CEH Exam Questions with Answers PDF: Complete Practice Guide 2025
CEH (Certified Ethical Hacker) certification exam ki preparation ke liye practice questions bahut important hain. Yeh CEH exam questions guide aapko 2025 ke updated CEH v13 syllabus ke according prepared karega — ethical hacking concepts se lekar advanced attack techniques tak.
CEH Exam Overview 2025
CEH (Certified Ethical Hacker) EC-Council ka flagship certification hai jo ethical hacking skills ko globally validate karta hai. India mein yeh certification security roles ke liye widely recognized aur demanded hai.
CEH Exam Pattern
CEH exam pattern 2025 ke according:
- Total Questions: 125 multiple-choice questions
- Duration: 4 hours
- Passing Score: Approximately 60-85% (varies by exam form)
- Exam Format: Computer-based at authorized Pearson VUE centers ya online proctored
- Validity: 3 years (renewable through ECE credits)
CEH Eligibility
2 years of IT security experience with educational background OR completion of official EC-Council training program. Aapself-study kar rahe hain toh Eligibility Application form fill karna hoga official EC-Council website se.
Top CEH Exam Questions with Detailed Answers
Yeh CEH exam questions with answers comprehensive practice provide karte hain. Har question ke explanation ke saath concept clear hota hai.
Module 1: Ethical Hacking Concepts
**Q1. Which of the following best defines ethical hacking?**
A. Unauthorized testing of systems
B. Authorized simulation of attacks to find vulnerabilities
C. Creating malicious software
D. Cracking passwords without permission
Answer: B
Explanation: Ethical hacking authorized penetration testing hai jo written permission ke saath kiya jaata hai. Sirf authorized attacks ethical hacking hote hain. Unauthorized testing illegal hai.
**Q2. Which Indian law primarily governs cyber crimes and electronic transactions?**
A. IPC Section 420
B. IT Act 2000 and its amendments
C. DPDP Act 2023 only
D. Companies Act 2013
Answer: B
Explanation: Information Technology Act 2000 India ka primary cyber law hai. Isme cyber crimes, electronic signatures, digital records, aur cybersecurity incidents ki reporting define ki gayi hai. 2008 mein iska major amendment aaya tha.
**Q3. What does "rules of engagement" mean in penetration testing?**
A. Technical specifications of tools to use
B. Written authorization defining scope, timeline, and boundaries
C. Pricing agreement with the client
D. Network architecture details
Answer: B
Explanation: Rules of Engagement ek formal agreement hai jo penetration testing ki scope, timeline, target systems, methods allowed, aur boundaries define karta hai. Yeh document legal protection aur clear expectations dono provide karta hai.
Module 2: Reconnaissance and Footprinting
**Q4. Which OSINT tool is used for gathering email addresses and subdomains?**
A. Nmap
B. Burp Suite
C. theHarvester
D. Netstat
Answer: C
Explanation: theHarvester ek OSINT tool hai jo publicly available sources se email addresses, subdomains, employee names, aur virtual hosts gather karta hai. Google, Bing, Yahoo, aur Shodan jaise sources use karta hai.
**Q5. What is the primary purpose of WHOIS lookup?**
A. Network speed testing
B. Domain registration information retrieval
C. Password cracking
D. Email tracking
Answer: B
Explanation: WHOIS lookup domain ke registration details deta hai — registrant name, registrar, creation date, expiry date, aur nameservers. Yeh information reconnaissance ka important hissa hai.
**Q6. Google Dorking uses which operator to find specific filetype?**
A. site:
B. filetype:
C. inurl:
D. intitle:
Answer: B
Explanation: filetype: operator Google Dorking mein specific file types search karne ke liye use hota hai. Example: "filetype:pdf password" PDF files containing password dhundhega.
Module 3: Scanning and Enumeration
**Q7. Which Nmap scan type performs a "half-open" scan?**
A. -sT (TCP Connect)
B. -sS (TCP SYN)
C. -sU (UDP)
D. -sA (ACK)
Answer: B
Explanation: TCP SYN scan (-sS) ko half-open scan bhi kaha jaata hai kyunki yeh full TCP handshake complete nahi karta — sirf SYN packet bhejta hai aur SYN-ACK ka reply sunta hai, phir connection terminate kar deta hai.
**Q8. What does open port indicate during a port scan?**
A. Firewall is blocking the port
B. Service is actively accepting connections
C. Port is reserved by OS
D. Network cable is disconnected
Answer: B
Explanation: Open port ka matlab hai ki uss port par koi service listen kar rahi hai aur connections accept kar rahi hai. Yeh potential attack surface represent karta hai.
**Q9. NetBIOS enumeration typically targets which port?**
A. 80
B. 443
C. 139
D. 22
Answer: C
Explanation: NetBIOS enumeration port 139 (NetBIOS Session Service) par hota hai. Kuchh systems port 137 aur 138 par bhi respond karte hain. NetBIOS system names, user accounts, aur share information reveal kar sakta hai.
