CEH · topic practice

Malware, Social Engineering and Network Attacks practice questions

Practise Certified Ethical Hacker CEH Malware, Social Engineering and Network Attacks practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Malware, Social Engineering and Network Attacks

What the exam tests

What to know about Malware, Social Engineering and Network Attacks

Malware, Social Engineering and Network Attacks questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Malware, Social Engineering and Network Attacks exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Malware, Social Engineering and Network Attacks questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full NAT/PAT explanation →

A security analyst notices a high volume of ICMP Echo Reply packets on the network. The source IPs are varied, but the destination IP is the same. Which type of attack is MOST likely occurring?

A user receives a phone call from someone claiming to be from IT support, asking for their password to troubleshoot an issue. Which social engineering technique is being used?

Which tool would a penetration tester MOST likely use to perform ARP poisoning and conduct a man-in-the-middle attack on a local network?

Question 4hardmultiple choice
Read the full NAT/PAT explanation →

An analyst observes the following output from Wireshark: a TCP packet with the SYN flag set, followed by a SYN-ACK, then an ACK, and then a RST. The sequence numbers show a pattern: initial seq=100, ack=300, then seq=300, ack=101. What is the MOST likely interpretation?

Question 5mediummultiple choice
Read the full NAT/PAT explanation →

A security team discovers a file named 'svchost.exe' in a user's Temp folder. The file is signed by 'Microsoft Corporation' but the digital signature validation fails. Which analysis method should be used FIRST to determine if it's malicious?

An organization is experiencing repeated DDoS attacks that consume all available bandwidth. Which mitigation technique is MOST effective for handling such volumetric attacks?

Which type of malware is characterized by self-replication and spreading across networks without needing a host file?

A penetration tester uses the Social Engineering Toolkit (SET) to create a malicious USB drive that autoruns when inserted. Which social engineering technique is being employed?

Question 9hardmultiple choice
Read the full DNS explanation →

An IDS alerts on a large number of outbound DNS queries from an internal host to a suspicious domain. The queries have random subdomains and the response size is large. Which attack is MOST likely in progress?

Which type of malware encrypts the victim's files and demands payment for the decryption key?

A network administrator notices that the switch's CAM table is full, causing the switch to flood all incoming traffic out of all ports. Which attack is MOST likely occurring?

Question 12hardmultiple choice
Read the full NAT/PAT explanation →

During a penetration test, you capture the following output: 'HTTP/1.1 200 OK ... Set-Cookie: sessionid=abc123; path=/'. You then send a request with a modified cookie value 'sessionid=abc124' and receive a valid session. Which type of vulnerability has been exploited?

Which TWO of the following are characteristics of a polymorphic virus? (Select 2)

Which THREE of the following are effective DDoS mitigation techniques? (Select 3)

Which TWO of the following are examples of application-layer DDoS attacks? (Select 2)

A security analyst receives an alert indicating that a host on the internal network is sending a high volume of ICMP echo requests to multiple external IP addresses. The analyst notices that the source IP address is spoofed. Which type of attack is MOST likely occurring?

Which of the following tools is specifically designed for ARP poisoning and can be used to perform man-in-the-middle attacks on a local network?

A system administrator notices unusual outbound traffic from a server on port 4444. The server has no legitimate service listening on that port. A malware analyst runs 'strings' on a suspicious binary and finds a reference to 'cmd.exe /c' and an IP address. What type of malware is MOST likely present?

An organization wants to test its employees' susceptibility to social engineering by sending fake emails that appear to come from the IT department, requesting password resets. Which tool would be MOST effective for conducting this test?

A security team observes that a switch's MAC address table is full, and the switch has started flooding unicast traffic to all ports. Which attack has MOST likely been performed?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Malware, Social Engineering and Network Attacks sessions

Start a Malware, Social Engineering and Network Attacks only practice session

Every question in these sessions is drawn from the Malware, Social Engineering and Network Attacks domain — nothing else.

Related practice questions

Related CEH topic practice pages

Move into related areas when this topic feels solid.

Footprinting, Reconnaissance and Scanning practice questions

Practise CEH questions linked to Footprinting, Reconnaissance and Scanning.

Enumeration and System Hacking practice questions

Practise CEH questions linked to Enumeration and System Hacking.

Malware, Social Engineering and Network Attacks practice questions

Practise CEH questions linked to Malware, Social Engineering and Network Attacks.

Web Application and Injection Attacks practice questions

Practise CEH questions linked to Web Application and Injection Attacks.

Introduction to Ethical Hacking practice questions

Practise CEH questions linked to Introduction to Ethical Hacking.

Scanning Networks and Enumeration practice questions

Practise CEH questions linked to Scanning Networks and Enumeration.

Vulnerability Analysis and System Hacking practice questions

Practise CEH questions linked to Vulnerability Analysis and System Hacking.

Advanced Topics: Wireless, Cloud, IoT, Cryptography practice questions

Practise CEH questions linked to Advanced Topics: Wireless, Cloud, IoT, Cryptography.

Footprinting and Reconnaissance practice questions

Practise CEH questions linked to Footprinting and Reconnaissance.

Network and Web Application Attacks practice questions

Practise CEH questions linked to Network and Web Application Attacks.

Wireless, IoT and Cloud Security practice questions

Practise CEH questions linked to Wireless, IoT and Cloud Security.

Cryptography and Malware Analysis practice questions

Practise CEH questions linked to Cryptography and Malware Analysis.

Frequently asked questions

What does the CEH exam test about Malware, Social Engineering and Network Attacks?
Malware, Social Engineering and Network Attacks questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Malware, Social Engineering and Network Attacks questions in a focused session?
Yes — the session launcher on this page draws every question from the Malware, Social Engineering and Network Attacks domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CEH topics?
Use the topic links above to move to related areas, or go back to the CEH question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CEH exam covers. They are not copied from any real exam or dump site.