PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free C|CT Practice Questions

Pass your EC-Council Certified Cybersecurity Technician (C|CT) — Exam 212-82 exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Not published Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

Which anti-forensics technique modifies file timestamps (creation, modification, access) to mislead investigators about when a file was created or altered?

A
B
C
D
to track
Same family resources

Explore More EC-Council Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

CEH

Practice QuestionsStudy GuideCheat SheetFlashcards1 video1 blog

CND

Practice Questions

EC-Council CEH Practical (312-50 Practical, 6-hr Cyber Range)

Practice Questions

EC-Council Certified Application Security Engineer (CASE .NET 312-95 / Java 312-96)

Practice Questions

EC-Council Certified Blockchain Professional (CBP)

Practice Questions

EC-Council Certified Chief Information Security Officer (CCISO 712-50)

Practice Questions

More From This Family

Videos and articles for deeper review.

VideoCEH v13 in 2026: A 12-Week Study System That Balances Theory, Labs, and Exam SpeedArticleCEH v13 in 2026: A 12-Week Study System That Balances Theory, Labs, and Exam Speed15 min read
2026 Statistics

Key Facts: C|CT Exam

60 questions

Exam Length

EC-Council

50 MCQ + 10 hands-on

Question Types

EC-Council

185 minutes

Time Limit

EC-Council

60%–85%

Adaptive Cut Score

EC-Council

22 modules

Topic Areas

EC-Council

85 labs

Official Hands-On Labs

EC-Council

The C|CT (212-82) is EC-Council's entry-to-intermediate certification for cybersecurity technicians. It has 60 questions (50 MCQ + 10 hands-on practical), a 185-minute time limit, and an adaptive passing score between 60% and 85%. It covers 22 topic areas spanning threats, network security, cryptography, monitoring, forensics, and risk management.

Sample C|CT Practice Questions

Try these sample questions to test your C|CT exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1An attacker sends unsolicited bulk email to thousands of recipients advertising a fraudulent product. Which threat category does this represent?
A.Spam
B.Phishing
C.Vishing
D.Smishing
Explanation: Spam refers to unsolicited bulk email messages, often used for advertising, scams, or distributing malware. While phishing is a targeted deceptive attack designed to steal credentials, spam is the broader category of unwanted commercial or fraudulent email sent in bulk.
2Which type of malware replicates itself across a network without requiring a host file or user interaction to spread?
A.Virus
B.Trojan
C.Rootkit
D.Worm
Explanation: A worm is self-replicating malware that propagates across networks automatically without needing to attach to a host file or any user action. Viruses require a host file and user interaction to spread; trojans disguise themselves as legitimate software; rootkits provide stealth persistence.
3An attacker intercepts communication between a client and server and relays altered messages to each party without their knowledge. What type of attack is this?
A.Man-in-the-Middle (MitM) attack
B.Replay attack
C.Session fixation
D.ARP spoofing
Explanation: A Man-in-the-Middle attack involves an adversary secretly intercepting and potentially altering communications between two parties who believe they are communicating directly with each other. ARP spoofing is one technique used to position an attacker as a MitM, while replay and session fixation are distinct attack subtypes.
4Which attack overwhelms a target system by sending ICMP echo requests from multiple compromised machines simultaneously?
A.Smurf attack
B.SYN flood
C.Ping of Death
D.Distributed Denial of Service (DDoS)
Explanation: A Distributed Denial of Service (DDoS) attack uses multiple compromised systems (a botnet) to flood a target with ICMP echo requests or other traffic simultaneously. A Smurf attack amplifies ICMP via broadcast addresses, a SYN flood targets TCP handshakes, and the Ping of Death sends oversized ICMP packets.
5An attacker exploits a software vulnerability that was publicly disclosed but has not yet been patched by the vendor. What is this called?
A.Zero-day exploit
B.Logic bomb
C.Backdoor
D.Privilege escalation
Explanation: A zero-day exploit targets a vulnerability that is publicly known or discovered by the attacker before the vendor has released a patch. The term 'zero-day' reflects that defenders have had zero days to remediate the flaw. Logic bombs trigger at a specific condition, backdoors provide covert access, and privilege escalation elevates permissions.
6Which social engineering technique involves creating a fabricated scenario to manipulate a victim into revealing information or performing an action?
A.Pretexting
B.Baiting
C.Tailgating
D.Shoulder surfing
Explanation: Pretexting involves constructing a fabricated scenario (the pretext) to convince a target to divulge information or take an action. Baiting uses physical or digital lures, tailgating is physical access by following an authorized person, and shoulder surfing is observing someone's screen or keyboard.
7An attacker captures a valid authentication token and reuses it later to gain unauthorized access. Which attack does this describe?
A.Replay attack
B.Pass-the-Hash
C.Credential stuffing
D.Brute force
Explanation: A replay attack captures a valid authentication credential or session token and retransmits it at a later time to impersonate the legitimate user. Pass-the-Hash is a specific type of replay targeting NTLM hashes, credential stuffing uses breached username/password pairs, and brute force tries all possible combinations.
8Which attack type embeds malicious code in a webpage that executes in the victim's browser when they visit a site, stealing cookies or redirecting users?
A.Cross-Site Scripting (XSS)
B.SQL injection
C.Cross-Site Request Forgery (CSRF)
D.Command injection
Explanation: Cross-Site Scripting (XSS) injects malicious scripts into web pages viewed by other users, allowing cookie theft, session hijacking, and redirection. SQL injection targets the database layer, CSRF tricks an authenticated user's browser into making unauthorized requests, and command injection executes OS-level commands.
9A threat actor uses a compromised insider account with legitimate credentials to exfiltrate sensitive data over weeks without triggering alerts. This best describes which threat category?
A.Insider threat
B.Advanced Persistent Threat (APT)
C.Botnet attack
D.Rootkit infection
Explanation: An insider threat involves a current or former employee, contractor, or partner who misuses legitimate access to harm the organization. Long-term, low-and-slow data exfiltration using legitimate credentials with an insider account is the hallmark of an insider threat. APTs are typically nation-state or sophisticated external actors, though they can use insider methods.
10Which type of ransomware attack encrypts files and additionally threatens to publish sensitive data publicly unless the ransom is paid?
A.Double extortion ransomware
B.Locker ransomware
C.Scareware
D.Crypto-jacking
Explanation: Double extortion ransomware first exfiltrates sensitive data, then encrypts it, threatening both to keep files encrypted and to publish the stolen data if the ransom is not paid. Locker ransomware only locks the user out of their system without encryption-and-publish threats. Scareware is fake security alerts, and crypto-jacking hijacks compute resources for mining.

