Certified Ethical Hacker v13 Exam

326 Questions and Answers

Certified Ethical Hacker v13 exam practice test study materials and cybersecurity training

Certified Ethical Hacker (CEH) v13 Practice Exam – 312-50v13

Prepare to become a Certified Ethical Hacker with our comprehensive 312-50v13 CEH v13 Practice Exam from Exam Sage. Designed for aspiring cybersecurity professionals and ethical hackers, this practice exam offers an effective way to test your knowledge and boost your confidence before taking the official CEH v13 certification exam.

What is the Certified Ethical Hacker v13 Exam?

The Certified Ethical Hacker (CEH) v13 exam is a globally recognized certification that validates your skills in identifying and addressing security vulnerabilities by using the same knowledge and tools as malicious hackers—but in a lawful and legitimate manner. This certification is essential for professionals who want to build a career in ethical hacking, penetration testing, and cybersecurity.

What You Will Learn

By using this CEH v13 practice exam, you will deepen your understanding of crucial cybersecurity topics, including:

  • Network scanning and enumeration techniques

  • Vulnerability analysis and system hacking methods

  • Social engineering and phishing attacks

  • Malware types and defense mechanisms

  • Wireless network security and cryptography

  • Penetration testing frameworks and tools

  • Web application security and SQL injection

  • Cloud security fundamentals

  • Incident response and mitigation strategies

Each question is paired with detailed explanations, helping you grasp complex concepts and improve your problem-solving skills.

Why Choose Exam Sage for Your CEH v13 Exam Preparation?

At Exam Sage, we are dedicated to providing high-quality, up-to-date, and thoroughly researched practice exams tailored to your certification goals. Our CEH v13 practice test is:

  • Aligned with the latest CEH v13 exam objectives to ensure relevance

  • Comprehensive and challenging, simulating real exam conditions

  • Detailed explanations included for every question to enhance learning

  • Accessible online 24/7 so you can practice anytime, anywhere

  • Ideal for exam takers of all levels, from beginners to experienced security professionals

Start your journey to becoming a Certified Ethical Hacker today. Practice smarter and increase your chances of passing the CEH v13 exam with flying colors—only at Exam Sage.

Sample Questions and Answers

1. Which of the following is the most accurate definition of “footprinting” in ethical hacking?

A. Accessing unauthorized data using phishing attacks
B. Gathering information about a target system before launching an attack
C. Scanning a system for vulnerabilities
D. Exploiting system vulnerabilities to gain administrative privileges

Answer: B
Explanation: Footprinting is the first phase of ethical hacking where the attacker gathers as much information as possible about a target system, organization, or network without interacting with it directly.

2. What is the key difference between passive and active reconnaissance?

A. Passive involves social engineering, while active involves malware
B. Passive does not alert the target, active may trigger detection systems
C. Passive always uses physical means; active uses digital methods
D. Passive is illegal, active is legal

Answer: B
Explanation: Passive reconnaissance involves gathering information without directly interacting with the target system, making it stealthy. Active reconnaissance involves direct interaction, increasing the risk of detection.

3. Which of the following tools is primarily used for packet sniffing?

A. Metasploit
B. Wireshark
C. Nmap
D. Nessus

Answer: B
Explanation: Wireshark is a network protocol analyzer that captures and displays data packets in real-time, commonly used for sniffing and traffic analysis.

4. Which port is commonly used by HTTPS?

A. 21
B. 22
C. 80
D. 443

Answer: D
Explanation: Port 443 is used by HTTPS to provide secure communication over a computer network using SSL/TLS encryption.

5. What is the purpose of a buffer overflow attack?

A. Encrypt files for ransom
B. Overwhelm a server with traffic
C. Execute arbitrary code by exploiting memory allocation
D. Redirect users to malicious websites

Answer: C
Explanation: A buffer overflow occurs when data exceeds a buffer’s boundary, potentially allowing attackers to overwrite adjacent memory and execute malicious code.

6. Which command can be used in Linux to find active network connections and listening ports?

A. ps
B. netstat
C. ping
D. mkdir

Answer: B
Explanation: netstat displays active connections, listening ports, and routing tables, aiding in network diagnostics and monitoring.

7. A SYN flood attack exploits which part of the TCP handshake?

A. SYN
B. ACK
C. FIN
D. PSH

Answer: A
Explanation: A SYN flood sends multiple SYN requests to exhaust the server’s resources without completing the handshake, creating half-open connections.

8. Which tool is commonly used for exploiting known vulnerabilities in systems?

A. Cain and Abel
B. Burp Suite
C. Metasploit
D. Nmap

Answer: C
Explanation: Metasploit is an advanced framework for developing, testing, and executing exploits against known vulnerabilities in target systems.

