Free CEH practice test — 1,010+ CEH practice questions with detailed explanations across all 13 official CEH exam domains. Every set is scored and drawn from the live question bank — so you practise exactly what the exam tests, not outdated dumps.
Courseiva includes 1,010+ Certified Ethical Hacker CEH practice questions across the official exam domains.
Feature
Courseiva
This free CEH practice test mirrors the structure and difficulty of the real Certified Ethical Hacker CEH exam. Every question is written against the official 2026 exam blueprint published by EC-Council, ensuring you practise exactly what the exam tests — not last year's objectives.
The CEH blueprint is divided into 13weighted domains. Questions on this page are distributed proportionally across each domain, so the mix you see here reflects the same weighting you'll face on exam day. High-weight domains like Footprinting, Reconnaissance and Scanning and Enumeration and System Hacking contribute the most questions, meaning focused practice on these areas gives you the highest return on study time.
CEH Exam Blueprint — 13 Domains
Footprinting, Reconnaissance and Scanning
Enumeration and System Hacking
Malware, Social Engineering and Network Attacks
Web Application and Injection Attacks
Introduction to Ethical Hacking
Scanning Networks and Enumeration
Vulnerability Analysis and System Hacking
Advanced Topics: Wireless, Cloud, IoT, Cryptography
Footprinting and Reconnaissance
Network and Web Application Attacks
Wireless, IoT and Cloud Security
Cryptography and Malware Analysis
Social Engineering and Physical Security
65 numbered sets, 13 domain question banks, and targeted sessions — every page is a unique set of questions.
Choose all correct answers
Each chapter page covers one topic in depth — theory, key concepts, and focused practice questions. Use these to close knowledge gaps before returning to full practice tests.
Getting the most from practice questions requires more than just clicking through answers. Here is the study method used by candidates who pass CEH on their first attempt:
Answer before revealing
Read each CEH question fully, eliminate obviously wrong choices, then commit to an answer before clicking to reveal. This active recall process is what builds lasting knowledge.
Read every explanation
Even when you answer correctly, read the full explanation. Knowing WHY the right answer is correct — and why the distractors are wrong — is what separates a 750 score from a 900 score.
Track weak domains
Note which CEH domains you get wrong most often. Then do a targeted 20-30 question session focused only on that domain until your accuracy improves.
Simulate exam pacing
The real CEH gives you roughly 1.9 minutes per question. Use the 60 or 120-question sessions to practise hitting that pace comfortably.
Most candidates who pass CEH on their first attempt report doing between 400 and 800 practice questions over 4–8 weeks of preparation. With 1,010+ questions in the Courseiva bank, you have more than enough material to build that repetition without seeing the same question twice.
Answer each question to reveal the full explanation and correct answer. This starter set is drawn from all 13 exam domains in blueprint proportion. Use the session selector to start a longer focused practice run.
A security analyst runs the following Nmap command: nmap -sS -sV -O -p 22,80,443,3389 192.168.1.0/24. Which of the following BEST describes what this scan will accomplish?
Select an answer to reveal the explanation
A security analyst wants to enumerate NetBIOS names on a Windows network. Which built-in Windows command-line tool should they use?
Select an answer to reveal the explanation
A security analyst notices a high volume of ICMP Echo Reply packets on the network. The source IPs are varied, but the destination IP is the same. Which type of attack is MOST likely occurring?
Select an answer to reveal the explanation
A security analyst notices that the web application returns different response times when a valid username is submitted versus an invalid one during login. Which type of vulnerability is likely being exploited?
Select an answer to reveal the explanation
A security analyst suspects that an attacker is scanning their network. They notice a large number of TCP SYN packets being sent to various ports on a single host, but no SYN-ACK responses are returned. Which type of scan is most likely being used?
Select an answer to reveal the explanation
During a penetration test, you discover that an internal web server responds to ICMP echo requests but does not respond to TCP SYN scans on port 80. However, when you browse to the server's IP using a browser, the web page loads successfully. What is the most likely reason for this behavior?
Select an answer to reveal the explanation
A penetration tester discovers that a target Windows system has port 445 open and responds to SMB requests. Which tool should the tester use to enumerate users, shares, and OS information from this system?
Select an answer to reveal the explanation
A security analyst captures a large number of unique initialization vectors (IVs) from a wireless network using airodump-ng. Which attack are they MOST likely preparing to execute?
Select an answer to reveal the explanation
A penetration tester is performing a footprinting exercise on a target company. The tester wants to identify the network range and ISP of the target. Which of the following tools or techniques is MOST appropriate for this purpose?
