Practice test · CEH Ethical Hacker Prep

Free CEH Ethical Hacker Prep Practice Test

Take a free CEH Ethical Hacker Prep practice test for 2026 with questions, answers, explanations, PDF download and timed mock exam links.

Free sample · CEH Ethical Hacker PrepQ1
Which of the following is NOT a benefit of using cloud storage solutions in organizations?
Correct — D. Answer: It is quick to deploy While cloud storage solutions offer many advantages, such as scalability, cost savings, and disaster recovery capabilities, they require careful planning and setup, which can make the implementation process time-consuming.
↑ Tap an answer to check it
Free questions

CEH Ethical Hacker Prep Questions

Open each answer, read the explanation, then continue into the full practice flow.

  1. Q1Which of the following is NOT a benefit of using cloud storage solutions in organizations?

    Show answer

    ✓ Correct answer: It is quick to deploy

    Answer: It is quick to deploy While cloud storage solutions offer many advantages, such as scalability, cost savings, and disaster recovery capabilities, they require careful planning and setup, which can make the implementation process time-consuming.

    Open the full explanation page →

  2. Q2Which of the following is a preventative measure to mitigate the risks associated with unsecured cloud access?

    Show answer

    ✓ Correct answer: Implementing access controls

    Answer: Implementing access controls One of the most effective ways to mitigate the risks associated with unsecured cloud access is to implement strict access controls, ensuring that only authorized users have access to sensitive data. Performing regular security updates and patching vulnerabilities is critical for maintaining cloud security but does not specifically address access control issues. Using encryption helps protect data in transit and at rest but doesn't manage who can access the data. Conducting penetration tests can identify security weaknesses but does not provide ongoing control over cloud access.

    Open the full explanation page →

  3. Q3Which type of hacker has the goal of causing widespread and irreversible damage to a targeted system or network?

    Show answer

    ✓ Correct answer: Suicide

    Answer: Suicide A suicide hacker is one who is willing to go to great lengths, even facing jail time, to ensure the complete and absolute failure of their targeted system or network.

    Open the full explanation page →

  4. Q4What is the first step to securing a company's IT infrastructure in a structured and enforceable manner?

    Show answer

    ✓ Correct answer: Security policy

    The correct answer is Security policy. Establishing a comprehensive and enforceable security policy is the foundational step in any company's effort to secure its IT infrastructure. This policy sets the tone and guidelines for all subsequent security measures. While antivirus installation, network segmentation, and user training are important, they come after the policy has been established.

    Open the full explanation page →

  5. Q5An ethical hacker with expertise in social engineering but minimal experience with network penetration testing has been offered a job requiring extensive network penetration skills. What should the ethical hacker do?

    Show answer

    ✓ Correct answer: Turn down the job and refer the client to someone who is more qualified, if possible.

    Answer: Turn down the job and refer the client to someone who is more qualified, if possible. All ethical hackers should be committed to providing service in their areas of competence while being honest and forthright about any limitations in their experience and education. Ensure that you are qualified for any project on which you work or propose to work by an appropriate combination of education, training, and experience.

    Open the full explanation page →

  6. Q6Which of the following is essential during the initial phase of a security audit?

    Show answer

    ✓ Correct answer: Establishing a baseline

    Answer: Establishing a baseline It is crucial to establish a baseline at the start of a security audit to: 1. Identify and understand business processes 2. Document applications, data, and critical services 3. Create an inventory of assets and prioritize them 4. Map the network infrastructure 5. Assess existing controls 6. Review policy implementations and compliance standards 7. Define the scope of the audit 8. Plan and coordinate the audit effectively

    Open the full explanation page →

  7. Q7Which of the following is NOT TRUE about rootkits?

    Show answer

    ✓ Correct answer: It is easily detectable by antivirus software.

    Answer: It is easily detectable by antivirus software. Rootkits are designed to hide their presence from standard antivirus software, making them difficult to detect. They can mask processes, files, and system data to avoid detection. Rootkits typically gain elevated privileges in the system, allowing a malicious actor to control the system. They also can modify kernel data structures and APIs to conceal their operation and presence.

    Open the full explanation page →

  8. Q8Which of the following describes a situation where an attacker utilizes legitimate admin scripts found on a system to perform malicious tasks?

    Show answer

    ✓ Correct answer: Living-off-the-Land Attacks

    Answer: Living-off-the-Land Attacks Living-off-the-Land (LotL) attacks involve the misuse of legitimate administrative tools and scripts within an operating system to achieve malicious objectives, making detection by security software more difficult. In contrast, Service-Oriented Architecture (SOA) facilitates communication between different software components over a network, Spam Campaigns aim to distribute unwanted emails, and Privilege Escalation refers to techniques used by attackers to gain elevated access to systems.

    Open the full explanation page →

  9. Q9During a security assessment, you need to exfiltrate data from a network. However, the firewall is configured to allow only DNS traffic through. Which evasion technique would you use in this scenario?

    Show answer

    ✓ Correct answer: DNS tunneling

    Answer: DNS tunneling DNS tunneling involves encapsulating data payloads within DNS queries to allow data transfer across a network that only permits DNS traffic. This method exploits the DNS protocol and can bypass certain firewall configurations.

    Open the full explanation page →

  10. Q10Which factor most significantly increases a company's vulnerability to phishing attacks?

    Show answer

    ✓ Correct answer: Inadequate employee training on cybersecurity

    Answer: Inadequate employee training on cybersecurity Phishing attacks are primarily successful due to the lack of adequate training among employees regarding cybersecurity measures. Employees should be trained to identify suspicious emails, attachments, or links, and to verify the identity of senders before providing any sensitive information.

    Open the full explanation page →

Unlock everything

Full CEH Ethical Hacker Prep bank + unlimited mocks

Try 30 questions free. Unlock the complete CEH Ethical Hacker Prep question bank, every explanation, and unlimited timed mock exams. Practice on any device.

Unlock CEH Ethical Hacker Prep →
Cramming?
$2.99
/ week · per exam
Best value
$6.99
/ month · per exam