Ceh Ec1 350 Ethical Hacking And Countermeasures V7 Practice Test - Set 1
Test your knowledge with this Ceh Ec1 350 Ethical Hacking And Countermeasures V7 mock exam. Get real-world IT questions and prepare for certification success.
EC1-350: Ethical Hacking and Countermeasures v7 - Exam Information
Exam Information
Exam Code
Ceh Ec1 350 Ethical Hacking And Countermeasures V7
Exam Title
EC1-350: Ethical Hacking and Countermeasures v7
Vendor
CEH
Difficulty
Advanced
Duration
4 Hours
Question Format
Multiple Choice
Last Updated
March 10, 2025
An earlier version of the CEH exam focusing on ethical hacking techniques and security principles.
1. What is the main goal of ethical hacking as defined in CEH v7?
To identify and exploit vulnerabilities for personal gain
To secure IT systems by finding and fixing vulnerabilities
To create new hacking methodologies
To disable security features in organizations
✅ Correct Answer: To secure IT systems by finding and fixing vulnerabilities
2. Which of the following is a common countermeasure against SQL injection attacks?
Using dynamic SQL queries
Applying input validation and parameterized queries
Storing credentials in plain text
Disabling database logging
✅ Correct Answer: Applying input validation and parameterized queries
3. What is the purpose of a penetration test?
To identify and exploit vulnerabilities in a controlled manner
To disable security features
To create new hacking tools
To steal sensitive data
✅ Correct Answer: To identify and exploit vulnerabilities in a controlled manner
4. Which tool is commonly used for network scanning?
Nmap
Wireshark
Metasploit
John the Ripper
✅ Correct Answer: Nmap
5. What is the primary purpose of a firewall?
To block unauthorized access to a network
To encrypt sensitive data
To crack passwords
To intercept network traffic
✅ Correct Answer: To block unauthorized access to a network
6. Which attack involves intercepting communication between two parties?
Man-in-the-Middle (MITM)
Phishing
SQL Injection
Denial of Service (DoS)
✅ Correct Answer: Man-in-the-Middle (MITM)
