Train & Certify
Certifications

ETHICAL HACKING

Certified Ethical Hacker (C|EH)

C|EH (MASTER)

EXECUTIVE MANAGEMENT

Certified Chief Information Security Officer (C|CISO)

Associate C|CISO

COMPUTER FORENSICS

Computer Hacking Forensic Investigator (C|HFI)

NETWORK SECURITY

Certified Network Defender (C|ND)

ICS/SCADA Cybersecurity

ENCRYPTION

Certified Encryption Specialist (E|CES)

PEN TESTING

Certified Penetration Testing Professional (C|PENT)

INCIDENT HANDLING

Certified Incident Handler (E|CIH)

Certified Threat Intelligence Analyst (C|TIA)

Certified SOC Analyst (C|SA)

CLOUD SECURITY

Certified Cloud Security Engineer (C|CSE)

DevSecOps

Certified DevSecOps Engineer (E|CDE)

CYBER TECHNICIAN

Certified Cybersecurity Technician (C|CT)

BLOCKCHAIN

Blockchain Developer Certification (B|DC)

Blockchain Fintech Certification (B|FC)

Blockchain Business Leader Certification (B|BLC)

BUSINESS CONTINUITY AND DISASTER RECOVERY

Disaster Recovery Professional (E|DRP)

FUNDAMENTALS

Certified Secure Computer User (C|SCU)

EC-Council Certified Security Specialist (E|CSS)

ESSENTIALS SERIES

Network Defense Essentials (N|DE)

Ethical Hacking Essentials (E|HE)

Digital Forensics Essentials (D|FE)

DevSecOps Essentials (D|SE)

SOC Essentials (S|CE)

Cloud Security Essentials (C|SE)

IoT Security Essentials (I|SE)

Threat Intelligence Essentials (T|IE)

APPLICATION SECURITY

Certified Application Security Engineer (C|ASE .NET)

Certified Application Security Engineer (C|ASE Java)

Web Application Hacking and Security (W|AHS)
Micro Learning

Python Programming for Beginners

Learn Python Online: From Novice to Pro

Microdegree in Python Security

Microdegree in PHP Security

Identity and Access Management

Linux Fundamentals

Linux-Server Administration

Cybersecurity for Blockchain from Ground Up

Cybersecurity for Business

Email Phishing
Degrees
Graduate Certificate Program Bachelors of Science in Cyber Security Masters of Cyber Security
Advisory
Security Awareness EC-Council Global Services
About
Our Story

Executive Team

Governing Committees

Code Of Ethics

Diversity

Global Awards

Pressroom

Accreditations

Career

Contact Us

Partner With Us

Become a Trainer

Become a Training Partner

Become an Academic Partner

Become a Reseller

Become a Subject Matter Expert

Become an EC-Council Advisory Board Member

Become a Conference Partner

Become a Media Partner

RESOURCES

NICE Framework Mapping

Store

Certified Member Portal

Training Partner Portal

Have a Question

THOUGHT LEADERSHIP

C|EH Hall of Fame 2023

C|EH Hall of Fame 2021-2022

C|CISO Hall of Fame 2023

Success Stories

Cybersecurity Exchange

Ethical Hacking Leaderboard

Download brochure

By clicking Submit, I consent to the use of my data for promotional purposes and accept the Privacy Policy and Terms

Hall of Fame Report

By clicking Submit, I consent to the use of my data for promotional purposes and accept the Privacy Policy and Terms

CEH Assessment

By clicking Submit, I consent to the use of my data for promotional purposes and accept the Privacy Policy and Terms

