Certified Ethical Hacker Practical Practice Exam, Exams of Technology

Focused on hands-on penetration testing and real-environment challenges, this exam simulates actual hacking tasks using tools like Metasploit, Burp Suite, Nmap, and Wireshark. Learners practice vulnerability exploitation, privilege escalation, payload creation, and post-exploitation reporting.

Typology: Exams

2025/2026

Available from 01/19/2026

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 82

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Certified Ethical Hacker Practical Practice Exam
Question 1. What is the primary purpose of footprinting in the reconnaissance phase of ethical
hacking?
A) To exploit vulnerabilities in the target system
B) To gather preliminary information about the target
C) To gain unauthorized access to the system
D) To perform denial-of-service attacks
Answer: B
Explanation: Footprinting is the process of collecting preliminary information about the target,
such as domain details, IP addresses, and organizational structure, without actively engaging
with the system.
Question 2. Which tool is most commonly used for network discovery and port scanning during
reconnaissance?
A) Wireshark
B) Metasploit
C) Nmap
D) Burp Suite
Answer: C
Explanation: Nmap is widely used for network discovery, port scanning, OS detection, and
service enumeration during reconnaissance activities.
Question 3. In open-source intelligence (OSINT) gathering, which of the following is a passive
method?
A) DNS zone transfer
B) Social engineering attack
C) Active port scanning
D) Exploiting a vulnerability
Answer: A
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52

Partial preview of the text

Download Certified Ethical Hacker Practical Practice Exam and more Exams Technology in PDF only on Docsity!

Question 1. What is the primary purpose of footprinting in the reconnaissance phase of ethical hacking? A) To exploit vulnerabilities in the target system B) To gather preliminary information about the target C) To gain unauthorized access to the system D) To perform denial-of-service attacks Answer: B Explanation: Footprinting is the process of collecting preliminary information about the target, such as domain details, IP addresses, and organizational structure, without actively engaging with the system. Question 2. Which tool is most commonly used for network discovery and port scanning during reconnaissance? A) Wireshark B) Metasploit C) Nmap D) Burp Suite Answer: C Explanation: Nmap is widely used for network discovery, port scanning, OS detection, and service enumeration during reconnaissance activities. Question 3. In open-source intelligence (OSINT) gathering, which of the following is a passive method? A) DNS zone transfer B) Social engineering attack C) Active port scanning D) Exploiting a vulnerability Answer: A

Explanation: DNS zone transfer is a passive method of gathering DNS information without actively probing the target system, unlike port scanning or exploiting vulnerabilities. Question 4. Which protocol is commonly targeted during DNS enumeration to gather detailed domain information? A) SMTP B) DNS C) SNMP D) LDAP Answer: B Explanation: DNS enumeration involves querying DNS servers to retrieve records and zone transfers, revealing detailed domain information. Question 5. What is the main goal of vulnerability scanning in ethical hacking? A) To exploit vulnerabilities for gaining access B) To identify potential security weaknesses C) To perform social engineering attacks D) To gather open-source intelligence Answer: B Explanation: Vulnerability scanning aims to identify potential security weaknesses in systems, applications, or networks that could be exploited later. Question 6. Which tool is primarily used for vulnerability assessment in a penetration test? A) Wireshark B) Nessus C) Hydra D) John the Ripper

D) Nessus Answer: B Explanation: Hydra is a widely used tool for brute-force password attacks against various protocols such as SSH, FTP, and HTTP. Question 10. What is privilege escalation? A) Gaining initial access to a system B) Exploiting vulnerabilities to increase access rights C) Covering tracks after an attack D) Gathering reconnaissance information Answer: B Explanation: Privilege escalation involves exploiting vulnerabilities to increase access rights from a lower level to higher-level accounts like administrator or root. Question 11. Which malware type is designed to spread across networks and replicate itself? A) Virus B) Worm C) Trojan D) Ransomware Answer: B Explanation: Worms are designed to replicate across networks independently, often spreading rapidly without user intervention. Question 12. Timestomping is a technique used to: A) Encrypt files on a compromised system B) Alter timestamps of files and logs to hide activity C) Inject malicious code into a process

