CEH v13 Domain 4.2 Practice Test 003

By /

This practice test covers Domain 4 (Network and Perimeter Hacking) Subdomain 2 (Social Engineering) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 4.2 Practice Test 003
10 questions • 8 single-answer, 2 multi-select
Question 1
Clark, a red team operator, creates a fabricated identity as a third-party IT auditor and calls an enterprise's help desk to convince an agent to reveal Active Directory credentials for 'compliance verification.' He uses company-specific jargon and references the name of a real manager to appear credible. Which social engineering technique does Clark's approach best exemplify?
    Question 2
    A security analyst is reviewing an incident report where an attacker sent fraudulent emails disguised as a bank's official communication, containing a link to a fake login page designed to harvest credentials from any recipient who clicked. The analyst must categorize this attack for the incident response database. Which social engineering technique should the analyst record?
      Question 3
      Select all that apply
      A security awareness trainer is developing a module on social engineering attack vectors commonly used against enterprise employees and needs to distinguish techniques by their delivery channel. The trainer wants to specifically highlight the two techniques that involve direct impersonation or real-time voice-based deception. Which two techniques should be featured? (Choose two)
        Question 4
        Kevin, a social engineer, discovers that an employee named Sarah frequently shares work updates on LinkedIn and has publicly listed her manager's name and current project details. Kevin uses this information to craft a highly personalized email that references her current project and appears to come from her manager, tricking Sarah into clicking a malicious link. Which type of phishing attack did Kevin execute?
          Question 5
          A disgruntled database administrator at a healthcare organization begins exfiltrating patient records to an external USB drive over several weeks while still employed and retaining full system access. The security team identifies the breach only after the administrator resigns and a routine audit of access logs is performed. Which type of insider threat does this scenario describe?
            Question 6
            An attacker systematically monitors a target organization's social media accounts, LinkedIn profiles, and job postings to map employee names, roles, and reporting relationships before launching a targeted campaign. This intelligence-gathering phase is specifically intended to increase the credibility and personalization of a subsequent social engineering attack. Which concept best describes what the attacker is performing?
              Question 7
              Elijah creates a fake LinkedIn profile impersonating a senior recruiter from a well-known technology company and sends connection requests to employees at a target organization. After establishing connections, he sends direct messages directing recipients to complete a 'skills assessment' hosted on a credential-harvesting website. Which social engineering technique is Elijah primarily using?
                Question 8
                Select all that apply
                A Chief Security Officer is designing a social engineering awareness program for a 500-person financial organization following a successful pretexting attack that resulted in unauthorized wire transfers by a manipulated employee. The CSO needs to select countermeasures that address both the human factor and the procedural gaps that allowed the attack to succeed. Which two countermeasures would most effectively reduce susceptibility to future social engineering attacks? (Choose two)
                  Question 9
                  A security team at a financial firm notices an unknown individual gaining repeated access to secure floors by closely following badge-holding employees through controlled entry points during busy morning hours. Employees confirmed they held the door open for the individual out of politeness each time, not realizing they were facilitating unauthorized access. Which physical social engineering technique was used?
                    Question 10
                    Jane, a social engineer, obtains a target's personal details including Social Security Number and credit card information through a combination of phishing emails and dumpster diving through discarded bank statements. She then uses this information to open fraudulent credit accounts and make unauthorized purchases in the target's name without the victim's knowledge. Which category of attack does Jane's complete multi-stage campaign represent?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top