CEH v13 Domain 6.1 Practice Test 003

By /

This practice test covers Domain 6 (Wireless Network Hacking) Subdomain 1 (Hacking Wireless Networks) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 6.1 Practice Test 003
10 questions • 8 single-answer, 2 multi-select
Question 1
Elijah has captured a large number of IVs during a wireless network audit and is attempting to recover the WEP key. He loads the captured file into a tool that performs FMS, KoreK, and PTW statistical attacks against the weak IVs to derive the encryption key. Which tool is Elijah most likely using?
    Question 2
    A penetration tester discovers that a target enterprise network is using WPA2-Personal with a predictable passphrase. She captures the 4-way handshake during a deauthentication attack and plans to run an offline dictionary attack against the captured handshake file. Which tool is most appropriate for this task?
      Question 3
      Jane is assessing a hospital's Bluetooth security posture and identifies a medical device broadcasting in discoverable mode. She connects to it without authentication and extracts calendar entries, contacts, and messages stored on the device without the owner's knowledge. What type of Bluetooth attack did Jane perform?
        Question 4
        Select all that apply
        A security team investigating a wireless incident finds that corporate laptops were associating with unauthorized access points and having their credentials harvested. Log analysis reveals two distinct attacker behaviors: one group of devices connected to an AP cloning the corporate SSID with a stronger signal, while another group auto-connected to an AP that had responded to each device's individual network probe requests. Which two wireless attack techniques best explain these two observed behaviors? (Choose two)
          Question 5
          Clark, a red team operator, configures an access point broadcasting the same SSID and a spoofed BSSID as a legitimate corporate Wi-Fi network, then boosts its signal strength to force nearby clients to associate with it. After clients connect, he intercepts all traffic passing through his rogue gateway and harvests credentials. What attack technique is Clark executing?
            Question 6
            An enterprise security analyst reviews wireless logs and finds evidence of a tool operating in monitor mode while channel-hopping across all available frequencies. The tool passively collects SSIDs, BSSIDs, signal strengths, channel assignments, and encryption types from nearby access points without transmitting any wireless frames. Which tool is most likely being used to perform this passive wireless reconnaissance?
              Question 7
              A penetration tester targeting a WPA2-Personal network places her wireless interface in monitor mode and captures a single management frame directly from the access point — without waiting for any clients to connect or authenticate. She performs an offline attack against a value extracted from that frame, successfully recovering the network passphrase from a wordlist. Which attack technique did she employ?
                Question 8
                Select all that apply
                A penetration tester needs to forcibly disconnect clients from a target WPA2 access point in order to capture authentication traffic during re-association. She selects two tools from her wireless toolkit that are specifically designed to inject the type of 802.11 management frame that causes client disconnection. Which two tools are most commonly used for this wireless injection technique? (Choose two)
                  Question 9
                  Kevin identifies that a target router has Wi-Fi Protected Setup enabled with no account lockout policy, and he launches an automated online attack tool that targets this feature's authentication mechanism to ultimately recover the WPA2 passphrase. The router has no rate-limiting or lockout configured, allowing the tool to run to completion in a reasonable timeframe. Which tool is Kevin most likely using?
                    Question 10
                    A wireless security analyst investigating a WPA2 network compromise determines that the attacker was able to decrypt, replay, and forge traffic on the network without ever recovering the network passphrase. Further analysis confirms the vulnerability exploited was present in the WPA2 standard itself rather than in a weak passphrase or misconfiguration. Which WPA2 vulnerability is being exploited in this scenario?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top