Ceh 312 50v10 Certified Ethical Hacker V10 Exam Practice Test - Set 1

Test your knowledge with this Ceh 312 50v10 Certified Ethical Hacker V10 Exam mock exam. Get real-world IT questions and prepare for certification success.

312-50v10: Certified Ethical Hacker v10 (CEH v10) - Exam Information

Exam Information

Exam Code

Ceh 312 50v10 Certified Ethical Hacker V10 Exam

Exam Title

312-50v10: Certified Ethical Hacker v10 (CEH v10)

Vendor

CEH

Difficulty

Advanced

Duration

4 Hours

Question Format

Multiple Choice

Last Updated

March 10, 2025

This version of CEH validates penetration testing expertise using the latest tools and techniques.

Practice Test

Shop Best 312-50v10: Certified Ethical Hacker v10 (CEH v10) Resources Worldwide Amazon

1. What is the primary purpose of ethical hacking?

Identify security vulnerabilities
Develop malware
Perform cybercrimes
Destroy systems

2. Which tool is commonly used for penetration testing?

Metasploit
Wireshark
Norton Antivirus
Windows Defender

3. What is a common objective of social engineering attacks?

Gather sensitive information
Optimize networks
Protect systems
Monitor user activity

4. Which phase of ethical hacking involves gathering publicly available information?

Reconnaissance
Scanning
Exploitation
Reporting

5. Which technique is used to hide malicious code in legitimate programs?

Steganography
Rootkit
Trojan
Sniffing

6. What does a vulnerability scanner do?

Identifies security weaknesses
Blocks unauthorized access
Encrypts data
Monitors network traffic

7. Which port does HTTPS typically use?

443
80
25
22

8. What is the purpose of a honeypot?

Lure attackers and monitor activity
Accelerate network traffic
Backup sensitive data
Manage encryption keys

9. Which attack involves overwhelming a system with traffic to disrupt service?

DDoS
Phishing
Brute force
SQL injection

10. What is the primary goal of penetration testing?

Evaluate security defenses
Install firewalls
Develop software
Generate user reports

11. Which protocol is used for secure remote login?

SSH
FTP
HTTP
Telnet

12. What is the purpose of SQL injection?

Manipulate database queries
Encrypt data
Intercept network traffic
Prevent attacks

13. Which phase of hacking involves exploiting vulnerabilities?

Gaining access
Reconnaissance
Covering tracks
Scanning

14. What does a packet sniffer do?

Captures network traffic
Blocks malware
Erases hard drives
Prevents spam

15. Which method involves guessing passwords to gain access?

Brute-force attack
Phishing
Spoofing
Session hijacking

16. What is the goal of privilege escalation?

Gain higher system access
Monitor system logs
Encrypt data
Disable accounts

17. Which tool is commonly used to crack passwords?

John the Ripper
Burp Suite
Wireshark
Metasploit

18. What is an example of a physical security control?

Biometric access
Firewalls
Encryption
VPN

19. Which type of malware is designed to replicate itself?

Worm
Trojan
Spyware
Ransomware

20. Which encryption method uses the same key for encryption and decryption?

Symmetric encryption
Asymmetric encryption
Hashing
SSL

21. What is the primary purpose of a Security Information and Event Management (SIEM) system?

Centralized log collection and analysis
Network traffic encryption
Malware signature updates
Password policy enforcement

22. Which type of attack involves inserting malicious scripts into trusted websites?

Cross-site scripting (XSS)
ARP poisoning
DNS spoofing
SQL injection

23. What does the principle of "least privilege" recommend?

Grant only necessary permissions to users
Require multi-factor authentication
Encrypt all sensitive data
Disable all unused services

24. Which tool would be most effective for performing a man-in-the-middle attack?

Ettercap
Nmap
Metasploit
John the Ripper

25. What is the primary security risk associated with using Telnet?

Transmits data in cleartext
Uses excessive bandwidth
Lacks authentication
Vulnerable to buffer overflows

26. Which wireless encryption protocol is most secure?

WPA3
WEP
WPA
WPA2

27. What is the primary purpose of the Harvester tool?

Gather email and domain information
Crack passwords
Scan for vulnerabilities
Analyze network traffic

28. Which attack intercepts communication between two parties?

Man-in-the-middle
Phishing
DDoS
SQL injection

29. What does the "ping of death" attack exploit?

Buffer overflow in ICMP
Weak encryption
Default credentials
DNS misconfiguration

30. Which Linux command shows active network connections?

netstat
ifconfig
traceroute
nslookup

31. What port does DNS typically use?

53
80
443
22

32. Which tool is used for ARP spoofing?

arpspoof
nmap
sqlmap
hydra

33. What is the purpose of a DMZ?

Isolate public-facing services
Store backups
Monitor employees
Filter spam

34. Which protocol is vulnerable to sniffing?

HTTP
HTTPS
SSH
SFTP

35. What does NAC stand for in network security?

Network Access Control
Network Authentication Certificate
Node Access Configuration
Network Address Conversion