D) Capture network traffic Answer: B Explanation: Timestomping involves modifying file timestamps to hide or falsify evidence of malicious activity. Question 13. Which protocol is primarily targeted during session hijacking attacks? A) HTTP B) ARP C) TCP/IP D) SSH Answer: C Explanation: Session hijacking attacks typically target TCP/IP sessions, intercepting or taking over an existing session between two systems. Question 14. Which technique involves redirecting traffic between two communicating parties to intercept or manipulate data? A) ARP poisoning B) DNS spoofing C) Man-in-the-Middle Attack D) SQL Injection Answer: C Explanation: Man-in-the-Middle (MITM) attacks involve intercepting and possibly altering communication between two parties without their knowledge. Question 15. Which type of attack involves overwhelming a network or system with excessive traffic to cause denial of service? A) Phishing

Question 18. SQLMap is a tool used primarily for: A) Password cracking B) Exploiting SQL Injection vulnerabilities C) Network sniffing D) Capturing packets Answer: B Explanation: SQLMap automates detecting and exploiting SQL Injection vulnerabilities in web applications. Question 19. Which wireless encryption protocol is the most secure among the options below? A) WEP B) WPA C) WPA D) WPS Answer: C Explanation: WPA2 offers the most secure wireless encryption among these options, with stronger encryption protocols like AES. Question 20. Which attack exploits vulnerabilities in Wi-Fi Protected Access (WPA/WPA2) to recover the encryption key? A) WEP cracking B) WPA handshake capture and cracking C) ARP poisoning D) Evil twin attack Answer: B Explanation: WPA/WPA2 key cracking typically involves capturing the handshake process and then performing brute-force or dictionary attacks to recover the key.

Question 21. Which cloud security vulnerability involves insecure APIs or misconfigured storage containers? A) Cross-Site Scripting B) Cloud Misconfigurations C) SQL Injection D) Man-in-the-Middle Answer: B Explanation: Cloud misconfigurations, such as insecure APIs or misconfigured storage, are common vulnerabilities that can be exploited. Question 22. Which cryptographic attack involves finding the plaintext from ciphertext without knowing the key? A) Brute-force attack B) Cryptanalysis C) Man-in-the-Middle attack D) Dictionary attack Answer: B Explanation: Cryptanalysis aims to analyze and break cryptographic systems, often recovering plaintext from ciphertext without the key. Question 23. John the Ripper is primarily used for: A) Password cracking B) Network sniffing C) Vulnerability scanning D) Web application testing Answer: A

Answer: B Explanation: LDAP (Lightweight Directory Access Protocol) is often targeted to enumerate user and group information within directory services. Question 27. Which method is used to identify operating systems during network discovery? A) Banner grabbing B) OS fingerprinting C) DNS zone transfer D) SQL injection Answer: B Explanation: OS fingerprinting involves analyzing responses to specific probes to determine the target system's OS. Question 28. What is the primary purpose of a honeypot in security testing? A) To block malicious traffic B) To attract and analyze attacker activity C) To encrypt network traffic D) To scan for vulnerabilities Answer: B Explanation: Honeypots are decoy systems designed to attract attackers, allowing defenders to study attack methods and improve defenses. Question 29. Which attack involves sending crafted packets to evade Intrusion Detection Systems (IDS)? A) Fragmentation attack B) ARP poisoning C) SQL Injection

D) Phishing Answer: A Explanation: Fragmentation or custom packet crafting can be used to evade IDS detection by fragmenting malicious payloads. Question 30. Which web application security testing tool provides intercepting proxy functionality? A) Nessus B) Burp Suite C) Wireshark D) John the Ripper Answer: B Explanation: Burp Suite acts as an intercepting proxy, enabling security testers to analyze and modify web traffic. Question 31. Which of the following is a common method used in cross-site request forgery (CSRF) attacks? A) Injecting malicious script into a web page B) Sending unauthorized requests using the victim's browser C) Exploiting SQL injection vulnerabilities D) Man-in-the-middle interception of sessions Answer: B Explanation: CSRF tricks the victim’s browser into making unsolicited requests on their behalf, exploiting trust in authenticated sessions. Question 32. In wireless hacking, which tool is used for packet capturing and injection? A) Aircrack-ng

B) OWASP ZAP

C) John the Ripper D) Wireshark Answer: B Explanation: OWASP ZAP is an open-source web application security scanner used for finding vulnerabilities like XSS and SQLi. Question 36. Which type of attack involves exploiting unpatched software vulnerabilities to gain initial access? A) Social engineering B) Exploit attack C) Sniffing D) Phishing Answer: B Explanation: Exploit attacks leverage known vulnerabilities in unpatched software to breach systems. Question 37. Which phase involves exfiltrating sensitive data after gaining access? A) Reconnaissance B) Exploitation C) Post-Exploitation D) Reporting Answer: C Explanation: Post-Exploitation involves activities like data exfiltration, privilege escalation, and maintaining access.