7. What is the purpose of a vulnerability scanner?
To identify security weaknesses in a system
To exploit vulnerabilities
To intercept network traffic
To crack passwords
✅ Correct Answer: To identify security weaknesses in a system
8. Which protocol is commonly exploited in DNS spoofing attacks?
DNS
HTTP
HTTPS
FTP
✅ Correct Answer: DNS
9. What is the primary goal of a Denial of Service (DoS) attack?
To overwhelm a system and make it unavailable
To steal sensitive data
To intercept network traffic
To crack passwords
✅ Correct Answer: To overwhelm a system and make it unavailable
10. Which tool is used for password cracking?
John the Ripper
Nmap
Wireshark
Metasploit
✅ Correct Answer: John the Ripper
11. What is the purpose of a honeypot?
To detect and analyze attacks
To block unauthorized access
To encrypt sensitive data
To crack passwords
✅ Correct Answer: To detect and analyze attacks
12. Which attack involves injecting malicious SQL queries into an application?
SQL Injection
Phishing
MITM
DoS
✅ Correct Answer: SQL Injection
13. What is the purpose of a rootkit?
To gain unauthorized access and hide malicious activity
To encrypt sensitive data
To intercept network traffic
To crack passwords
✅ Correct Answer: To gain unauthorized access and hide malicious activity
14. Which tool is used for packet sniffing?
Wireshark
Nmap
Metasploit
John the Ripper
✅ Correct Answer: Wireshark
15. What is the purpose of a buffer overflow attack?
To execute arbitrary code by overwriting memory
To intercept network traffic
To crack passwords
To encrypt sensitive data
✅ Correct Answer: To execute arbitrary code by overwriting memory
16. Which attack involves tricking users into revealing sensitive information?
Phishing
SQL Injection
MITM
DoS
✅ Correct Answer: Phishing
17. What is the purpose of a vulnerability assessment?
To identify and prioritize security weaknesses
To exploit vulnerabilities
To intercept network traffic
To crack passwords
✅ Correct Answer: To identify and prioritize security weaknesses
18. Which tool is used for exploiting vulnerabilities?
Metasploit
Nmap
Wireshark
John the Ripper
✅ Correct Answer: Metasploit
19. What is the purpose of a reverse shell?
To gain remote control of a target system
To intercept network traffic
To crack passwords
To encrypt sensitive data
✅ Correct Answer: To gain remote control of a target system
20. Which attack involves overwhelming a system with traffic?
Denial of Service (DoS)
Phishing
SQL Injection
MITM
✅ Correct Answer: Denial of Service (DoS)
21. Which tool is commonly used for DNS enumeration?
nslookup
Wireshark
Metasploit
John the Ripper
✅ Correct Answer: nslookup
22. What is the primary purpose of WHOIS lookups?
Gather domain registration information
Scan network ports
Crack passwords
Analyze malware
✅ Correct Answer: Gather domain registration information
23. Which Google search operator finds specific filetypes?
filetype:
site:
inurl:
intitle:
✅ Correct Answer: filetype:
