Month End Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

CEH-001 GAQM Certified Ethical Hacker (CEH) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GAQM CEH-001 Certified Ethical Hacker (CEH) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Page: 3 / 7
Total 878 questions

Which of the following is an application that requires a host application for replication?

A.

Micro

B.

Worm

C.

Trojan

D.

Virus

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

A.

Sender's public key

B.

Receiver's private key

C.

Receiver's public key

D.

Sender's private key

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

A.

Hping

B.

Traceroute

C.

TCP ping

D.

Broadcast ping

How is sniffing broadly categorized?

A.

Active and passive

B.

Broadcast and unicast

C.

Unmanaged and managed

D.

Filtered and unfiltered

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

A.

Ignore the problem completely and let someone else deal with it.

B.

Create a document that will crash the computer when opened and send it to friends.

C.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

Untrust (Internet) – (Remote network = 217.77.88.0/24)

DMZ (DMZ) – (11.12.13.0/24)

Trust (Intranet) – (192.168.0.0/24)

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?

A.

Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389

B.

Permit 217.77.88.12 11.12.13.50 RDP 3389

C.

Permit 217.77.88.12 11.12.13.0/24 RDP 3389

D.

Permit 217.77.88.0/24 11.12.13.50 RDP 3389

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

A.

Forensic attack

B.

ARP spoofing attack

C.

Social engineering attack

D.

Scanning attack

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

A.

NMAP -PN -A -O -sS 192.168.2.0/24

B.

NMAP -P0 -A -O -p1-65535 192.168.0/24

C.

NMAP -P0 -A -sT -p0-65535 192.168.0/16

D.

NMAP -PN -O -sS -p 1-1024 192.168.0/8

Data hiding analysis can be useful in

A.

determining the level of encryption used to encrypt the data.

B.

detecting and recovering data that may indicate knowledge, ownership or intent.

C.

identifying the amount of central processing unit (cpu) usage over time to process the data.

D.

preventing a denial of service attack on a set of enterprise servers to prevent users from accessing the data.

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

A.

Investigate based on the maintenance schedule of the affected systems.

B.

Investigate based on the service level agreements of the systems.

C.

Investigate based on the potential effect of the incident.

D.

Investigate based on the order that the alerts arrived in.

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

A.

Harvesting

B.

Windowing

C.

Hardening

D.

Stealthing

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

A.

Set a BIOS password.

B.

Encrypt the data on the hard drive.

C.

Use a strong logon password to the operating system.

D.

Back up everything on the laptop and store the backup in a safe place.

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06

NMAP scan report for 172.16.40.65

Host is up (1.00s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

515/tcp open

631/tcp open ipp

9100/tcp open

MAC Address: 00:00:48:0D:EE:89

A.

The host is likely a Windows machine.

B.

The host is likely a Linux machine.

C.

The host is likely a router.

D.

The host is likely a printer.

What is a successful method for protecting a router from potential smurf attacks?

A.

Placing the router in broadcast mode

B.

Enabling port forwarding on the router

C.

Installing the router outside of the network's firewall

D.

Disabling the router from accepting broadcast ping messages

There is a WEP encrypted wireless access point (AP) with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. What information is needed when performing fake authentication to an AP? (Choose two.)

A.

The IP address of the AP

B.

The MAC address of the AP

C.

The SSID of the wireless network

D.

A failed authentication packet

Which of the following parameters enables NMAP's operating system detection feature?

A.

NMAP -sV

B.

NMAP -oS

C.

NMAP -sR

D.

NMAP -O

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

A.

tcp.src == 25 and ip.host == 192.168.0.125

B.

host 192.168.0.125:25

C.

port 25 and host 192.168.0.125

D.

tcp.port == 25 and ip.host == 192.168.0.125

Which initial procedure should an ethical hacker perform after being brought into an organization?

A.

Begin security testing.

B.

Turn over deliverables.

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

A.

Ping of death

B.

SYN flooding

C.

TCP hijacking

D.

Smurf attack

A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the followinG.

Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.

Which of the following actions should the security administrator take?

A.

Log the event as suspicious activity and report this behavior to the incident response team immediately.

B.

Log the event as suspicious activity, call a manager, and report this as soon as possible.

C.

Run an anti-virus scan because it is likely the system is infected by malware.

D.

Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.

How can a policy help improve an employee's security awareness?

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

What is the best defense against privilege escalation vulnerability?

A.

Patch systems regularly and upgrade interactive login privileges at the system administrator level.

B.

Run administrator and applications on least privileges and use a content registry for tracking.

C.

Run services with least privileged accounts and implement multi-factor authentication and authorization.

D.

Review user roles and administrator privileges for maximum utilization of automation services.

ICMP ping and ping sweeps are used to check for active systems and to check

A.

if ICMP ping traverses a firewall.

B.

the route that the ICMP ping took.

C.

the location of the switchport in relation to the ICMP ping.

D.

the number of hops an ICMP ping takes to reach a destination.

Which of the following business challenges could be solved by using a vulnerability scanner?

A.

Auditors want to discover if all systems are following a standard naming convention.

B.

A web server was compromised and management needs to know if any further systems were compromised.

C.

There is an emergency need to remove administrator access from multiple machines for an employee that quit.

D.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Which of the following is a component of a risk assessment?

A.

Physical security

B.

Administrative safeguards

C.

DMZ

D.

Logical interface

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

A.

An extensible security framework named COBIT

B.

A list of flaws and how to fix them

C.

Web application patches

D.

A security certification for hardened web applications

Which security strategy requires using several, varying methods to protect IT systems against attacks?

A.

Defense in depth

B.

Three-way handshake

C.

Covert channels

D.

Exponential backoff algorithm

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

A.

Using the Metasploit psexec module setting the SA / Admin credential

B.

Invoking the stored procedure xp_shell to spawn a Windows command shell

C.

Invoking the stored procedure cmd_shell to spawn a Windows command shell

D.

Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Information gathered from social networking websites such as Facebook, Twitter and LinkedIn can be used to launch which of the following types of attacks? (Choose two.)

A.

Smurf attack

B.

Social engineering attack

C.

SQL injection attack

D.

Phishing attack

E.

Fraggle attack

F.

Distributed denial of service attack

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

A.

Start by foot printing the network and mapping out a plan of attack.

B.

Ask the employer for authorization to perform the work outside the company.

C.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

A.

SDLC process

B.

Honey pot

C.

SQL injection

D.

Trap door

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

A.

white box

B.

grey box

C.

red box

D.

black box

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

A.

64 bit and CCMP

B.

128 bit and CRC

C.

128 bit and CCMP

D.

128 bit and TKIP

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A.

WHOIS

B.

IANA

C.

CAPTCHA

D.

IETF

Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)

A.

A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications

B.

A reduction in network and application monitoring since all recording will be completed at the SSO system

C.

A reduction in system administration overhead since any user login problems can be resolved at the SSO system

D.

A reduction in overall risk to the system since network and application attacks can only happen at the SSO point

What results will the following command yielD. 'NMAP -sS -O -p 123-153 192.168.100.3'?

A.

A stealth scan, opening port 123 and 153

B.

A stealth scan, checking open ports 123 to 153

C.

A stealth scan, checking all open ports excluding ports 123 to 153

D.

A stealth scan, determine operating system, and scanning ports 123 to 153

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?

A.

-sO

B.

-sP

C.

-sS

D.

-sU

An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

A.

Classified

B.

Overt

C.

Encrypted

D.

Covert

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

A.

Man trap

B.

Tailgating

C.

Shoulder surfing

D.

Social engineering

Page: 3 / 7
Total 878 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved