CEH - Certified Ethical Hacker Practice Questions: Evading IDS, Firewalls, and Honeypots Domain

Published: June 9, 2025 | 5 min read

Test your CEH - Certified Ethical Hacker knowledge with 5 practice questions from the Evading IDS, Firewalls, and Honeypots domain. Includes detailed explanations and answers.

CEH - Certified Ethical Hacker Practice Questions

Master the Evading IDS, Firewalls, and Honeypots Domain

Test your knowledge in the Evading IDS, Firewalls, and Honeypots domain with these 5 practice questions. Each question is designed to help you prepare for the CEH - Certified Ethical Hacker certification exam with detailed explanations to reinforce your learning.

Question 1

An attacker wants to avoid detection by an IDS while exfiltrating data. Which method is most effective for this purpose?

A) Encode data in Base64

B) Use DNS tunneling

C) Encrypt the data with AES

D) Fragment the data into small packets

Show Answer & Explanation

Correct Answer: B

Explanation: CORRECT: DNS tunneling can bypass many IDS systems as DNS traffic is often not inspected as thoroughly as other protocols. OPTION A: Base64 encoding does not inherently evade IDS detection. OPTION B: DNS tunneling is effective because DNS traffic is often trusted. OPTION C: Encryption alone does not hide the presence of data transfer. OPTION D: Fragmenting data might help in some cases but is not as effective as DNS tunneling.

Question 2

Which technique involves using encrypted communication to evade firewall restrictions?

A) SSL tunneling

B) Packet crafting

C) DNS poisoning

D) ARP spoofing

Show Answer & Explanation

Correct Answer: A

Explanation: CORRECT: SSL tunneling encrypts communication, allowing data to pass through firewalls that allow HTTPS traffic. OPTION A: SSL tunneling encrypts communication to evade firewall restrictions. OPTION B: Packet crafting involves creating packets but does not inherently involve encryption. OPTION C: DNS poisoning corrupts DNS data, not related to encrypted communication. OPTION D: ARP spoofing involves altering ARP tables, not using encryption.

Question 3

Which method can be used to evade a firewall's content filtering mechanisms?

A) Encrypting traffic with SSL/TLS

B) Using a proxy server

C) Fragmenting the payload data

D) Employing steganography

Show Answer & Explanation

Correct Answer: D

Explanation: CORRECT: Employing steganography can evade content filtering by hiding data within other files, making it difficult for filters to detect. OPTION A: Encrypting traffic with SSL/TLS can protect data but doesn't evade content filters focused on encrypted traffic. OPTION B: Using a proxy server masks the source but doesn't inherently bypass content filters. OPTION C: Fragmenting the payload data can evade some detection but is not as effective as steganography.

Question 4

Which of the following is a technique used to evade detection by an IDS when performing a SQL injection attack?

A) Using UNION SELECT statements

B) Employing time-based blind SQL injection

C) Obfuscating SQL queries with comments

D) Exploiting error messages

Show Answer & Explanation

Correct Answer: C

Explanation: CORRECT: Obfuscating SQL queries with comments can alter the appearance of the injection, potentially evading IDS detection. OPTION A: UNION SELECT is a method of injection, not evasion. OPTION B: Time-based blind SQL injection is a technique to exploit, not evade. OPTION C: Obfuscation with comments helps in evading IDS detection. OPTION D: Exploiting error messages aids in information gathering, not evasion.

Question 5

An IDS is configured to alert on multiple failed login attempts. How can an attacker circumvent this detection method while attempting to brute force credentials?

A) Use a dictionary attack with common passwords

B) Rotate source IP addresses using a proxy

C) Increase the delay between login attempts

D) Target the admin account with fewer attempts

Show Answer & Explanation

Correct Answer: C

Explanation: Increasing the delay between login attempts can help avoid triggering alert thresholds based on rapid unsuccessful attempts. Rotating IPs could be detected as unusual traffic, and focusing on common passwords or specific accounts doesn't directly address the detection mechanism.

Ready to Accelerate Your CEH - Certified Ethical Hacker Preparation?

Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.

  • ✅ Unlimited practice questions across all CEH - Certified Ethical Hacker domains
  • ✅ Full-length exam simulations with real-time scoring
  • ✅ AI-powered performance tracking and weak area identification
  • ✅ Personalized study plans with adaptive learning
  • ✅ Mobile-friendly platform for studying anywhere, anytime
  • ✅ Expert explanations and study resources
Start Free Practice Now

Already have an account? Sign in here

About CEH - Certified Ethical Hacker Certification

The CEH - Certified Ethical Hacker certification validates your expertise in evading ids, firewalls, and honeypots and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.

📘 Looking for the full study guide?
Check out our comprehensive guide: CEH Mock Exam Mastery: Practice Questions & Insights