24. What does traceroute help identify?
Network path to a target
Open ports
Vulnerabilities
Password hashes
✅ Correct Answer: Network path to a target
25. Which technique gathers information from social media?
OSINT
Port scanning
Packet sniffing
Brute forcing
✅ Correct Answer: OSINT
26. What does a SYN scan determine?
Port status without completing connection
Service versions
OS information
Network bandwidth
✅ Correct Answer: Port status without completing connection
27. Which Nmap flag enables OS detection?
-O
-sS
-p
-A
✅ Correct Answer: -O
28. What is the purpose of hping?
Craft custom network packets
Analyze malware
Crack passwords
Exploit vulnerabilities
✅ Correct Answer: Craft custom network packets
29. Which protocol does ping use?
ICMP
TCP
UDP
HTTP
✅ Correct Answer: ICMP
30. What does a NULL scan attempt to identify?
Firewall configuration
User accounts
Network speed
Encryption methods
✅ Correct Answer: Firewall configuration
31. Which tool enumerates Windows shares?
enum4linux
Nmap
Wireshark
Metasploit
✅ Correct Answer: enum4linux
32. What does SNMP enumeration reveal?
Network device information
Encrypted passwords
Web vulnerabilities
Malware signatures
✅ Correct Answer: Network device information
33. Which port does LDAP typically use?
389
80
443
22
✅ Correct Answer: 389
34. What is the purpose of NetBIOS enumeration?
Discover Windows network resources
Crack passwords
Scan ports
Analyze traffic
✅ Correct Answer: Discover Windows network resources
35. Which tool enumerates web server directories?
DirBuster
John
Aircrack-ng
Snort
✅ Correct Answer: DirBuster
36. Where does Windows store password hashes?
SAM file
Registry
Temp folder
System32
✅ Correct Answer: SAM file
37. Which tool extracts password hashes from memory?
Mimikatz
Wireshark
Nmap
Burp Suite
✅ Correct Answer: Mimikatz
38. What is the purpose of a rainbow table?
Speed up password cracking
Encrypt data
Scan networks
Analyze malware
✅ Correct Answer: Speed up password cracking
39. Which registry hive contains user-specific settings?
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_USERS
✅ Correct Answer: HKEY_CURRENT_USER
40. What is privilege escalation?
Gaining higher-level access
Encrypting files
Scanning networks
Analyzing logs
✅ Correct Answer: Gaining higher-level access
41. What is the primary characteristic of a rootkit?
Hides its presence
Encrypts files
Spreads through email
Displays ads
✅ Correct Answer: Hides its presence
42. Which malware type demands payment?
Ransomware
Spyware
Adware
Worm
✅ Correct Answer: Ransomware
43. What does a Trojan horse do?
Disguises as legitimate software
Self-replicates
Infects boot sectors
Spreads through networks
✅ Correct Answer: Disguises as legitimate software
44. Which tool analyzes malware behavior?
Cuckoo Sandbox
Nmap
Wireshark
Metasploit
✅ Correct Answer: Cuckoo Sandbox
45. What is the purpose of a botnet?
Execute coordinated attacks
Encrypt communications
Scan for vulnerabilities
Analyze network traffic
✅ Correct Answer: Execute coordinated attacks
46. Which attack intercepts network traffic?
Man-in-the-middle
DDoS
SQL injection
Phishing
✅ Correct Answer: Man-in-the-middle
47. What does ARP spoofing accomplish?
Redirect network traffic
Encrypt data
Crack passwords
Scan ports
✅ Correct Answer: Redirect network traffic
48. Which tool captures network packets?
Wireshark
John
Hydra
Sqlmap
✅ Correct Answer: Wireshark
49. What is the purpose of MAC flooding?
Overwhelm switch CAM tables
Encrypt traffic
Prevent sniffing
Accelerate networks
✅ Correct Answer: Overwhelm switch CAM tables
50. Which protocol is vulnerable to sniffing?
FTP
HTTPS
SSH
SFTP
✅ Correct Answer: FTP
51. What is pretexting in social engineering?
Creating fake scenarios
Sending mass emails
Exploiting software bugs
Cracking passwords
✅ Correct Answer: Creating fake scenarios
52. Which tool creates phishing pages?
SET (Social Engineering Toolkit)
Metasploit
Nmap
Wireshark
✅ Correct Answer: SET (Social Engineering Toolkit)
53. What is tailgating?
Physical access by following someone
Network eavesdropping
Password cracking
Email spoofing
✅ Correct Answer: Physical access by following someone
54. Which attack uses phone calls?
Vishing
Phishing
Smishing
Pharming
✅ Correct Answer: Vishing
55. What is the primary defense against social engineering?
Security awareness training
Firewalls
Antivirus
Encryption
✅ Correct Answer: Security awareness training
56. What is the difference between DoS and DDoS?
Multiple attack sources
Attack duration
Target systems
Exploited vulnerabilities
✅ Correct Answer: Multiple attack sources
57. Which tool performs stress testing?
LOIC
Nmap
Metasploit
Wireshark
✅ Correct Answer: LOIC
58. What is a SYN flood attack?
Exploits TCP handshake
Overflows buffers
Exhausts bandwidth
Corrupts packets
✅ Correct Answer: Exploits TCP handshake
59. Which attack targets application layers?
HTTP flood
Ping of death
Smurf attack
UDP flood
✅ Correct Answer: HTTP flood
60. What is the primary defense against DDoS?
Traffic filtering
Strong passwords
Encryption
Antivirus
✅ Correct Answer: Traffic filtering
61. What is session fixation?
Setting session ID before login
Stealing cookies
Brute-forcing credentials
Exploiting buffer overflows
✅ Correct Answer: Setting session ID before login
62. Which tool performs MITM attacks?
Ettercap
Hydra
John
Sqlmap
✅ Correct Answer: Ettercap
63. What is the primary defense against session hijacking?
HTTPS and secure cookies
Firewalls
Antivirus
Encryption
✅ Correct Answer: HTTPS and secure cookies
64. Which attack steals session tokens?
XSS
SQLi
Phishing
DDoS
✅ Correct Answer: XSS
65. What does CSRF exploit?
Authenticated sessions
Network protocols
OS vulnerabilities
Physical access
✅ Correct Answer: Authenticated sessions
66. Which tool tests for SQL injection?
Sqlmap
Metasploit
Nmap
Wireshark
✅ Correct Answer: Sqlmap
67. What is the primary defense against XSS?
Input validation and output encoding
Firewalls
Antivirus
Encryption
✅ Correct Answer: Input validation and output encoding
68. Which attack manipulates file paths?
Directory traversal
CSRF
Phishing
DDoS
✅ Correct Answer: Directory traversal
69. What is the purpose of Burp Suite?
Web application testing
Network scanning
Password cracking
Malware analysis
✅ Correct Answer: Web application testing
70. Which HTTP header prevents clickjacking?
X-Frame-Options
Content-Security-Policy
Strict-Transport-Security
X-XSS-Protection
✅ Correct Answer: X-Frame-Options
71. Which encryption is weakest for WiFi?
WEP
WPA
WPA2
WPA3
✅ Correct Answer: WEP
72. What does an evil twin attack create?
Rogue access point
Duplicate packets
Fake certificates
Spoofed MAC addresses
✅ Correct Answer: Rogue access point
73. Which tool cracks WPA handshakes?
Aircrack-ng
Wireshark
Nmap
Metasploit
✅ Correct Answer: Aircrack-ng
74. What is wardriving?
Locating wireless networks
Cracking passwords
Sniffing traffic
Launching DDoS
✅ Correct Answer: Locating wireless networks
75. Which attack targets WPS?
PIN brute-forcing
Packet injection
MAC spoofing
ARP poisoning
✅ Correct Answer: PIN brute-forcing
The Ceh Ec1 350 Ethical Hacking And Countermeasures V7 certification is a globally recognized credential for IT professionals.
This practice test helps you prepare by covering key topics like hardware, networking, troubleshooting, and security.
Want more practice? Check out our other mock exams: