1. What is the latest enhancement in CEH v13?
Updated security methodologies
Outdated cryptographic techniques
Weaker encryption methods
Less emphasis on penetration testing
Show Answer
✅ Correct Answer: Updated security methodologies
2. Which attack type is covered in CEH v13?
AI-based cyber threats
Obsolete hacking strategies
Less secure network designs
Physical security only
Show Answer
✅ Correct Answer: AI-based cyber threats
3. Which emerging technology is a focus in CEH v13?
IoT vulnerabilities
Legacy systems
Older malware variants
Obsolete databases
Show Answer
✅ Correct Answer: IoT vulnerabilities
4. Which updated hacking technique is included in CEH v13?
Advanced social engineering
Manual port scanning
Unpatched systems only
Outdated exploits
Show Answer
✅ Correct Answer: Advanced social engineering
5. What is a primary objective of ethical hacking?
Identify security weaknesses
Damage systems
Steal information
Avoid detection
Show Answer
✅ Correct Answer: Identify security weaknesses
6. Which phase of ethical hacking involves maintaining persistent access?
Maintaining access
Covering tracks
Reconnaissance
Exploitation
Show Answer
✅ Correct Answer: Maintaining access
7. Which tool is commonly used for packet sniffing?
Wireshark
Nmap
Metasploit
Aircrack-ng
Show Answer
✅ Correct Answer: Wireshark
8. What is the purpose of an Intrusion Detection System (IDS)?
Monitor and alert on suspicious activities
Block malicious traffic
Encrypt communications
Patch vulnerabilities
Show Answer
✅ Correct Answer: Monitor and alert on suspicious activities
9. Which attack exploits unvalidated input to manipulate a database?
SQL Injection
Cross-site scripting
Phishing
Session hijacking
Show Answer
✅ Correct Answer: SQL Injection
10. What is the main goal of social engineering attacks?
Trick people into revealing confidential information
Exploit hardware vulnerabilities
Crack encryption
Destroy network infrastructure
Show Answer
✅ Correct Answer: Trick people into revealing confidential information
11. Which type of malware is designed to demand ransom from users?
Ransomware
Trojan
Spyware
Adware
Show Answer
✅ Correct Answer: Ransomware
12. Which port is commonly used by HTTPS?
Show Answer
✅ Correct Answer: 443
13. What is the function of a vulnerability scanner?
Identify security weaknesses
Block malicious traffic
Encrypt data
Delete malware
Show Answer
✅ Correct Answer: Identify security weaknesses
14. Which tool is often used for password cracking?
John the Ripper
Wireshark
Nmap
Burp Suite
Show Answer
✅ Correct Answer: John the Ripper
15. What is the purpose of steganography in hacking?
Conceal information within other data
Encrypt traffic
Delete logs
Detect malware
Show Answer
✅ Correct Answer: Conceal information within other data
16. Which technique is used to obscure the presence of malicious code?
Code obfuscation
Port scanning
Traffic filtering
Session hijacking
Show Answer
✅ Correct Answer: Code obfuscation
17. Which method is commonly used for bypassing firewalls?
Tunneling
Port scanning
DDoS attacks
Phishing
Show Answer
✅ Correct Answer: Tunneling
18. What is the primary goal of penetration testing?
Identify and exploit vulnerabilities
Damage internal systems
Prevent physical access
Encrypt sensitive data
Show Answer
