CEH · topic practice

Social Engineering and Physical Security practice questions

Practise Certified Ethical Hacker CEH Social Engineering and Physical Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
17 questionsDomain: Social Engineering and Physical Security

What the exam tests

What to know about Social Engineering and Physical Security

Social Engineering and Physical Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Social Engineering and Physical Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Social Engineering and Physical Security questions

17 questions · select your answer, then reveal the explanation

A penetration tester is assessing an organization's physical security. The tester wants to gain unauthorized access to a secured server room that uses a biometric fingerprint scanner. Which of the following techniques would be MOST effective for bypassing the biometric scanner?

During a social engineering engagement, a tester calls the help desk posing as an employee from the IT department. The tester claims to be working on a critical system update and needs the employee's password to proceed. Which type of social engineering attack is being executed?

Which of the following is the BEST defense against tailgating attacks in a secure facility?

An employee receives an email that appears to be from the CEO, asking the employee to urgently wire funds to a vendor. The email address is slightly misspelled. What type of social engineering attack is this?

Which TWO of the following are effective methods to prevent dumpster diving attacks? (Choose two.)

Which THREE of the following are common indicators of a social engineering attack? (Choose three.)

Refer to the exhibit. A security analyst runs ping and arp commands. What is the most likely attack occurring?

Network Topology
Interface:0x4Refer to the exhibit.C:\Users\Admin>ping 10.0.0.1Ping statistics for 10.0.0.1:C:\Users\Admin>arp -aInternet Address Physical Address Type192.168.1.1 aa-bb-cc-11-22-33 dynamic10.0.0.1 aa-bb-cc-11-22-33 dynamic192.168.1.102 dd-ee-ff-44-55-66 dynamic

You are a security consultant hired by a mid-sized company with 500 employees. The company has a central office with a lobby, reception, and two secure areas: the server room (requires keycard and PIN) and the executive floor (requires keycard only). Recently, employees have reported seeing unfamiliar people in restricted areas. Security logs show keycard access for the server room only during business hours, but no anomalies. However, the executive floor logs show multiple entries by a single employee, John from Sales, at odd hours. John claims he was working late. The company has a policy that all employees must wear ID badges visibly. You observe that employees often hold doors open for colleagues, and the receptionist does not verify visitor badges. Which of the following actions should you recommend FIRST to address the most likely attack vector?

A penetration tester calls an employee claiming to be from the IT help desk and asks for their password to perform a 'security update'. The employee provides the password. Which social engineering technique is being used?

Which TWO of the following are effective physical security controls to prevent tailgating?

Refer to the exhibit. An attacker gains access to the user's workstation and wants to find a file containing passwords. Which file is most likely to contain credentials?

Exhibit

Refer to the exhibit.

Exhibit:
C:\Users\jdoe> net user jdoe /domain
The request will be processed at a domain controller for domain corp.xyz.com.

User name                    jdoe
Full Name                    John Doe
Comment
User's comment
Country code                 001 (United States)
Account active               Yes
Account expires              Never

Password last set            6/15/2024 9:30:00 AM
Password expires             9/13/2024 9:30:00 AM
Password changeable          6/16/2024 9:30:00 AM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script                 logon.bat
User profile
Home directory               \\fileserver\home\jdoe
Last logon                   7/10/2024 2:15:00 PM

Logon hours allowed          All

Local Group Memberships      *Domain Users
Global Group memberships     *Domain Users
The command completed successfully.
Question 12hardmultiple choice
Read the full NAT/PAT explanation →

A security auditor is assessing the physical security of a corporate office building that houses a data center. The building has a single main entrance with a reception desk staffed during business hours (8 AM to 6 PM). After hours, employees use a keycard reader to access the building. The data center itself requires a separate keycard and a 6-digit PIN. The auditor notices that during lunch hours (12-1 PM), the reception desk is often unattended, and employees frequently hold the door for others to avoid using their keycard. Additionally, a recent social engineering test revealed that an attacker was able to call the help desk, claim to be a new employee, and request a password reset, which was granted without proper verification. Based on this scenario, which of the following is the MOST effective combination of controls to mitigate both the physical and social engineering weaknesses?

An organization is implementing a social engineering defense program. Which TWO measures are most effective in reducing the risk of phishing attacks? (Choose two.)

Question 14hardmultiple choice
Review the full subnetting walkthrough →

Refer to the exhibit. A security analyst reviews the firewall log and notices that user jdoe accessed a file server via SMB (port 445) from an internal IP (10.0.0.45) that is not the usual file server subnet. Which type of social engineering attack is most likely being attempted?

Exhibit

Refer to the exhibit.

```
Firewall Log:
Date: 2023-10-12
Time: 14:23:45
Source IP: 10.0.0.45
Destination IP: 192.168.1.100
Protocol: TCP
Port: 445
Action: ALLOW
User: jdoe
Reason: Rule ID 3 (SMB access to file server)
```

Exhibit:

You are a security consultant for a mid-sized company with 500 employees. The company has a secure data center with a biometric access control system. Recently, a contractor was able to enter the data center without authorization by claiming he forgot his badge and an employee held the door for him. The contractor then accessed sensitive servers and exfiltrated data. The company wants to prevent such incidents. Which physical security control would be most effective in preventing this type of attack?

Drag and drop the steps to perform a successful social engineering attack in a penetration test into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each wireless attack to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Exploiting weak encryption in older Wi-Fi

Rogue access point mimicking a legitimate one

Forcing clients to disconnect from AP

Intercepting the 4-way handshake for cracking

Unauthorized access to Bluetooth devices

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Social Engineering and Physical Security sessions

Start a Social Engineering and Physical Security only practice session

Every question in these sessions is drawn from the Social Engineering and Physical Security domain — nothing else.

Related practice questions

Related CEH topic practice pages

Move into related areas when this topic feels solid.

Footprinting, Reconnaissance and Scanning practice questions

Practise CEH questions linked to Footprinting, Reconnaissance and Scanning.

Enumeration and System Hacking practice questions

Practise CEH questions linked to Enumeration and System Hacking.

Malware, Social Engineering and Network Attacks practice questions

Practise CEH questions linked to Malware, Social Engineering and Network Attacks.

Web Application and Injection Attacks practice questions

Practise CEH questions linked to Web Application and Injection Attacks.

Introduction to Ethical Hacking practice questions

Practise CEH questions linked to Introduction to Ethical Hacking.

Scanning Networks and Enumeration practice questions

Practise CEH questions linked to Scanning Networks and Enumeration.

Vulnerability Analysis and System Hacking practice questions

Practise CEH questions linked to Vulnerability Analysis and System Hacking.

Advanced Topics: Wireless, Cloud, IoT, Cryptography practice questions

Practise CEH questions linked to Advanced Topics: Wireless, Cloud, IoT, Cryptography.

Footprinting and Reconnaissance practice questions

Practise CEH questions linked to Footprinting and Reconnaissance.

Network and Web Application Attacks practice questions

Practise CEH questions linked to Network and Web Application Attacks.

Wireless, IoT and Cloud Security practice questions

Practise CEH questions linked to Wireless, IoT and Cloud Security.

Cryptography and Malware Analysis practice questions

Practise CEH questions linked to Cryptography and Malware Analysis.

Frequently asked questions

What does the CEH exam test about Social Engineering and Physical Security?
Social Engineering and Physical Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Social Engineering and Physical Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Social Engineering and Physical Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CEH topics?
Use the topic links above to move to related areas, or go back to the CEH question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CEH exam covers. They are not copied from any real exam or dump site.