CEH v12 Practice Exam Part 5: Certified Ethical Hacker Questions & Answers

By /

CEH v12 Practice Exam Part 5: Certified Ethical Hacker Questions & Answers

Boost your CEH exam readiness with this practice test, covering key Certified Ethical Hacker concepts. Follow CertPunch for more certification prep and visit certpunch.com.

Chapters:
00:00 Intro
00:17 Question 1 of 29
01:29 Question 2 of 29
02:52 Question 3 of 29
04:16 Question 4 of 29
05:20 Question 5 of 29
06:11 Question 6 of 29
07:12 Question 7 of 29
08:18 Question 8 of 29
09:53 Question 9 of 29
11:10 Question 10 of 29
12:37 Question 11 of 29
14:27 Question 12 of 29
15:52 Question 13 of 29
17:06 Question 14 of 29
18:31 Question 15 of 29
19:48 Question 16 of 29
20:46 Question 17 of 29
21:56 Question 18 of 29
23:16 Question 19 of 29
24:32 Question 20 of 29
26:03 Question 21 of 29
27:25 Question 22 of 29
28:46 Question 23 of 29
30:42 Question 24 of 29
31:53 Question 25 of 29
32:59 Question 26 of 29
34:25 Question 27 of 29
35:42 Question 28 of 29
37:15 Question 29 of 29

What you will practice

  • A large chemical plant uses operational technology (OT) networks to control its industrial processes. Recentl…
  • You are a security analyst for a medium-sized e-commerce company. Recently, the company has been suffering fr…
  • You're an IT security analyst at a fast-growing fintech startup. Recently, you've noticed an uptick in networ…
  • Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all…
  • If a tester is attempting to ping a target that exists but receives no response or a response that states the…
  • Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While…

Answers and explanations

Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.

Q1. A large chemical plant uses operational technology (OT) networks to control its industrial processes. Recently, security personnel noticed abnormal behavior from critical Programmable Logic Controllers (PLCs), suspecting a stealthy comprom…

Answer: A. Perform detailed inspections of device software for unauthorized modifications.

Inspecting device software for modifications is the first step to detect malicious firmware. Isolating without inspection risks missing forensic evidence.

Q2. You are a security analyst for a medium-sized e-commerce company. Recently, the company has been suffering from repeated incidents of session hijacking. To prevent future incidents, you've been asked to suggest a robust strategy to mitigat…

Answer: C. Apply an IPsec VPN solution that encrypts the entire IP packet, thereby making session hijacking attempts more difficult.

An IPsec VPN encrypts the entire IP packet, securing sessions against hijacking. Other options are less direct or focus on prevention rather than mitigation.

Q3. You're an IT security analyst at a fast-growing fintech startup. Recently, you've noticed an uptick in network traffic anomalies. You decide to perform a more thorough network scan using the ICMP Echo Request method. During the scan, you n…

Answer: B. The firewall or another security control is probably blocking the ICMP Echo Requests.

Firewalls commonly block ICMP requests to prevent probing. This is a security measure, not congestion or a breach.

Q4. Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure?

Answer: C. Not informing the employees that they are going to be monitored could be an invasion of privacy.

Monitoring without informing employees violates privacy laws. Legal trouble arises from lack of consent, not work disruption or ongoing slowdowns.

Q5. If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get…

Answer: D. Hping

Hping can send custom TCP packets to get a response when ICMP is disabled. It is a versatile tool for this purpose.

Q6. Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view…

Answer: D. No ABAC validation

The lack of ABAC validation allows unauthorized access to API objects based on user and resource attributes.

Q7. During a penetration test on a legacy Windows network, you use the nbtstat -A command on a target system and retrieve several NetBIOS names, including entries ending with <20> and <03>. However, attempts to list shared folders fail. Which…

Answer: B. File and printer sharing is disabled on the target system.

File and printer sharing must be enabled to list shared folders via NetBIOS. Its failure explains the behavior.

Q8. A multinational corporation relies heavily on remote access for its employees to connect to internal systems and resources. Recently, there have been reports of unauthorized access to sensitive company data, leading to concerns about poten…

Answer: C. ARP Spoofing Attack Redirecting Traffic to Capture Session Data on Local Networks

ARP spoofing is challenging to detect as it occurs at Layer 2, making it a sophisticated session hijacking method.

Q9. The web application security team of a global firm detected a sophisticated injection attack that exploited a flaw in the application's input validation. The attack was carried out using a custom script that used obfuscation and evasion te…

Answer: C. Deploy a Web Application Firewall (WAF) with built-in evasion detection features.

A WAF with evasion detection blocks obfuscated injection attempts, directly countering web application attacks.

Q10. A cybersecurity analyst working for a multinational corporation is tasked with performing regular surveillance of their competitors' digital presence to identify any changes that could indicate strategic shifts or potential threats. To sta…

Answer: A. Set up Google Alerts to receive email notifications whenever new web content includes their competitors' names or other key terms.

Google Alerts provide real-time notifications on competitors' web content updates for effective monitoring.

Q11. A cybersecurity firm has deployed a comprehensive defense system, including Intrusion Detection Systems (IDS), firewalls, and honeypots, to protect its network from malicious activities. Despite these measures, the security team has notice…

Answer: A. Covert Channel Communication Exploiting Unused IP Header Fields to Conceal Malicious Traffic and Evade Detection by Security Devices

Covert channels in IP headers evade detection by hiding malicious traffic in seemingly normal network packets.

Q12. During an investigation, an ethical hacker discovered that a web application's API has been compromised, leading to unauthorized access and data manipulation. They identified webhooks and a webshell being used by the attacker. To prevent f…

Answer: C. Harden the web server security, add multi-factor authentication for API users, and restrict the execution of scripts server-side.