About the C|CT Exam

EC-Council's entry-level cybersecurity certification covering 22 fundamental security domains with a blend of multiple-choice and hands-on practical questions, validated by 85 labs.

Questions

60 scored questions

Time Limit

185 minutes

Passing Score

60%–85% (adaptive cut score)

Exam Fee

Bundled with courseware; standalone voucher pricing varies — verify at eccouncil.org (EC-Council)

C|CT Exam Content Outline

11%

Information Security Threats and Attacks

Malware, social engineering, DoS/DDoS, web attacks, and zero-day exploitation

7%

Network Security Fundamentals

OSI and TCP/IP models, network devices, protocols, and network design concepts

23%

Network Security Controls

Administrative, physical, and technical controls; IAA; access control models; vulnerability assessment tools and methods

9%

Application Security and Cloud Computing

OWASP Top 10, cloud service and deployment models, container security, and WAF deployment

11%

Wireless, Mobile, IoT, and OT Security

Wi-Fi security protocols, wireless attacks, mobile threats, IoT vulnerabilities, and ICS/SCADA fundamentals

10%

Data Security and Cryptography

Symmetric and asymmetric encryption, PKI, hashing, DLP, data classification, and data sanitization

16%

Network Traffic Monitoring and Analysis

Wireshark, NetFlow, SIEM operations, IDS/IPS, log analysis, and anomaly detection

13%

Incident Response, Risk Management, Forensics, and BCDR

IR lifecycle, digital forensics methods, quantitative/qualitative risk, BIA, RTO/RPO, and business continuity

How to Pass the C|CT Exam

What You Need to Know

  • Passing score: 60%–85% (adaptive cut score)
  • Exam length: 60 questions
  • Time limit: 185 minutes
  • Exam fee: Bundled with courseware; standalone voucher pricing varies — verify at eccouncil.org

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

C|CT Study Tips from Top Performers

1Network Security Controls (23%) is the highest-weighted domain — prioritize IAA, access control models, CVSS scoring, and vulnerability scanning tools
2Network Monitoring and Analysis (16%) requires hands-on practice with Wireshark filters, SIEM log correlation, and Windows Event IDs
3Know the order of volatility for forensic evidence collection: CPU registers → RAM → network state → disk → archived logs
4For the hands-on section, practice with tools covered in the official labs: Wireshark, Nmap, Nessus, and Snort
5Memorize key CVSS v3.1 severity bands: Critical (9.0-10.0), High (7.0-8.9), Medium (4.0-6.9), Low (0.1-3.9)

Frequently Asked Questions

What is the EC-Council C|CT (212-82) exam format?

The C|CT exam (212-82) has 60 questions: 50 multiple-choice and 10 hands-on practical questions. Candidates have 185 minutes to complete it. The exam is delivered online via EC-Council's remote proctoring platform, with the practical section conducted in a virtual lab environment.

What is the passing score for the C|CT exam?

The C|CT uses an adaptive cut score ranging from 60% to 85%, depending on question difficulty. EC-Council does not publish a fixed passing percentage; the threshold adjusts based on the version of the exam delivered.

What are the prerequisites for the C|CT certification?

There are no formal prerequisites for the C|CT. EC-Council designed it as an entry-level credential; however, foundational IT and networking knowledge is strongly recommended. The official courseware includes 85 hands-on labs.

Which domains are covered on the C|CT 212-82 exam?

The C|CT covers 22 topic areas grouped into 8 domain categories: Information Security Threats and Attacks (11%), Network Security (7%), Network Security Controls (23%), Application Security and Cloud (9%), Wireless/Mobile/IoT/OT Security (11%), Data Security and Cryptography (10%), Network Monitoring and Analysis (16%), and Incident Response/Risk/Forensics/BCDR (13%).

How long should I study for the C|CT?

Most candidates with foundational IT experience should plan 100–150 hours. Priority areas by weight are Network Security Controls (23%), Network Monitoring and Analysis (16%), and IR/Risk/Forensics/BCDR (13%), which together account for more than half the exam.

Is the C|CT good for entry-level cybersecurity roles?

Yes. The C|CT is EC-Council's purpose-built entry-to-intermediate credential. Its blend of knowledge questions and hands-on practical tasks validates both theoretical understanding and basic technical ability across core cybersecurity domains, making it valuable for cybersecurity analyst and technician roles.