CEH v13 Domain 4.3 Practice Test 004

This practice test covers Domain 4 (Network and Perimeter Hacking) Subdomain 3 (Denial-of-Service) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 4.3 Practice Test 004

10 questions • 8 single-answer, 2 multi-select

Question 1

Elijah floods a target server with a high volume of connection requests using spoofed source addresses and never completes the final handshake step. The server's connection table fills with half-open entries until legitimate users are refused. Which attack technique is Elijah performing?

A. ARP poisoning B. DNS cache poisoning C. SYN flood D. Session replay

Question 2

An analyst observes small spoofed queries sent to open resolvers that return responses many times larger to the victim's address. The victim is overwhelmed by traffic it never requested while the resolvers act as unwitting relays. Which DDoS category does this describe?

A. Privilege escalation B. Fragmentation attack C. Reflection and amplification attack D. Brute-force attack

Question 3

Select all that apply

A security team is documenting infrastructure used to coordinate large distributed attacks from thousands of compromised hosts. They need to identify the components that let an operator issue commands to the infected fleet. Which two elements are core to this infrastructure? (Choose two)

A. Bot agents on zombies B. Honeytoken C. Command-and-control server D. TLS certificate pinning E. Network tap

Question 4

Jane opens many connections to a web server and sends partial request headers very slowly, adding a single line just before each timeout. This keeps worker threads tied up indefinitely with minimal bandwidth on her side. Which attack is Jane using?

A. Ping of death B. Teardrop attack C. Smurf attack D. Slowloris attack

Question 5

An attacker sends spoofed ICMP echo requests to a network's broadcast address using the victim's source IP. Every host on the segment replies to the victim, multiplying the traffic against it. Which classic attack does this match?

A. DNS tunneling B. MAC flooding C. SYN flood D. Smurf attack

Question 6

A penetration tester wants a simple GUI utility to generate high-volume TCP, UDP, and HTTP request floods against an authorized lab target. The tool is widely associated with volunteer-driven distributed campaigns and lacks source-address obfuscation. Which utility best fits this description?

A. Responder B. Wireshark C. LOIC D. Nikto

Question 7

Kevin sends a stream of fully valid HTTP GET requests to resource-heavy pages from a large botnet, mimicking real browsers. Bandwidth stays moderate, but the application tier and database collapse under request volume. Which attack class is this?

A. Protocol fragmentation attack B. Address spoofing scan C. Application-layer flood D. Volumetric ICMP flood

Question 8

Select all that apply

A defense team is hardening an enterprise edge against distributed flooding before a product launch. They want measures that absorb or filter malicious volume while keeping legitimate users served. Which two countermeasures directly address this goal? (Choose two)

A. Removing all firewall rules B. Upstream traffic scrubbing service C. Disabling password complexity D. Enabling directory listing E. Rate limiting and traffic shaping

Question 9

An OT engineer discovers that attackers pushed corrupted firmware to networked controllers, rendering the hardware permanently unusable until physical replacement. No traffic flood was involved; the damage targeted the device itself. Which attack does this represent?

A. Credential stuffing B. Reflection attack C. Permanent DoS (phlashing) D. Session hijacking

Question 10

A monitoring system flags inbound packets where the claimed total length exceeds the maximum allowed size, causing older hosts to crash during reassembly. The packets are malformed rather than merely numerous. Which legacy attack matches this signature?

A. NTP amplification B. DHCP starvation C. Ping of death D. HTTP POST flood

Related Posts

Leave a Comment Cancel Reply