PracticeStudy GuidesBlogFlashcardsEspañol
All Practice Exams

202+ Free CEH Practice Questions

Pass your Certified Ethical Hacker (CEH v13) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
~65-75% Pass Rate
202+ Questions
100% Free
1 / 202
Question 1
Score: 0/0

What is the primary purpose of ethical hacking?

A
B
C
D
to track
2026 Statistics

Key Facts: CEH Exam

125

Exam Questions

EC-Council

70%

Passing Score

EC-Council

4 hours

Exam Duration

EC-Council

$1,199+

Exam Fee (with training)

EC-Council

20

Modules Covered

CEH v13

3 years

Certification Validity

ECE required

The CEH (Certified Ethical Hacker) exam has 125 multiple-choice questions in 4 hours with a passing score of 70%. CEH v13 covers 20 modules across 9 domains: Information Security (6%), Reconnaissance (15%), Scanning (10%), Enumeration (10%), System Hacking (15%), Malware (10%), Sniffing (10%), Social Engineering (8%), DoS (5%), Session Hijacking (5%), Evading Security (7%), Web Server Hacking (5%), Web App Hacking (10%), SQL Injection (7%), Wireless Hacking (5%), Mobile Hacking (4%), IoT/OT Hacking (3%), Cloud Computing (4%), and Cryptography (5%).

Sample CEH Practice Questions

Try these sample questions to test your CEH exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 202+ question experience with AI tutoring.

1What is the primary purpose of ethical hacking?
A.To illegally access systems for personal gain
B.To identify vulnerabilities and strengthen security defenses
C.To steal confidential information from competitors
D.To disable security systems for testing purposes
Explanation: Ethical hacking is the practice of deliberately penetrating systems with permission to identify vulnerabilities before malicious hackers can exploit them. The goal is to improve security posture by discovering weaknesses and providing recommendations for remediation. Unlike malicious hacking, ethical hacking requires proper authorization and follows a code of conduct.
2Which of the following best describes the difference between a black hat and white hat hacker?
A.Black hats use more advanced tools than white hats
B.Black hats operate without authorization; white hats have explicit permission
C.Black hats only target government systems
D.Black hats work during nighttime hours
Explanation: The primary distinction between black hat and white hat hackers is authorization. Black hat hackers operate illegally without permission, seeking personal gain or causing harm. White hat hackers (ethical hackers) have explicit written authorization to test systems and help improve security. Both may use similar techniques and tools, but their intent and legal standing differ fundamentally.
3What legal document is required before conducting a penetration test?
A.A service level agreement (SLA)
B.A rules of engagement (ROE) document with written authorization
C.An insurance policy
D.A non-disclosure agreement (NDA) only
Explanation: A Rules of Engagement (ROE) document with explicit written authorization is essential before any penetration testing. The ROE defines the scope, timing, methods allowed, and boundaries of the engagement. This legal protection ensures the ethical hacker has permission to test the systems and clarifies what is in scope. While NDAs are commonly signed, they do not provide authorization to test systems.
4In the context of penetration testing, what does the term "scope" refer to?
A.The budget allocated for the engagement
B.The specific systems, networks, and assets authorized for testing
C.The timeline for completing the assessment
D.The number of vulnerabilities to be discovered
Explanation: Scope in penetration testing defines the boundaries of authorized activity. It specifies which IP addresses, domains, systems, networks, and physical locations may be tested. Testing outside the defined scope is unauthorized and potentially illegal. A well-defined scope protects both the client and the tester by establishing clear boundaries and expectations.
5Which phase of the ethical hacking methodology involves gathering information about the target without directly interacting with it?
A.Scanning
B.Reconnaissance
C.Exploitation
D.Post-exploitation
Explanation: Reconnaissance (or footprinting) is the initial phase where the ethical hacker gathers information about the target without direct interaction. This includes researching publicly available information, DNS records, social media, and other open sources. Passive reconnaissance does not touch the target systems, while active reconnaissance involves limited direct interaction.
6What is the term for a hacker who operates between ethical and malicious boundaries, often hacking without permission but claiming to have good intentions?
A.White hat
B.Black hat
C.Gray hat
D.Red hat
Explanation: A gray hat hacker operates in the ethical gray zone, sometimes accessing systems without explicit permission but not intending to cause harm or steal data. They may disclose vulnerabilities to the public or the organization after discovery. While their intentions may be good, their actions are still technically illegal because they lack authorization, distinguishing them from white hat hackers.
7According to the CEH methodology, what are the five phases of ethical hacking in correct order?
A.Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks
B.Scanning, Reconnaissance, Exploitation, Pivoting, Reporting
C.Information Gathering, Vulnerability Assessment, Exploitation, Persistence, Cleanup
D.Footprinting, Enumeration, Exploitation, Backdoor Installation, Log Deletion
Explanation: The five phases of ethical hacking in CEH methodology are: 1) Reconnaissance (information gathering), 2) Scanning (identifying live systems and vulnerabilities), 3) Gaining Access (exploiting vulnerabilities), 4) Maintaining Access (establishing persistence), and 5) Covering Tracks (removing evidence). This systematic approach mimics how actual attackers operate while providing a framework for security assessments.
8Which of the following is NOT a type of information security control?
A.Physical controls
B.Technical controls
C.Administrative controls
D.Financial controls
Explanation: The three main categories of information security controls are: Physical controls (locks, guards, cameras), Technical controls (firewalls, encryption, access controls), and Administrative controls (policies, procedures, training). Financial controls relate to accounting and financial management, not directly to information security.
9What is the primary difference between vulnerability assessment and penetration testing?
A.Vulnerability assessment is automated; penetration testing is manual
B.Vulnerability assessment identifies weaknesses; penetration testing exploits them
C.Vulnerability assessment is cheaper than penetration testing
D.Vulnerability assessment is illegal; penetration testing is legal
Explanation: Vulnerability assessment focuses on identifying and cataloging potential weaknesses in systems without actively exploiting them. Penetration testing goes further by actually exploiting vulnerabilities to demonstrate the real-world impact of security weaknesses. Penetration testing validates whether vulnerabilities are truly exploitable and shows what an attacker could accomplish.
10Which regulation in the United States requires organizations to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI)?
A.GDPR
B.HIPAA
C.PCI DSS
D.SOX
Explanation: HIPAA (Health Insurance Portability and Accountability Act) requires healthcare organizations and their business associates to safeguard electronic protected health information (ePHI). The Security Rule specifically mandates administrative, physical, and technical safeguards for ePHI confidentiality, integrity, and availability. GDPR is a European regulation, PCI DSS covers payment card data, and SOX relates to financial reporting.

