CEH v13 Domain 1.1 Practice Test 003

By /

This practice test covers Domain 1 (Information Security and Ethical Hacking Overview) Subdomain 1 (Introduction to Ethical Hacking) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link.

CEH v13 Domain 1.1 Practice Test 003
10 questions • 8 single-answer, 2 multi-select
Question 1
A penetration tester is conducting an authorized engagement against a financial institution and has just successfully gained access to a critical internal server. The client wants to understand what phase comes next in the standard CEH hacking methodology. Which phase immediately follows 'Gaining Access' in the CEH five-phase hacking methodology?
    Question 2
    Clark is applying for a position at a cybersecurity firm and is asked to differentiate between types of hackers based on their intent and authorization level. His interviewer specifically asks which category operates with explicit written permission from the target organization. Which term best describes a hacker who tests systems legally with the organization's full knowledge and consent?
      Question 3
      An enterprise security team discovers that unauthorized users have been quietly reading confidential HR salary records stored in a corporate database for several weeks. The CISO needs to identify which core principle of information security has been violated to prioritize the remediation response. Which component of the CIA triad is primarily compromised in this scenario?
        Question 4
        Select all that apply
        Jane is designing an internal training session on CEH hacking methodology and needs to correctly identify which specific activities are performed during the Reconnaissance phase. She must choose all activities from the list that belong exclusively to this phase. Which of the following activities are performed during the Reconnaissance phase of ethical hacking? (Choose two)
          Question 5
          A compliance officer at a retail company is reviewing the organization's security obligations after a major payment card data breach affecting thousands of customers. She must identify the specific regulatory standard that governs the protection of cardholder data to determine which controls were required but absent. Which information security standard is most directly applicable to organizations that process, store, or transmit credit and debit card payment data?
            Question 6
            Elijah is a security consultant performing an authorized red team assessment and begins collecting domain registration records, employee names from LinkedIn, and IP address ranges from public WHOIS databases — all without directly contacting or probing the target's systems. His methodology strictly avoids generating any traffic detectable by the target's security tools at this stage. Which phase of the CEH hacking methodology does Elijah's current activity represent?
              Question 7
              A cloud security team hires an ethical hacker to test their AWS environment and before testing begins, both parties formalize the boundaries, permitted test windows, IP ranges in scope, and actions that are explicitly prohibited. This formal document is reviewed, negotiated, and signed prior to any testing activity. What is this document most commonly called in ethical hacking engagements?
                Question 8
                Select all that apply
                A security analyst is preparing a threat landscape report for the board of directors and must categorize which threat types originate from inside the organization's own perimeter and workforce. She must select all options from the list that qualify as internal threats under standard information security classification frameworks. Which of the following are classified as internal threats to an organization? (Choose two)
                  Question 9
                  Clark is documenting a post-incident analysis report and must classify the threat actor responsible for an attack in which a current employee with privileged database access deliberately exfiltrated customer PII records to sell to a competitor. The CISO requires the classification to align precisely with CEH-defined threat actor terminology. Which CEH term best describes this type of threat actor?
                    Question 10
                    A security architect is designing a comprehensive security strategy for an operational technology environment housing industrial control systems and SCADA infrastructure. She is tasked with recommending a security model that employs multiple overlapping defensive mechanisms so that if one control fails, others remain in place to protect critical assets. Which security model best describes the deliberate use of multiple, redundant layers of protection to reduce the likelihood and impact of a successful attack?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top