Hardening the server, adding MFA, and restricting script execution directly addresses the webshell and API compromise.

Q13. As a certified ethical hacker, you have been tasked to exploit a security vulnerability on an Android device that uses the latest version of the OS. You found that there's an unpatched weakness in the handling of user permissions in the de…

Answer: C. Develop a custom exploit code that uses obfuscation techniques to avoid detection.

The correct answer is right because a custom obfuscated exploit avoids detection by standard antivirus signatures.

Q14. As a newly appointed network security analyst at a mid-tier company, you have been tasked with assessing the security of the network. As part of this, you need to ensure that your company's network can detect and prevent evasion techniques…

Answer: C. Implementing an anomaly-based IDS that can recognize the irregular traffic patterns caused by packet fragmentation.

The correct answer is right because an anomaly-based IDS detects the irregular patterns from fragmented packets.

Q15. During a red team exercise, a certified ethical hacker (CEH) is working on exploiting a potential vulnerability in the target's web server. The CEH has completed the information gathering and footprinting stages and mirrored the website fo…

Answer: D. Hijack a session and immediately modify server configuration files.

Hijacking a session and modifying config files is stealthy. SQL injection and brute force are detectable. Vulnerability scanning is passive.

Q16. A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely. Which web-page file type, if it exists on the web server, is a strong indication that…

Answer: A. .stm

The file type ".stm" is associated with Microsoft Active Server Pages (ASP) which supports Server-Side Includes (SSI), making it vulnerable to SSI attacks.

Q17. A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the…

Answer: B. The gateway is not routing to a public IP address.

The gateway is not routing to a public IP address, which is why local communication works but internet access fails.

Q18. As a cybersecurity professional in a growing organization, you are tasked with conducting comprehensive reconnaissance of your own company's digital presence. In addition to using tools like WHOIS, DNS analysis, and search engines, you are…

Answer: C. Search engines don't index the Deep Web, and there could be non-indexed company information lying there.

Search engines don't index the Deep Web, so exploring it can reveal non-indexed company data that traditional methods would miss.

Q19. Your role as a cybersecurity analyst at XYZ Corporation requires you to perform a thorough security assessment of the company's online presence. You initiate the process with a passive reconnaissance phase, trying to gather as much informa…

Answer: C. Using a tool like Nmap to scan the company's public IP range.

Nmap scanning involves active interaction, making it unsuitable for passive reconnaissance which avoids direct contact.

Q20. During an internal penetration test, a security analyst assesses a web application that interfaces with a backend Oracle database. Initial attempts using standard SQL injection payloads such as ' OR '1'='1 and UNION SELECT return no useful…

Answer: D. Heavy query-based SQL injection

Heavy query-based SQL injection uses complex, resource-intensive queries to cause delays, as seen in the payload's COUNT operation.

Q21. During a cybersecurity operation, a CEH professional discovered an unknown Bluetooth Low Energy (BLE) device actively transmitting pairing signals. The professional decided to breach the BLE device using a crackle. The device was seen pair…

Answer: A. The operation cannot continue without the LTK.

The operation cannot continue without the Long-Term Key (LTK), which is essential for decrypting the BLE data.

Q22. A city's power management utilizes SCADA systems to oversee operations. Recently, the infrastructure has shown unexplained anomalies such as inconsistent sensor values and intermittent outages. Security experts suspect a side-channel attac…

Answer: A. Measure unusual fluctuations during device operations at the hardware level.

Measuring hardware-level fluctuations can detect side-channel attacks, which exploit physical characteristics to extract data.

Q23. A globally-operating bank recently encountered a severe security breach within its Android OS-based mobile banking application. Cybercriminals managed to exploit the bank's Mobile Device Management (MDM) system and successfully carried out…

Answer: A. Establishing and enforcing a rigorous policy that unequivocally mandates the disabling of ADB, except when absolutely necessary and only within strictly regulated environments.

This is correct because disabling ADB directly closes the attackers' primary access vector. The trap is choosing a general security measure over a specific, targeted fix.

Q24. As a cybersecurity consultant, you have been hired by a multinational corporation to identify potential security risks in their network. During the enumeration phase, you utilize LDAP to gather information about the network infrastructure…

Answer: B. The LDAP directory data is protected by Access Control Lists (ACLs).

The answer is correct as ACLs are specifically designed to restrict access to directory information during enumeration. The trap is blaming a network issue.

Q25. Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering…

Answer: A. Dark web footprinting

The scenario describes using anonymizing tools to access the dark web. This is distinct from standard website footprinting.

Q26. You are a Certified Ethical Hacker contracted by a technology company to perform a security assessment on Bluetooth-enabled devices. These devices have Secure Simple Pairing (SSP) enabled, which generally offers strong security. During you…

Answer: C. Impose rate-limiting to slow down the brute-force attack.

Rate-limiting slows brute-force attacks, making it effective against the described SSP exploit, while other options are less direct.

Q27. You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use?

Answer: C. nmap -T4 -F 10.10.0.0/24

The -F flag performs a fast scan, making it ideal for quick network enumeration in a penetration test.

Q28. As a cybersecurity analyst, you were assigned the task of analyzing the traffic patterns of your company's network. You started noticing irregularities that suggested a potential scanning attempt. The attacker appears to be quite sophistic…

Answer: D. The attacker is utilizing a 'zombie' machine to transmit the scan, thus making the true source of the scan difficult to determine.

The correct answer is right because using a 'zombie' machine makes the source hard to trace. The elimination cue is that the other options are less stealthy.

Q29. A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named nc. The FTP server's access logs show…

Answer: D. File system permissions

The vulnerability is in file system permissions, allowing an anonymous user to upload, extract, and execute files.

More CEH drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.

Scroll to Top
Privacy Terms Contact