9. What is the primary function of a honeypot?

A. Detect and prevent malware
B. Store sensitive data securely
C. Distract attackers and study their behavior
D. Encrypt outgoing traffic

Answer: C
Explanation: Honeypots are decoy systems designed to attract attackers and monitor their actions without compromising real systems.

10. Which type of malware is designed to replicate itself and spread to other systems?

A. Trojan
B. Worm
C. Rootkit
D. Keylogger

Answer: B
Explanation: Worms are self-replicating programs that spread through networks, often consuming bandwidth and causing disruption.

11. What is steganography?

A. Encrypting data with a cipher
B. Hiding data within other files
C. Scrambling IP addresses
D. Capturing keystrokes from users

Answer: B
Explanation: Steganography is the practice of concealing data within another file, such as hiding a message inside an image or audio file.

12. Which of the following is a strong hashing algorithm used in cybersecurity?

A. RC4
B. AES
C. SHA-256
D. DES

Answer: C
Explanation: SHA-256 is a cryptographic hash function producing a 256-bit hash value, commonly used in digital signatures and blockchain.

13. Which tool is used for SQL injection testing?

A. Sqlmap
B. Cain
C. Nikto
D. Aircrack-ng

Answer: A
Explanation: Sqlmap automates the detection and exploitation of SQL injection flaws and is widely used in web application penetration testing.

14. What does the principle of least privilege state?

A. Users should have access to all resources at all times
B. Only the admin can access sensitive files
C. Users should only have the minimum access needed to perform tasks
D. Privileges should be assigned randomly

Answer: C
Explanation: The principle of least privilege limits access rights for users to only what is necessary, reducing potential attack surfaces.

15. What is ARP spoofing primarily used for?

A. Crashing a server
B. Intercepting data on a LAN
C. Encrypting data packets
D. Resetting DNS entries

Answer: B
Explanation: ARP spoofing tricks devices into associating the attacker’s MAC address with the IP address of another host, allowing interception or manipulation of traffic.

16. Which one is NOT an example of social engineering?

A. Phishing
B. Shoulder surfing
C. Man-in-the-middle attack
D. Baiting

Answer: C
Explanation: Man-in-the-middle attacks are technical in nature, while the others involve manipulating human behavior.

17. What kind of scan sends TCP packets with no flags set?

A. Xmas scan
B. NULL scan
C. ACK scan
D. FIN scan

Answer: B
Explanation: A NULL scan sends packets with no flags set, attempting to bypass firewalls and identify open ports based on RFC behavior.

18. Which type of encryption uses the same key for encryption and decryption?

A. Asymmetric
B. Hashing
C. Symmetric
D. Digital signature

Answer: C
Explanation: Symmetric encryption uses one shared key for both encryption and decryption, making it faster but less secure for large-scale use.

19. Which of the following is an example of a privilege escalation tool?

A. John the Ripper
B. Hydra
C. Mimikatz
D. Nikto

Answer: C
Explanation: Mimikatz is often used to extract plaintext passwords and escalate privileges within Windows systems.

20. What type of attack manipulates serialized objects to gain access or execute code?

A. Directory traversal
B. Insecure deserialization
C. Command injection
D. XSS

Answer: B
Explanation: Insecure deserialization allows attackers to inject malicious objects that can result in remote code execution or privilege escalation.

21. What does the CIA triad stand for in cybersecurity?

A. Cyber Intelligence Agency
B. Confidentiality, Integrity, Availability
C. Code Injection Authority
D. Critical Infrastructure Assessment

Answer: B
Explanation: The CIA triad represents three core principles of information security: keeping data private (Confidentiality), accurate (Integrity), and accessible (Availability).

22. What is the primary role of a proxy server in cybersecurity?

A. Block malware
B. Encrypt data
C. Act as an intermediary to filter traffic
D. Execute denial-of-service attacks

Answer: C
Explanation: A proxy server forwards requests between a client and server, often for anonymity, access control, or caching.

23. What does CVE stand for?

A. Cyber Vulnerability Entity
B. Common Vulnerabilities and Exposures
C. Critical Validation Exception
D. Common Virus Enumeration

Answer: B
Explanation: CVE is a standardized identifier for known vulnerabilities in software and hardware, managed by MITRE.

24. What is the function of Nmap’s -sS switch?

A. Full TCP connect scan
B. Stealth SYN scan
C. UDP scan
D. OS detection

Answer: B
Explanation: The -sS flag performs a stealthy SYN scan, sending SYN packets and analyzing responses without completing TCP handshakes.

