Text preview & study summary
CEH - Ethical Hacking Phases and Reconnaissance
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
Which type of scan involves sending an email with a **tracking pixel** to determine if the target opens the email, revealing their IP address and email client?
Explanation
Email tracking pixels (web bugs) are 1×1 invisible images embedded in HTML emails. When the recipient opens the email, their mail client loads the image from the attacker's server, revealing their IP address, email client, operating system, and time of open. Modern email clients (and corporate mail gateways) often block external image loading to prevent this reconnaissance technique.
Question 2
The technique of searching through a target organization's discarded papers, drives, and materials for sensitive information is called **[[blank1]] [[blank2]]**.
Explanation
Dumpster diving is a physical reconnaissance technique where attackers search trash bins for sensitive discarded materials: org charts, printed emails, hardware with data, old hard drives, network diagrams, or password lists. It is legal in many jurisdictions since discarded items are often considered public, but varies by location.
Question 3
**True or False:** A "black box" penetration test is when the tester has full knowledge of the target's infrastructure, including network diagrams and credentials.
Explanation
A black box test (or blind test) means the tester has no prior knowledge of the target — simulating an external attacker. White box testing provides full knowledge (source code, diagrams, credentials). Gray box testing provides partial knowledge (user credentials, some documentation). The CEH exam covers all three models.
Question 4
**True or False:** An **engagement letter** or **Rules of Engagement (RoE)** document is required before beginning a penetration test to define scope, methods, and legal authorization.
Explanation
The Rules of Engagement document establishes:
- Scope (which systems are in/out of bounds)
- Authorized techniques (social engineering, physical testing, etc.)
- Testing timeframes
- Emergency contacts and escalation procedures
- Legal authorization
Without written authorization, penetration testing activities are illegal under computer crime laws (CFAA in the US, CMA in the UK, etc.).
Question 5
**OSINT** stands for Open Source [[blank1]] [[blank2]], and refers to collecting information from publicly available sources.
Explanation
OSINT encompasses all publicly available information: websites, social media, WHOIS records, DNS data, job postings, press releases, court filings, government databases, and more. Tools like Maltego, theHarvester, Shodan, and Recon-ng automate OSINT gathering.
