Free · No account needed · No credit card

Certified Ethical Hacker CEH Practice Test

1,010 questions with instant explanations, domain breakdown, and wrong-answer analysis. Built for the real exam.

Instant feedback after each answer
Full explanations included
Domain score breakdown
Real exam: 240 min
Pass mark: 700%

Sample questions with explanations

This is exactly what you see during practice — question, options, and a full explanation after you answer.

Q1Introduction to Ethical Hackingmedium
Full explanation →

A security analyst suspects that an attacker is scanning their network. They notice a large number of TCP SYN packets being sent to various ports on a single host, but no SYN-ACK responses are returned. Which type of scan is most likely being used?

ATCP connect scan
BUDP scan
SYN scanCorrect
DFIN scan

C is correct because a SYN scan (also known as a half-open scan) sends TCP SYN packets to target ports and does not complete the three-way handshake. If no SYN-ACK is returned, it indicates the port is filtered or the host is not responding, which matches the scenario where the a…Read full explanation

Q2Introduction to Ethical Hackinghard
Full explanation →

During a penetration test, an ethical hacker needs to evade an IDS that detects port scans based on the number of packets per second. Which technique would be most effective to avoid detection?

AUse random source ports
BUse a decoy scan
Slow down the scan rateCorrect
DUse fragmented packets

Option C is correct because slowing down the scan rate reduces the number of packets sent per second below the IDS threshold, allowing the scan to blend in with normal traffic. IDS systems like Snort use packet-per-second (pps) counters to detect port scans; by spacing out packet…Read full explanation

Q3Introduction to Ethical Hackingeasy
Full explanation →

A company wants to test the security of its web application by simulating attacks from an external perspective. They have no prior knowledge of the internal network or application architecture. Which type of test should they perform?

Black-box testCorrect
BWhite-box test
CRed team engagement
DGray-box test

A black-box test is the correct choice because the company has no prior knowledge of the internal network or application architecture. This simulates an external attacker with zero insider information, testing the application from an outsider's perspective without access to sourc…Read full explanation

Untimed Practice

Answer at your own pace. Explanation and domain tag shown immediately after each answer.

Timed Practice

Countdown timer starts immediately. Results and domain scores shown at the end — just like the real exam.

Why practice here?

Full explanations on every question

Not just the right answer — you get exactly why each wrong option is wrong, so you learn the concept, not the answer.

Domain score breakdown

After each session see your score by exam domain so you know exactly where to focus study time.

100% free, forever

No subscription, no trial, no email wall. Start a session in under 10 seconds.

Exam-style questions

Scenario-based, precise wording, realistic distractors — written to match what you actually see on exam day.

← All CEH questionsCEH exam guideStudy guidePractice by domain