Exam Prep Latest Update Practice Questions and

Certified Ethical Hacker (CEH) V12 Exam Prep (Latest Update 2025 / 2026) Practice Questions and Verified Answers | Grade A | 100% Correct

Question:

Which of the following is a common IDS evasion technique?

• Subnetting
• Unicode characters
• Port knocking
• Spyware

Answer:

Unicode characters

Question:

Which of the following documents describes the specifics of the testing, the associated violations and essentially protects both the organization's interest and third-party penetration tester? 1 / 4

• Rules of engagement
• Project scope
• Non-disclosure agreement
• Service level agreement

Answer:

Rules of engagement

Question:

Alex, the system administrator, should check the firewall configuration. He knows that all traffic from workstations must pass through the firewall to access the bank's website. Alex must ensure that workstations in network 10.10.10.0/24 can only reach the bank website 10.20.20.1 using HTTPS. Which of the following firewall rules best meets this requirement?

• If (sources matches 10.20.20.1 and destination matches 10.10.10.0/24 and

port matches 443) then permit

• If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and

port matches 80 or 443) then permit

• If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port

matches 443) then permit

• / 4

• If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and

port matches 443) then permit

Answer:

If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

Question:

What is the name of the practice of collecting information from published or otherwise publicly available sources?

• Human intelligence
• Artificial intelligence
• Social intelligence
• Open-source intelligence

Answer:

Open-source intelligence

Question:

During the security audit, Gabriella used Wget to read exposed information

from a remote server and got this result:

Server: nginx/1.21.0

Date: Mon, 02 Aug 2021 13:29:13 EST 3 / 4

Content-Type: text/html

Content-Length: 5683

Last-Modified: Thu, 05 Jul 2021 17:44:09 EST

Connection: keep-alive

ETag: "5bb65169-1633"

Accept-Ranges: bytes

What is the name of this method of obtaining information?

• SQL injection
• XML External Entities (XXE)
• Banner grabbing
• Cross-site scripting

Answer:

Banner grabbing

Question:

An attacker gained access to a Linux host and stolen the password file from /etc/passwd. Which of the following scenarios best describes what an attacker can do with this file?

• The attacker can perform actions as root because the file reveals the

passwords to the root user only

• / 4