CEH Exam Practice Questions and Answers Part -1.pdf
infosectrain2
168 views
28 slides
Apr 18, 2025
Slide 1 of 28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
About This Presentation
The 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐞𝐝 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐞𝐫 (𝐂𝐄𝐇) exam isn’t just another cert—it’s a challenge designed to test how well you really think like a hacker.
💥 25 questions
🧠 20 modules
💻 Advanced topics from system hacking to...
Slide Content
www.infosectrain.com 01
Exam Practice Questions and Answers
CEH (Certified Ethical Hacker)
Part 1
www.infosectrain.com
Exam Practice Questions and Answers
CEH (Certified Ethical Hacker)
Part 1
www.infosectrain.com
www.infosectrain.com 02
Introduction
Think you have what it takes to become an Ethical Hacker? Think again! The
Certified Ethical Hacker (CEH) exam is not just another cybersecurity
certification; it’s a rigorous test that challenges even the most seasoned
professionals. With 125 complex multiple-choice questions covering 20
in-depth modules, this exam is designed to push your limits in ethical hacking
techniques, reconnaissance, vulnerability exploitation, cloud computing, and
more.
But here’s the real challenge: not all topics carry the same weightage. Some
modules, like System Hacking and Reconnaissance, demand in-depth
knowledge. However, others focus on cloud security, IoT vulnerabilities, and
mobile threats, making it crucial to strategize your study plan wisely.
That’s exactly why we’ve compiled this guide, a handpicked selection of the
top CEH exam practice questions crafted to reinforce key concepts and
enhance your exam readiness. Each question is designed to mimic real exam
scenarios, providing detailed explanations and quick memory hacks to
reinforce your learning.
So, are you ready to test your skills and see if you can think like a hacker? Let’s
dive into part 1.
Introduction
Think you have what it takes to become an Ethical Hacker? Think again! The
Certified Ethical Hacker (CEH) exam is not just another cybersecurity
certification; it’s a rigorous test that challenges even the most seasoned
professionals. With 125 complex multiple-choice questions covering 20
in-depth modules, this exam is designed to push your limits in ethical hacking
techniques, reconnaissance, vulnerability exploitation, cloud computing, and
more.
But here’s the real challenge: not all topics carry the same weightage. Some
modules, like System Hacking and Reconnaissance, demand in-depth
knowledge. However, others focus on cloud security, IoT vulnerabilities, and
mobile threats, making it crucial to strategize your study plan wisely.
That’s exactly why we’ve compiled this guide, a handpicked selection of the
top CEH exam practice questions crafted to reinforce key concepts and
enhance your exam readiness. Each question is designed to mimic real exam
scenarios, providing detailed explanations and quick memory hacks to
reinforce your learning.
So, are you ready to test your skills and see if you can think like a hacker? Let’s
dive into part 1.
www.infosectrain.com 03
Q.1. Mr. Omkar conducted a tool-based vulnerability assessment and detected
two vulnerabilities. However, upon further analysis, he realized that these were
not actual vulnerabilities. What would these issues be classified as?
False positives
True negatives
True positives
False negatives
Answer: A. False positives
Explanation: A false positive occurs when a security tool incorrectly identifies a
vulnerability that does not actually exist. In this case, Mr. Omkar’s assessment
tool flagged two vulnerabilities, but his further investigation confirmed that
they were not real threats. Therefore, these issues are classified as false
positives.
Answer: A. False positives
Explanation: A false positive occurs when a security tool incorrectly identifies a
vulnerability that does not actually exist. In this case, Mr. Omkar’s assessment
tool flagged two vulnerabilities, but his further investigation confirmed that
they were not real threats. Therefore, these issues are classified as false
positives.
False Positives: Think of a fire alarm going off, but there’s no actual fire.
False Negatives: A real fire happens, but the alarm doesn’t ring.
True Positives: A real fire happens, and the alarm correctly detects it.
True Negatives: No fire and the alarm remains silent.
STUDY HACK
CEH (Certified Ethical Hacker)
Exam Practice Questions and Answers
Q.1. Mr. Omkar conducted a tool-based vulnerability assessment and detected
two vulnerabilities. However, upon further analysis, he realized that these were
not actual vulnerabilities. What would these issues be classified as?
False positives
True negatives
True positives
False negatives
Answer: A. False positives
Explanation: A false positive occurs when a security tool incorrectly identifies a
vulnerability that does not actually exist. In this case, Mr. Omkar’s assessment
tool flagged two vulnerabilities, but his further investigation confirmed that
they were not real threats. Therefore, these issues are classified as false
positives.
Answer: A. False positives
Explanation: A false positive occurs when a security tool incorrectly identifies a
vulnerability that does not actually exist. In this case, Mr. Omkar’s assessment
tool flagged two vulnerabilities, but his further investigation confirmed that
they were not real threats. Therefore, these issues are classified as false
positives.
False Positives: Think of a fire alarm going off, but there’s no actual fire.
False Negatives: A real fire happens, but the alarm doesn’t ring.
True Positives: A real fire happens, and the alarm correctly detects it.
True Negatives: No fire and the alarm remains silent.
STUDY HACK
CEH (Certified Ethical Hacker)
Exam Practice Questions and Answers
www.infosectrain.com 04
Q.2. An attacker scans vulnerable machines to create a list of targets. After
infecting the machines, the list is divided, with half assigned to newly
compromised machines. The scanning continues simultaneously, allowing the
malware to spread quickly. What is this technique called?
Subnet scanning technique
Hit-list scanning technique
Permutation scanning technique
Topological scanning technique
Answer: B. Hit-list scanning technique
Explanation: The hit-list scanning technique is a method used in botnet
propagation where attackers first compile a list of vulnerable machines. Initially,
they infect a few machines, then divide and distribute the list among newly
compromised machines. This parallel scanning approach ensures rapid and
widespread infection.
Answer: B. Hit-list scanning technique
Explanation: The hit-list scanning technique is a method used in botnet
propagation where attackers first compile a list of vulnerable machines. Initially,
they infect a few machines, then divide and distribute the list among newly
compromised machines. This parallel scanning approach ensures rapid and
widespread infection.
Subnet Scanning: Scans a specific network range.
Hit-List Scanning: Divides the target list for faster infection.
Permutation Scanning: Uses a shared list with a fixed order.
Topological Scanning: Uses infected machine’s network knowledge to spread.
STUDY HACK
Q.2. An attacker scans vulnerable machines to create a list of targets. After
infecting the machines, the list is divided, with half assigned to newly
compromised machines. The scanning continues simultaneously, allowing the
malware to spread quickly. What is this technique called?
Subnet scanning technique
Hit-list scanning technique
Permutation scanning technique
Topological scanning technique
Answer: B. Hit-list scanning technique
Explanation: The hit-list scanning technique is a method used in botnet
propagation where attackers first compile a list of vulnerable machines. Initially,
they infect a few machines, then divide and distribute the list among newly
compromised machines. This parallel scanning approach ensures rapid and
widespread infection.
