Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCEHDomainsVulnerability Analysis and System Hacking
CEHFree — No Signup

Vulnerability Analysis and System Hacking

Practice CEH Vulnerability Analysis and System Hacking questions with full explanations on every answer.

19questions

Start practicing

Vulnerability Analysis and System Hacking — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CEH Domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice Vulnerability Analysis and System Hacking questions

10Q20Q30Q50Q

All CEH Vulnerability Analysis and System Hacking questions (19)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A penetration tester discovers that a target Windows system has port 445 open and responds to SMB requests. Which tool should the tester use to enumerate users, shares, and OS information from this system?

2

An ethical hacker is assessing a Linux web server running Apache. The server is suspected to have a remote file inclusion (RFI) vulnerability. Which testing approach is most appropriate to confirm the vulnerability without causing damage?

3

During a penetration test, a tester gains access to a Linux system and needs to escalate privileges. The tester finds that the user has sudo privileges to run /usr/bin/less as root without a password. Which technique should the tester use to escalate privileges?

4

A security analyst runs a vulnerability scan and finds that a server is vulnerable to CVE-2021-44228 (Log4j). Which of the following is the best immediate remediation step?

5

An ethical hacker is testing a web application that uses cookies for session management. The tester notices that the session cookie does not have the HttpOnly or Secure flags set. Which attack is most likely to succeed due to this misconfiguration?

6

Which TWO of the following are valid techniques for password cracking?

7

Which THREE of the following are common indicators of a buffer overflow vulnerability?

8

Based on the Nmap scan output, which service is most likely vulnerable to remote code execution?

9

You are a penetration tester hired by a medium-sized financial company. The company has a network consisting of 50 Windows workstations (Windows 10 Pro) and 5 Windows Server 2019 servers (domain controller, file server, web server, database server, and mail server). The network is segmented into three VLANs: User VLAN (192.168.1.0/24), Server VLAN (192.168.2.0/24), and DMZ (192.168.3.0/24). The web server is in the DMZ and hosts a public-facing e-commerce application built on ASP.NET with a SQL Server backend. The database server is in the Server VLAN and is not directly accessible from the internet. You are given a standard user account on a workstation in the User VLAN. After initial reconnaissance, you discover that the web server is running an outdated version of IIS (7.5) and is vulnerable to a known privilege escalation vulnerability (CVE-2020-0613) that allows local privilege escalation if an attacker has already gained initial access. You also find that the web application has a SQL injection vulnerability in the login page. You successfully exploit the SQL injection to extract the password hash of the web application's service account, which is 'web_svc'. You crack the hash offline and obtain the plaintext password. The 'web_svc' account has local administrative privileges on the web server. Using these credentials, you authenticate to the web server via RDP. From there, you want to pivot to the database server to extract credit card information stored in the database. The database server only allows connections from the web server on port 1433 (SQL Server). Using the 'web_svc' account, you are able to connect to the database server using SQL Server Management Studio. However, you find that the 'web_svc' account has only 'public' and 'guest' database roles, which do not allow reading any sensitive tables. You need to escalate privileges on the database server. What is the most effective next step?

10

A penetration tester is analyzing a Windows 10 system and runs the following command to dump password hashes from the SAM database. The output shows hashes for local users but some are missing. Which step is most likely missing?

11

Which TWO vulnerabilities are associated with buffer overflow attacks?

12

Based on the exhibit, which service should be targeted first to gain initial access with the highest chance of success?

13

Drag and drop the steps to configure a firewall rule in iptables to block incoming SSH traffic into the correct order.

14

Match each type of attack to its description.

15

Refer to the exhibit. An analyst runs netstat on a Windows server and observes multiple established connections to port 3389 from internal IPs. Which attack is most likely occurring?

16

Refer to the exhibit. A security auditor reviews the password hashes. Which user has the weakest password hash?

17

Refer to the exhibit. An attacker wants to exploit a known vulnerability. Which service is most likely vulnerable to CVE-2019-0215?

18

Refer to the exhibit. A penetration tester runs hashcat to crack NTLM hashes. Which hash mode (-m) would be correct for NTLM?

19

Refer to the exhibit. A security analyst checks for missing patches. Which vulnerability is this system likely exposed to?

Other CEH exam domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Frequently asked questions

What does the Vulnerability Analysis and System Hacking domain cover on the CEH exam?

The Vulnerability Analysis and System Hacking domain covers the key concepts tested in this area of the CEH exam blueprint published by EC-Council. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CEH domains — no account required.

How many Vulnerability Analysis and System Hacking questions are in the CEH question bank?

The Courseiva CEH question bank contains 19 questions in the Vulnerability Analysis and System Hacking domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Vulnerability Analysis and System Hacking for CEH?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Vulnerability Analysis and System Hacking questions for CEH?

Yes — the session launcher on this page draws questions exclusively from the Vulnerability Analysis and System Hacking domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CEH domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

PT0-002CS0-003SY0-701200-201