Back to Certified Ethical Hacker CEH

EC-Council exam questions

Certified Ethical Hacker CEH practice test

Practise network troubleshooting scenarios covering cable faults, wireless interference, IP misconfigurations, and tool usage for the CEH exam.

1,010
practice questions
13
topics covered
CEH
exam code
EC-Council
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 1,010 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 1,010 CEH questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

14 pages · 75 questions per page · 1,010 total

Related practice questions

Study CEH by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Footprinting, Reconnaissance and Scanning practice questions

Practise CEH questions linked to Footprinting, Reconnaissance and Scanning.

Enumeration and System Hacking practice questions

Practise CEH questions linked to Enumeration and System Hacking.

Malware, Social Engineering and Network Attacks practice questions

Practise CEH questions linked to Malware, Social Engineering and Network Attacks.

Web Application and Injection Attacks practice questions

Practise CEH questions linked to Web Application and Injection Attacks.

Introduction to Ethical Hacking practice questions

Practise CEH questions linked to Introduction to Ethical Hacking.

Scanning Networks and Enumeration practice questions

Practise CEH questions linked to Scanning Networks and Enumeration.

Vulnerability Analysis and System Hacking practice questions

Practise CEH questions linked to Vulnerability Analysis and System Hacking.

Advanced Topics: Wireless, Cloud, IoT, Cryptography practice questions

Practise CEH questions linked to Advanced Topics: Wireless, Cloud, IoT, Cryptography.

Footprinting and Reconnaissance practice questions

Practise CEH questions linked to Footprinting and Reconnaissance.

Network and Web Application Attacks practice questions

Practise CEH questions linked to Network and Web Application Attacks.

Wireless, IoT and Cloud Security practice questions

Practise CEH questions linked to Wireless, IoT and Cloud Security.

Cryptography and Malware Analysis practice questions

Practise CEH questions linked to Cryptography and Malware Analysis.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Certified Ethical Hacker CEH practice questions

Start practice test

A penetration tester is analyzing a captured TCP session that includes a successful SQL injection attack. Which TWO of the following indicators would most likely confirm that the attack was successful?

Question 2easymultiple choice
Read the full wireless explanation →

You are a security consultant for a mid-sized company that recently migrated its customer relationship management (CRM) system to a public cloud provider (AWS). The CRM is a web application behind an Application Load Balancer (ALB) with WAF enabled. The application stores sensitive customer data in an RDS MySQL database. The security team has configured security groups to allow only HTTPS (443) from the internet to the ALB, and from the ALB to the application servers on port 8080. The application servers can connect to the database on port 3306. During a routine vulnerability scan, you discover that the database is publicly accessible from the internet on port 3306, which contradicts the intended design. You verify that the security group for the database allows inbound traffic from 0.0.0.0/0 on port 3306. The database contains unencrypted personal identifiable information (PII). What is the most effective immediate action to remediate this vulnerability?

An organization is implementing a social engineering defense program. Which TWO measures are most effective in reducing the risk of phishing attacks? (Choose two.)

An ethical hacker is assessing a Linux web server running Apache. The server is suspected to have a remote file inclusion (RFI) vulnerability. Which testing approach is most appropriate to confirm the vulnerability without causing damage?

A penetration tester discovers that a target Windows system has port 445 open and responds to SMB requests. Which tool should the tester use to enumerate users, shares, and OS information from this system?

Which TWO of the following are effective physical security controls to prevent tailgating?

Refer to the exhibit. An attacker gains access to the user's workstation and wants to find a file containing passwords. Which file is most likely to contain credentials?

Exhibit

Refer to the exhibit.

Exhibit:
C:\Users\jdoe> net user jdoe /domain
The request will be processed at a domain controller for domain corp.xyz.com.

