Free CEH Quick Practice Test — 10 Questions Across All 9 Domains

This free CEH 312-50 v13 quick-start practice test includes 10 mixed-domain questions sampled from the FlashGenius CEH question bank. Perfect for a fast readiness check before committing to full-length 125-question mock exams.

What's on This CEH Quick Test?

10 Free CEH Sample Questions with Answers

Sample Question 1 — Cloud Computing

As a penetration tester, you have been contracted to evaluate the security of a company's cloud infrastructure. During your assessment, you identify that the company uses a public cloud service provider for hosting their web applications. What is the first step you should take when planning your ethical hacking activities?

  1. A. Obtain written permission from the cloud service provider to perform tests. (Correct answer)
  2. B. Immediately start scanning the public IP ranges of the company.
  3. C. Contact the company's ISP to ensure internet access remains stable during testing.
  4. D. Test the firewall configurations of the cloud environment directly.

Correct answer: A

Explanation: The first step is to ensure legal permission from both the company and the cloud service provider, as cloud environments have specific terms of service regarding penetration testing. Without this, you could violate terms and face legal consequences. Options B, C, and D may disrupt services or violate usage policies.

Sample Question 2 — Cryptography

During a penetration test, you are tasked with intercepting and analyzing encrypted HTTPS traffic between a client and a server. Which tool and method should you use to achieve this while maintaining ethical standards?

  1. A. Use a man-in-the-middle proxy like Burp Suite to decrypt and inspect the traffic with client consent. (Correct answer)
  2. B. Deploy a rogue access point to capture traffic without the client's knowledge.
  3. C. Use a packet sniffer like Wireshark to capture encrypted packets and attempt brute-forcing the encryption.
  4. D. Install malware on the client system to capture traffic at the endpoint.

Correct answer: A

Explanation: Burp Suite can act as a man-in-the-middle proxy to decrypt HTTPS traffic with proper client consent, aligning with ethical hacking practices. Option B violates ethical standards, option C is ineffective without decryption, and option D is unethical.

Sample Question 3 — Denial-of-Service

You are conducting a penetration test on a web server to assess its resilience against Denial-of-Service (DoS) attacks. During the test, you notice that the server becomes unresponsive when a large number of ICMP packets are sent in a short period. Which tool would be most suitable to simulate this attack to confirm the vulnerability?

  1. A. Hping3 (Correct answer)
  2. B. Wireshark
  3. C. Burp Suite
  4. D. Metasploit

Correct answer: A

Explanation: Hping3 is a command-line network tool capable of sending custom TCP/IP packets, which includes the ability to send ICMP flood packets to test for DoS vulnerabilities. Wireshark is a network protocol analyzer, Burp Suite is used for web application security testing, and Metasploit is used for exploiting known vulnerabilities but is not specifically designed for DoS testing.

Sample Question 4 — Enumeration

During a penetration test, you are tasked with identifying all active devices and their services on a company's network. You decide to use a tool that can perform host discovery and port scanning. Which tool is most appropriate for this task?

  1. A. Nmap (Correct answer)
  2. B. Wireshark
  3. C. Metasploit
  4. D. Burp Suite

Correct answer: A

Explanation: Nmap is a versatile tool that is specifically designed for network discovery and security auditing. It can identify active devices and scan for open ports and services. Wireshark is used for packet analysis, Metasploit is for exploiting vulnerabilities, and Burp Suite focuses on web applications.

Sample Question 5 — Evading IDS, Firewalls, and Honeypots

A penetration tester is assigned to evaluate a bank’s network infrastructure. During the test, the tester notices that the Intrusion Detection System (IDS) is aggressively blocking their scanning attempts. Which technique should the tester use to effectively bypass the IDS without triggering alerts?

