Correct Answer is: Distributed Denial of Service

Correct Answer is: Common Vulnerabilities and Exposures

Code that takes advantage of a vulnerability

CEH (Certified Ethical Hacker) MCQ Multiple Choice Questions - Page 2 for Practice

Q: 31. What is SQL Injection?

Correct Answer is: Injecting malicious SQL queries into applications

Q: 33. What is Cross-Site Scripting (XSS)?

Correct Answer is: Injection of malicious scripts into web pages

Q: 35. What is Cross-Site Request Forgery (CSRF)?

Correct Answer is: Forcing users to perform unwanted actions

Q: 37. What is Metasploit?

Correct Answer is: Penetration Testing Framework

Q: 38. What is an exploit?

Correct Answer is: Code that takes advantage of a vulnerability

Q: 39. What is a payload in Metasploit?

Correct Answer is: Code executed after exploitation

Q: 40. What is wireless sniffing?

Correct Answer is: Capturing wireless traffic

Q: 42. Why is WEP considered insecure?

Correct Answer is: Uses weak encryption methods

Q: 43. What is a rogue access point?

Correct Answer is: Fake AP created by attackers

Q: 44. What is DNS poisoning?

Correct Answer is: Corrupting DNS records to redirect traffic

CEH (Certified Ethical Hacker) MCQ Questions for Practice

31. What is SQL Injection?

Injecting malicious SQL queries into applications
Network attack
Wireless attack
Password attack

32. Which database language is targeted in SQL Injection?

HTML
SQL
CSS
XML

33. What is Cross-Site Scripting (XSS)?

Injection of malicious scripts into web pages
Network scanning
Wireless cracking
Port forwarding

34. Which type of XSS is stored on the server?

Reflected XSS
Stored XSS
DOM XSS
Blind XSS

35. What is Cross-Site Request Forgery (CSRF)?

Forcing users to perform unwanted actions
Network monitoring
Encryption process
Password reset

36. Which tool is commonly used for web application testing?

Burp Suite
Outlook
WordPad
Paint

37. What is Metasploit?

Operating System
Penetration Testing Framework
Firewall
Antivirus

38. What is an exploit?

A vulnerability scanner
Code that takes advantage of a vulnerability
A firewall rule
Security patch

39. What is a payload in Metasploit?

Target IP address
Code executed after exploitation
Scan result
Firewall log

40. What is wireless sniffing?

Capturing wireless traffic
Encrypting Wi-Fi
Blocking Wi-Fi
Updating routers

41. Which Wi-Fi encryption standard is strongest among these?

WEP
WPA
WPA2
WPA3

42. Why is WEP considered insecure?

Uses weak encryption methods
Too expensive
Too complex
Too slow

43. What is a rogue access point?

Authorized AP
Fake AP created by attackers
VPN device
Firewall device

44. What is DNS poisoning?

Corrupting DNS records to redirect traffic
Encrypting DNS
Blocking DNS
Updating DNS

45. What is a DoS attack?

Denial of Service attack
Data on Storage
Domain of Security
Directory of Services

46. What is DDoS?

Distributed Denial of Service
Dynamic DNS Operation Service
Distributed Data Storage
Data Distribution Service

47. What is footprinting?

Gathering target information
Password cracking
Encryption
Backup creation

48. What is the purpose of a firewall?

Filter network traffic
Store passwords
Manage databases
Compress files

49. Which protocol is commonly used for secure remote administration?

Telnet
FTP
SSH
HTTP

50. What is steganography?

Hiding information within other files
Encrypting data
Scanning networks
Cracking passwords

51. What is digital forensics?

Investigating digital evidence
Building networks
Writing malware
Designing websites

52. Which phase involves removing evidence of compromise?

Reconnaissance
Scanning
Covering Tracks
Enumeration

53. What is the principle of least privilege?

Users get minimum required permissions
Everyone gets admin access
No permissions assigned
Full permissions granted

54. Which security model assumes no trust by default?

Open Trust
Zero Trust
Shared Trust
Dynamic Trust

55. What is a honeypot?

Decoy system used to attract attackers
Firewall
Antivirus
Router

56. What is penetration testing?

Authorized security testing of systems
Illegal hacking
Network monitoring
Software installation

57. Which CEH concept focuses on risk identification?

Vulnerability Assessment
Backup Management
Asset Disposal
File Compression

58. What is a CVE?

Common Vulnerabilities and Exposures
Critical Verification Engine
Cyber Validation Event
Central Vulnerability Exchange

59. What is the purpose of patch management?

Fix security vulnerabilities
Increase storage
Reduce bandwidth
Encrypt files

60. Which document defines the scope and authorization for a penetration test?

NDA
Rules of Engagement
Invoice
Asset Register