CEH v13 Domain 3.1 Practice Test 001

Question 1

A penetration tester has been engaged to assess a large enterprise network prior to a scheduled audit. She runs a tool against the environment and receives output that categorizes discovered weaknesses into Critical, High, Medium, and Low severity ratings, cross-referenced with CVE identifiers and remediation recommendations. The client wants a formal deliverable they can present to their compliance team. What type of output has the penetration tester produced?

A. A penetration test report documenting successful exploits B. A vulnerability assessment report C. A threat intelligence brief D. A risk register

Question 2

Which of the following vulnerability assessment types is performed from the perspective of an unauthenticated external attacker with no prior knowledge of the target environment?

A. Credentialed assessment B. Internal assessment C. External assessment D. White-box assessment

Question 3

During a network security audit, an analyst uses Nessus to scan a range of IP addresses. The tool returns a finding flagged as Plugin ID 10863 with a CVSS score of 9.8, indicating a remotely exploitable vulnerability with no authentication required. Based on this output, how should the analyst classify this finding according to standard vulnerability severity ratings?

A. Medium B. High C. Low D. Critical

Question 4

Kevin, a security analyst, is tasked with assessing a web application server. He decides to use Nikto to scan the target. After the scan completes, Kevin reviews the results and notices entries referencing outdated software versions, default files, and misconfigurations. Which type of vulnerability assessment is Kevin performing?

A. Host-based assessment B. Application assessment C. Network assessment D. Database assessment

Question 5

Select all that apply

A penetration tester is selecting tools to conduct a comprehensive vulnerability assessment of an enterprise environment. The engagement scope includes network infrastructure, operating systems, and web applications. The tester needs tools capable of authenticated scanning, CVE mapping, and generating exportable reports for the client. Which TWO of the following tools are MOST appropriate for this purpose? (Select two.)

A. Aircrack-ng B. Nessus C. Metasploit Framework D. Qualys E. Wireshark

Question 6

A security team at a financial institution wants to run vulnerability scans that can identify missing patches, insecure configurations, and software version information at the operating system level — information that would not be available to an external attacker. The team has valid domain credentials available. Which scanning approach should the team use to achieve this level of visibility?

A. Passive scanning B. External unauthenticated scanning C. Credentialed (authenticated) scanning D. Manual penetration testing

Question 7

Clark, a professional hacker, has researched a target organization and discovered that they are running an unpatched version of Apache HTTP Server 2.4.49. He cross-references this against publicly available databases to confirm the exact vulnerability and its exploitability score before proceeding. Which of the following resources would BEST provide Clark with standardized vulnerability identifiers and scoring information for this specific finding?

A. OWASP Top 10 B. NVD (National Vulnerability Database) and CVE C. WHOIS records D. Shodan

Question 8

Which of the following BEST describes the difference between a vulnerability scan and a penetration test in the context of a security assessment?

A. A vulnerability scan requires physical access to the target, while a penetration test is performed remotely. B. A vulnerability scan identifies and classifies weaknesses without exploiting them, while a penetration test actively exploits vulnerabilities to demonstrate impact. C. A vulnerability scan is performed only on web applications, while a penetration test is performed only on network infrastructure. D. A vulnerability scan uses automated tools exclusively, while a penetration test is performed entirely by hand.

Question 9

An ethical hacker is tasked with evaluating the security posture of an OT (operational technology) environment at a manufacturing plant. The engagement requires identifying vulnerabilities without disrupting live industrial control systems. The tester must minimize scan aggressiveness to avoid crashing PLCs and SCADA systems. Which vulnerability assessment approach is MOST appropriate for this scenario?

A. Active unauthenticated scanning with full port range B. Passive vulnerability assessment C. Exploit-based verification scanning D. Denial-of-service simulation scanning

Question 10

Select all that apply

Jane is reviewing the output of a vulnerability assessment report for a medium-sized enterprise. She needs to prioritize remediation efforts for her team. The report contains dozens of findings across multiple severity levels. Which TWO factors should Jane use PRIMARILY to prioritize which vulnerabilities to remediate first? (Select two.)

A. The alphabetical order of the affected hostname B. The CVSS score of the vulnerability C. The date the vulnerability was first published in the NVD D. Whether the vulnerability is remotely exploitable with no authentication required E. The operating system vendor of the affected host

ByThe Test Master

Related Post

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

Leave a Reply Cancel reply

You missed

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

CEH v13 Domain 2.3 Practice Test 002