✅ Correct Answer: Identify and exploit vulnerabilities
19. Which tool is widely used for automated exploitation?
Metasploit
Nmap
Aircrack-ng
Burp Suite
Show Answer
✅ Correct Answer: Metasploit
20. What is the main purpose of covering tracks in ethical hacking?
Erase evidence of compromise
Gain access to sensitive data
Identify vulnerabilities
Analyze network traffic
Show Answer
✅ Correct Answer: Erase evidence of compromise
21. Which API security vulnerability involves excessive data exposure?
Over-fetching
Broken Object Level Authorization
Mass Assignment
Improper Assets Management
Show Answer
✅ Correct Answer: Over-fetching
22. What does MITRE ATT&CK framework primarily document?
Adversary tactics and techniques
Vulnerability scoring
Encryption standards
Firewall configurations
Show Answer
✅ Correct Answer: Adversary tactics and techniques
23. Which cloud attack exploits misconfigured storage buckets?
S3 bucket hijacking
VM escape
Hyperjacking
Container breakouts
Show Answer
✅ Correct Answer: S3 bucket hijacking
24. What is the primary risk of exposed Kubernetes API servers?
Cluster compromise
Data corruption
Network slowdown
DNS leaks
Show Answer
✅ Correct Answer: Cluster compromise
25. Which tool is used for analyzing firmware vulnerabilities?
Firmwalker
Radare2
Ghidra
IDA Pro
Show Answer
✅ Correct Answer: Firmwalker
26. What does "living off the land" (LOTL) refer to?
Using legitimate system tools for malicious purposes
Exploiting zero-day vulnerabilities
Physical security breaches
Cloud-based attacks
Show Answer
✅ Correct Answer: Using legitimate system tools for malicious purposes
27. Which attack exploits serverless function vulnerabilities?
Event injection
Cold start attacks
Function hijacking
API gateway spoofing
Show Answer
✅ Correct Answer: Event injection
28. What is the primary purpose of the Sliver C2 framework?
Post-exploitation operations
Password cracking
Network scanning
Log analysis
Show Answer
✅ Correct Answer: Post-exploitation operations
29. Which technique bypasses EDR solutions?
Direct system calls
MAC randomization
IP fragmentation
TCP window scaling
Show Answer
✅ Correct Answer: Direct system calls
30. What does "ISO dropping" deliver?
Malicious disk images
Firmware updates
BIOS exploits
GPU rootkits
Show Answer
✅ Correct Answer: Malicious disk images
31. Which attack exploits WebSocket protocols?
WS-hijacking
HTML smuggling
DNS rebinding
JPEG steganography
Show Answer
✅ Correct Answer: WS-hijacking
32. What is the primary risk of exposed GraphQL interfaces?
Data over-fetching
DDoS amplification
Email spoofing
BIOS corruption
Show Answer
✅ Correct Answer: Data over-fetching
33. Which tool analyzes APK files?
JADX
Radare2
Ghidra
IDA Pro
Show Answer
✅ Correct Answer: JADX
34. What does "quishing" target?
QR code phishing
Quantum cryptography
Quick Response systems
Query parameter tampering
Show Answer
✅ Correct Answer: QR code phishing
35. Which attack exploits CPU speculative execution?
Spectre
Heartbleed
Shellshock
DROWN
Show Answer
✅ Correct Answer: Spectre
36. What is the purpose of the Karonte tool?
Analyzing firmware inter-component communication
Cracking WPA3
Bypassing DEP
Intercepting BLE
Show Answer
✅ Correct Answer: Analyzing firmware inter-component communication
37. Which technique bypasses hardware security modules?
