enabled and does not recognize the client's MAC address, blocking association.
Q11. A senior executive receives a personalized email with a subject line that reads "Annual Performance Review 2024". The email contains a downloadable PDF that installs a backdoor when opened. The email appears to come from the CEO and includ…
Answer: A. Whaling attack aimed at high-ranking personnel
A whaling attack targets high-ranking personnel, like impersonating a CEO to trick a senior executive.
Q12. A prominent healthcare organization relies on mobile platforms to access electronic health records (EHR) and facilitate communication among healthcare professionals. Recently, the security team detected suspicious activities indicating pot…
Answer: C. Zero-Day Exploits Leveraging Previously Unknown Vulnerabilities in Mobile Operating Systems or Applications to Gain Unauthorized Access to Healthcare Data and Patient Records
Zero-day exploits are challenging because they use unknown vulnerabilities, making them hard to detect and mitigate.
Q13. Which service in a PKI will vouch for the identity of an individual or company?
Answer: D. CA
A Certificate Authority (CA) issues digital certificates to verify identities in a PKI, vouching for the authenticity of the certificate holder.
Q14. Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob recommend to deal wit…
Answer: B. The use of DNSSEC
DNSSEC is the correct solution as it digitally signs DNS records, ensuring data integrity and authenticity to prevent cache poisoning attacks.
Q15. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the inves…
Answer: C. The network devices are not all synchronized.
Unsynchronized network device clocks cause timestamp discrepancies in logs, making event correlation difficult and obscuring the attack sequence.
Q16. A cybersecurity team is assessing an organization's network for misconfigurations. During the enumeration process, they use a tool that sends a request to UDP port 161 and receives a large list of software names installed on remote devices…
Answer: C. The SNMP agent allowed anonymous bulk data queries due to default settings.
The SNMP agent's default settings allowed anonymous bulk queries, enabling enumeration of sensitive data without authentication.
Q17. A logistics company recently found that some of its fleet vehicles equipped with smart locking systems were compromised, leading to vehicle thefts. The cybersecurity team suspects that attackers captured unique signals emitted by the key f…
Answer: A. Monitor wireless signals for abnormal jamming or interference.
Monitoring wireless signals for interference or jamming can detect attackers capturing key fob signals, confirming and preventing future attacks.
Q18. You are a security analyst investigating a network compromise. The infected systems are receiving external instructions, masking the control traffic using widely allowed protocols like HTTP and DNS. The payloads are stealthy and modify sys…
Answer: A. Use behavioral analytics to monitor for irregular outbound requests and abnormal application behavior.
Behavioral analytics detects irregular outbound requests and abnormal behavior, ideal for identifying stealthy malware using common protocols.
Q19. While performing a vulnerability assessment for XYZ Corporation, you discover that several key systems are regularly interacting with unidentified external entities. These interactions often involve data transfers, both incoming and outgoi…
Answer: A. Prioritize a behavioral analytics solution that profiles normal system behaviors and alerts on deviations, focusing on the interaction patterns of the identified systems.
Behavioral analytics profiles normal system behaviors to detect deviations, directly identifying unsanctioned exchanges and data exfiltration.
Q20. During an ethical hacking exercise, a security analyst is testing a web application that manages confidential information. The analyst suspects the application may be susceptible to SQL injection attacks. Which of the following payloads wi…
Answer: A. ' AND BENCHMARK(5000000,ENCODE('test','test')); —
The BENCHMARK payload causes a delay, revealing time-based blind SQL injection if the response is significantly delayed.
Q21. As a Certified Ethical Hacker, you have been contracted by a leading technology company to test the vulnerabilities in its web application. The application integrates various third-party services and employs multiple APIs. During your adva…
Answer: B. Utilize SSRF (Server-Side Request Forgery) to make unauthorized API calls from the server itself.
SSRF allows unauthorized API calls from the server, compromising the system stealthily without leaving obvious traces.
Q22. As a security analyst, you are testing your company's network for potential vulnerabilities. During your investigation, you suspect that an attacker might be using MAC flooding to compromise the switches and sniff network traffic. Which of…
Answer: A. Numerous MAC addresses that correspond to a single switch port.
A correct answer because numerous MAC addresses on a single port indicate the switch's CAM table is overflowing. The trap is confusing this with an IP-related issue.
Q23. A leading online retailer has been experiencing a series of security incidents involving unauthorized access to customer accounts and fraudulent transactions. Upon investigation, it is suspected that attackers are employing sophisticated s…
Answer: B. Session Replay Attack Capturing and Replaying Encrypted Session Tokens to Gain Unauthorized Access
This is correct as session replay attacks are hard to detect because they use valid, captured tokens. The trap is confusing it with an attack that relies on user interaction.
Q24. As a cybersecurity analyst for a leading multinational company, you have unearthed evidence suggesting a breach. Analysis indicates that sophisticated steganography techniques are in play, allowing the hacker to exfiltrate data by cleverly…
Answer: D. Engage a specialized steganalysis tool to scrutinize questionable files, decode the obscured data, and reveal the hacker's exfiltration methodology.
The answer is correct because a steganalysis tool is specifically designed to find hidden data in files. The trap is choosing a general monitoring tool.
Q25. You've recently been hired as a cybersecurity intern for a growing tech startup. During your onboarding, the company's chief information security officer (CISO) explains the various types of hackers you need to be aware of as part of your…
Answer: D. A hacker who uses pre-existing scripts and tools to carry out attacks without fully understanding how they work.
Script kiddies use pre-existing tools without understanding them. They lack the skills to create their own exploits.
Q26. As a cybersecurity professional conducting a network vulnerability assessment for your organization, you discover a potentially critical vulnerability. This vulnerability arises from an outdated software component installed on a critical p…
Answer: D. Implement a strategy of Virtual Patching, providing a protective layer around the vulnerability until the actual patch can be applied.
Virtual patching applies security controls to mitigate risk without downtime. The other options are either too disruptive or insufficient.
Q27. As a newly appointed cybersecurity analyst in a financial firm, you are tasked with performing network scanning to maintain the organization's network security posture. You decide to conduct a SYN scan, sometimes referred to as half-open s…
Answer: A. The scanned port on the target IP address is open, as the receipt of a SYN/ACK packet indicates that the port is prepared to establish a connection.
A SYN/ACK response confirms a port is open and ready to connect. A closed port would respond with a RST packet.
Q28. As part of a security audit, your team evaluates a system flagged by your automated scanner. The tool outputs a vector string with a numerical range of 9.8, indicating a critical severity. However, the client is unsure about the real-world…
Answer: C. It quantifies technical impact and ease of exploitation, guiding structured risk response based on impact and environment.
Option C is correct because CVSS scores quantify technical impact and exploitability to guide risk-based remediation priorities.
Q29. A cybersecurity company wants to prevent attackers from gaining information about its encrypted traffic patterns. Which of the following encryption algorithms should they utilize? Correct answer
Answer: A. AES
AES is correct because it provides strong encryption to obscure traffic patterns, while RSA is for key exchange, not encryption.
More CEH drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.