Answer: B. Hit-list scanning technique
Explanation: The hit-list scanning technique is a method used in botnet
propagation where attackers first compile a list of vulnerable machines. Initially,
they infect a few machines, then divide and distribute the list among newly
compromised machines. This parallel scanning approach ensures rapid and
widespread infection.
Subnet Scanning: Scans a specific network range.
Hit-List Scanning: Divides the target list for faster infection.
Permutation Scanning: Uses a shared list with a fixed order.
Topological Scanning: Uses infected machine’s network knowledge to spread.
STUDY HACK
www.infosectrain.com 05
Q.3. What type of attack involves injecting 'Carriage Return' and 'Line Feed'
characters to manipulate HTTP headers?
Server-Side JS Injection
Log Injection
CRLF Injection
HTML Injection
Answer: C. CRLF Injection
Explanation: CRLF Injection exploits vulnerabilities by inserting special CRLF
characters in HTTP headers, leading to security issues like response splitting
and header manipulation.
Answer: C. CRLF Injection
Explanation: CRLF Injection exploits vulnerabilities by inserting special CRLF
characters in HTTP headers, leading to security issues like response splitting
and header manipulation.
STUDY HACK
"CRLF = Carriage Return, Line Feed = Code Rewrite Loophole and
Flaws"—Headers can be exploited when improperly sanitized!
Q.4. Which wireless standard has a bandwidth of up to 54 Mbps and operates
in the regulated 5 GHz spectrum?
802.11i
802.11n
802.11a
802.11g
Q.3. What type of attack involves injecting 'Carriage Return' and 'Line Feed'
characters to manipulate HTTP headers?
Server-Side JS Injection
Log Injection
CRLF Injection
HTML Injection
Answer: C. CRLF Injection
Explanation: CRLF Injection exploits vulnerabilities by inserting special CRLF
characters in HTTP headers, leading to security issues like response splitting
and header manipulation.
Answer: C. CRLF Injection
Explanation: CRLF Injection exploits vulnerabilities by inserting special CRLF
characters in HTTP headers, leading to security issues like response splitting
and header manipulation.
STUDY HACK
"CRLF = Carriage Return, Line Feed = Code Rewrite Loophole and
Flaws"—Headers can be exploited when improperly sanitized!
Q.4. Which wireless standard has a bandwidth of up to 54 Mbps and operates
in the regulated 5 GHz spectrum?
802.11i
802.11n
802.11a
802.11g
www.infosectrain.com 06
Answer: C. 802.11a
Explanation: 802.11a operates in the 5 GHz band with a maximum data rate of
54 Mbps. It offers better performance in less congested frequency bands
compared to 2.4 GHz networks.
Answer: C. 802.11a
Explanation: 802.11a operates in the 5 GHz band with a maximum data rate of
54 Mbps. It offers better performance in less congested frequency bands
compared to 2.4 GHz networks.
STUDY HACK
"Wi-Fi ABCs"—A = 5GHz (fast), B = 2.4GHz (slow), G = 2.4GHz (better),
N = both bands (best pre-Wi-Fi 6). Next time you configure a router, check
which frequencies are in use!
Q.5. Which Nmap flag enables a stealth scan to reduce IDS detection?
-sT
-sS
-sM
-sU
Answer: B. -sS
Explanation: The SYN scan (-sS) is considered stealthy because it never
completes the TCP handshake, making it harder for IDS systems to detect.
Answer: B. -sS
Explanation: The SYN scan (-sS) is considered stealthy because it never
completes the TCP handshake, making it harder for IDS systems to detect.
STUDY HACK
"S for Stealth, S for SYN"—Use -sS for scanning without detection.
Answer: C. 802.11a
Explanation: 802.11a operates in the 5 GHz band with a maximum data rate of
54 Mbps. It offers better performance in less congested frequency bands
compared to 2.4 GHz networks.
Answer: C. 802.11a
Explanation: 802.11a operates in the 5 GHz band with a maximum data rate of
54 Mbps. It offers better performance in less congested frequency bands
compared to 2.4 GHz networks.
STUDY HACK
"Wi-Fi ABCs"—A = 5GHz (fast), B = 2.4GHz (slow), G = 2.4GHz (better),
N = both bands (best pre-Wi-Fi 6). Next time you configure a router, check
which frequencies are in use!
Q.5. Which Nmap flag enables a stealth scan to reduce IDS detection?
-sT
-sS
-sM
-sU
Answer: B. -sS
Explanation: The SYN scan (-sS) is considered stealthy because it never
completes the TCP handshake, making it harder for IDS systems to detect.
Answer: B. -sS
Explanation: The SYN scan (-sS) is considered stealthy because it never
completes the TCP handshake, making it harder for IDS systems to detect.
STUDY HACK
"S for Stealth, S for SYN"—Use -sS for scanning without detection.
www.infosectrain.com 07
Q.6. Taylor, a security professional, uses a tool to monitor her company’s
website, analyze website traffic, and track the geographical location of visitors.
Which tool is used in this scenario?
Webroot
Web-Stat
WebSite-Watcher
WAFW00F
Answer: B. Web-Stat
Explanation: Web-Stat is a website analytics tool that tracks visitor data,
including traffic sources, geographical locations, and user behavior. It provides
real-time insights to help businesses monitor website performance and
security.
Answer: B. Web-Stat
Explanation: Web-Stat is a website analytics tool that tracks visitor data,
including traffic sources, geographical locations, and user behavior. It provides
real-time insights to help businesses monitor website performance and
security.
Webroot: Cybersecurity and antivirus.
Web-Stat: Website traffic analytics.
WebSite-Watcher: Web page change detection.
WAFW00F: Web Application Firewall detection.
STUDY HACK
Q.6. Taylor, a security professional, uses a tool to monitor her company’s
website, analyze website traffic, and track the geographical location of visitors.
Which tool is used in this scenario?
Webroot
Web-Stat
WebSite-Watcher
WAFW00F
Answer: B. Web-Stat
Explanation: Web-Stat is a website analytics tool that tracks visitor data,
including traffic sources, geographical locations, and user behavior. It provides
real-time insights to help businesses monitor website performance and
security.
Answer: B. Web-Stat
Explanation: Web-Stat is a website analytics tool that tracks visitor data,
including traffic sources, geographical locations, and user behavior. It provides
real-time insights to help businesses monitor website performance and
security.
Webroot: Cybersecurity and antivirus.
Web-Stat: Website traffic analytics.
WebSite-Watcher: Web page change detection.
WAFW00F: Web Application Firewall detection.