1. Which term refers to gathering and publishing personally identifiable information?

Exploit
Daisy-chaining
Payload
Doxing

2. What is the first hacking phase to gather information about a target?

Reconnaissance
Scanning
Gaining Access
Maintaining Access

3. Gathering sensitive information to damage a competitor is called?

Social Engineering
Information Leakage
Corporate Espionage
Business Loss

4. Which scan disguises itself as normal traffic?

Stealth scanning technique
TCP connect scanning
Xmas scanning
FIN scanning

5. Changing source IPs to evade security controls?

IP Address Spoofing
Packet Fragmentation
Source Routing
IP Address Decoy

6. Which Nmap scan is known as half-open?

ACK Scan
SYN Stealth
Half-open
Windows Scan

7. Enumeration used to list domain computers?

NetBIOS enumeration
SNMP enumeration
NTP enumeration
SMTP enumeration

8. SNMP command that notifies manager of events?

GetRequest
GetResponse
SetRequest
Trap

9. Assessment allowing different strategies per system?

Product-Based
Service-Based
Tree-Based Assessment
Inference-Based

10. Password attack using syllables?

Toggle-Case
Fingerprint
PRINCE Attack
Markov Chain

11. CPU vulnerabilities due to speculative execution?

Spectre and Meltdown
Named Pipe Impersonation
Application Shimming
Launch Daemon

12. Rootkit modifying system boot?

Hypervisor level
Kernel level
Boot loader level
Library level

13. Malware component preventing reverse engineering?

Payload
Obfuscator
Dropper
Crypter

14. Virus intercepting OS calls?

Stealth/Tunneling virus
Cluster virus
Macro virus
Boot sector virus

15. Passive sniffing refers to?

Sniffing through a hub
Router
Switch
Bridge

16. Packet filtering firewall operates at?

Network layer
Physical layer
Session layer
Application layer

17. Trojan used to deface websites?

E-banking Trojan
POS Trojan
Defacement Trojan
Mobile Trojan

18. ARP spoofing overloads which device?

Switch
Router
Hub
Bridge

19. Attack exploiting human behavior?

Social Engineering
Buffer Overflow
DoS
SQL Injection

20. Offering help in exchange for credentials?

Reverse SE
Tailgateing
Quid Pro Quo
Elicitation

21. NOT computer-based social engineering?

Phishing
Tailgating
Spam
Pop-up attacks

22. Symptom of DoS attack?

Website unavailable
Less spam
More bandwidth
Better performance

23. NTP uses which port?

UDP 123
UDP 113
UDP 161
UDP 320

24. DDoS attack with no patch?

Ping of Death
Smurf
Zero-Day DDoS
Pulse Wave

25. Partial HTTP requests exhausting server?

Slowloris
HTTP Flood
Session Flood
Fragmentation

26. Injecting TCP data without seeing responses?

TCP Hijacking
UDP Hijacking
RST Hijacking
Blind Hijacking

27. IDS alert when no attack exists?

True Positive
False Positive
False Negative
True Negative

28. IDS evasion using TTL values?

DoS
Obfuscation
Insertion Attack
Unicode

29. Software firewall is placed between?

Desktop & OS
Router & OS
Antivirus & IDS
Applications & networking

30. Honeypot emulating real network?

Low interaction
Medium interaction
High interaction
Pure honeypot

31. Splitting attack traffic to evade IDS?

Session Splicing
Unicode
Encryption
Flooding

32. Metasploit module for scanning & fuzzing?

Exploit
Payload
Auxiliary
NOPS

33. Injecting CR and LF characters?

HTML Injection
CRLF Injection
Log Injection
Server-side JS

34. Forcing browser to send unintended requests?

XSS
CSRF
LDAP Injection
SQL Injection

35. Using WAITFOR DELAY indicates?

Blind SQL Injection
Error-based
UNION
Simple SQL

36. Testing with full source code knowledge?

Manual
Automated
Static Testing
Dynamic Testing

37. SQL injection altering database content?

Auth Bypass
Info Disclosure
Compromised Integrity
RCE

38. Authentication bypass using OR condition?

Error-based
UNION
End-of-line comment
Tautology

39. Testing with massive random input?

Function Testing
Fuzzing
Static
Dynamic

40. Drawing symbols advertising Wi-Fi?

WarWalking
WarFlying
WarChalking
WarDriving

41. Wi-Fi standard at 5GHz, 54 Mbps?

802.11a
802.11b
802.11g
802.11i

42. Sending unsolicited Bluetooth messages?

Bluesmacking
Bluejacking
BlueSnarfing
BlueSniff

43. Fake communication tower attack?

aLTEr
Wormhole
Sinkhole
Wi-Jacking

44. IoT layer handling routing & messaging?

Middleware
Internet
Access Gateway
Edge Layer

45. IoT attack using multiple fake identities?

Sybil Attack
Exploit Kits
Forged Device
Side Channel

46. SOAP message duplication attack?

Wrapping Attack
Cloud Hopper
Cryptanalysis
Cloudborne

47. Docker network connecting container to host?

Host
Bridge
Overlay
MACVLAN

48. Code-breaking using social engineering?

Brute Force
Frequency Analysis
Trickery and Deceit
One-Time Pad

49. Encryption using photon spin?

Elliptic Curve
Quantum Cryptography
Homomorphic
Hardware Encryption

50. Extracting secrets via coercion?

Ciphertext-only
Chosen-ciphertext
Adaptive Chosen-plaintext
Rubber Hose Attack

Thank you for completing the
CEH Assessment!

We appreciate you taking the time to complete the CEH assessment.

Score:

Percentage:

A copy of your score has also been sent to your email inbox
We will connect with you shortly regarding the next steps.

Ready to become a Certified Ethical Hacker? Inquire Now!

EC-Council was formed in 2001 after very disheartening research following the 9/11 attack on the World Trade Center. Founder and CEO of the EC-Council Group, Jay Bavisi, after watching the attacks unfold, raised the question, what if a similar attack were to be carried out on the cyber battlefield?

Read more...

Career Tracks

Vulnerability Assessment And Penetration Testing (VAPT)
Network Defense And Operation
Digital Forensic
Application Security
Incident Handling And Response

Trending Certifications

Certified Ethical Hacker (C|EH)
Certified Chief Information Security Officer (C|CISO)
Computer Hacking Forensic Investigator (C|HFI)
Certified Network Defender (C|ND)
Certified Incident Handler (E|CIH)
Certified Penetration Testing Professional (C|PENT)
Certified SOC Analyst (C|SA)
Certified Cybersecurity Technician (C|CT)

Customer Service

Partner With Us
Have A Question
Report Grievance
Training Partner Portal
Bug Bounty Program
Community

Company

About
Contact Us
Pressroom

Copyright 2024 © EC-Council All Rights Reserved
|

Partner With Us

|

Legal