About the CEH Exam

The Certified Ethical Hacker (CEH v13) is the world's most comprehensive ethical hacking certification, validating skills in identifying and exploiting vulnerabilities across 20 modules including reconnaissance, scanning, system hacking, malware threats, social engineering, web application attacks, wireless hacking, IoT/OT hacking, cloud computing, and cryptography. CEH v13 introduces AI-powered ethical hacking tools and techniques.

Questions

125 scored questions

Time Limit

4 hours

Passing Score

70%

Exam Fee

$1,199-$1,699 (includes training) (EC-Council / Pearson VUE)

CEH Exam Content Outline

6%

Information Security & Ethics

Ethical hacking concepts, security controls, penetration testing methodologies, laws and compliance, CEH hacking phases

15%

Footprinting & Reconnaissance

Passive and active reconnaissance, DNS footprinting, Google hacking, social engineering reconnaissance, network scanning

25%

Scanning, Enumeration & Vulnerability Analysis

Network scanning techniques, port scanning, banner grabbing, enumeration protocols (SNMP, LDAP, SMB), vulnerability assessment

15%

System Hacking

Password cracking, privilege escalation, rootkits, keyloggers, backdoors, steganography, covering tracks

10%

Malware Threats

Viruses, worms, Trojans, ransomware, fileless malware, malware analysis and detection techniques

10%

Sniffing

Packet sniffing, ARP spoofing, MAC flooding, DHCP attacks, sniffing countermeasures

8%

Social Engineering

Psychological manipulation, phishing, pretexting, insider threats, identity theft, social engineering countermeasures

