Text preview & study summary

CEH - Ethical Hacking Phases and Reconnaissance

A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.

Want to test your knowledge? Launch the Interactive Exam Simulator

Question 1

Which type of scan involves sending an email with a **tracking pixel** to determine if the target opens the email, revealing their IP address and email client?

Answer choices

  • A. DNS enumeration

  • B. Email tracking / web bug (Correct)

  • C. Passive DNS replication

  • D. Metadata harvesting

Explanation

Email tracking pixels (web bugs) are 1×1 invisible images embedded in HTML emails. When the recipient opens the email, their mail client loads the image from the attacker's server, revealing their IP address, email client, operating system, and time of open. Modern email clients (and corporate mail gateways) often block external image loading to prevent this reconnaissance technique.

Question 2

The technique of searching through a target organization's discarded papers, drives, and materials for sensitive information is called **[[blank1]] [[blank2]]**.

Explanation

Dumpster diving is a physical reconnaissance technique where attackers search trash bins for sensitive discarded materials: org charts, printed emails, hardware with data, old hard drives, network diagrams, or password lists. It is legal in many jurisdictions since discarded items are often considered public, but varies by location.

Question 3

**True or False:** A "black box" penetration test is when the tester has full knowledge of the target's infrastructure, including network diagrams and credentials.

Answer choices

  • A. True

  • B. False (Correct)

Explanation

A black box test (or blind test) means the tester has no prior knowledge of the target — simulating an external attacker. White box testing provides full knowledge (source code, diagrams, credentials). Gray box testing provides partial knowledge (user credentials, some documentation). The CEH exam covers all three models.

Question 4

**True or False:** An **engagement letter** or **Rules of Engagement (RoE)** document is required before beginning a penetration test to define scope, methods, and legal authorization.

Answer choices

  • A. True (Correct)

  • B. False

Explanation

The Rules of Engagement document establishes:

- Scope (which systems are in/out of bounds)

- Authorized techniques (social engineering, physical testing, etc.)

- Testing timeframes

- Emergency contacts and escalation procedures

- Legal authorization

Without written authorization, penetration testing activities are illegal under computer crime laws (CFAA in the US, CMA in the UK, etc.).

Question 5

**OSINT** stands for Open Source [[blank1]] [[blank2]], and refers to collecting information from publicly available sources.

Explanation

OSINT encompasses all publicly available information: websites, social media, WHOIS records, DNS data, job postings, press releases, court filings, government databases, and more. Tools like Maltego, theHarvester, Shodan, and Recon-ng automate OSINT gathering.