Free CEH Practice Test 2026 — Certified Ethical Hacker 312-50 v13 Exam Questions

Master the EC-Council Certified Ethical Hacker (CEH) 312-50 v13 exam with 1,500+ free practice questions covering all 9 official CEH domains. Each question includes a detailed explanation written by certified pentesters — no signup required.

CEH 312-50 v13 Exam Overview

Practice by CEH Domain

Domain 1: Information Security and Ethical Hacking Overview (6%)

Free CEH practice questions on the cyber kill chain, MITRE ATT&CK, threat modeling, hacker classes, and InfoSec laws. Practice this domain →

Domain 2: Reconnaissance Techniques (21%)

Free CEH practice questions on footprinting, OSINT, Nmap scanning, banner grabbing, OS fingerprinting, and SMB/SNMP/DNS enumeration. Practice this domain →

Domain 3: System Hacking Phases and Attack Techniques (17%)

Free CEH practice questions on vulnerability analysis, password cracking, privilege escalation, trojans, fileless malware, and rootkits. Practice this domain →

Domain 4: Network and Perimeter Hacking (14%)

Free CEH practice questions on sniffing, ARP/DNS poisoning, social engineering, DoS/DDoS, session hijacking, and IDS/firewall evasion. Practice this domain →

Domain 5: Web Application Hacking (16%)

Free CEH practice questions on OWASP Top 10, SQL injection, XSS, CSRF, file upload bypass, and API abuse. Practice this domain →

Domain 6: Wireless Network Hacking (6%)

Free CEH practice questions on WPA2/WPA3 cracking, evil twin APs, deauth attacks, and Bluetooth exploitation. Practice this domain →

Domain 7: Mobile Platform, IoT, and OT Hacking (8%)

Free CEH practice questions on Android/iOS attacks, jailbreaking/rooting, IoT firmware analysis, and ICS/SCADA threats. Practice this domain →

Domain 8: Cloud Computing (6%)

Free CEH practice questions on cloud service models, container escapes, S3 misconfigurations, IAM exploitation, and serverless attacks. Practice this domain →

Domain 9: Cryptography (6%)

Free CEH practice questions on AES/RSA/ECC, SHA/HMAC, PKI, SSL/TLS attacks (POODLE, BEAST), and cryptanalysis. Practice this domain →

9 Free CEH 312-50 v13 Sample Questions with Answers

One sample question from each official CEH domain — each with 4 answer options, the correct answer, and a detailed explanation drawn from the FlashGenius CEH question bank.

Sample Question 1 — Cloud Computing

As a penetration tester, you have been contracted to evaluate the security of a company's cloud infrastructure. During your assessment, you identify that the company uses a public cloud service provider for hosting their web applications. What is the first step you should take when planning your ethical hacking activities?

  1. A. Obtain written permission from the cloud service provider to perform tests. (Correct answer)
  2. B. Immediately start scanning the public IP ranges of the company.
  3. C. Contact the company's ISP to ensure internet access remains stable during testing.
  4. D. Test the firewall configurations of the cloud environment directly.

Correct answer: A

Explanation: The first step is to ensure legal permission from both the company and the cloud service provider, as cloud environments have specific terms of service regarding penetration testing. Without this, you could violate terms and face legal consequences. Options B, C, and D may disrupt services or violate usage policies.

Sample Question 2 — Cryptography

During a penetration test, you are tasked with intercepting and analyzing encrypted HTTPS traffic between a client and a server. Which tool and method should you use to achieve this while maintaining ethical standards?

  1. A. Use a man-in-the-middle proxy like Burp Suite to decrypt and inspect the traffic with client consent. (Correct answer)
  2. B. Deploy a rogue access point to capture traffic without the client's knowledge.
  3. C. Use a packet sniffer like Wireshark to capture encrypted packets and attempt brute-forcing the encryption.
  4. D. Install malware on the client system to capture traffic at the endpoint.

Correct answer: A

Explanation: Burp Suite can act as a man-in-the-middle proxy to decrypt HTTPS traffic with proper client consent, aligning with ethical hacking practices. Option B violates ethical standards, option C is ineffective without decryption, and option D is unethical.

Sample Question 3 — Denial-of-Service

You are conducting a penetration test on a web server to assess its resilience against Denial-of-Service (DoS) attacks. During the test, you notice that the server becomes unresponsive when a large number of ICMP packets are sent in a short period. Which tool would be most suitable to simulate this attack to confirm the vulnerability?

  1. A. Hping3 (Correct answer)
  2. B. Wireshark
  3. C. Burp Suite
  4. D. Metasploit

Correct answer: A

Explanation: Hping3 is a command-line network tool capable of sending custom TCP/IP packets, which includes the ability to send ICMP flood packets to test for DoS vulnerabilities. Wireshark is a network protocol analyzer, Burp Suite is used for web application security testing, and Metasploit is used for exploiting known vulnerabilities but is not specifically designed for DoS testing.