STUDY HACK
www.infosectrain.com 08
Q.7. A DDoS attack targets layer 7 by sending partial HTTP requests to a web
server. The server keeps multiple connections open, waiting for the requests to
complete, leading to resource exhaustion. Which attack is being described?
Session splicing
Desynchronization
Phlashing
Slowloris attack
Answer: D. Slowloris attack
Explanation: The Slowloris attack is a type of layer 7 DDoS attack that sends
incomplete HTTP requests to a web server. The server keeps multiple
connections open, waiting for the rest of the requests, which eventually
exhausts its resources and causes a denial of service.
Answer: D. Slowloris attack
Explanation: The Slowloris attack is a type of layer 7 DDoS attack that sends
incomplete HTTP requests to a web server. The server keeps multiple
connections open, waiting for the rest of the requests, which eventually
exhausts its resources and causes a denial of service.
Session Splicing: Splits payload across multiple packets to evade detection.
Desynchronization: Exploits TCP stream misalignment.
Phlashing: Permanent DoS by damaging hardware.
Slowloris: Sends partial HTTP requests to exhaust connections.
STUDY HACK
Q.7. A DDoS attack targets layer 7 by sending partial HTTP requests to a web
server. The server keeps multiple connections open, waiting for the requests to
complete, leading to resource exhaustion. Which attack is being described?
Session splicing
Desynchronization
Phlashing
Slowloris attack
Answer: D. Slowloris attack
Explanation: The Slowloris attack is a type of layer 7 DDoS attack that sends
incomplete HTTP requests to a web server. The server keeps multiple
connections open, waiting for the rest of the requests, which eventually
exhausts its resources and causes a denial of service.
Answer: D. Slowloris attack
Explanation: The Slowloris attack is a type of layer 7 DDoS attack that sends
incomplete HTTP requests to a web server. The server keeps multiple
connections open, waiting for the rest of the requests, which eventually
exhausts its resources and causes a denial of service.
Session Splicing: Splits payload across multiple packets to evade detection.
Desynchronization: Exploits TCP stream misalignment.
Phlashing: Permanent DoS by damaging hardware.
Slowloris: Sends partial HTTP requests to exhaust connections.
STUDY HACK
www.infosectrain.com 09
Q.8. Gilbert, a Web Developer, uses a centralized web API to simplify data
management and ensure integrity. The API utilizes HTTP methods like PUT,
POST, GET, and DELETE, improving performance, scalability, reliability, and
portability. What type of web-service API is being used?
SOAP API
JSON-RPC
RESTful API
REST API
Answer: C. RESTful API
Explanation: A RESTful API follows the principles of Representational State
Transfer (REST) and uses standard HTTP methods for communication. It
enhances application performance, scalability, and portability by allowing
efficient client-server interactions.
Answer: C. RESTful API
Explanation: A RESTful API follows the principles of Representational State
Transfer (REST) and uses standard HTTP methods for communication. It
enhances application performance, scalability, and portability by allowing
efficient client-server interactions.
SOAP API: Uses XML, follows strict structure.
JSON-RPC: Lightweight, remote procedure calls.
REST API: General term for REST-based APIs.
RESTful API: Fully follows REST principles, uses HTTP methods.
STUDY HACK
Q.8. Gilbert, a Web Developer, uses a centralized web API to simplify data
management and ensure integrity. The API utilizes HTTP methods like PUT,
POST, GET, and DELETE, improving performance, scalability, reliability, and
portability. What type of web-service API is being used?
SOAP API
JSON-RPC
RESTful API
REST API
Answer: C. RESTful API
Explanation: A RESTful API follows the principles of Representational State
Transfer (REST) and uses standard HTTP methods for communication. It
enhances application performance, scalability, and portability by allowing
efficient client-server interactions.
Answer: C. RESTful API
Explanation: A RESTful API follows the principles of Representational State
Transfer (REST) and uses standard HTTP methods for communication. It
enhances application performance, scalability, and portability by allowing
efficient client-server interactions.
SOAP API: Uses XML, follows strict structure.
JSON-RPC: Lightweight, remote procedure calls.
REST API: General term for REST-based APIs.
RESTful API: Fully follows REST principles, uses HTTP methods.
STUDY HACK
www.infosectrain.com 10
Q.9. Which firewall evasion scanning technique uses a zombie system with low
network activity and fragment identification numbers?
Decoy scanning
Idle scanning
Packet fragmentation scanning
Spoof source address scanning
Answer: B. Idle scanning
Explanation: Idle scanning is a stealthy scanning technique that uses a
“zombie” host with low network activity. By analyzing the fragment
identification numbers of the zombie, an attacker can map open ports on the
target without revealing their own IP address.
Answer: B. Idle scanning
Explanation: Idle scanning is a stealthy scanning technique that uses a
“zombie” host with low network activity. By analyzing the fragment
identification numbers of the zombie, an attacker can map open ports on the
target without revealing their own IP address.
Decoy Scanning: Uses multiple fake IPs to hide the attacker’s real IP.
Idle Scanning: Uses a silent zombie system for stealth scanning.
Packet Fragmentation Scanning: Splits packets to bypass firewalls.
Spoof Source Address Scanning: Fakes the source IP to avoid detection.
STUDY HACK
Q.9. Which firewall evasion scanning technique uses a zombie system with low
network activity and fragment identification numbers?
Decoy scanning
Idle scanning
Packet fragmentation scanning
Spoof source address scanning
Answer: B. Idle scanning
Explanation: Idle scanning is a stealthy scanning technique that uses a
“zombie” host with low network activity. By analyzing the fragment
identification numbers of the zombie, an attacker can map open ports on the
target without revealing their own IP address.
Answer: B. Idle scanning
Explanation: Idle scanning is a stealthy scanning technique that uses a
“zombie” host with low network activity. By analyzing the fragment
identification numbers of the zombie, an attacker can map open ports on the
target without revealing their own IP address.
Decoy Scanning: Uses multiple fake IPs to hide the attacker’s real IP.
Idle Scanning: Uses a silent zombie system for stealth scanning.
Packet Fragmentation Scanning: Splits packets to bypass firewalls.
Spoof Source Address Scanning: Fakes the source IP to avoid detection.
STUDY HACK
www.infosectrain.com 11
Q.10. Ethical Hacker Jane Smith is performing an SQL injection attack. She
wants to test response times to determine true or false conditions and use a
second command to verify if the database returns true or false results for user
IDs. Which two SQL injection types would help her achieve this?
Out-of-band and boolean-based
Time-based and union-based
Time-based and boolean-based
Union-based and error-based
Answer: C. Time-based and boolean-based
Explanation: Time-based SQL injection relies on delaying responses to
determine if a query is true or false based on the response time.
Boolean-based SQL injection extracts data by analyzing how the application
reacts differently to true or false queries.
Answer: C. Time-based and boolean-based
Explanation: Time-based SQL injection relies on delaying responses to
determine if a query is true or false based on the response time.
