Practice questions

Certified Ethical Hacker (CEH): Practice Questions

By The Exam Atlas Editorial Team · Verified 2026-05-31

Ten original concept-check questions on core CEH ideas. Choose an answer to reveal the explanation. Remember: ethical hacking is always authorised and scoped.

1. What distinguishes ethical hacking from malicious hacking?

   A The tools used B Explicit authorisation and a defined scope C The skill level D The time of day

2. The first phase of an ethical hacking engagement is usually:

   A Gaining access B Reconnaissance C Covering tracks D Reporting

3. Passive reconnaissance differs from active reconnaissance in that it:

   A Sends packets to the target B Gathers information without directly interacting with the target C Exploits vulnerabilities D Requires admin access

4. Enumeration is best described as:

   A Encrypting data B Extracting detailed information such as user names, shares and services C Deleting logs D Sending phishing emails

5. A honeypot is:

   A A type of malware B A decoy system designed to attract and study attackers C A password cracker D A firewall rule

6. Social engineering attacks primarily target:

   A Network protocols B People C Encryption keys D Firewalls

7. Attackers 'cover their tracks' mainly to:

   A Speed up the attack B Hide their activity and avoid detection C Improve performance D Help defenders

8. SQL injection works by:

   A Overloading a server B Abusing unvalidated input to manipulate a database query C Cracking passwords D Intercepting wireless traffic

9. Privilege escalation refers to:

   A Encrypting files B Gaining higher access rights than originally granted C Scanning ports D Sending spam

10. An ethical hacker may test:

    A Any system they can reach B Only systems they own or are explicitly authorised to test C Competitors' systems D Government systems freely

Sources

• EC-Council — CEH ↗