25. Which attack involves sending manipulated DNS responses to redirect traffic?

A. DNS spoofing
B. ARP poisoning
C. SQL injection
D. Keylogging

Answer: A
Explanation: DNS spoofing manipulates DNS responses to redirect users to malicious websites, often for phishing or malware delivery.

26. Which of these is a web vulnerability scanner?

A. Burp Suite
B. Cain and Abel
C. Hydra
D. Ettercap

Answer: A
Explanation: Burp Suite is widely used to detect and exploit vulnerabilities in web applications through testing and manipulation.

27. What is the role of a digital certificate in PKI?

A. Encrypt files locally
B. Store passwords securely
C. Verify the identity of an entity
D. Scan for malware

Answer: C
Explanation: A digital certificate authenticates the identity of a user or device and enables secure communication using public key infrastructure (PKI).

28. What is the purpose of a reverse shell in penetration testing?

A. Encrypt files
B. Exploit SQL vulnerabilities
C. Allow an attacker to gain remote control
D. Spoof DNS entries

Answer: C
Explanation: A reverse shell allows the target machine to connect back to the attacker’s system, giving them control over the device.

29. Which of the following attacks targets wireless networks specifically?

A. Wardriving
B. ARP spoofing
C. DNS hijacking
D. SQL injection

Answer: A
Explanation: Wardriving involves searching for open or vulnerable wireless networks by driving around with a Wi-Fi-enabled device.

30. What does the OWASP Top 10 list represent?

A. Top 10 cybercriminals
B. Most-used penetration testing tools
C. Most common web application vulnerabilities
D. Government security protocols

Answer: C
Explanation: The OWASP Top 10 is a list of the most critical web application security risks, updated periodically to reflect new threats.

31. Which of the following best describes the term “zero-day vulnerability”?

A. A vulnerability with no known exploits
B. A vulnerability already patched by the vendor
C. A vulnerability publicly disclosed but not yet patched
D. A vulnerability used only by ethical hackers

Answer: C
Explanation: A zero-day vulnerability is a flaw in software that is unknown to the vendor and has no patch available at the time of discovery, leaving systems exposed.

32. What is the purpose of the robots.txt file on a web server?

A. Block traffic from all users
B. Encrypt web page content
C. Instruct search engines on which pages not to index
D. Redirect users to a backup server

Answer: C
Explanation: The robots.txt file informs web crawlers which parts of a site should not be indexed or accessed, but it is not a security mechanism.

33. Which technique uses a rogue DHCP server to carry out a man-in-the-middle attack?

A. DHCP starvation
B. Rogue DHCP attack
C. DHCP relay
D. IP spoofing

Answer: B
Explanation: A rogue DHCP server provides incorrect gateway or DNS information, redirecting traffic through an attacker-controlled system.

34. Which of the following tools is used to crack Windows passwords using LM or NTLM hashes?

A. John the Ripper
B. Wireshark
C. Nikto
D. Maltego

Answer: A
Explanation: John the Ripper is a fast password cracker that can be used to brute-force or dictionary attack Windows hashes.

35. Which wireless encryption standard is considered the most secure as of CEH v13 standards?

A. WEP
B. WPA
C. WPA2
D. WPA3

Answer: D
Explanation: WPA3 is the latest and most secure wireless encryption standard, improving upon WPA2 by using stronger cryptographic algorithms.

36. What is the primary goal of penetration testing?

A. Recover lost data
B. Determine user behavior
C. Evaluate security weaknesses
D. Bypass antivirus protection

Answer: C
Explanation: Penetration testing identifies and evaluates security vulnerabilities that could be exploited by attackers, helping organizations improve defenses.

37. Which term refers to disguising malicious code within seemingly legitimate files or software?

A. Obfuscation
B. Steganography
C. Wrapping
D. Trojan horse

Answer: D
Explanation: A Trojan horse is malware that misleads users of its true intent, often by being hidden in a legitimate-looking application or file.

38. Which protocol is commonly used for remote administration over encrypted channels?

A. Telnet
B. FTP
C. SSH
D. HTTP

Answer: C
Explanation: SSH (Secure Shell) provides a secure channel over an unsecured network, commonly used for remote server management.

39. What does a “logic bomb” refer to in malware terminology?

A. Code that self-replicates
B. Malware hidden in logic circuits
C. Malicious code triggered by specific conditions
D. Code used for hardware destruction

Answer: C
Explanation: A logic bomb is a piece of malicious code that activates when certain conditions are met, such as a specific date or system action.

