CEH v13 Domain 7.2 Practice Test 004

By /

This practice test covers Domain 7 (Mobile Platform, IoT, and OT Hacking) Subdomain 2 (IoT and OT Hacking) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 7.2 Practice Test 004
10 questions • 8 single-answer, 2 multi-select
Question 1
A penetration tester wants to locate internet-exposed IoT devices like webcams and routers without sending packets to them directly. He queries an online service that indexes service banners from connected devices worldwide. Which resource is he using?
    Question 2
    During an OT assessment, an analyst captures traffic between a PLC and an HMI and notices the messages carry no authentication or encryption. She realizes any node on the segment can issue commands to the controller. Which industrial protocol exhibits this weakness?
      Question 3
      Jane investigates a massive DDoS that originated from thousands of compromised cameras and DVRs running factory passwords. The malware scanned for open Telnet ports and logged in using a built-in credential list. Which botnet is most consistent with this behavior?
        Question 4
        Select all that apply
        A security team is hardening a fleet of smart building sensors after a breach. They want measures that directly reduce the attack surface exposed by weak factory settings and unpatched code. Which two actions best address these issues? (Choose two)
          Question 5
          An attacker targets a lightweight publish-subscribe messaging standard widely used between IoT sensors and brokers over TCP. He subscribes to wildcard topics on an unsecured broker and harvests all sensor data. Which protocol is being abused?
            Question 6
            Clark studies a historic worm that spread via USB drives and reprogrammed Siemens PLCs to damage uranium enrichment centrifuges while hiding its activity from operators. The malware targeted a specific industrial control configuration. Which malware does this describe?
              Question 7
              During the first phase of an IoT penetration test, Kevin collects device details such as FCC IDs, chipsets, and firmware versions from public databases. He performs no active interaction with the target hardware yet. Which methodology phase is this?
                Question 8
                Select all that apply
                An OT security consultant lists threats unique to aging industrial control systems compared with typical IT networks. She focuses on issues stemming from long device lifecycles and communication standards built without security. Which two are characteristic OT concerns? (Choose two)
                  Question 9
                  An analyst connects to exposed UART pins on a smart lock's circuit board to dump its stored code for analysis. She obtains a serial console and extracts the unencrypted image directly from the chip. Which type of attack is this?
                    Question 10
                    A red teamer captures the signal from a wireless key fob, blocks the receiver so the original command never arrives, then resends the stored code later to unlock the vehicle. This defeats rolling-code protection. Which attack technique is this?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top