Select an answer to reveal the explanation
During a penetration test, you notice that a web application accepts user input and displays it directly in the browser without sanitization. Which attack is most likely to succeed?
Select an answer to reveal the explanation
A security analyst discovers that an IoT device in a smart building is periodically sending small DNS queries to an external domain known for command-and-control activity. Which security control should be implemented to detect and block such traffic without disrupting legitimate operations?
Select an answer to reveal the explanation
A security analyst receives an alert about a suspicious file hash. The analyst wants to check if the file is known malware by querying an online database of malware signatures. Which tool should the analyst use?
Select an answer to reveal the explanation
A penetration tester is assessing an organization's physical security. The tester wants to gain unauthorized access to a secured server room that uses a biometric fingerprint scanner. Which of the following techniques would be MOST effective for bypassing the biometric scanner?
Select an answer to reveal the explanation
Answer all 13 questions to see your domain score breakdown
A structured study plan dramatically increases your chances of passing CEH on the first attempt. The most effective approach combines reading the official EC-Council documentation or a study guide, watching video explanations for difficult concepts, and then reinforcing everything with daily practice questions.
We recommend the following weekly structure for CEH preparation:
Cover each CEH domain systematically. Read the exam objectives, watch explanatory content, and do 10–20 practice questions per domain to test understanding as you go.
Run full 50–60 question mixed sessions daily. Review every wrong answer in detail. Identify which domains are consistently scoring below 70% and revisit those study materials.
Do 100–120 question timed sessions to simulate real exam conditions. Aim for consistent scores above 80% before booking your exam date. A score above 80% in practice typically translates to a passing CEH score.
On exam day, the CEH tests your ability to apply knowledge to realistic scenarios — not just recall definitions. This is why reading explanations and understanding the reasoning behind every answer matters more than simply grinding question volume. Use the high-count sessions (100, 120) in the final weeks as your confidence benchmark.
Questions
125
On the real exam
Time limit
240 min
1.9 min per question
Passing score
700/1000
Scaled scoring
The CEH exam uses a scaled scoring system — your raw score of correct answers is converted to a score out of 1000. A passing score of 700/1000 does not mean you need 70% of questions correct; the conversion accounts for question difficulty. Consistently scoring above 75–80% on practice tests puts you in a strong position to achieve 700/1000 on the real exam.
Scenario-based questions covering exam objectives with detailed answer explanations.
Yes. Courseiva provides free Certified Ethical Hacker CEH practice questions with explanations across the official exam domains. Start with a quick practice test, then continue with topic-based practice, mock exams, missed-question review, bookmarked questions, weak-topic recommendations, and readiness tracking. No account required. Create a free account to unlock per-domain analytics and progress tracking across every certification on the platform. Courseiva is free forever, supported by advertising.
Every question is written against the official CEH exam blueprint published by EC-Council. Our questions follow the same wording style, scenario complexity, and answer structure as the actual exam. They are original questions — not brain dumps — so you learn the underlying concepts and reasoning, not just memorised answers. Candidates who study with brain dumps often pass but have no transferable knowledge; Courseiva questions make you genuinely competent.
Most candidates who pass CEH on their first attempt do 30–60 questions per day. Use the Quick 10 session for daily warm-ups when you are short on time. On study days, run a 50 or 60-question session to build stamina. Reserve 100 and 120-question sessions for the final two weeks when you want to simulate real exam conditions and benchmark your readiness.
The CEH covers 13 domains: Footprinting, Reconnaissance and Scanning, Enumeration and System Hacking, Malware, Social Engineering and Network Attacks, Web Application and Injection Attacks, Introduction to Ethical Hacking, Scanning Networks and Enumeration, Vulnerability Analysis and System Hacking, Advanced Topics: Wireless, Cloud, IoT, Cryptography, Footprinting and Reconnaissance, Network and Web Application Attacks, Wireless, IoT and Cloud Security, Cryptography and Malware Analysis, Social Engineering and Physical Security. Each domain carries a different weight, so allocate your study time accordingly. The highest-weighted domains — Footprinting, Reconnaissance and Scanning and Enumeration and System Hacking — should receive the most attention.
Exam dumps are memorised question-and-answer lists taken from actual exam papers, often obtained illegally and shared without EC-Council's authorisation. Using them violates your NDA and EC-Council's certification agreement, and can result in certification revocation. Courseiva questions are 100% original — written by certified engineers to test the same knowledge areas using new scenarios and wording. You learn the material, not just the answers.
Per-domain analytics, spaced repetition, daily challenges — and every other certification on the platform.
Sign Up FreeFree forever · Every certification included