Certified Ethical Hacker CEH Quiz Questions and Answers

A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems. See if you have what it takes to beat malicious hackers with our 15-question Certified Ethical Hacker (CEH) Mini Quiz!
  • Question 1
  • Question 2
  • Question 3
  • Question 4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10
  • Question 11
  • Question 12
  • Question 13
  • Question 14
  • Question 15
Question 1 ID: 694

Hacker is a person who illegally breaks into a system or network without any authorisation to destroy, steal sensitive data or to perform any malicious attacks. What are black hat hackers?

A. Those with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers
B. Those professing hacker skills and using them for defensive purposes and are also known as security analysts
C. Those who aim to bring down critical infrastructure for a 'cause' and are not worried about facing 30 years in jail for their actions
D. Those who work both offensively and defensively at various times


Question 2 ID: 690

NetStumbler cannot detect which wireless standard?

A. 802.11g
B. 802.11
C. 802.11a
D. 802.11 b


Question 3 ID: 686

What virus can hide its present using encryptions methods?

A. Anti Virus
B. Masked Virus
C. Armored Virus
D. Polymorphic Virus


Question 4 ID: 687

What tool can be used for tunnelling traffic through HTTP?

A. BackStealth
B. WarpDrive
C. HTTPGateway
D. WarpCore


Question 5 ID: 699

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

A. SQL injection Attack
B. Cross-Site Scripting (XSS)
C. LDAP Injection Attack
D. Cross-Site Request Forgery (CSRF)


Question 6 ID: 689

What tool can perform a MITM (man in the middle) attack?

A. Slenderman
B. SNPReplay
C. SMBRelay


Question 7 ID: 688

Which of the following can be used to identify which methods are allowed in the remote web server?

A. Pug
C. 7of9
D. Acunetix


Question 8 ID: 698

What does the term stack smashing mean?

A. It's when code is executed from a default heap.
B. It's when an attacker gets to a stack after they're done with the pumpkins.
C. A buffer overflow that overwrites the return address
D. The input of No Operation instruction code in a string


Question 9 ID: 696

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

A. Install and use Telnet to encrypt all outgoing traffic from this server.
B. Use Alternate Data Streams to hide the outgoing packets from this server.
C. Install Cryptcat and encrypt outgoing packets from this server.
D. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.


Question 10 ID: 693

What kind of attack is sniffing a password from a wireless network?

A. Offline Attack
B. SQL Injection
C. DDoS Attack
D. Passive Attack


Question 11 ID: 692

What can be a useful resource for hackers to find information about the hardware or software used in a company?

A. Job Postings
B. GorillaSearch
C. Facebook
D. Dark Web


Question 12 ID: 700

An enterprise recently moved to a new office and the new neighbourhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

A. Use fences in the entrance doors.
B. Install a CCTV with cameras pointing to the entrance doors and the street.
C. Use an IDS in the entrance doors and install some of them near the corners.
D. Use lights in all the entrance doors and along the company's perimeter.


Question 13 ID: 695

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

A. The key entered is a symmetric key used to encrypt the wireless data.
B. The key entered is a hash that is used to prove the integrity of the wireless data.
C. The key entered is based on the Diffie-Hellman method.
D. The key is an RSA key used to encrypt the wireless data.


Question 14 ID: 691

The command: SID: S-1-5-21domain-501, suggests which type of account?

A. Administrator
B. Guest Account
C. Power Users
D Domain Administrator


Question 15 ID: 697

What programming language is the most vulnerable to buffer overflow attacks?

A. Perl
B. C++
C. Python
D. Java