Ethical Hacking Study Guide 2026

Everything you need to pass the Ethical Hacking exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.

📋 Ethical Hacking Exam Format at a Glance

125
Questions
240 min
Time Limit
70.00%
Passing Score

📚 Ethical Hacking Topics to Study (23)

✍️ Sample Ethical Hacking Questions & Answers

1. What is 'shoulder surfing' in social engineering?
Physically observing a target's screen or keyboard to steal credentials

Shoulder surfing involves physically observing a person entering credentials or sensitive information, typically in public places like coffee shops or airports.

2. What is Windows token impersonation, and why is it valuable in privilege escalation?
Stealing a higher-privileged user's access token from a running process to execute commands with their privileges

Token impersonation steals the security token of a higher-privileged process (e.g., SYSTEM) and uses it to execute malicious commands with those elevated privileges.

3. What type of attack exploits the statistical probability that two people in a group share a birthday to find hash collisions faster than brute force?
Birthday attack

The birthday attack exploits the birthday paradox to find two inputs with the same hash significantly faster than expected, reducing the security of hash functions.

4. Which psychological principle does an attacker exploit when claiming 'Only 3 spots left — act now!' in a phishing email?
Scarcity

Scarcity exploits the fear of missing out (FOMO) by creating urgency, pressuring targets to act quickly without carefully evaluating the legitimacy of the request.

5. In the digital signature procedure, what algorithm is used?
MD5

Explanation: The MD5 message-digest technique, which produces a 128-bit hash value, is cryptographically broken yet nevertheless extensively used. Although MD5 was created with the intention of being used as a cryptographic hash function, it has been discovered to have numerous flaws.

6. What is process hollowing, and how does it differ from standard DLL injection?
Creating a legitimate process in a suspended state and replacing its entire memory image with malicious code

Process hollowing creates a legitimate process in suspended state, unmaps its code from memory, and injects malicious code that runs under the trusted process's identity to evade detection.

🎯 Free Ethical Hacking Practice Tests

📖 Ethical Hacking Guides & Articles

Your Ethical Hacking Study Path
1. Learn with Flashcards → 2. Drill Practice Tests → 3. Take the Full Exam Simulation