Information Security and Ethical Hacking Overview for Certified Ethical Hacker (CEH)

Sample Practice Questions

1. Question 1

   Which phase of ethical hacking involves identifying live hosts, open ports, and services running on a host?
   1. A. Footprinting
   2. B. Scanning
   3. C. Enumeration
   4. D. System Hacking
   Explanation

   The correct answer is: B. Scanning.

   Scanning is the phase where you actively probe the target to find live hosts, open ports, and the services bound to those ports. Tools like Nmap are used to perform ping sweeps, port scans, and service/version detection. Footprinting (reconnaissance) comes before scanning and focuses on passively or lightly gathering information (e.g., domain names, IP ranges, DNS, public documents) without directly probing hosts. Enumeration follows scanning and goes deeper--extracting usernames, shares, SNMP data, and other detailed information from the discovered services. System Hacking is a later phase focused on gaining access, escalating privileges, and maintaining access. Thus, the activity described--identifying live hosts, open ports, and services--is the definition of the Scanning phase.

2. Question 2

   When performing a penetration test, you discover a SQL injection vulnerability. Which of the following actions should you take first?
   1. A. Exploit the vulnerability to extract all data immediately.
   2. B. Document the vulnerability and report it to the client.
   3. C. Attempt to patch the vulnerability on your own.
   4. D. Ignore the vulnerability as it is not your responsibility.
   Explanation

   The correct answer is: B. Document the vulnerability and report it to the client..

   Ethical penetration testing is governed by rules of engagement and professional ethics. Your primary role is to find and report vulnerabilities so the client can fix them--not to fully exploit them or make changes yourself. Documenting the vulnerability (steps to reproduce, evidence, risk level) and reporting it to the client is the correct first action. Exploiting it to --extract all data-- (A) can exceed scope, violate confidentiality, and cause harm. Patching it yourself (C) is usually out of scope and can conflict with the client--s change management. Ignoring it (D) breaches your duty to the client. If the scope allows a limited proof-of-concept exploit to demonstrate impact, that should be agreed in advance and documented; the first *mandatory* step remains document and report.

3. Question 3

   While conducting a penetration test, you discover that the client uses outdated software with known vulnerabilities. What is the most ethical action you can take?
   1. A. Exploit the software vulnerabilities to demonstrate their impact.
   2. B. Notify the client and recommend an immediate upgrade or patch.
   3. C. Ignore the outdated software, focusing only on current systems.
   4. D. Publicly disclose the vulnerability to pressure the client to update.
   Explanation

   The correct answer is: B. Notify the client and recommend an immediate upgrade or patch..

   The ethical response is to notify the client and recommend remediation (upgrade or patch) so they can fix the risk. You should document the finding and include it in your report with a clear recommendation. Exploiting the vulnerabilities (A) may be acceptable only if it is within agreed scope and rules of engagement; it is not the --most ethical-- default. Ignoring the finding (C) fails to serve the client and leaves them at risk. Publicly disclosing (D) without the client--s agreement is unprofessional, can cause legal and reputational harm, and violates responsible disclosure principles. Responsible disclosure means reporting to the organization first and giving them time to remediate before any public disclosure, if any.

4. Question 4

   While conducting a penetration test, you find a service that accepts unencrypted credentials over the network. How should you address this finding?
   1. A. Exploit the service to demonstrate the risk to the client.
   2. B. Immediately disable the service to prevent potential exploitation.
   3. C. Capture the credentials using a network sniffer to prove the vulnerability.
   4. D. Report the finding and recommend implementing encryption protocols.
   Explanation

   The correct answer is: D. Report the finding and recommend implementing encryption protocols..

   As a penetration tester, your job is to identify and report weaknesses and recommend fixes--not to make operational changes or exceed scope. Reporting the finding and recommending encryption (e.g., TLS, encrypted authentication) is the correct approach. Exploiting the service (A) or capturing credentials (C) may be possible only if explicitly allowed in scope and rules of engagement; doing so without clear authorization can violate confidentiality and policy. Disabling the service (B) is an operational decision that belongs to the client; testers do not change or shut down production systems without explicit approval. Documenting the risk (e.g., credential exposure, compliance impact) and recommending encryption protocols aligns with professional standards and keeps the engagement within bounds.

5. Question 5

   In the process of ethical hacking, why is it important to define a clear scope before starting a penetration test?
   1. A. To identify which hacking tools are prohibited during testing.
   2. B. To ensure that the testing team remains within legal and contractual boundaries.
   3. C. To maximize the potential impact on the target systems during testing.
   4. D. To allow for unrestricted access to all systems within the network.
   Explanation

   The correct answer is: B. To ensure that the testing team remains within legal and contractual boundaries..

   Scope defines what is in and out of bounds for the test: which systems, networks, and actions are permitted. Its main purpose is to keep the engagement legal and contractual. Without a clear scope, testers could access systems or use techniques that were not authorized, which can lead to legal liability, breach of contract, and harm to the organization. Scope often includes approved targets, time windows, prohibited techniques, and handling of data. While scope may also specify prohibited tools (A), that is a detail within the broader goal of staying within legal and contractual limits. The aim is not to --maximize impact-- (C) or --unrestricted access-- (D)--those would increase risk of unauthorized access and legal exposure. Defining scope in a written agreement (e.g., SOW, rules of engagement) protects both the client and the tester.

Other Certified Ethical Hacker (CEH) domains

• Cloud Computing (10 questions)
• Cryptography (14 questions)
• Mobile, IOT and OT Hacking (14 questions)
• Network and Perimeter Hacking (47 questions)
• Reconnaissance Techniques (24 questions)
• System Hacking Phases (14 questions)
• Web Application Hacking (44 questions)
• Wireless Network Hacking (27 questions)