Side-channel attacks
Buffer overflows
SQL injection
XSS
Show Answer
✅ Correct Answer: Side-channel attacks
38. What does "living off trusted sites" (LOTS) involve?
Abusing legitimate cloud services for C2
Exploiting zero-days in browsers
Hijacking CDN resources
Spoofing TLS certificates
Show Answer
✅ Correct Answer: Abusing legitimate cloud services for C2
39. Which attack exploits DNS rebinding?
Bypassing same-origin policy
Cache poisoning
NXDOMAIN flooding
TXT record injection
Show Answer
✅ Correct Answer: Bypassing same-origin policy
40. What is the primary risk of exposed Redis instances?
Unauthorized command execution
Data corruption
Network flooding
DNS leaks
Show Answer
✅ Correct Answer: Unauthorized command execution
41. Which attack exploits WebCache poisoning?
Abusing CDN caching behaviors
SQL injection
XSS
CSRF
Show Answer
✅ Correct Answer: Abusing CDN caching behaviors
42. What is the purpose of the PE-sieve tool?
Detecting code injections
Cracking ZIP files
Mapping networks
Analyzing logs
Show Answer
✅ Correct Answer: Detecting code injections
43. Which technique bypasses biometric authentication?
3D-printed facial recognition spoofing
RFID cloning
Shoulder surfing
Thermal residue analysis
Show Answer
✅ Correct Answer: 3D-printed facial recognition spoofing
44. What is the primary risk of exposed Jenkins instances?
Pipeline compromise
Data corruption
Network sniffing
DNS rebinding
Show Answer
✅ Correct Answer: Pipeline compromise
45. Which tool is used for analyzing EV certificates?
CertCheck
OpenSSL
Wireshark
Nmap
Show Answer
✅ Correct Answer: CertCheck
46. What does "browser pivoting" enable?
Using victim browser sessions
Exploiting Chrome zero-days
Bypassing CSP
Hijacking WebRTC
Show Answer
✅ Correct Answer: Using victim browser sessions
47. Which tool is used for analyzing .NET malware?
dnSpy
IDA Pro
Wireshark
Metasploit
Show Answer
✅ Correct Answer: dnSpy
48. What is the primary risk of exposed S3 buckets?
Data leakage
Compute resource theft
DNS hijacking
Email spoofing
Show Answer
✅ Correct Answer: Data leakage
49. Which attack exploits insecure JWT implementations?
None algorithm attack
XML bombing
HTTP request smuggling
SMTP injection
Show Answer
✅ Correct Answer: None algorithm attack
50. What is the purpose of the KioskBreak tool?
Escaping restricted kiosk modes
Cracking BitLocker
Bypassing 2FA
Intercepting NFC
Show Answer
✅ Correct Answer: Escaping restricted kiosk modes
51. Which technique bypasses MFA?
Session cookie theft
Credential stuffing
ARP spoofing
DNS tunneling
Show Answer
✅ Correct Answer: Session cookie theft
52. What does "scareware" typically do?
Fake antivirus alerts
Encrypt files silently
Steal cookies
Modify BIOS
Show Answer
✅ Correct Answer: Fake antivirus alerts
53. Which tool is used for analyzing PowerShell attacks?
PSDecode
Volatility
Radare2
Ghidra
Show Answer
✅ Correct Answer: PSDecode
54. What is the purpose of the Dufflebag tool?
Analyzing exposed EBS snapshots
Cracking WPS
Intercepting BLE
Fuzzing APIs
Show Answer
✅ Correct Answer: Analyzing exposed EBS snapshots
55. Which technique evades ASMI protections?
Return-oriented programming (ROP)
Heap spraying
Format string attacks
NOP sleds
Show Answer
✅ Correct Answer: Return-oriented programming (ROP)
56. What does "formjacking" target?
Web form data theft
Database corruption
Email headers
API endpoints
Show Answer
✅ Correct Answer: Web form data theft
57. Which tool is used for analyzing iOS applications?
Objection
Wireshark
Metasploit
Sqlmap
Show Answer
✅ Correct Answer: Objection
58. What is the primary risk of VBA macro-enabled documents?
Delivering malware
Corrupting files
Stealing printer data
Bypassing firewalls
Show Answer
✅ Correct Answer: Delivering malware
59. Which attack exploits insecure deserialization?
Object injection
XML bombing
HTTP request smuggling
SMTP injection
Show Answer
✅ Correct Answer: Object injection
60. What is the purpose of the BloodHound tool?
Mapping Active Directory attack paths
Cracking NTLM hashes
Intercepting GSM traffic
Analyzing JavaScript
Show Answer
✅ Correct Answer: Mapping Active Directory attack paths
61. Which technique evades heuristic analysis?
Code obfuscation
MAC spoofing
Port knocking
SSL stripping
Show Answer
✅ Correct Answer: Code obfuscation
62. What does "SIM swapping" exploit?
Mobile carrier verification flaws
Bluetooth vulnerabilities
NFC weaknesses
Baseband processor bugs
Show Answer
✅ Correct Answer: Mobile carrier verification flaws
63. Which tool is used for binary diffing?
BinDiff
Burp Suite
Nmap
Aircrack-ng
Show Answer
✅ Correct Answer: BinDiff
64. What is the primary risk of exposed Docker APIs?
Container escape
Data corruption
Network slowdowns
DNS leaks
Show Answer
✅ Correct Answer: Container escape
65. Which attack exploits HTTP request smuggling?
CL.TE vulnerabilities
XML injection
JSON hijacking
SOAP poisoning
Show Answer
✅ Correct Answer: CL.TE vulnerabilities
66. What is the purpose of the Ghidra tool?
Reverse engineering binaries
Password spraying
Traffic analysis
Vulnerability scanning
Show Answer
✅ Correct Answer: Reverse engineering binaries
67. Which technique bypasses WAFs?
Obfuscated SQLi
MAC flooding
ARP spoofing
ICMP tunneling
Show Answer
✅ Correct Answer: Obfuscated SQLi
68. What does "vishing" refer to?
Voice phishing
Video call hijacking
Virtual machine escapes
VPN credential theft
Show Answer
✅ Correct Answer: Voice phishing
69. Which tool is used for analyzing ransomware?
Cuckoo Sandbox
Nikto
TShark
Snort
Show Answer
✅ Correct Answer: Cuckoo Sandbox
70. Which attack exploits server-side template injection?
Show Answer
✅ Correct Answer: SSTI
71. What is the purpose of the Covenant C2 framework?
Command and control operations
Password cracking
Vulnerability scanning
Traffic analysis
Show Answer
✅ Correct Answer: Command and control operations
72. Which technique hides network traffic in DNS queries?
DNS tunneling
ICMP covert channel
HTTP smuggling
ARP spoofing
Show Answer
✅ Correct Answer: DNS tunneling
73. What does "Bluejacking" involve?
Sending unsolicited Bluetooth messages
Exploiting Bluetooth stack flaws
Cracking Bluetooth PINs
Spoofing BLE devices
Show Answer
✅ Correct Answer: Sending unsolicited Bluetooth messages
74. Which tool is used for analyzing Android malware?
MobSF
OllyDbg
IDA Pro
Radare2
Show Answer
✅ Correct Answer: MobSF
75. What is the primary risk of SS7 vulnerabilities?
Cellular network interception
Wi-Fi cracking
Email spoofing
Database injection
Show Answer
✅ Correct Answer: Cellular network interception
76. What is the purpose of the Frida dynamic instrumentation toolkit?
Runtime application analysis
Network mapping
Password recovery
Log analysis
Show Answer
✅ Correct Answer: Runtime application analysis
77. Which technique bypasses ASLR?
Return-oriented programming (ROP)
NOP sleds
Heap spraying
Format string attacks
Show Answer
✅ Correct Answer: Return-oriented programming (ROP)
78. What does Kerberoasting target?
Active Directory service accounts
Linux root privileges
Wi-Fi networks
Web application sessions
Show Answer
✅ Correct Answer: Active Directory service accounts
79. Which tool is used for fuzzing applications?
American Fuzzy Lop (AFL)
John the Ripper
Tcpdump
Nikto
Show Answer
✅ Correct Answer: American Fuzzy Lop (AFL)
80. What is the primary risk of USB drop attacks?
Malware execution via autorun
Data theft through RFID
Network sniffing
BIOS-level compromises
Show Answer
✅ Correct Answer: Malware execution via autorun
81. Which technique bypasses signature-based antivirus?
Polymorphic code
MAC spoofing
IP fragmentation
SSL stripping
Show Answer
✅ Correct Answer: Polymorphic code
82. What does "credential stuffing" exploit?
Password reuse across services
Weak encryption
Session fixation
CSRF tokens
Show Answer
✅ Correct Answer: Password reuse across services
83. Which attack manipulates time stamps in logs?
Timestamp forgery
DNS tunneling
ARP flooding
Bluejacking
Show Answer
✅ Correct Answer: Timestamp forgery
84. What is the purpose of the Empire post-exploitation framework?
Maintaining persistent access
Cracking WPA2
Scanning for SQLi
Analyzing PCAP files
Show Answer
✅ Correct Answer: Maintaining persistent access
85. Which vulnerability affects IoT devices with default credentials?
Hardcoded passwords
Buffer overflows
XSS
CSRF
Show Answer
✅ Correct Answer: Hardcoded passwords
86. What does "typosquatting" target?
Users mistyping URLs
Weak SSL certificates
Misconfigured DNS
Outdated plugins
Show Answer
✅ Correct Answer: Users mistyping URLs
87. Which tool is used for analyzing network flows?
nfdump
hashcat
Ghidra
SET
Show Answer
✅ Correct Answer: nfdump
88. What is the primary risk of RFID skimming?
Wireless credential theft
Network eavesdropping
Database corruption
Privilege escalation
Show Answer
✅ Correct Answer: Wireless credential theft
89. Which attack exploits JSON Web Tokens (JWT)?
Algorithm confusion
DNS rebinding
SMTP relay
NTP amplification
Show Answer
✅ Correct Answer: Algorithm confusion
90. What does DLL hijacking exploit?
Windows library loading mechanisms
Linux kernel vulnerabilities
macOS sandbox escapes
iOS app permissions
Show Answer
✅ Correct Answer: Windows library loading mechanisms
91. Which tool is used for password spraying attacks?
Hydra
Nmap
Wireshark
Metasploit
Show Answer
✅ Correct Answer: Hydra
92. What is the main risk of SSH version 1?
Weak encryption algorithms
No authentication support
Incompatibility with modern systems
Slow performance
Show Answer
✅ Correct Answer: Weak encryption algorithms
93. Which technique is used to bypass biometric authentication?
Silicone fingerprint replication
Password cracking
RFID cloning
Shoulder surfing
Show Answer
✅ Correct Answer: Silicone fingerprint replication
94. What does "pivoting" refer to in penetration testing?
Moving through a network using compromised systems
Rotating encryption keys
Changing MAC addresses
Bypassing firewalls
Show Answer
✅ Correct Answer: Moving through a network using compromised systems
95. Which vulnerability affects poorly sanitized user input in web apps?
Cross-site scripting (XSS)
ARP spoofing
MAC flooding
BlueSmacking
Show Answer
✅ Correct Answer: Cross-site scripting (XSS)
96. What is the purpose of the Responder tool?
Intercepting LLMNR/NBT-NS traffic
Cracking WPA2
Exploiting buffer overflows
Bypassing 2FA
Show Answer
✅ Correct Answer: Intercepting LLMNR/NBT-NS traffic
97. Which attack exploits race conditions?
TOCTOU (Time of Check to Time of Use)
Phishing
DNS spoofing
SQL injection
Show Answer
✅ Correct Answer: TOCTOU (Time of Check to Time of Use)
98. What is the primary risk of using Telnet?
Unencrypted communication
Slow transfer speeds
No authentication
Incompatibility with IPv6
Show Answer
✅ Correct Answer: Unencrypted communication
99. Which tool is used for analyzing malware memory dumps?
Volatility
Burp Suite
Nessus
Aircrack-ng
Show Answer
✅ Correct Answer: Volatility
100. Which attack involves forcing a system to revert to weaker protocols?
Downgrade attack
DNS spoofing
ARP poisoning
SQL injection
Show Answer
✅ Correct Answer: Downgrade attack
101. What is the purpose of the Shodan search engine?
Finding exposed IoT devices
Cracking passwords
Analyzing malware
Intercepting wireless traffic
Show Answer
✅ Correct Answer: Finding exposed IoT devices
102. Which vulnerability results from improper error handling?
Information disclosure
Buffer overflow
Race condition
Integer overflow
Show Answer
✅ Correct Answer: Information disclosure
103. What does "living off the land" (LOTL) refer to?
Using legitimate system tools for malicious purposes
Exploiting zero-day vulnerabilities
Physical security breaches
Social engineering attacks
Show Answer
✅ Correct Answer: Using legitimate system tools for malicious purposes
104. What is the purpose of theHarvester?
Gather OSINT (Open-Source Intelligence)
Exploit SQL vulnerabilities
Crack passwords
Scan for open ports
Show Answer
✅ Correct Answer: Gather OSINT (Open-Source Intelligence)
105. Which vulnerability allows code execution via buffer overflow?
Stack-based overflow
CSRF
XSS
Directory traversal
Show Answer
✅ Correct Answer: Stack-based overflow