Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCEHDomainsSocial Engineering and Physical Security
CEHFree — No Signup

Social Engineering and Physical Security

Practice CEH Social Engineering and Physical Security questions with full explanations on every answer.

17questions

Start practicing

Social Engineering and Physical Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CEH Domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice Social Engineering and Physical Security questions

10Q20Q30Q50Q

All CEH Social Engineering and Physical Security questions (17)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A penetration tester is assessing an organization's physical security. The tester wants to gain unauthorized access to a secured server room that uses a biometric fingerprint scanner. Which of the following techniques would be MOST effective for bypassing the biometric scanner?

2

During a social engineering engagement, a tester calls the help desk posing as an employee from the IT department. The tester claims to be working on a critical system update and needs the employee's password to proceed. Which type of social engineering attack is being executed?

3

Which of the following is the BEST defense against tailgating attacks in a secure facility?

4

An employee receives an email that appears to be from the CEO, asking the employee to urgently wire funds to a vendor. The email address is slightly misspelled. What type of social engineering attack is this?

5

Which TWO of the following are effective methods to prevent dumpster diving attacks? (Choose two.)

6

Which THREE of the following are common indicators of a social engineering attack? (Choose three.)

7

Refer to the exhibit. A security analyst runs ping and arp commands. What is the most likely attack occurring?

8

You are a security consultant hired by a mid-sized company with 500 employees. The company has a central office with a lobby, reception, and two secure areas: the server room (requires keycard and PIN) and the executive floor (requires keycard only). Recently, employees have reported seeing unfamiliar people in restricted areas. Security logs show keycard access for the server room only during business hours, but no anomalies. However, the executive floor logs show multiple entries by a single employee, John from Sales, at odd hours. John claims he was working late. The company has a policy that all employees must wear ID badges visibly. You observe that employees often hold doors open for colleagues, and the receptionist does not verify visitor badges. Which of the following actions should you recommend FIRST to address the most likely attack vector?

9

A penetration tester calls an employee claiming to be from the IT help desk and asks for their password to perform a 'security update'. The employee provides the password. Which social engineering technique is being used?

10

Which TWO of the following are effective physical security controls to prevent tailgating?

11

Refer to the exhibit. An attacker gains access to the user's workstation and wants to find a file containing passwords. Which file is most likely to contain credentials?

12

A security auditor is assessing the physical security of a corporate office building that houses a data center. The building has a single main entrance with a reception desk staffed during business hours (8 AM to 6 PM). After hours, employees use a keycard reader to access the building. The data center itself requires a separate keycard and a 6-digit PIN. The auditor notices that during lunch hours (12-1 PM), the reception desk is often unattended, and employees frequently hold the door for others to avoid using their keycard. Additionally, a recent social engineering test revealed that an attacker was able to call the help desk, claim to be a new employee, and request a password reset, which was granted without proper verification. Based on this scenario, which of the following is the MOST effective combination of controls to mitigate both the physical and social engineering weaknesses?

13

An organization is implementing a social engineering defense program. Which TWO measures are most effective in reducing the risk of phishing attacks? (Choose two.)

14

Refer to the exhibit. A security analyst reviews the firewall log and notices that user jdoe accessed a file server via SMB (port 445) from an internal IP (10.0.0.45) that is not the usual file server subnet. Which type of social engineering attack is most likely being attempted?

15

You are a security consultant for a mid-sized company with 500 employees. The company has a secure data center with a biometric access control system. Recently, a contractor was able to enter the data center without authorization by claiming he forgot his badge and an employee held the door for him. The contractor then accessed sensitive servers and exfiltrated data. The company wants to prevent such incidents. Which physical security control would be most effective in preventing this type of attack?

16

Drag and drop the steps to perform a successful social engineering attack in a penetration test into the correct order.

17

Match each wireless attack to its description.

Other CEH exam domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware Analysis

Frequently asked questions

What does the Social Engineering and Physical Security domain cover on the CEH exam?

The Social Engineering and Physical Security domain covers the key concepts tested in this area of the CEH exam blueprint published by EC-Council. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CEH domains — no account required.

How many Social Engineering and Physical Security questions are in the CEH question bank?

The Courseiva CEH question bank contains 17 questions in the Social Engineering and Physical Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Social Engineering and Physical Security for CEH?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Social Engineering and Physical Security questions for CEH?

Yes — the session launcher on this page draws questions exclusively from the Social Engineering and Physical Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CEH domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

PT0-002CS0-003SY0-701200-201