Boolean-based SQL injection extracts data by analyzing how the application
reacts differently to true or false queries.
Out-of-band: Uses external communication (DNS, HTTP).
Time-based: Delays response to infer results.
Boolean-based: True/false response determines database behavior.
Union-based: Uses UNION to fetch data from other tables.
Error-based: Extracts data using error messages.
STUDY HACK
Q.10. Ethical Hacker Jane Smith is performing an SQL injection attack. She
wants to test response times to determine true or false conditions and use a
second command to verify if the database returns true or false results for user
IDs. Which two SQL injection types would help her achieve this?
Out-of-band and boolean-based
Time-based and union-based
Time-based and boolean-based
Union-based and error-based
Answer: C. Time-based and boolean-based
Explanation: Time-based SQL injection relies on delaying responses to
determine if a query is true or false based on the response time.
Boolean-based SQL injection extracts data by analyzing how the application
reacts differently to true or false queries.
Answer: C. Time-based and boolean-based
Explanation: Time-based SQL injection relies on delaying responses to
determine if a query is true or false based on the response time.
Boolean-based SQL injection extracts data by analyzing how the application
reacts differently to true or false queries.
Out-of-band: Uses external communication (DNS, HTTP).
Time-based: Delays response to infer results.
Boolean-based: True/false response determines database behavior.
Union-based: Uses UNION to fetch data from other tables.
Error-based: Extracts data using error messages.
STUDY HACK
www.infosectrain.com 12
Q.11. Which protocol can be used to secure an LDAP service against
anonymous queries?
NTLM
RADIUS
SSO
WPA
Answer: A. NTLM
Explanation: NTLM (NT LAN Manager) is an authentication protocol that
secures LDAP services by requiring user authentication, preventing
unauthorized anonymous queries. It provides challenge-response
authentication to verify user identity before granting access to LDAP resources.
Answer: A. NTLM
Explanation: NTLM (NT LAN Manager) is an authentication protocol that
secures LDAP services by requiring user authentication, preventing
unauthorized anonymous queries. It provides challenge-response
authentication to verify user identity before granting access to LDAP resources.
NTLM: Secures LDAP authentication.
RADIUS: Centralized authentication for network access.
SSO: Allows single login for multiple services.
WPA: Secures wireless networks, not LDAP.
STUDY HACK
Q.11. Which protocol can be used to secure an LDAP service against
anonymous queries?
NTLM
RADIUS
SSO
WPA
Answer: A. NTLM
Explanation: NTLM (NT LAN Manager) is an authentication protocol that
secures LDAP services by requiring user authentication, preventing
unauthorized anonymous queries. It provides challenge-response
authentication to verify user identity before granting access to LDAP resources.
Answer: A. NTLM
Explanation: NTLM (NT LAN Manager) is an authentication protocol that
secures LDAP services by requiring user authentication, preventing
unauthorized anonymous queries. It provides challenge-response
authentication to verify user identity before granting access to LDAP resources.
NTLM: Secures LDAP authentication.
RADIUS: Centralized authentication for network access.
SSO: Allows single login for multiple services.
WPA: Secures wireless networks, not LDAP.
STUDY HACK
www.infosectrain.com 13
Q.12. Alice, a professional hacker, targeted an organization’s cloud services by
infiltrating its MSP provider through spear-phishing. She distributed malware,
gained remote access, and used the MSP account to access customer profiles.
She then extracted and stored customer data to launch further attacks on the
target organization. What type of cloud attack did she perform?
Cloudborne attack
Cloud cryptojacking
Man-in-the-cloud (MITC) attack
Cloud hopper attack
Answer: D. Cloud hopper attack
Explanation: A Cloud Hopper attack targets managed service providers (MSPs)
to gain access to their clients’ cloud services. Attackers use phishing and
malware to compromise the MSP, then pivot to infiltrate customer networks,
stealing sensitive data and launching further attacks.
Answer: D. Cloud hopper attack
Explanation: A Cloud Hopper attack targets managed service providers (MSPs)
to gain access to their clients’ cloud services. Attackers use phishing and
malware to compromise the MSP, then pivot to infiltrate customer networks,
stealing sensitive data and launching further attacks.
Cloudborne attack: Targets cloud hardware vulnerabilities.
Cloud cryptojacking: Uses cloud resources for cryptocurrency mining.
Man-in-the-cloud (MITC) attack: Hijacks cloud synchronization tokens.
Cloud hopper attack: Infiltrates MSPs to access customer networks.
STUDY HACK
Q.12. Alice, a professional hacker, targeted an organization’s cloud services by
infiltrating its MSP provider through spear-phishing. She distributed malware,
gained remote access, and used the MSP account to access customer profiles.
She then extracted and stored customer data to launch further attacks on the
target organization. What type of cloud attack did she perform?
Cloudborne attack
Cloud cryptojacking
Man-in-the-cloud (MITC) attack
Cloud hopper attack
Answer: D. Cloud hopper attack
Explanation: A Cloud Hopper attack targets managed service providers (MSPs)
to gain access to their clients’ cloud services. Attackers use phishing and
malware to compromise the MSP, then pivot to infiltrate customer networks,
stealing sensitive data and launching further attacks.
Answer: D. Cloud hopper attack
Explanation: A Cloud Hopper attack targets managed service providers (MSPs)
to gain access to their clients’ cloud services. Attackers use phishing and
malware to compromise the MSP, then pivot to infiltrate customer networks,
stealing sensitive data and launching further attacks.
Cloudborne attack: Targets cloud hardware vulnerabilities.
Cloud cryptojacking: Uses cloud resources for cryptocurrency mining.
Man-in-the-cloud (MITC) attack: Hijacks cloud synchronization tokens.
Cloud hopper attack: Infiltrates MSPs to access customer networks.
STUDY HACK
www.infosectrain.com 14
Q.13. Which file is a valuable target for discovering a website’s structure
during web-server footprinting?
domain.txt
Document root
index.html
Robots.txt
Answer: D. Robots.txt
Explanation: The Robots.txt file provides search engine crawlers with
instructions on which parts of a website should not be indexed. However,
attackers can analyze this file to identify restricted directories, hidden pages,
and website structure, making it a key target during web server footprinting.
Answer: D. Robots.txt
Explanation: The Robots.txt file provides search engine crawlers with
instructions on which parts of a website should not be indexed. However,
attackers can analyze this file to identify restricted directories, hidden pages,
and website structure, making it a key target during web server footprinting.
domain.txt: Not a standard web structure file.
Document root: Stores website files, but not directly accessible.
index.html: Default homepage, reveals minimal site structure.
Robots.txt: Lists restricted areas, useful for footprinting.
