PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free CPEH Practice Questions

Pass your Mile2 Certified Professional Ethical Hacker (C)PEH) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Not published Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

In the ethical hacking lifecycle, which phase immediately follows gaining access to a target system?

A
B
C
D
to track
Same family resources

Explore More Mile2 Cybersecurity Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Mile2 Certified AI Cybersecurity Officer (CAICSO)

Practice Questions

Mile2 Certified Cloud Security Officer (CCSO)

Practice Questions

Mile2 Certified Digital Forensics Examiner (CDFE)

Practice Questions

Mile2 Certified Disaster Recovery Engineer (CDRE)

Practice Questions

Mile2 Certified Information Systems Risk Manager (CISRM)

Practice Questions

Mile2 Certified Information Systems Security Officer (CISSO)

Practice Questions
2026 Statistics

Key Facts: CPEH Exam

100 MCQ

Exam Format

Mile2

70%

Passing Score

Mile2

~2 hours

Exam Duration

Mile2

3 years

Cert Validity

Mile2

10 modules

Course Modules

Mile2 CPEH Outline

MACS (online)

Exam Platform

Mile2

Mile2's C)PEH is a 100-question, 2-hour online exam requiring 70% to pass. It covers 10 modules aligned to the ethical hacking lifecycle including reconnaissance, cryptography, vulnerability scanning, web attacks, social engineering, wireless pentesting, and exploitation with Metasploit.

Sample CPEH Practice Questions

Try these sample questions to test your CPEH exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which of the following best describes the primary goal of ethical hacking?
A.To identify vulnerabilities before malicious actors can exploit them
B.To install backdoors for future administrative access
C.To perform denial-of-service attacks on competitor networks
D.To exploit systems for financial gain without authorization
Explanation: Ethical hacking (penetration testing) is performed with explicit authorization to find and report security weaknesses so they can be remediated before real attackers exploit them. The goal is defensive — strengthening security posture — not unauthorized access or harm.
2A penetration tester receives written authorization before starting an engagement. What document formalizes the scope, rules, and legal permission for the test?
A.Vulnerability Assessment Report
B.Statement of Work only
C.Non-Disclosure Agreement only
D.Rules of Engagement document
Explanation: The Rules of Engagement (RoE) document defines the scope, permitted techniques, testing windows, escalation procedures, and legal authorization for a penetration test. Without this document, testers lack the legal protection needed to conduct the engagement.
3In the ethical hacking lifecycle, which phase immediately follows gaining access to a target system?
A.Covering Tracks
B.Reconnaissance
C.Scanning and Enumeration
D.Maintaining Access
Explanation: The classic five-phase ethical hacking lifecycle is: Reconnaissance → Scanning/Enumeration → Gaining Access → Maintaining Access → Covering Tracks. After gaining initial access, the attacker phase is to maintain persistence or pivot further into the network.
4Which threat actor category is motivated primarily by ideological or political beliefs rather than financial gain?
A.Hacktivists
B.Script kiddies
C.Insiders
D.Cybercriminals
Explanation: Hacktivists are threat actors motivated by political, ideological, or social agendas. Groups like Anonymous have defaced websites or launched DDoS attacks to protest organizations or governments. Their primary motivation is not financial but rather to send a message or cause disruption for a cause.
5The CIA triad is the foundational model of information security. Which property ensures that data is accessible to authorized users when needed?
A.Authentication
B.Confidentiality
C.Integrity
D.Availability
Explanation: Availability ensures that systems, data, and services are accessible to authorized users when required. Attacks like DDoS directly target availability. Confidentiality protects data from unauthorized disclosure, and integrity ensures data has not been tampered with.
6Which access control model allows data owners to grant or restrict access to their resources based on their own discretion?
A.Attribute-Based Access Control (ABAC)
B.Mandatory Access Control (MAC)
C.Role-Based Access Control (RBAC)
D.Discretionary Access Control (DAC)
Explanation: Discretionary Access Control (DAC) allows the owner of a resource to decide who can access it. Windows NTFS permissions are a classic DAC example — a file owner can grant read or write access to other users at their discretion. This flexibility also makes it the most prone to misconfiguration.
7A security control that prevents an attack from occurring before it happens is classified as which type?
A.Compensating
B.Detective
C.Corrective
D.Preventive
Explanation: Preventive controls aim to stop a security event from occurring in the first place. Examples include firewalls, access control lists, and strong password policies. Detective controls identify incidents after they occur, while corrective controls reduce the impact after detection.
8During passive reconnaissance, which technique retrieves domain registration information such as registrant name, name servers, and registration dates without actively probing the target?
A.WHOIS lookup
B.Banner grabbing
C.ARP poisoning
D.Port scanning with Nmap
Explanation: WHOIS queries public registration databases to return domain ownership, registrant contact details, name servers, creation and expiration dates. This is entirely passive — the tester queries a third-party registry rather than the target's own infrastructure.
9A penetration tester uses the Google search query `site:target.com filetype:pdf` to find documents on a target's website. What is this technique called?
A.Google Dorking
B.SMTP enumeration
C.Shodan scanning
D.DNS zone transfer
Explanation: Google Dorking (also called Google hacking) uses advanced search operators such as `site:`, `filetype:`, `inurl:`, and `intitle:` to locate specific information indexed by Google. It is a powerful passive recon technique that can expose sensitive files, login pages, and misconfigurations without touching the target directly.
10Shodan is used during reconnaissance to discover which type of information?
A.Internet-connected devices and their exposed services, banners, and vulnerabilities
B.Physical locations of servers by correlating GPS data
C.Password hashes stored in Active Directory
D.Social media profiles of target employees
Explanation: Shodan is a search engine that continuously crawls and indexes internet-connected devices, returning banner information, open ports, software versions, and known vulnerabilities. It allows testers to discover exposed SCADA systems, webcams, routers, and servers without directly probing them.