Question 38. Which cryptographic hash function is considered most secure for password hashing? A) MD B) SHA- 1 C) bcrypt D) SHA- 0 Answer: C Explanation: bcrypt is specifically designed for secure password hashing due to its adaptive complexity and salt incorporation. Question 39. What is the main purpose of using a VPN during a penetration test? A) To scan for vulnerabilities B) To encrypt traffic and hide IP address C) To perform SQL injection D) To crack passwords Answer: B Explanation: VPNs encrypt traffic and mask IP addresses, providing anonymity and secure communication during testing. Question 40. Which attack technique involves intercepting network traffic to analyze sensitive information? A) Packet sniffing B) SQL injection C) Cross-site scripting D) Phishing Answer: A

Explanation: Aircrack-ng is designed for capturing packets and cracking WEP/WPA keys. Question 44. Which technique involves injecting malicious scripts into web pages that are stored on the server? A) Stored XSS B) Reflected XSS C) SQL Injection D) CSRF Answer: A Explanation: Stored XSS involves persisting malicious scripts directly into web storage, which are then executed in users’ browsers. Question 45. What is the main purpose of a man-in-the-middle attack? A) To encrypt data B) To intercept and possibly alter communications between two parties C) To scan networks D) To crack passwords Answer: B Explanation: MITM attacks intercept communications, allowing attackers to eavesdrop or modify data in transit. Question 46. Which tool is most suitable for analyzing network traffic in a penetration test? A) Nessus B) Wireshark C) SQLMap D) Hydra Answer: B

Explanation: Wireshark is a network protocol analyzer used for capturing and analyzing network traffic. Question 47. Which attack technique involves redirecting users to malicious websites by manipulating DNS records? A) DNS spoofing B) ARP poisoning C) Session hijacking D) SQL injection Answer: A Explanation: DNS spoofing redirects users to malicious sites by falsifying DNS responses. Question 48. Which of the following is a common method to detect steganography in files? A) Hash comparison B) Steganalysis tools C) Port scanning D) Phishing emails Answer: B Explanation: Steganalysis tools analyze files for hidden data embedded within images or other media. Question 49. Which security control is most effective against unauthorized wireless access? A) Strong WPA2 encryption and MAC filtering B) Disabling firewalls C) Using WEP encryption D) Keeping default passwords Answer: A

Explanation: Gaining Access involves actively exploiting vulnerabilities to breach the target system. Question 53. Which protocol is vulnerable to buffer overflow attacks, especially in legacy systems? A) HTTP B) FTP C) SMB D) DNS Answer: C Explanation: SMB (Server Message Block) has historically been vulnerable to buffer overflow exploits, especially in older implementations. Question 54. Which of the following is a common countermeasure against SQL Injection? A) Input validation and parameterized queries B) Disabling cookies C) Using WEP encryption D) Opening all ports Answer: A Explanation: Input validation and prepared statements prevent malicious SQL code execution. Question 55. Which type of malware is designed to encrypt data and demand ransom for decryption? A) Virus B) Ransomware C) Trojan D) Worm

Answer: B Explanation: Ransomware encrypts victim data and demands payment for decryption keys. Question 56. What is the primary goal of reconnaissance in ethical hacking? A) To exploit vulnerabilities B) To gather information about the target system or network C) To exfiltrate data D) To cover tracks Answer: B Explanation: Reconnaissance involves collecting as much information as possible about the target without engaging directly. Question 57. Which tool is used for intercepting and modifying HTTP requests and responses? A) Wireshark B) Burp Suite C) Nessus D) Hydra Answer: B Explanation: Burp Suite acts as an intercepting proxy for web application testing, allowing modification of traffic. Question 58. Which attack involves sending malicious code in a URL parameter to execute on the server? A) SQL Injection B) Cross-Site Scripting (XSS) C) Command injection D) Directory traversal