STUDY HACK
Q.13. Which file is a valuable target for discovering a website’s structure
during web-server footprinting?
domain.txt
Document root
index.html
Robots.txt
Answer: D. Robots.txt
Explanation: The Robots.txt file provides search engine crawlers with
instructions on which parts of a website should not be indexed. However,
attackers can analyze this file to identify restricted directories, hidden pages,
and website structure, making it a key target during web server footprinting.
Answer: D. Robots.txt
Explanation: The Robots.txt file provides search engine crawlers with
instructions on which parts of a website should not be indexed. However,
attackers can analyze this file to identify restricted directories, hidden pages,
and website structure, making it a key target during web server footprinting.
domain.txt: Not a standard web structure file.
Document root: Stores website files, but not directly accessible.
index.html: Default homepage, reveals minimal site structure.
Robots.txt: Lists restricted areas, useful for footprinting.
STUDY HACK
www.infosectrain.com 15
Q.14. Henry, a Cybersecurity Specialist at BlackEye – Cyber Security Solutions,
was tasked with identifying the operating system of a host. Using the
Unicornscan tool, he obtained a TTL value that indicates the system is running
Windows OS. What TTL value did he obtain?
138
128
255
64
Answer: B. 128
Explanation: Windows operating systems typically use a default TTL value of
128. When a packet is sent, this value decreases with each hop. By analyzing
the TTL value in responses, cybersecurity specialists can determine the
target OS.
Answer: B. 128
Explanation: Windows operating systems typically use a default TTL value of
128. When a packet is sent, this value decreases with each hop. By analyzing
the TTL value in responses, cybersecurity specialists can determine the
target OS.
Windows: TTL 128
Linux/macOS: TTL 64
Network devices (Cisco, etc.): TTL 255
TTL decreases by 1 per hop in network routing.
STUDY HACK
Q.14. Henry, a Cybersecurity Specialist at BlackEye – Cyber Security Solutions,
was tasked with identifying the operating system of a host. Using the
Unicornscan tool, he obtained a TTL value that indicates the system is running
Windows OS. What TTL value did he obtain?
138
128
255
64
Answer: B. 128
Explanation: Windows operating systems typically use a default TTL value of
128. When a packet is sent, this value decreases with each hop. By analyzing
the TTL value in responses, cybersecurity specialists can determine the
target OS.
Answer: B. 128
Explanation: Windows operating systems typically use a default TTL value of
128. When a packet is sent, this value decreases with each hop. By analyzing
the TTL value in responses, cybersecurity specialists can determine the
target OS.
Windows: TTL 128
Linux/macOS: TTL 64
Network devices (Cisco, etc.): TTL 255
TTL decreases by 1 per hop in network routing.
STUDY HACK
www.infosectrain.com 16
Q.15. Kevin, a professional hacker, is attempting to penetrate CyberTech Inc.’s
network. He encoded packets with Unicode characters so that the company’s
IDS could not recognize them, but the target web server could decode them.
What technique did he use to evade the IDS system?
Desynchronization
Urgency flag
Obfuscating
Session splicing
Answer: C. Obfuscating
Explanation: Obfuscating is a technique where attackers encode or manipulate
data (e.g., using Unicode characters) to bypass security detection systems like
IDS. The IDS fails to recognize the encoded packets, but the target web server
deciphers them, allowing the attack to proceed unnoticed.
Answer: C. Obfuscating
Explanation: Obfuscating is a technique where attackers encode or manipulate
data (e.g., using Unicode characters) to bypass security detection systems like
IDS. The IDS fails to recognize the encoded packets, but the target web server
deciphers them, allowing the attack to proceed unnoticed.
Desynchronization: Alters TCP sequence numbers to confuse IDS.
Urgency flag: Manipulates TCP Urgent Pointer for evasion.
Obfuscating: Encodes data to bypass detection.
Session splicing: Splits attack payload across multiple packets.
Polymorphic encoding: Modifies malware code to evade signature-based
detection.
STUDY HACK
Q.15. Kevin, a professional hacker, is attempting to penetrate CyberTech Inc.’s
network. He encoded packets with Unicode characters so that the company’s
IDS could not recognize them, but the target web server could decode them.
What technique did he use to evade the IDS system?
Desynchronization
Urgency flag
Obfuscating
Session splicing
Answer: C. Obfuscating
Explanation: Obfuscating is a technique where attackers encode or manipulate
data (e.g., using Unicode characters) to bypass security detection systems like
IDS. The IDS fails to recognize the encoded packets, but the target web server
deciphers them, allowing the attack to proceed unnoticed.
Answer: C. Obfuscating
Explanation: Obfuscating is a technique where attackers encode or manipulate
data (e.g., using Unicode characters) to bypass security detection systems like
IDS. The IDS fails to recognize the encoded packets, but the target web server
deciphers them, allowing the attack to proceed unnoticed.
Desynchronization: Alters TCP sequence numbers to confuse IDS.
Urgency flag: Manipulates TCP Urgent Pointer for evasion.
Obfuscating: Encodes data to bypass detection.
Session splicing: Splits attack payload across multiple packets.
Polymorphic encoding: Modifies malware code to evade signature-based
detection.
STUDY HACK
www.infosectrain.com 17
Q.16. John wants to send Marie an email containing sensitive information but
does not trust the network. Marie suggests using PGP encryption. What
should John do to communicate using this encryption method securely?
Use his own private key to encrypt the message.
Use Marie’s public key to encrypt the message.
Use Marie’s private key to encrypt the message.
Use his own public key to encrypt the message.
Answer: B. Use Marie’s public key to encrypt the message.
Explanation: In PGP (Pretty Good Privacy) encryption, the sender encrypts the
message using the recipient’s public key. The recipient then decrypts it using
their private key, ensuring that only they can read the message. This provides
confidentiality and security over untrusted networks.
Answer: B. Use Marie’s public key to encrypt the message.
Explanation: In PGP (Pretty Good Privacy) encryption, the sender encrypts the
message using the recipient’s public key. The recipient then decrypts it using
their private key, ensuring that only they can read the message. This provides
confidentiality and security over untrusted networks.
Encrypt with recipient’s public key: Only they can decrypt it.
Decrypt with private key: Only the key owner can read the message.
Private key is never shared: Kept secure for decryption.
Public key is shared: Used for encryption by senders.
STUDY HACK
Q.16. John wants to send Marie an email containing sensitive information but
does not trust the network. Marie suggests using PGP encryption. What
should John do to communicate using this encryption method securely?
Use his own private key to encrypt the message.
Use Marie’s public key to encrypt the message.
Use Marie’s private key to encrypt the message.
Use his own public key to encrypt the message.
Answer: B. Use Marie’s public key to encrypt the message.
Explanation: In PGP (Pretty Good Privacy) encryption, the sender encrypts the
message using the recipient’s public key. The recipient then decrypts it using
their private key, ensuring that only they can read the message. This provides
confidentiality and security over untrusted networks.
Answer: B. Use Marie’s public key to encrypt the message.
