Certified Ethical Hacker
Certification - CEH v10 Exam
Questions with Correct Verified
Answers Latest Update
(2024/2025) Guaranteed Pass
1. Ethical hacking guidelines - ANS ✔No test should be performed without
an appropriate permission and authorization
Keep the test results confidential (usually an NDA is signed)
Perform only those tests that the client had previously agreed upon
2. CVSS - ANS ✔The Common Vulnerability Scoring System (CVSS) provides
a way to capture the principal characteristics of a vulnerability, and
produce a numerical score reflecting its severity. The numerical score can
then be translated into a qualitative representation (such as low, medium,
high, and critical) to help organizations properly assess and prioritize their
vulnerability management processes.
3. Man-in-the-middle attack - ANS ✔Man-in-the-middle attack is when an
attacker gains access to the communication channel between a target and
server. The attacker is then able to extract the information and data they
need to gain unauthorized access.
4. Breaking WPA/WPA2 Encryption: Brute-force WPA Keys - ANS
✔Brute-Force WPA Keys is a technique in which the attacker uses
dictionary or cracking tools to break WPA encryption keys. This attack
takes a lot of time to break the key.
Certified Ethical
, 2
Certified
5. Web application threats - ANS ✔Attacks that take advantage of poorly
written code and lack of proper validation on input and output data. Some
of these attacks include SQL injection and cross-site scripting.
6. Out-of-band SQL injection - ANS ✔Out-of-band SQL injection is an
injection attack in which the attacker uses more channels to inject
malicious queries and retrieve results.
7. Management zone - ANS ✔This is a secured zone which enforces strict
policies and limits access to a few authorized users.
8. List scanning - ANS ✔List scanning indirectly discovers hosts. This scan
works by listing out IP addresses and names without pinging the hosts and
with performing a reverse DNS resolution to identify the names of the
hosts.
9. Types of penetration testing - ANS ✔Black box testing
Grey box testing
White box testing
10. Social engineering types - ANS ✔Human-based social
engineering
Computer-based social engineering
Mobile-based social engineering
11. Passive type - ANS ✔The hacker does not interact with the target.
Instead, they rely on information that is publicly available.
12. Website defacement attack - ANS ✔Website defacement attack is
an attack in which the attacker makes changes to the target website's
content.
Certified Ethical
, 3
Certified
13. White hat - ANS ✔White hats are ethical hackers who use their
knowledge and skills to improve security of a system by discovering
vulnerabilities before black hats do. They use the same methods and tools
black hats do, but unlike black hats, white hats have permission from the
system owner to use those methods.
14. Website mirroring (cloning) - ANS ✔Website mirroring or
website cloning refers to the process of duplicating a website. Mirroring a
website helps in browsing the site offline, searching the website for
vulnerabilities, and discovering valuable information.
15. incident management - ANS ✔Incident management refers to the
process of identifying, analyzing, prioritizing, and solving security
incidents. The goal is not only to restore the system back to normal, but
also prevent any potential risks and threats by triggering alerts.
16. Information that is being collected can include: - ANS ✔Physical
and logical locations
Analog connections
Contact information
Information about other organizations
17. Computer-based social engineering - ANS ✔Computer-based
social engineering involves using computers and information systems for
collecting sensitive and important information.
18. Attack on sensitive information - ANS ✔Refers to hackers
breaking into clouds and stealing information about other users. Such
information usually includes credit card numbers and other financial data.
19. Authentication attack - ANS ✔Authentication attack is an attack
in which the attacker attempts to steal the identity of a user and gain
access to the network.
Certified Ethical
, 4
Certified
20. Website footprinting - ANS ✔Website footprinting is a technique
in which information about the target is collected by monitoring the
target's website. Hackers can map the entire website of the target without
being noticed.
21. Device enumeration sheet - ANS ✔ID of the device
Description
Hostname
Physical location
IP and MAC address
22. Botnets - ANS ✔Bots are malicious programs used by hackers to
control the machines they've infected. Hackers use bots to perform
malicious activities from the machines on which bots run. They can use
bots to infect multiple machines, creating a botnet which they can then use
for distributed denial of service attacks.
23. IDS - ANS ✔Intrusion Detection System (IDS) refers to software or
hardware designed to monitor, detect, and protect networks and systems
from attacks. It does it by inspecting incoming and outgoing traffic and
looking for suspicious activities and signatures.
24. Cracking passwords categories - ANS ✔Password cracking has
four categories which are based on the attack used:
Non-electronic attacks
Active online attacks
Passive online attacks
Offline attacks
25. SQL Injection - ANS ✔An attack in which the attacker injects
malicious SQL queries into the application. In this attack, the attacker
targets vulnerable applications and attempts to either gain unauthorized
access, or retrieve data stored in the database
Certified Ethical
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller DoctorKen. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.49. You're not tied to anything after your purchase.
