17+ practice questions focused on Social Engineering and Physical Security — one of the most tested topics on the Certified Ethical Hacker CEH exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Social Engineering and Physical Security PracticeA penetration tester is assessing an organization's physical security. The tester wants to gain unauthorized access to a secured server room that uses a biometric fingerprint scanner. Which of the following techniques would be MOST effective for bypassing the biometric scanner?
Explanation: Option C is correct because gelatin molds can replicate the exact ridge and valley patterns of a fingerprint, which many capacitive and optical fingerprint scanners read. This bypasses the biometric authentication without requiring the user's cooperation, making it the most direct method to defeat the scanner itself.
During a social engineering engagement, a tester calls the help desk posing as an employee from the IT department. The tester claims to be working on a critical system update and needs the employee's password to proceed. Which type of social engineering attack is being executed?
Explanation: Pretexting involves creating a fabricated scenario (pretext) to manipulate a target into divulging information. In this case, the tester falsely claims to be from the IT department working on a critical system update, which is a classic pretext to gain trust and obtain the employee's password. This differs from other social engineering types because it relies on a constructed identity and false narrative rather than a technical lure or direct exchange.
Which of the following is the BEST defense against tailgating attacks in a secure facility?
Explanation: A mantrap is a physical security access control system consisting of two interlocking doors that create a small vestibule. Only one door can be opened at a time, and authentication (e.g., keycard + biometric) is required to pass through both. This design physically prevents an unauthorized person from following an authorized person into the facility, directly mitigating tailgating attacks by enforcing strict one-person-per-authentication entry.
An employee receives an email that appears to be from the CEO, asking the employee to urgently wire funds to a vendor. The email address is slightly misspelled. What type of social engineering attack is this?
Explanation: This is a whaling attack because it specifically targets a high-profile individual (the CEO) to deceive another employee into performing a financial action. The slight misspelling of the email address is a classic whaling technique, as the attacker impersonates a senior executive to exploit authority and urgency. Unlike generic phishing, whaling focuses on C-level executives or decision-makers.
Which TWO of the following are effective methods to prevent dumpster diving attacks? (Choose two.)
Explanation: Shredding sensitive documents before disposal (Option B) is effective because it physically destroys the information, making it impossible to reconstruct from discarded paper. This directly counters dumpster diving, where attackers retrieve documents to extract confidential data like passwords or network diagrams.
+12 more Social Engineering and Physical Security questions available
Practice all Social Engineering and Physical Security questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Social Engineering and Physical Security. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Social Engineering and Physical Security questions on the CEH frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Social Engineering and Physical Security is tested as part of the Certified Ethical Hacker CEH blueprint. Practicing with targeted Social Engineering and Physical Security questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free CEH practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Social Engineering and Physical Security is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Social Engineering and Physical Security practice session with instant scoring and detailed explanations.
Start Social Engineering and Physical Security Practice →