CEH · topic practice

Enumeration and System Hacking practice questions

Practise Certified Ethical Hacker CEH Enumeration and System Hacking practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Enumeration and System Hacking

What the exam tests

What to know about Enumeration and System Hacking

Enumeration and System Hacking questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Enumeration and System Hacking exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Enumeration and System Hacking questions

20 questions · select your answer, then reveal the explanation

A security analyst wants to enumerate NetBIOS names on a Windows network. Which built-in Windows command-line tool should they use?

During a penetration test, you gain access to a target system as a low-privileged user. Which of the following is the BEST next step according to the CEH system hacking methodology (CHPSET)?

A security analyst observes a suspicious SUID binary /usr/bin/evil in a Linux system. Which type of vulnerability does this indicate, and what is the MOST likely objective of an attacker who placed it?

A penetration tester runs the following command against a target Linux server: smbclient -L 192.168.1.10 -N. The output lists several shares including 'Admin$', 'C$', and 'IPC$'. Which of the following is the MOST likely next step for further enumeration?

Question 5mediummultiple choice
Read the full VRF explanation →

An attacker uses the VRFY command on an SMTP server to check the existence of email addresses. The server responds with '250 OK' for 'admin@company.com' and '550 No such user' for 'fake@company.com'. Which SMTP enumeration technique is being used?

A security analyst finds multiple failed login attempts in the system logs, followed by a successful login from an unusual IP address. The attacker then deleted the log entries for that session. Which step of the system hacking methodology (CHPSET) does the log deletion represent?

Which of the following tools is specifically designed to perform password cracking using rainbow tables?

During a penetration test, you successfully execute a privilege escalation attack by abusing a service running with SYSTEM privileges on a Windows machine. Which of the following techniques is MOST likely being used?

A penetration tester executes the command: snmpwalk -c public -v2c 192.168.1.50. Which of the following BEST describes the purpose of this command?

A security analyst is investigating a compromised Linux system. The /var/log/auth.log file appears to be truncated, and the timestamps on several binaries in /bin/ have been modified. Which of the following tools or techniques is the attacker MOST likely using to cover tracks?

During a penetration test, you discover an LDAP server on port 389 that allows anonymous binds. Which of the following enumeration techniques would provide the MOST comprehensive information about the directory structure?

An attacker has gained access to a Windows server and wants to crack the password hashes extracted from the SAM file. The attacker knows the passwords are complex but wants to maximize speed. Which tool is BEST suited for high-speed password cracking using GPU acceleration?

Which TWO of the following are valid SMTP enumeration commands that can be used to discover valid email addresses? (Select 2)

Which TWO of the following are common tools used for SMB enumeration? (Select 2)

Which THREE of the following are password cracking techniques that can be used with Hashcat? (Select 3)

A security analyst runs `nbtstat -A 192.168.1.10` and receives output showing a table with names like COMPUTER<00>, COMPUTER<20>, and DOMAIN<1B>. What type of information has the analyst gathered?

During a penetration test, you execute the command `enum4linux -a 192.168.1.20`. The output reveals that the 'backup' account has a blank password and belongs to the 'Domain Admins' group. Which phase of the CHPSET methodology does identifying this vulnerability belong to?

A forensic analyst examining a compromised Linux system finds the following entry in /var/log/auth.log: `Mar 15 10:23:45 server sshd[1234]: Accepted password for root from 10.0.0.5 port 54321 ssh2`. However, the analyst also notices that /var/log/auth.log has been truncated and the /etc/ssh/sshd_config file contains `LogLevel QUIET`. Which attack phase is most likely being obscured?

Question 19mediummultiple choice
Read the full NAT/PAT explanation →

An attacker has gained initial access to a Windows system and wants to escalate privileges to SYSTEM. They find that the SeImpersonatePrivilege is enabled for their current user. Which tool or technique is specifically designed to leverage this privilege for elevation?

A system administrator wants to enumerate all users in an Active Directory domain. Which protocol and query technique should they use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Enumeration and System Hacking sessions

Start a Enumeration and System Hacking only practice session

Every question in these sessions is drawn from the Enumeration and System Hacking domain — nothing else.

Related practice questions

Related CEH topic practice pages

Move into related areas when this topic feels solid.

Footprinting, Reconnaissance and Scanning practice questions

Practise CEH questions linked to Footprinting, Reconnaissance and Scanning.

Enumeration and System Hacking practice questions

Practise CEH questions linked to Enumeration and System Hacking.

Malware, Social Engineering and Network Attacks practice questions

Practise CEH questions linked to Malware, Social Engineering and Network Attacks.

Web Application and Injection Attacks practice questions

Practise CEH questions linked to Web Application and Injection Attacks.

Introduction to Ethical Hacking practice questions

Practise CEH questions linked to Introduction to Ethical Hacking.

Scanning Networks and Enumeration practice questions

Practise CEH questions linked to Scanning Networks and Enumeration.

Vulnerability Analysis and System Hacking practice questions

Practise CEH questions linked to Vulnerability Analysis and System Hacking.

Advanced Topics: Wireless, Cloud, IoT, Cryptography practice questions

Practise CEH questions linked to Advanced Topics: Wireless, Cloud, IoT, Cryptography.

Footprinting and Reconnaissance practice questions

Practise CEH questions linked to Footprinting and Reconnaissance.

Network and Web Application Attacks practice questions

Practise CEH questions linked to Network and Web Application Attacks.

Wireless, IoT and Cloud Security practice questions

Practise CEH questions linked to Wireless, IoT and Cloud Security.

Cryptography and Malware Analysis practice questions

Practise CEH questions linked to Cryptography and Malware Analysis.

Frequently asked questions

What does the CEH exam test about Enumeration and System Hacking?
Enumeration and System Hacking questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Enumeration and System Hacking questions in a focused session?
Yes — the session launcher on this page draws every question from the Enumeration and System Hacking domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CEH topics?
Use the topic links above to move to related areas, or go back to the CEH question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CEH exam covers. They are not copied from any real exam or dump site.