Certified Ethical Hacker Cheat Sheet 2026

The 30 highest-yield Certified Ethical Hacker facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

125 questions
240 min time limit
70.00% to pass
  1. An ethical hacker wants to detect a previously unknown malware sample by observing its runtime behavior in an isolated environment. This is called what? Dynamic (sandbox) analysis
  2. A tester captures a service's response containing version and OS hints by connecting to an open port. This is called what? Banner grabbing
  3. Which command-line tool is primarily used for querying DNS records such as MX records to identify a domain's mail servers? nslookup
  4. In 2004, Johnny Long popularized a footprinting technique using the manipulation of a search string to identify vulnerabilities. Google Hacking
  5. How does a signature-based IDS detect attacks? By matching traffic against a database of known attack patterns
  6. Which testing approach examines a running application without source code access? DAST
  7. Which security concept ensures that cloud provider employees cannot access customer data without authorization? Separation of Duties
  8. Which tool is commonly used for session hijacking and man-in-the-middle attacks on a LAN? Ettercap
  9. Which attack technique do attackers use to steal session cookies by injecting a script into a vulnerable web application? Cross-Site Scripting (XSS)
  10. What is the purpose of 'fuzzing' in vulnerability research? Sending malformed or random data to an application to discover crashes and bugs
  11. Which type of testing occurs when individuals know the entire layout of the network? White box
  12. What information can an attacker extract by analyzing the headers of an email received from a target organization? Internal IP addresses, mail server names, and email routing paths
  13. Which Nmap timing template is the most aggressive and fastest? -T5 (insane)
  14. A user receives a fraudulent email impersonating their bank to steal credentials. This is an example of: Phishing
  15. An attacker captures and retransmits a valid encrypted authentication token. What attack is this? Replay attack
  16. Which technique uses an authoritative-looking but malicious phone charging station or cable to compromise mobile devices in public? Juice jacking
  17. Which attack involves sending unsolicited messages to nearby Bluetooth devices? Bluejacking
  18. Why is ECB mode generally discouraged for encrypting large amounts of data? Identical plaintext blocks produce identical ciphertext
  19. What distinguishes an IPS from an IDS? An IPS can actively block or drop malicious traffic
  20. What does the acronym DMZ stand for in network security? Demilitarized Zone
  21. Stan wiretapped his ex-girlfriend's phone to monitor her current partner. What is an example of wiretapping? Sniffing
  22. A penetration tester wants legal protection clarifying they are authorized to test. Which agreement is most relevant? Get-out-of-jail-free / authorization letter
  23. A polymorphic virus evades antivirus primarily by doing what on each infection? Changing its decryption routine/code signature
  24. Which exploitation countermeasure randomizes the memory layout of a process to prevent attackers from predicting where to redirect code execution? ASLR (Address Space Layout Randomization)
  25. Which malware hides its presence and maintains privileged access at a deep system level? Rootkit
  26. What is 'ARP spoofing' primarily used for in session hijacking attacks on a LAN? Associating the attacker's MAC with a legitimate IP to intercept traffic
  27. Which phase of the CEH hacking methodology comes immediately after gaining access? Maintaining access
  28. Which attack targets the human element rather than technical vulnerabilities? Social engineering
  29. Which of the following BEST mitigates risk from lost or stolen laptops containing sensitive data? Full-disk encryption
  30. An IoT device ships with the default credentials admin/admin and exposes Telnet. Which botnet famously exploited this pattern? Mirai