40. What attack is likely occurring if an attacker floods a victim with large ICMP packets?

A. Smurf attack
B. Fraggle attack
C. Ping of Death
D. DDoS SYN Flood

Answer: C
Explanation: A Ping of Death sends malformed or oversized ICMP packets to crash or destabilize the target system.

41. Which of the following allows attackers to escalate privileges through Windows token manipulation?

A. Kerberos
B. PowerSploit
C. Token Impersonation
D. SID Injection

Answer: C
Explanation: Token impersonation allows attackers to use stolen tokens to impersonate higher-privilege users in Windows environments.

42. What is the primary objective of DNS tunneling?

A. Encrypt DNS requests
B. Use DNS protocol to bypass firewalls and exfiltrate data
C. Secure DNS servers
D. Crash DNS servers

Answer: B
Explanation: DNS tunneling encapsulates data inside DNS queries/responses to bypass network filtering and send data covertly.

43. Which of the following describes the concept of “defense in depth”?

A. Using only strong firewalls
B. Deploying redundant hardware
C. Implementing multiple layers of security controls
D. Installing a single antivirus program

Answer: C
Explanation: Defense in depth is a layered security strategy that employs multiple defensive mechanisms to protect data and systems.

44. Which of the following is NOT a valid attack vector for gaining access to a system?

A. USB drop attack
B. Phishing
C. HTTPS encryption
D. Credential stuffing

Answer: C
Explanation: HTTPS is a security measure; the others are methods attackers may use to compromise systems.

45. What command would you use in Linux to modify file permissions?

A. ls
B. sudo
C. chmod
D. cat

Answer: C
Explanation: chmod is used to change file permissions in Linux and Unix-based systems.

46. Which cloud model allows shared resources but restricts access to a specific group or organization?

A. Public cloud
B. Private cloud
C. Community cloud
D. Hybrid cloud

Answer: C
Explanation: A community cloud is shared by several organizations with common concerns, such as security or compliance requirements.

47. Which HTTP method is used to retrieve data from a server without changing it?

A. POST
B. PUT
C. DELETE
D. GET

Answer: D
Explanation: The GET method is used to request data from a specified resource and does not modify it.

48. What is the primary function of a Network Intrusion Detection System (NIDS)?

A. Scan for software updates
B. Analyze network traffic for malicious activity
C. Prevent unauthorized logins
D. Encrypt wireless communication

Answer: B
Explanation: A NIDS monitors network traffic in real-time and alerts administrators of suspicious or malicious activity.

49. Which of these tools is primarily used for wireless network auditing?

A. Aircrack-ng
B. Hydra
C. Netcat
D. Nikto

Answer: A
Explanation: Aircrack-ng is a suite of tools used to assess Wi-Fi network security, including packet capture and WEP/WPA key cracking.

50. What is “typosquatting”?

A. Hijacking legitimate domain names
B. Redirecting traffic through DNS poisoning
C. Creating fake websites with misspelled URLs
D. Injecting malicious scripts into web apps

Answer: C
Explanation: Typosquatting involves registering domain names similar to legitimate ones (with typographical errors) to trick users into visiting malicious sites.

51. Which of the following best explains session hijacking?

A. Guessing usernames
B. Interrupting internet connections
C. Taking over a user session without authentication
D. Encrypting sessions

Answer: C
Explanation: Session hijacking is when an attacker takes over a valid user session, often by stealing session tokens.

52. What type of firewall filters traffic based on application-layer data?

A. Packet-filtering firewall
B. Stateful firewall
C. Circuit-level gateway
D. Application-layer firewall

Answer: D
Explanation: Application-layer firewalls inspect traffic at the application layer, offering deeper insight into traffic patterns and threats.

53. Which Linux command displays network interface configuration?

A. netconfig
B. ifconfig
C. chmod
D. grep

Answer: B
Explanation: ifconfig shows network interfaces and their configurations, though it’s being replaced by ip a in newer systems.

54. Which tool is used for conducting a comprehensive scan of web servers?

A. Nmap
B. Nikto
C. Netcat
D. Snort

Answer: B
Explanation: Nikto is an open-source scanner for web servers, checking for outdated versions, configuration issues, and known vulnerabilities.

55. What kind of attack uses a precomputed table of hashes to crack passwords?

A. Dictionary attack
B. Brute-force attack
C. Rainbow table attack
D. Social engineering

Answer: C
Explanation: Rainbow table attacks use precomputed hashes to reverse cryptographic hash functions, speeding up password cracking.

56. Which scripting language is commonly used in web-based XSS attacks?

A. Python
B. Perl
C. JavaScript
D. Bash

Answer: C
Explanation: JavaScript is frequently used in cross-site scripting (XSS) attacks to inject malicious scripts into websites.

You may also like...