The Cybersecurity Trail

A path to cyber mastery

EC-Council CEH Practice Tests

CEH v13 Domain 5.1 Practice Test 001

ByThe Test Master

Apr 15, 2026 #CEH, #EC-Council, #hacking, #web servers

Welcome to this CEH v13 practice test!

This practice test covers Domain 5 (Web Application Hacking) Subdomain 1 (Hacking Web Servers) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link.

CEH v13 Domain 5.1 Practice Test 001
10 questions • 8 single-answer, 2 multi-select
CEH v13 (312-50v13) • Domain 5: Web Application Hacking — Sub-Domain 5.1: Hacking Web Servers
Question 1
A penetration tester discovers that a web server allows users to access backup files such as config.php~ and index.bak. These files contain sensitive configuration details. What vulnerability is being exploited in this scenario?
    Question 2
    During a web server assessment, an ethical hacker uses Netcat to manually connect to port 80 and sends crafted HTTP requests to observe server responses. What technique is the tester performing?
      Question 3
      A tester identifies that a web server accepts HTTP PUT requests and allows arbitrary file uploads. The tester uploads a web shell and executes commands remotely. What type of vulnerability is this?
        Question 4
        An attacker performs reconnaissance and discovers that a web server reveals detailed error messages, including stack traces and file paths. How can this information be used in further attacks?
          Question 5
          A penetration tester runs a Nikto scan against a web server and identifies several outdated components and insecure configurations. What is the main advantage of using Nikto in this scenario?
            Question 6
            Select all that apply
            A penetration tester wants to enumerate hidden directories and files on a target web server. Which TWO tools are most appropriate for this task? (Choose two)
              Question 7
              During testing, an ethical hacker finds that default credentials are still enabled on a web-based administrative panel. What is the most immediate risk associated with this issue?
                Question 8
                A tester identifies that a web application allows users to upload images, but fails to validate file types properly. The tester uploads a PHP shell disguised as an image. What vulnerability is being exploited?
                  Question 9
                  An attacker manipulates HTTP headers to gather information about a web server’s software and version. Which technique does this describe?
                    Question 10
                    Select all that apply
                    A security analyst is reviewing a web server and wants to identify common misconfigurations that attackers could exploit. Which TWO issues represent typical web server misconfigurations? (Choose two)
                      Answered: 0/10

                      Related Post

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 2.2 Practice Test 002

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 2.1 Practice Test 002

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 1.1 Practice Test 002

                      Leave a Reply

                      Your email address will not be published. Required fields are marked *

                      You missed

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 2.2 Practice Test 002

                      April 16, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 2.1 Practice Test 002

                      April 16, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 1.1 Practice Test 002

                      April 16, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 9.1 Practice Test 001

                      April 16, 2026 The Test Master