36. Which tool is specifically designed for SQL injection?

sqlmap
metasploit
wireshark
john

37. What is the main defense against CSRF attacks?

Anti-CSRF tokens
Input validation
WAF
HTTPS

38. Which HTTP header helps prevent XSS?

Content-Security-Policy
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options

39. What is the purpose of Burp Suite?

Web application testing
Network scanning
Password cracking
Malware analysis

40. Which attack exploits file inclusion vulnerabilities?

LFI/RFI
XSS
CSRF
SSRF

41. Which algorithm is used for asymmetric encryption?

RSA
AES
3DES
Blowfish

42. What is the key length of AES-256?

256 bits
128 bits
512 bits
1024 bits

43. Which cryptographic concept ensures data integrity?

Hashing
Encryption
Steganography
Obfuscation

44. What does PKI stand for?

Public Key Infrastructure
Private Key Integration
Protected Key Implementation
Personal Key Identification

45. Which protocol provides perfect forward secrecy?

TLS 1.3
SSL 3.0
TLS 1.0
SSH 1.0

46. What is the primary characteristic of a trojan?

Disguised as legitimate software
Self-replicating
Encrypts files for ransom
Spreads through networks

47. Which tool is used for static malware analysis?

PEiD
Wireshark
Nmap
Metasploit

48. What is the purpose of a sandbox in malware analysis?

Execute suspicious code safely
Encrypt malware samples
Distribute honeypots
Monitor network traffic

49. Which malware type encrypts files for ransom?

Ransomware
Spyware
Adware
Rootkit

50. What does C2 stand for in malware context?

Command and Control
Cryptography and Ciphering
Compression and Conversion
Code and Compilation

51. Which tool is used for wireless packet capture?

Airodump-ng
Nmap
Sqlmap
John

52. What is the purpose of the "strings" command?

Extract text from binaries
Analyze network strings
Test password strength
Monitor system calls

53. Which attack bypasses authentication using hashes?

Pass-the-hash
SQL injection
XSS
CSRF

54. What does IDS stand for?

Intrusion Detection System
Internet Data Security
Integrated Defense System
Intrusion Defense Solution

55. Which Linux directory contains log files?

/var/log
/etc
/bin
/usr

56. What is the final phase of ethical hacking?

Reporting
Scanning
Exploitation
Maintaining access

57. Which document defines testing scope?

Rules of Engagement
Non-Disclosure Agreement
Penetration Test Report
Vulnerability Assessment

58. What is the purpose of OSINT?

Gather publicly available information
Exploit zero-day vulnerabilities
Bypass firewalls
Crack encryption

59. Which tool is used for vulnerability scanning?

Nessus
Metasploit
Wireshark
John

60. What does PTES stand for?

Penetration Testing Execution Standard
Professional Technical Ethical Security
Post-Test Evaluation System
PenTest Engagement Strategy

61. Which cloud service model provides OS control?

IaaS
SaaS
PaaS
FaaS

62. What is the main risk of misconfigured S3 buckets?

Data exposure
DDoS attacks
Account hijacking
Cryptojacking

63. Which tool checks for AWS misconfigurations?

Prowler
Nmap
Metasploit
Burp Suite

64. What does CASB stand for?

Cloud Access Security Broker
Cloud Application Security Baseline
Certified AWS Security Benchmark
Cloud Authentication Security Bridge

65. Which cloud attack exploits metadata service?

SSRF
XSS
CSRF
SQLi

66. Which protocol is common in IoT devices?

MQTT
HTTP
FTP
SMTP

67. What is the main risk of default IoT credentials?

Unauthorized access
Data corruption
Network congestion
Firmware corruption

68. Which tool analyzes IoT firmware?

Binwalk
Wireshark
Nmap
John

69. What is Shodan primarily used for?

IoT device search
Password cracking
Network scanning
Vulnerability assessment

70. Which attack targets industrial control systems?

Stuxnet
Mirai
WannaCry
NotPetya

71. Which tool is used for mobile app analysis?

MobSF
Burp Suite
Nmap
Metasploit

72. What is the main risk of insecure data storage?

Data leakage
Battery drain
Network congestion
App crashes

73. Which Android file contains app permissions?

AndroidManifest.xml
build.gradle
strings.xml
config.json

74. What does Frida tool do?

Dynamic instrumentation
Network scanning
Reverse engineering
Vulnerability scanning

75. Which iOS vulnerability allowed jailbreaking?

Zero-day exploits
Buffer overflows
SQL injection
CSRF

76. What is the first rule of digital forensics?

Preserve evidence
Make copies
Analyze quickly
Report findings

77. Which tool creates disk images?

FTK Imager
Wireshark
Nmap
Metasploit

78. What does RAM analysis reveal?

Running processes
Deleted files
Disk partitions
File system structure

79. Which Windows registry contains user activity?

NTUSER.DAT
SAM
SECURITY
SYSTEM

80. What is the purpose of a write blocker?

Prevent evidence tampering
Stop malware
Encrypt data
Analyze packets

81. Which regulation protects health data?

HIPAA
PCI DSS
SOX
GDPR

82. What does GDPR stand for?

General Data Protection Regulation
Global Data Privacy Rules
Government Data Protection Requirements
General Digital Privacy Rights