  1. A. Use fragmented packet scanning (Correct answer)
  2. B. Increase the scan speed
  3. C. Disable the IDS temporarily
  4. D. Switch to a different network protocol

Correct answer: A

Explanation: Fragmented packet scanning involves breaking down packets into smaller fragments to avoid detection by the IDS, which may not be able to reassemble and inspect them properly. This is a well-known evasion technique. Increasing the scan speed or switching protocols might still get detected, and disabling the IDS is unethical and impractical during a test.

Sample Question 6 — Footprinting and Reconnaissance

As a penetration tester, you are tasked with gathering open-source intelligence (OSINT) on a company's online presence. Which tool would be most effective in automating the process of collecting publicly available information about the target's domain records, network infrastructure, and email addresses?

  1. A. Maltego (Correct answer)
  2. B. Nessus
  3. C. Wireshark
  4. D. Metasploit

Correct answer: A

Explanation: Maltego is a powerful OSINT tool used for gathering and analyzing information. It can automate the process of collecting domain records, network infrastructure data, and email addresses, making it ideal for footprinting and reconnaissance. Nessus is primarily used for vulnerability scanning, Wireshark is for network packet analysis, and Metasploit is a framework for penetration testing exploits.

Sample Question 7 — Hacking Mobile Platforms

You are tasked with performing a penetration test on an Android banking application. You discover that the application stores sensitive user data in plain text within the app's local storage. Which tool would be most appropriate to further analyze and exploit this vulnerability?

  1. A. Drozer (Correct answer)
  2. B. Wireshark
  3. C. Burp Suite
  4. D. Nmap

Correct answer: A

Explanation: Drozer is a comprehensive security audit and attack framework for Android applications, specifically designed to analyze app data storage and permissions. Wireshark is used for network traffic analysis, Burp Suite is mainly for web application testing, and Nmap is a network scanner.

Sample Question 8 — Hacking Web Applications

While conducting a penetration test on a client's web application, you discover that the application is vulnerable to SQL injection. What is the most appropriate tool to exploit this vulnerability and extract data from the backend database?

  1. A. Burp Suite
  2. B. SQLmap (Correct answer)
  3. C. Nmap
  4. D. Nikto

Correct answer: B

Explanation: SQLmap is a specialized tool designed specifically for automating the process of detecting and exploiting SQL injection vulnerabilities. While Burp Suite can also be used for identifying and manually exploiting the vulnerability, SQLmap is more efficient for this task. Nmap and Nikto are not suitable for exploiting SQL injections as they serve different purposes such as network scanning and web server scanning, respectively.

Sample Question 9 — Hacking Web Servers

While performing a penetration test on a web server, you discover that the server is using an outdated version of Apache. Which tool would be most appropriate to identify known vulnerabilities associated with this version?

  1. A. Nessus (Correct answer)
  2. B. Wireshark
  3. C. Burp Suite
  4. D. Nikto

Correct answer: A

Explanation: Nessus is a widely used vulnerability scanner that can identify known vulnerabilities in software, including web servers. It has a comprehensive database of vulnerabilities, making it suitable for this task. Wireshark is a network protocol analyzer, Burp Suite is primarily used for web application testing, and Nikto is a web server scanner but is less comprehensive than Nessus for this purpose.

Sample Question 10 — Hacking Wireless Networks

As an ethical hacker, you have been tasked with testing the security of a company's wireless network. The company uses WPA2-PSK for their wireless network. Which tool would you use to capture the handshake and attempt a dictionary attack to crack the pre-shared key?

  1. A. Aircrack-ng (Correct answer)
  2. B. NetStumbler
  3. C. Wireshark
  4. D. Nessus

Correct answer: A

Explanation: Aircrack-ng is specifically designed for cracking WEP and WPA-PSK keys once you have captured a handshake. NetStumbler is used for network discovery, Wireshark is a packet analyzer that does not perform cracking, and Nessus is used for vulnerability scanning.

All CEH domains | CEH v13 Cheat Sheet | Unlock full 1,500+ CEH question bank