Module 4: System Hacking
**Q10. Which type of malware requires a host program to run?**
A. Virus
B. Worm
C. Trojan
D. Ransomware
Answer: A
Explanation: Virus ko host program ki zaroorat hoti hai — yeh legitimate program ya file mein attach hota hai aur jab host run hota hai tab virus bhi execute hota hai. Worms independently spread kar sakte hain bina host ki zaroorat.
**Q11. What is privilege escalation in the context of system hacking?**
A. Creating new user accounts
B. Gaining higher access rights than originally granted
C. Deleting system logs
D. Installing antivirus software
Answer: B
Explanation: Privilege escalation attacker ka limited access se higher privileges (root/admin) gain karna hai. Do types hain — Vertical (low to high user) aur Horizontal (same level ka different user ka data access).
**Q12. Which tool is commonly used for Windows password cracking from SAM database?**
A. Nmap
B. Mimikatz
C. Wireshark
D. Netcat
Answer: B
Explanation: Mimikatz Windows credentials ko extract karne ke liye widely used tool hai — passwords, hashes, PINs, aur Kerberos tickets. SAM (Security Account Manager) database Windows passwords ki hashes store karta hai.
Module 5: Sniffing and Social Engineering
**Q13. Which protocol does ARP spoofing exploit?**
A. TCP
B. UDP
C. ARP (Address Resolution Protocol)
D. HTTP
Answer: C
Explanation: ARP spoofing Address Resolution Protocol ki weaknesses exploit karta hai. Attacker forged ARP replies bhejkar MAC address aur IP address ka false mapping create karta hai taaki traffic attacker ke through ja sake.
**Q14. Which type of phishing targets high-profile individuals like CEOs?**
A. Spear phishing
B. Whaling
C. Smishing
D. Vishing
Answer: B
Explanation: Whaling specific targeting hai jo high-profile individuals (CEOs, CFOs, celebrities) ko target karta hai. Emails highly personalized hote hain aur usually financial transactions ya sensitive data ki demand karte hain.
**Q15. What is pretexting in social engineering?**
A. Creating a fake website
B. Fabricating a scenario to obtain information
C. Sending mass phishing emails
D. Cracking passwords using dictionaries
Answer: B
Explanation: Pretexting ek fabricated scenario create karna hai jisme attacker kisi trustworthy person ka role play karke sensitive information extract karta hai. Yeh face-to-face ya remote dono ho sakta hai.
Module 6: Web Application Attacks
**Q16. Which OWASP Top 10 vulnerability allows attacker to manipulate database queries?**
A. XSS
B. SQL Injection
C. CSRF
D. IDOR
Answer: B
Explanation: SQL Injection attacker ko database queries manipulate karne ki permission deta hai. Unsanitized user input query mein inject hota hai. SQL injection prevention India mein web security ka critical topic hai.
**Q17. Which HTTP method is used to update existing data on a server?**
A. GET
B. POST
C. PUT
D. DELETE
Answer: C
Explanation: PUT method server par existing resource ko update karne ke liye use hota hai. POST new resource create karta hai, GET data retrieve karta hai, DELETE data delete karta hai.
**Q18. Which XSS type stores malicious script permanently on the target server?**
A. Reflected XSS
B. Stored (Persistent) XSS
C. DOM-based XSS
D. Blind XSS
Answer: B
Explanation: Stored XSS mein malicious script server par permanently store hota hai — database mein. Jab koi user affected page view karta hai, script automatically execute hota hai. Comment sections aur user profiles common targets hain.
Module 7: Wireless Network Security
**Q19. Which security protocol should be considered minimum for WiFi networks?**
A. WEP
B. WPA
C. WPA2
D. Open
Answer: C
Explanation: WPA2 (Wi-Fi Protected Access II) minimum recommended security hai. WEP bahut weak hai aur easily crack kiya ja sakta hai. WPA2 AES encryption use karta hai jo substantially stronger hai.
**Q20. What is a rogue access point?**
A. Authorized AP in the network
B. Unauthorized AP that can capture network traffic
C. Mobile hotspot
D. Mesh network node
Answer: B
Explanation: Rogue access point ek unauthorized WiFi access point hai jo legitimate network ke close deploy kiya jaata hai taaki users ko connect karaya ja sake aur unka traffic capture kiya ja sake. Evil twin attack ka common tarika hai.
CEH Exam Preparation Tips 2025
CEH exam crack karne ke liye yeh strategies follow karein:
First, EC-Council official courseware aur CEH v13 labs thoroughly cover karein. Hands-on practice TryHackMe, HackTheBox, aur DVWA par regular karein. Ethical hacking concepts ke saath networking, Linux, aur programming fundamentals strong banayein. Mock exams practice karein time management aur question understanding ke liye. Cyber Defence ka CEH-aligned ethical hacking course aapko structured preparation provide karega.
CEH Exam Questions PDF Resources
Official EC-Council resources ke alawa yeh resources helpful hain:
CEH Practice Exams official EC-Council online practice exams provide karta hai. Books like "CEH Certified Ethical Hacker All-in-One Exam Guide" by Matt Walker comprehensive coverage deta hai. Online platforms jahan practice questions available hain unka regular practice karein.
CEH exam questions with answers seekhna sirf memorization nahi hai — concepts ko deeply understand karein taaki real scenarios mein apply kar sakein.