83. Which standard applies to credit cards?

PCI DSS
ISO 27001
NIST CSF
SOC 2

84. What is the purpose of SOX compliance?

Financial reporting accuracy
Data privacy
Network security
Incident response

85. Which framework is for critical infrastructure?

NIST CSF
ISO 27001
COBIT
ITIL

86. What does APT stand for?

Advanced Persistent Threat
Automated Penetration Testing
Application Protocol Testing
Admin Privilege Takeover

87. Which attack uses AI to mimic voices?

Deepfake
Phishing
Vishing
Smishing

88. What is cryptojacking?

Unauthorized cryptocurrency mining
Stealing crypto wallets
Cracking encryption
Fake cryptocurrency

89. Which threat uses supply chain compromise?

SolarWinds attack
WannaCry
Mirai
Stuxnet

90. What is fileless malware?

Runs in memory only
Hides in images
Uses steganography
Avoids detection

91. Which tool analyzes PDF malware?

PDFid
Wireshark
Nmap
Metasploit

92. What is the purpose of YARA rules?

Malware pattern matching
Network scanning
Password cracking
Vulnerability assessment

93. Which technique bypasses biometrics?

Spoofing
Phishing
Brute force
SQL injection

94. What does VDI stand for?

Virtual Desktop Infrastructure
Vulnerability Detection and Identification
Verified Data Integrity
Virtual Data Interceptor

95. Which control prevents tailgating?

Mantrap
Firewall
Antivirus
VPN

96. What is the purpose of TPM?

Hardware-based security
Traffic monitoring
Password management
Network scanning

97. Which attack bypasses MFA?

SIM swapping
Phishing
DDoS
SQL injection

98. What is the main risk of shadow IT?

Unauthorized systems
Slow performance
Data corruption
Network congestion

99. Which tool analyzes Windows memory dumps?

Volatility
Wireshark
Nmap
Burp Suite

100. What is the purpose of a canary token?

Detect unauthorized access
Encrypt data
Authenticate users
Scan networks

101. Which framework is for cloud security?

CSA STAR
NIST CSF
ISO 27001
PCI DSS

102. What is the main risk of deprecated TLS?

Known vulnerabilities
Slow performance
Incompatibility
High cost

103. Which tool intercepts Bluetooth traffic?

Ubertooth
Aircrack-ng
Wireshark
Nmap

104. What is the purpose of a Faraday cage?

Block electromagnetic signals
Store backups
Cool servers
Filter network traffic

105. Which attack exploits race conditions?

TOCTOU
Phishing
DDoS
SQL injection

106. What does DLP stand for?

Data Loss Prevention
Digital License Protection
Disk Level Protection
Data Leakage Protocol

107. Which tool analyzes BIOS vulnerabilities?

CHIPSEC
Nmap
Metasploit
John

108. What is the main risk of insufficient logging?

Difficulty investigating incidents
Malware infection
Data corruption
Network congestion

109. Which protocol is vulnerable to KRACK?

WPA2
WEP
WPA3
SSL

110. What is the purpose of the OWASP Top 10?

List critical web vulnerabilities
Rank security tools
Certify professionals
Standardize encryption

111. Which attack exploits padding oracles?

Padding oracle attack
XSS
CSRF
SQLi

112. What is the purpose of Shodan?

Search internet-connected devices
Analyze malware
Crack passwords
Scan networks

113. Which tool is used for firmware analysis?

Binwalk
Wireshark
Nmap
Burp Suite

114. What is the main risk of insufficient entropy?

Weak cryptographic keys
Slow performance
Data corruption
Network congestion

115. Which framework is for industrial systems?

IEC 62443
NIST CSF
ISO 27001
PCI DSS

The Ceh 312 50v10 Certified Ethical Hacker V10 Exam certification is a globally recognized credential for IT professionals. This practice test helps you prepare by covering key topics like hardware, networking, troubleshooting, and security.

Want more practice? Check out our other mock exams:

Ceh Ec Ethical Hacking And Countermeasures V
Ceh Certified Ethical Hacker Exam V
Ceh Ec Ethical Hacking And Countermeasures V
Ceh Certified Ethical Hacker V
Ceh Certified Ethical Hacker V Exam
Ceh Certified Ethical Hacker V Exam

Support

📧 Email Support ❓ FAQ 📞 Contact Us

Legal

📄 Terms & Refund Policy 🔒 Privacy Policy ⚖️ DMCA

Company

👥 About Us 🗺️ Sitemap

Connect With Us

Follow for IT lab tutorials & certification updates

© 2025 ITCertRocket.com - Hands-On IT Lab Exercises & Certification Prep. All rights reserved.