Explanation: In PGP (Pretty Good Privacy) encryption, the sender encrypts the
message using the recipient’s public key. The recipient then decrypts it using
their private key, ensuring that only they can read the message. This provides
confidentiality and security over untrusted networks.
Encrypt with recipient’s public key: Only they can decrypt it.
Decrypt with private key: Only the key owner can read the message.
Private key is never shared: Kept secure for decryption.
Public key is shared: Used for encryption by senders.
STUDY HACK
www.infosectrain.com 18
Q.17. Which phase of ethical hacking involves gathering information about a
target without directly engaging with it?
Scanning
Gaining Access
Reconnaissance
Maintaining Access
Answer: C. Reconnaissance
Explanation: Reconnaissance (also known as footprinting) is the first phase of
hacking, where attackers gather information about a target without directly
engaging with it, often using public sources.
Answer: C. Reconnaissance
Explanation: Reconnaissance (also known as footprinting) is the first phase of
hacking, where attackers gather information about a target without directly
engaging with it, often using public sources.
STUDY HACK
"Recon = Research"—Before hacking, attackers research their target. Always
assume information is publicly available and minimize digital footprints!
Q.17. Which phase of ethical hacking involves gathering information about a
target without directly engaging with it?
Scanning
Gaining Access
Reconnaissance
Maintaining Access
Answer: C. Reconnaissance
Explanation: Reconnaissance (also known as footprinting) is the first phase of
hacking, where attackers gather information about a target without directly
engaging with it, often using public sources.
Answer: C. Reconnaissance
Explanation: Reconnaissance (also known as footprinting) is the first phase of
hacking, where attackers gather information about a target without directly
engaging with it, often using public sources.
STUDY HACK
"Recon = Research"—Before hacking, attackers research their target. Always
assume information is publicly available and minimize digital footprints!
www.infosectrain.com 19
Q.18. Joe turns on his home computer to access his online banking account.
When he enters www.bank.com, the website appears but prompts him to
re-enter his credentials as if he had never visited before. Upon closer
inspection, he notices that the site is not secure, and the URL looks different.
What type of attack is Joe experiencing?
ARP cache poisoning
DHCP spoofing
DoS attack
DNS hijacking
Answer: D. DNS hijacking
Explanation: DNS hijacking occurs when an attacker manipulates DNS settings
to redirect users to a fraudulent website. In this case, Joe's request to access
www.bank.com was redirected to a malicious site that mimics the legitimate
banking website, attempting to steal his credentials.
Answer: D. DNS hijacking
Explanation: DNS hijacking occurs when an attacker manipulates DNS settings
to redirect users to a fraudulent website. In this case, Joe's request to access
www.bank.com was redirected to a malicious site that mimics the legitimate
banking website, attempting to steal his credentials.
ARP cache poisoning: Alters MAC-to-IP mapping for network interception.
DHCP spoofing: Attacker provides fake IP configurations to users.
DoS attack: Overloads a system to disrupt services.
DNS hijacking: Redirects users to fake websites by altering DNS records.
STUDY HACK
Q.18. Joe turns on his home computer to access his online banking account.
When he enters www.bank.com, the website appears but prompts him to
re-enter his credentials as if he had never visited before. Upon closer
inspection, he notices that the site is not secure, and the URL looks different.
What type of attack is Joe experiencing?
ARP cache poisoning
DHCP spoofing
DoS attack
DNS hijacking
Answer: D. DNS hijacking
Explanation: DNS hijacking occurs when an attacker manipulates DNS settings
to redirect users to a fraudulent website. In this case, Joe's request to access
www.bank.com was redirected to a malicious site that mimics the legitimate
banking website, attempting to steal his credentials.
Answer: D. DNS hijacking
Explanation: DNS hijacking occurs when an attacker manipulates DNS settings
to redirect users to a fraudulent website. In this case, Joe's request to access
www.bank.com was redirected to a malicious site that mimics the legitimate
banking website, attempting to steal his credentials.
ARP cache poisoning: Alters MAC-to-IP mapping for network interception.
DHCP spoofing: Attacker provides fake IP configurations to users.
DoS attack: Overloads a system to disrupt services.
DNS hijacking: Redirects users to fake websites by altering DNS records.
STUDY HACK
www.infosectrain.com 20
Q.19. Attacker Rony installed a rogue access point within an organization’s
perimeter to infiltrate its internal network. Johnson, a security auditor,
detected unusual traffic targeting the authentication mechanism. He
immediately turned off the network and tested for weak and outdated security
mechanisms vulnerable to attack. What type of vulnerability assessment did
Johnson perform?
Application assessment
Host-based assessment
Distributed assessment
Wireless network assessment
Answer: D. Wireless network assessment
Explanation: A wireless network assessment evaluates the security of Wi-Fi
networks, access points, and authentication mechanisms. Since the attacker
used a rogue access point to infiltrate the network, Johnson focused on
identifying weaknesses in wireless security protocols, making this a wireless
network assessment.
Answer: D. Wireless network assessment
Explanation: A wireless network assessment evaluates the security of Wi-Fi
networks, access points, and authentication mechanisms. Since the attacker
used a rogue access point to infiltrate the network, Johnson focused on
identifying weaknesses in wireless security protocols, making this a wireless
network assessment.
Application assessment: Tests software for vulnerabilities.
Host-based assessment: Evaluates the security of individual devices.
Distributed assessment: Uses multiple tools across networks.
Wireless network assessment: Identifies security flaws in Wi-Fi and
access points.
STUDY HACK
Q.19. Attacker Rony installed a rogue access point within an organization’s
perimeter to infiltrate its internal network. Johnson, a security auditor,
detected unusual traffic targeting the authentication mechanism. He
immediately turned off the network and tested for weak and outdated security
mechanisms vulnerable to attack. What type of vulnerability assessment did
Johnson perform?
Application assessment
Host-based assessment
Distributed assessment
Wireless network assessment
Answer: D. Wireless network assessment
Explanation: A wireless network assessment evaluates the security of Wi-Fi
networks, access points, and authentication mechanisms. Since the attacker
used a rogue access point to infiltrate the network, Johnson focused on
identifying weaknesses in wireless security protocols, making this a wireless
network assessment.
Answer: D. Wireless network assessment
Explanation: A wireless network assessment evaluates the security of Wi-Fi
networks, access points, and authentication mechanisms. Since the attacker
used a rogue access point to infiltrate the network, Johnson focused on
identifying weaknesses in wireless security protocols, making this a wireless
network assessment.
Application assessment: Tests software for vulnerabilities.
Host-based assessment: Evaluates the security of individual devices.
Distributed assessment: Uses multiple tools across networks.
Wireless network assessment: Identifies security flaws in Wi-Fi and
access points.