Sample Question 4 — Enumeration

During a penetration test, you are tasked with identifying all active devices and their services on a company's network. You decide to use a tool that can perform host discovery and port scanning. Which tool is most appropriate for this task?

  1. A. Nmap (Correct answer)
  2. B. Wireshark
  3. C. Metasploit
  4. D. Burp Suite

Correct answer: A

Explanation: Nmap is a versatile tool that is specifically designed for network discovery and security auditing. It can identify active devices and scan for open ports and services. Wireshark is used for packet analysis, Metasploit is for exploiting vulnerabilities, and Burp Suite focuses on web applications.

Sample Question 5 — Evading IDS, Firewalls, and Honeypots

A penetration tester is assigned to evaluate a bank’s network infrastructure. During the test, the tester notices that the Intrusion Detection System (IDS) is aggressively blocking their scanning attempts. Which technique should the tester use to effectively bypass the IDS without triggering alerts?

  1. A. Use fragmented packet scanning (Correct answer)
  2. B. Increase the scan speed
  3. C. Disable the IDS temporarily
  4. D. Switch to a different network protocol

Correct answer: A

Explanation: Fragmented packet scanning involves breaking down packets into smaller fragments to avoid detection by the IDS, which may not be able to reassemble and inspect them properly. This is a well-known evasion technique. Increasing the scan speed or switching protocols might still get detected, and disabling the IDS is unethical and impractical during a test.

Sample Question 6 — Footprinting and Reconnaissance

As a penetration tester, you are tasked with gathering open-source intelligence (OSINT) on a company's online presence. Which tool would be most effective in automating the process of collecting publicly available information about the target's domain records, network infrastructure, and email addresses?

  1. A. Maltego (Correct answer)
  2. B. Nessus
  3. C. Wireshark
  4. D. Metasploit

Correct answer: A

Explanation: Maltego is a powerful OSINT tool used for gathering and analyzing information. It can automate the process of collecting domain records, network infrastructure data, and email addresses, making it ideal for footprinting and reconnaissance. Nessus is primarily used for vulnerability scanning, Wireshark is for network packet analysis, and Metasploit is a framework for penetration testing exploits.

Sample Question 7 — Hacking Mobile Platforms

You are tasked with performing a penetration test on an Android banking application. You discover that the application stores sensitive user data in plain text within the app's local storage. Which tool would be most appropriate to further analyze and exploit this vulnerability?

  1. A. Drozer (Correct answer)
  2. B. Wireshark
  3. C. Burp Suite
  4. D. Nmap

Correct answer: A

Explanation: Drozer is a comprehensive security audit and attack framework for Android applications, specifically designed to analyze app data storage and permissions. Wireshark is used for network traffic analysis, Burp Suite is mainly for web application testing, and Nmap is a network scanner.

Sample Question 8 — Hacking Web Applications

While conducting a penetration test on a client's web application, you discover that the application is vulnerable to SQL injection. What is the most appropriate tool to exploit this vulnerability and extract data from the backend database?

  1. A. Burp Suite
  2. B. SQLmap (Correct answer)
  3. C. Nmap
  4. D. Nikto

Correct answer: B

Explanation: SQLmap is a specialized tool designed specifically for automating the process of detecting and exploiting SQL injection vulnerabilities. While Burp Suite can also be used for identifying and manually exploiting the vulnerability, SQLmap is more efficient for this task. Nmap and Nikto are not suitable for exploiting SQL injections as they serve different purposes such as network scanning and web server scanning, respectively.

Sample Question 9 — Hacking Web Servers

While performing a penetration test on a web server, you discover that the server is using an outdated version of Apache. Which tool would be most appropriate to identify known vulnerabilities associated with this version?

  1. A. Nessus (Correct answer)
  2. B. Wireshark
  3. C. Burp Suite
  4. D. Nikto

Correct answer: A

Explanation: Nessus is a widely used vulnerability scanner that can identify known vulnerabilities in software, including web servers. It has a comprehensive database of vulnerabilities, making it suitable for this task. Wireshark is a network protocol analyzer, Burp Suite is primarily used for web application testing, and Nikto is a web server scanner but is less comprehensive than Nessus for this purpose.

Quick Start: 10-Question Mixed CEH Practice Test

Take the free 10-question CEH quick-start mock exam → It covers all 9 CEH 312-50 v13 domains and is the fastest way to gauge your overall ethical-hacking readiness.

Start the free CEH practice test now | CEH v13 Cheat Sheet | Unlock the full 1,500+ CEH question bank with Premium