About the CPEH Exam

The C)PEH teaches candidates to think like an attacker by covering the full ethical hacking lifecycle — from footprinting and enumeration through exploitation, wireless attacks, and web application vulnerabilities. It is Mile2's foundational entry into their penetration testing certification track.

Questions

100 scored questions

Time Limit

Approximately 2 hours

Passing Score

70% (70/100)

Exam Fee

Included in Mile2 course/exam combo; contact mile2.com for current pricing (Mile2 Cybersecurity Institute)

CPEH Exam Content Outline

10%

Introduction to Ethical Hacking

Hacker lifecycle phases, threat actor motivations, rules of engagement, and ethical frameworks

8%

Cybersecurity Foundation

CIA triad, access control models (DAC/MAC/RBAC), security control categories, and governance basics

15%

Reconnaissance and Enumeration

Passive vs. active recon, WHOIS, Google Dorking, Shodan, DNS/SMB/NetBIOS enumeration, and Nmap scanning

10%

Cryptography

Symmetric and asymmetric algorithms, hashing, digital signatures, password cracking, and quantum cryptography threats

10%

Vulnerability Scanning and Analysis

VA methodologies, CVSS scoring, Nessus credentialed scanning, false positives/negatives, and patch management

15%

Web and Application Attacks

OWASP Top 10 and API Top 10, SQL injection types, XSS, IDOR, CSRF, SSRF, LFI/RFI, and Burp Suite

12%

Exploitation and Post-Exploitation

Metasploit, msfvenom, Meterpreter, privilege escalation, credential dumping, pivoting, and cloud exploitation

8%

Social Engineering

Phishing, vishing, smishing, pretexting, baiting, USB drop attacks, and SET (Social Engineering Toolkit)

10%

Wireless Pentesting

Aircrack-ng suite, WEP/WPA/WPA2/WPA3 attack techniques, evil twin, deauth attacks, and WPS exploitation

2%

Evading IDS, Firewalls, and Honeypots

IDS vs IPS, firewall types, Nmap evasion techniques, payload obfuscation, and honeypot awareness

How to Pass the CPEH Exam

What You Need to Know

  • Passing score: 70% (70/100)
  • Exam length: 100 questions
  • Time limit: Approximately 2 hours
  • Exam fee: Included in Mile2 course/exam combo; contact mile2.com for current pricing

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

CPEH Study Tips from Top Performers

1Memorize the five ethical hacking phases (Recon → Scanning → Gaining Access → Maintaining Access → Covering Tracks) and the tools used in each
2Know Nmap flags: -sS (SYN scan), -sV (version), -O (OS detect), -f (fragment), -p- (all ports), --script vuln (NSE vuln scripts)
3Practice the OWASP Top 10 2021 order and understand how each vulnerability is exploited and mitigated
4Understand the Aircrack-ng workflow: airmon-ng → airodump-ng → aireplay-ng (deauth) → aircrack-ng with rockyou.txt
5Know the difference between symmetric (AES), asymmetric (RSA/ECC), hashing (SHA-256), and hybrid encryption (TLS) with real use-case examples

Frequently Asked Questions

What is the Mile2 CPEH exam format?

The CPEH exam consists of 100 multiple-choice questions delivered online through Mile2's Assessment and Certification System (MACS). Candidates have approximately 2 hours to complete the exam and must achieve a minimum score of 70% (70 correct out of 100) to earn certification.

What domains are covered on the CPEH exam?

The CPEH covers 10 modules: Introduction to Ethical Hacking, Cybersecurity Foundation, Reconnaissance and Enumeration, Cryptography, Vulnerability Scanning and Analysis, Web and Application Attacks, Exploitation and Post-Exploitation, Social Engineering, Wireless Pentesting, and Reporting and Ethics.

Is CPEH good for beginners in cybersecurity?

Yes. Mile2 positions the CPEH as the foundational entry into their penetration testing certification track. Mile2 recommends the C)SP certification or 12 months of IT/networking experience, but the course is designed to teach hacking concepts from the ground up. It is appropriate for security students and IT professionals beginning a security career.

How does the Mile2 CPEH compare to EC-Council CEH?

Both certifications cover ethical hacking fundamentals and the five-phase hacking lifecycle. The CEH (Certified Ethical Hacker) by EC-Council is more widely recognized and covers a broader and deeper set of attack techniques in its current version. The CPEH is a more compact, cost-effective alternative well-suited for foundational knowledge. Many employers recognize both certifications.

How long does Mile2 CPEH certification last?

Mile2 certifications are valid for 3 years. To maintain certification, holders must earn and submit 20 Continuing Education Units (CEUs) per year through their Mile2 account, and must pass the most current version of the exam upon renewal.

What tools should I know for the CPEH exam?

Focus on Nmap (port scanning and NSE scripts), Metasploit Framework (exploitation and Meterpreter), Aircrack-ng suite (wireless attacks), Burp Suite (web proxying), Google Dorking and Shodan (passive recon), Nessus (vulnerability scanning), SQLMap (SQL injection), and the Social Engineering Toolkit (SET). The course labs also cover Wireshark, Nikto, and hashcat.