The Cybersecurity Trail

A path to cyber mastery

EC-Council CEH Practice Tests

CEH v13 Domain 4.4 Practice Test 001

ByThe Test Master

Apr 14, 2026 #CEH, #EC-Council, #session hijacking

Welcome to this CEH v13 practice test!

This practice test covers Domain 4 (Network and Perimeter Hacking) Subdomain 4 (Session Hijacking) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link.

CEH v13 Domain 4.4 Practice Test 001
10 questions • 8 single-answer, 2 multi-select
CEH v13 (312-50v13) • Domain 4: Network and Perimeter Hacking — Sub-Domain 4.4: Session Hijacking
Question 1
An ethical hacker is monitoring network traffic and captures a valid session cookie from a user authenticated to a web application. The hacker then uses this cookie to impersonate the user without needing their credentials. What type of attack is this?
    Question 2
    During a penetration test, a tester sets a known session ID in a victim's browser before authentication. After the victim logs in, the tester uses the same session ID to access the application. What attack technique is being demonstrated?
      Question 3
      A hacker intercepts traffic between a client and server and actively relays and possibly alters communication between them without their knowledge. This allows the attacker to capture session tokens and credentials. What type of attack is this?
        Question 4
        An attacker uses a tool like Ettercap to perform ARP poisoning on a local network and captures session cookies from HTTP traffic. The attacker then uses those cookies to access the victim's session. Which condition made this attack possible?
          Question 5
          A web application does not regenerate session IDs after user authentication. An attacker tricks a user into using a known session ID and later accesses the account. Which vulnerability does this represent?
            Question 6
            Select all that apply
            A security engineer wants to protect a web application from session hijacking attacks. Which TWO controls are MOST effective? (Choose two)
              Question 7
              An attacker analyzes a web application's session ID generation and finds it follows a predictable pattern. The attacker then guesses valid session IDs to gain unauthorized access. What type of attack is this?
                Question 8
                A penetration tester observes that a web application includes session IDs in URLs. These URLs are logged in browser history and server logs. What risk does this pose?
                  Question 9
                  An attacker captures a session token and reuses it later without modifying the communication stream. The server accepts the token and grants access. What type of attack is this?
                    Question 10
                    Select all that apply
                    An ethical hacker is evaluating session management mechanisms. Which TWO practices indicate weak session management? (Choose two)
                      Answered: 0/10

                      Related Post

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 2.2 Practice Test 002

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 2.1 Practice Test 002

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 1.1 Practice Test 002

                      Leave a Reply

                      Your email address will not be published. Required fields are marked *

                      You missed

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 2.2 Practice Test 002

                      April 16, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 2.1 Practice Test 002

                      April 16, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 1.1 Practice Test 002

                      April 16, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 9.1 Practice Test 001

                      April 16, 2026 The Test Master