10%

Denial of Service & Session Hijacking

DoS/DDoS attacks, botnets, session hijacking techniques, TCP sequence prediction, session fixation

7%

Evading IDS, Firewalls & Honeypots

IDS/IPS evasion, firewall evasion techniques, honeypots, intrusion detection methods

15%

Web Application & Server Hacking

Web server attacks, web app vulnerabilities, OWASP Top 10, XSS, CSRF, injection attacks

7%

SQL Injection

SQL injection types, blind SQL injection, SQLMap, parameterized queries, WAF bypass techniques

12%

Wireless, Mobile, IoT & Cloud Hacking

WEP/WPA/WPA2 attacks, wireless encryption, mobile platform vulnerabilities, IoT/OT threats, cloud security, container security

How to Pass the CEH Exam

What You Need to Know

  • Passing score: 70%
  • Exam length: 125 questions
  • Time limit: 4 hours
  • Exam fee: $1,199-$1,699 (includes training)

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

CEH Study Tips from Top Performers

1Focus on System Hacking (15%) and Footprinting/Reconnaissance (15%) — these are the largest weighted domains
2Master Nmap scanning techniques and options — port scanning questions appear frequently on the exam
3Understand the difference between virus, worm, Trojan, and ransomware — malware questions test these distinctions
4Learn SQL injection payloads and techniques — union-based, blind, and error-based SQLi are all tested
5Study wireless encryption evolution: WEP (broken) → WPA (TKIP) → WPA2 (AES-CCMP) → WPA3 (SAE)
6Know the CEH hacking methodology phases: Reconnaissance → Scanning → Gaining Access → Maintaining Access → Covering Tracks
7Practice with hands-on labs using Kali Linux tools: Nmap, Wireshark, Metasploit, John the Ripper, SQLMap, Aircrack-ng
8Complete 200+ practice questions and score 80%+ consistently before scheduling the exam

Frequently Asked Questions

What is the CEH exam format?

The CEH (ANSI) exam consists of 125 multiple-choice questions to be completed in 4 hours. The passing score is 70%. Questions cover 20 modules across ethical hacking concepts, reconnaissance, scanning, enumeration, system hacking, malware, sniffing, social engineering, DoS, web application attacks, SQL injection, wireless hacking, mobile platforms, IoT, cloud computing, and cryptography.

How much does the CEH certification cost?

The CEH exam voucher costs approximately $1,199-$1,699 when purchased with official EC-Council training. Self-study candidates can apply for an eligibility application ($100) and purchase the exam separately ($950). CEH Practical (6-hour hands-on lab exam) costs $550. CEH Master requires passing both exams.

What are the CEH v13 new features?

CEH v13 introduces AI-powered ethical hacking tools and techniques, expanded cloud security coverage (AWS, Azure, GCP), enhanced IoT and OT hacking modules, updated web application attack vectors, modern malware analysis techniques, and hands-on labs with the latest hacking tools. The curriculum covers over 550 attack techniques across 20 modules.

What are the CEH eligibility requirements?

To sit for the CEH exam without training, you need 2+ years of information security experience and must pay a $100 eligibility application fee. Alternatively, you can attend official EC-Council training (live, online, or through an accredited partner) which waives the eligibility requirement.

How do I maintain my CEH certification?

CEH certification is valid for 3 years. To maintain it, you must earn 120 ECE (EC-Council Continuing Education) credits within the 3-year period and pay an $80 annual membership fee. ECE credits can be earned through training, conferences, teaching, research, and other professional activities.

What is the difference between CEH ANSI and CEH Practical?

CEH ANSI is a 4-hour, 125-question multiple-choice exam testing theoretical knowledge. CEH Practical is a 6-hour hands-on exam where candidates must demonstrate skills in a live lab environment performing ethical hacking tasks. CEH Master is awarded to those who pass both exams. CEH Practical tests actual hands-on ability rather than just knowledge.

What jobs can I get with a CEH certification?

CEH certification prepares you for roles including Ethical Hacker, Penetration Tester, Security Analyst, SOC Analyst, Vulnerability Assessor, Security Consultant, and Red Team Member. CEH is recognized by the DoD 8140 (8570) for cybersecurity positions and is often required for government cybersecurity contracts.