STUDY HACK
www.infosectrain.com 21
Q.20. Annie, a Cloud Security Engineer, is using the Docker architecture to
implement a client/server model in her application. She works with a
component that processes API requests and manages various Docker objects,
such as containers, volumes, images, and networks. Which Docker component
is she using?
Docker client
Docker registries
Docker daemon
Docker objects
Answer: C. Docker daemon
Explanation: The docker daemon (dockerd) is responsible for processing API
requests and managing Docker objects like containers, volumes, images, and
networks. It runs in the background and interacts with the Docker client to
execute commands and manage containerized applications.
Answer: C. Docker daemon
Explanation: The docker daemon (dockerd) is responsible for processing API
requests and managing Docker objects like containers, volumes, images, and
networks. It runs in the background and interacts with the Docker client to
execute commands and manage containerized applications.
Docker client: Sends commands to the Docker daemon.
Docker registries: Store and distribute Docker images.
Docker daemon: Processes API requests and manages Docker objects.
Docker objects: Include containers, images, networks, and volumes.
STUDY HACK
Q.20. Annie, a Cloud Security Engineer, is using the Docker architecture to
implement a client/server model in her application. She works with a
component that processes API requests and manages various Docker objects,
such as containers, volumes, images, and networks. Which Docker component
is she using?
Docker client
Docker registries
Docker daemon
Docker objects
Answer: C. Docker daemon
Explanation: The docker daemon (dockerd) is responsible for processing API
requests and managing Docker objects like containers, volumes, images, and
networks. It runs in the background and interacts with the Docker client to
execute commands and manage containerized applications.
Answer: C. Docker daemon
Explanation: The docker daemon (dockerd) is responsible for processing API
requests and managing Docker objects like containers, volumes, images, and
networks. It runs in the background and interacts with the Docker client to
execute commands and manage containerized applications.
Docker client: Sends commands to the Docker daemon.
Docker registries: Store and distribute Docker images.
Docker daemon: Processes API requests and manages Docker objects.
Docker objects: Include containers, images, networks, and volumes.
STUDY HACK
www.infosectrain.com 22
Q.21. SQL injection (SQLi) attacks attempt to inject SQL syntax into web
requests, potentially bypassing authentication and allowing attackers to access
or modify data in the database. Which type of SQLi attack exploits a database
server’s ability to make DNS requests to exfiltrate data to an attacker?
Out-of-band SQLi
In-band SQLi
Union-based SQLi
Time-based blind SQLi
Answer: A. Out-of-band SQLi
Explanation: Out-of-band SQLi leverages a database server’s ability to make
external requests, such as DNS or HTTP queries, to send stolen data to an
attacker. It is used when traditional in-band techniques like Union-based or
error-based SQLi are not effective due to security restrictions or limited
response visibility.
Answer: A. Out-of-band SQLi
Explanation: Out-of-band SQLi leverages a database server’s ability to make
external requests, such as DNS or HTTP queries, to send stolen data to an
attacker. It is used when traditional in-band techniques like Union-based or
error-based SQLi are not effective due to security restrictions or limited
response visibility.
Out-of-band SQLi: Uses DNS/HTTP requests for data exfiltration.
In-band SQLi: Retrieves data in the same communication channel.
Union-based SQLi: Uses UNION statements to extract data.
Time-based blind SQLi: Uses SQL delays to infer data existence.
STUDY HACK
Q.21. SQL injection (SQLi) attacks attempt to inject SQL syntax into web
requests, potentially bypassing authentication and allowing attackers to access
or modify data in the database. Which type of SQLi attack exploits a database
server’s ability to make DNS requests to exfiltrate data to an attacker?
Out-of-band SQLi
In-band SQLi
Union-based SQLi
Time-based blind SQLi
Answer: A. Out-of-band SQLi
Explanation: Out-of-band SQLi leverages a database server’s ability to make
external requests, such as DNS or HTTP queries, to send stolen data to an
attacker. It is used when traditional in-band techniques like Union-based or
error-based SQLi are not effective due to security restrictions or limited
response visibility.
Answer: A. Out-of-band SQLi
Explanation: Out-of-band SQLi leverages a database server’s ability to make
external requests, such as DNS or HTTP queries, to send stolen data to an
attacker. It is used when traditional in-band techniques like Union-based or
error-based SQLi are not effective due to security restrictions or limited
response visibility.
Out-of-band SQLi: Uses DNS/HTTP requests for data exfiltration.
In-band SQLi: Retrieves data in the same communication channel.
Union-based SQLi: Uses UNION statements to extract data.
Time-based blind SQLi: Uses SQL delays to infer data existence.
STUDY HACK
www.infosectrain.com 23
Q.22. Emily, an extrovert active on social media, frequently posts private
information, photos, and location tags of places she visits. Noticing this, James,
a professional hacker, targets Emily and her acquaintances. He uses an
automated tool to conduct a location search, detect their geolocation, and
gather information for more sophisticated attacks. Which tool did James use?
HULK
Hootsuite
VisualRoute
ophcrack
Answer: C. VisualRoute
Explanation: VisualRoute is a geolocation and network diagnostic tool that
helps track IP addresses, domains, and server locations. Attackers can use it to
analyze the geolocation of social media users based on their shared data,
aiding in reconnaissance for further attacks.
Answer: C. VisualRoute
Explanation: VisualRoute is a geolocation and network diagnostic tool that
helps track IP addresses, domains, and server locations. Attackers can use it to
analyze the geolocation of social media users based on their shared data,
aiding in reconnaissance for further attacks.
HULK: DDoS attack tool to flood web servers.
Hootsuite: Social media management, not for hacking.
VisualRoute: Tracks geolocation and IP addresses.
ophcrack: Cracks Windows passwords using rainbow tables.
STUDY HACK
Q.22. Emily, an extrovert active on social media, frequently posts private
information, photos, and location tags of places she visits. Noticing this, James,
a professional hacker, targets Emily and her acquaintances. He uses an
automated tool to conduct a location search, detect their geolocation, and
gather information for more sophisticated attacks. Which tool did James use?
HULK
Hootsuite
VisualRoute
ophcrack
Answer: C. VisualRoute
Explanation: VisualRoute is a geolocation and network diagnostic tool that
helps track IP addresses, domains, and server locations. Attackers can use it to
analyze the geolocation of social media users based on their shared data,
aiding in reconnaissance for further attacks.
Answer: C. VisualRoute
Explanation: VisualRoute is a geolocation and network diagnostic tool that
helps track IP addresses, domains, and server locations. Attackers can use it to
analyze the geolocation of social media users based on their shared data,
aiding in reconnaissance for further attacks.
HULK: DDoS attack tool to flood web servers.
Hootsuite: Social media management, not for hacking.
VisualRoute: Tracks geolocation and IP addresses.
ophcrack: Cracks Windows passwords using rainbow tables.