User name                    jdoe
Full Name                    John Doe
Comment
User's comment
Country code                 001 (United States)
Account active               Yes
Account expires              Never

Password last set            6/15/2024 9:30:00 AM
Password expires             9/13/2024 9:30:00 AM
Password changeable          6/16/2024 9:30:00 AM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script                 logon.bat
User profile
Home directory               \\fileserver\home\jdoe
Last logon                   7/10/2024 2:15:00 PM

Logon hours allowed          All

Local Group Memberships      *Domain Users
Global Group memberships     *Domain Users
The command completed successfully.

Which TWO of the following are examples of passive footprinting techniques? (Select exactly 2.)

Which TWO types of information can be obtained through SNMP enumeration on a target device if the community string is 'public'? (Choose two.)

An ethical hacker runs the command shown in the exhibit. Which of the following conclusions can be drawn from the output?

Exhibit

Refer to the exhibit.

```
C:\Users\tester> nslookup -type=MX exampledomain.com
Server:  dns.example.com
Address:  192.168.1.1

exampledomain.com
        MX preference = 10, mail exchanger = mail1.exampledomain.com
        MX preference = 20, mail exchanger = mail2.exampledomain.com
```
Question 11easymulti select
Read the full wireless explanation →

Which TWO of the following are characteristics of a Bluetooth Low Energy (BLE) IoT device that make it suitable for a battery-powered sensor?

Question 12hardmultiple choice
Read the full wireless explanation →

Refer to the exhibit. During a wireless audit, you capture a beacon frame from a corporate access point. What is the most significant security concern based on this information?

Exhibit

Refer to the exhibit.

```
Wireless Capture: Beacon Frame
SSID: CorpNet
Security: WPA2-PSK
BSSID: 00:11:22:33:44:55
Channel: 6
RSN Information:
  Pairwise Ciphers: CCMP
  Group Cipher: TKIP
```

Drag and drop the steps to perform a buffer overflow exploit in a controlled lab environment into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 14mediumdrag order
Read the full wireless explanation →

Drag and drop the steps to perform a SQL injection attack manually into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Drag and drop the steps to set up a reverse shell using Netcat into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 16mediumdrag order
Read the full wireless explanation →

Drag and drop the steps to configure a wireless network with WPA2-Enterprise authentication on a Cisco AP into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 17mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to set up a VPN using IPsec in tunnel mode into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Drag and drop the steps to perform a successful social engineering attack in a penetration test into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Which TWO vulnerabilities are associated with buffer overflow attacks?

Refer to the exhibit. An attacker runs the nslookup command shown. What information has been gathered?

Exhibit

Refer to the exhibit.

C:\>nslookup -type=MX example.com
Server:  dns.example.com
Address:  192.0.2.10

example.com     MX preference = 10, mail exchanger = mail1.example.com
example.com     MX preference = 20, mail exchanger = mail2.example.com

Which TWO of the following Nmap scan types are typically used to evade firewalls and IDS systems by sending fragmented packets?

During a penetration test, you discover that the target organization uses a cloud-based email service. Which technique would allow you to gather employee email addresses and potentially infer internal organizational structure?

A penetration tester is analyzing a Windows 10 system and runs the following command to dump password hashes from the SAM database. The output shows hashes for local users but some are missing. Which step is most likely missing?

Question 24hardmulti select
Read the full wireless explanation →

A penetration tester is assessing the security of a smart building's IoT infrastructure. The building uses Zigbee sensors for temperature and motion detection, and some devices communicate using MQTT over Wi-Fi. During the assessment, the tester captures traffic and notices that some Zigbee devices are sending unencrypted frames containing sensor IDs and values. Which TWO actions should the tester recommend to mitigate the identified vulnerabilities? (Choose two.)

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these CEH questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Tests ability to identify and resolve common network connectivity and performance issues using systematic troubleshooting methodology.

Apply the CompTIA A+ troubleshooting methodology to network problems

Identify symptoms of cable, wireless, and hardware failures

Use command-line tools like ping, ipconfig, and tracert

Distinguish between DHCP, DNS, and gateway configuration errors

These CEH practice questions are part of Courseiva's free EC-Council certification practice question bank. Courseiva provides original exam-style CEH questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.