STUDY HACK
www.infosectrain.com 24
Q.23. An attacker gains access to a network and installs a backdoor to
maintain persistent access. What is the next step they would likely take?
Clearing logs to erase traces of intrusion
Escalating privileges to gain more control
Scanning the network for additional vulnerabilities
Exfiltrating sensitive data
Answer: B. Escalating privileges to gain more control
Explanation: After gaining a foothold in a system, attackers often attempt
privilege escalation to gain administrator-level access, allowing them to
execute more powerful commands and avoid detection.
Answer: B. Escalating privileges to gain more control
Explanation: After gaining a foothold in a system, attackers often attempt
privilege escalation to gain administrator-level access, allowing them to
execute more powerful commands and avoid detection.
STUDY HACK
"Foothold to Full Control"—Gaining access isn’t enough. Think like an
attacker: Get in, go deeper, and secure dominance. Protect yourself by limiting
user permissions and using role-based access control (RBAC).
Q.23. An attacker gains access to a network and installs a backdoor to
maintain persistent access. What is the next step they would likely take?
Clearing logs to erase traces of intrusion
Escalating privileges to gain more control
Scanning the network for additional vulnerabilities
Exfiltrating sensitive data
Answer: B. Escalating privileges to gain more control
Explanation: After gaining a foothold in a system, attackers often attempt
privilege escalation to gain administrator-level access, allowing them to
execute more powerful commands and avoid detection.
Answer: B. Escalating privileges to gain more control
Explanation: After gaining a foothold in a system, attackers often attempt
privilege escalation to gain administrator-level access, allowing them to
execute more powerful commands and avoid detection.
STUDY HACK
"Foothold to Full Control"—Gaining access isn’t enough. Think like an
attacker: Get in, go deeper, and secure dominance. Protect yourself by limiting
user permissions and using role-based access control (RBAC).
www.infosectrain.com 25
Q.24. A Penetration Tester is hired to test a company’s network security. The
tester is given no prior knowledge of the network’s internal architecture. What
type of test is this?
White-box test
Gray-box test
Black-box test
Vulnerability assessment
Answer: C. Black-box test
Explanation: A black-box test simulates an external attacker with no prior
knowledge of the system. The tester must discover vulnerabilities from scratch
using reconnaissance, scanning, and exploitation techniques.
Answer: C. Black-box test
Explanation: A black-box test simulates an external attacker with no prior
knowledge of the system. The tester must discover vulnerabilities from scratch
using reconnaissance, scanning, and exploitation techniques.
STUDY HACK
"Black = Blind"—A black-box test means no inside knowledge. For better
results, companies often combine black-box and white-box testing.
Q.24. A Penetration Tester is hired to test a company’s network security. The
tester is given no prior knowledge of the network’s internal architecture. What
type of test is this?
White-box test
Gray-box test
Black-box test
Vulnerability assessment
Answer: C. Black-box test
Explanation: A black-box test simulates an external attacker with no prior
knowledge of the system. The tester must discover vulnerabilities from scratch
using reconnaissance, scanning, and exploitation techniques.
Answer: C. Black-box test
Explanation: A black-box test simulates an external attacker with no prior
knowledge of the system. The tester must discover vulnerabilities from scratch
using reconnaissance, scanning, and exploitation techniques.
STUDY HACK
"Black = Blind"—A black-box test means no inside knowledge. For better
results, companies often combine black-box and white-box testing.
www.infosectrain.com 26
Q.25. You are conducting an Advanced Persistent Threat (APT) simulation.
Your goal is to maintain long-term access without detection. Which technique
is most suitable?
Rootkit installation
Exploit execution
DDoS attack
SQL Injection
Answer: A. Rootkit installation
Explanation: Rootkits allow attackers to remain hidden inside a compromised
system for long periods by modifying system processes and bypassing security
defenses.
Answer: A. Rootkit installation
Explanation: Rootkits allow attackers to remain hidden inside a compromised
system for long periods by modifying system processes and bypassing security
defenses.
STUDY HACK
"Rootkits = Invisible Intruders"—Regular security scans and endpoint
detection tools like EDR and SIEM can help detect hidden threats!
Q.25. You are conducting an Advanced Persistent Threat (APT) simulation.
Your goal is to maintain long-term access without detection. Which technique
is most suitable?
Rootkit installation
Exploit execution
DDoS attack
SQL Injection
Answer: A. Rootkit installation
Explanation: Rootkits allow attackers to remain hidden inside a compromised
system for long periods by modifying system processes and bypassing security
defenses.
Answer: A. Rootkit installation
Explanation: Rootkits allow attackers to remain hidden inside a compromised
system for long periods by modifying system processes and bypassing security
defenses.
STUDY HACK
"Rootkits = Invisible Intruders"—Regular security scans and endpoint
detection tools like EDR and SIEM can help detect hidden threats!
www.infosectrain.com 27
Summary
Mastering ethical hacking requires more than theoretical knowledge—it
demands hands-on experience, real-world scenarios, and continuous learning.
This guide covered top essential CEH questions, helping you understand key
security concepts such as penetration testing, malware analysis, and
cryptographic attacks.
While self-study is valuable, a structured learning approach accelerates
success. InfosecTrain’s CEH Training Course provides:
Ready to take the next step? Elevate your CEH preparation with InfosecTrain’s
CEH Training Course and become a Certified Ethical Hacker with confidence!
Enroll now! Visit www.InfosecTrain.com to learn more.
Expert-Led Training: Learn from certified CEH professionals with industry
experience.
Hands-On Labs: Gain practical skills through real-world hacking scenarios.
Exam-Focused Content: Covers the latest CEH v13 curriculum, including
updated cyber threats and ethical hacking techniques.
Flexible Learning Options: Choose from self-paced, instructor-led, or
corporate training tailored to your schedule.
Summary
Mastering ethical hacking requires more than theoretical knowledge—it
demands hands-on experience, real-world scenarios, and continuous learning.
This guide covered top essential CEH questions, helping you understand key
security concepts such as penetration testing, malware analysis, and
cryptographic attacks.
While self-study is valuable, a structured learning approach accelerates
success. InfosecTrain’s CEH Training Course provides:
Ready to take the next step? Elevate your CEH preparation with InfosecTrain’s
CEH Training Course and become a Certified Ethical Hacker with confidence!
Enroll now! Visit www.InfosecTrain.com to learn more.
Expert-Led Training: Learn from certified CEH professionals with industry
experience.
Hands-On Labs: Gain practical skills through real-world hacking scenarios.
Exam-Focused Content: Covers the latest CEH v13 curriculum, including
updated cyber threats and ethical hacking techniques.
Flexible Learning Options: Choose from self-paced, instructor-led, or
corporate training tailored to your schedule.
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 168
- Slides 28
- Age 232 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
52 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
39 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
39 views
21
Know for Certain
DaveSinNM
24 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views