How the CEH Practice Exam Works

This free CEH exam practice tool gives you a realistic test experience drawn from a database of 1,000 questions covering all 10 CEH v13 exam domains. Click Start Practice Exam and the tool instantly selects 25 random questions from across the full question bank. A 50-minute countdown timer begins — matching the proportional time pressure of the real Certified Ethical Hacker exam.

Answer each question by selecting one of the four multiple-choice options. You can scroll freely between questions and change your answers at any time before submitting. No answers are revealed during the exam — only after you click Submit Exam (or when the timer expires) will the correct answers, your choices, and a detailed explanation for every question appear.

The results screen shows your percentage score against the 70% pass threshold, a breakdown of correct, wrong, and skipped answers, time used, and a domain-by-domain performance bar chart identifying the specific areas where you lost points — so you know exactly where to focus your study.

What the CEH Exam Covers — 10 Domains

The EC-Council Certified Ethical Hacker (CEH) v13 certification tests knowledge across 10 core domains. Our question bank has 100 questions per domain.

1. Footprinting & Reconnaissance

Passive and active information gathering techniques, OSINT tools (Maltego, theHarvester, Recon-ng), DNS footprinting, WHOIS, Google dorking, Shodan, and social media intelligence. Understanding how attackers map target infrastructure before launching attacks.

2. Scanning & Enumeration

Nmap scan types (SYN, ACK, FIN, Xmas, NULL, Idle), OS fingerprinting, service version detection, NSE scripts, NetBIOS and SMB enumeration with enum4linux, LDAP enumeration, SNMP walking, and SMTP user enumeration techniques.

3. System Hacking & Malware Threats

Password attack types (brute force, dictionary, rainbow tables, credential stuffing), privilege escalation (Windows/Linux), maintaining access via backdoors and Trojans, Meterpreter post-exploitation, Mimikatz credential dumping, rootkits, ransomware, keyloggers, fileless malware, and covering tracks.

4. Sniffing & Social Engineering

Active vs passive sniffing, ARP poisoning, MAC flooding, MITM attacks, SSL stripping, Wireshark and Ettercap, phishing, vishing, smishing, spear phishing, pretexting, baiting, DHCP starvation, DNS poisoning, and social engineering countermeasures.

5. Web Application Security & SQL Injection

OWASP Top 10 (2021), SQL injection types (UNION, blind, time-based, error-based), XSS (stored, reflected, DOM), CSRF, XXE, SSRF, command injection, file inclusion, broken authentication, IDOR, directory traversal, Burp Suite, SQLMap, and WAF bypass techniques.

6. Wireless, Mobile & IoT Hacking

WEP/WPA2/WPA3 weaknesses, PMKID and four-way handshake capture with Aircrack-ng, evil twin attacks, Karma attack, WPS Pixie Dust, KRACK, Android rooting, iOS jailbreaking, SSL pinning bypass, APK reverse engineering, Bluetooth attacks (BlueSnarfing, BlueBugging), IoT firmware analysis, and MQTT security.

7. DoS, Session Hijacking & IDS Evasion

SYN flood, Smurf, Ping of Death, UDP flood, Slowloris, RUDY, volumetric vs application DDoS, amplification attacks (DNS, NTP, Memcached), TCP session hijacking, session fixation, cookie stealing, IDS evasion (fragmentation, TTL manipulation, encoding), Snort, Suricata, SIEM, honeypots, and firewalls (stateful, NGFW, WAF).

8. Cryptography & PKI

Symmetric (AES, DES, 3DES) vs asymmetric (RSA, ECC) encryption, hashing (MD5, SHA-256, SHA-3), digital signatures, PKI and certificate authorities, TLS/SSL handshake, forward secrecy, HMAC, Diffie-Hellman, ECDHE, password hashing (bcrypt, Argon2, PBKDF2), Heartbleed, POODLE, FREAK, and LOGJAM attacks.

9. Cloud Security, Vulnerability Analysis & Pen Testing

Shared responsibility model, S3 misconfiguration, IAM privilege escalation, cloud metadata API abuse (SSRF to 169.254.169.254), CVSS scoring, Nessus, OpenVAS, black/ white/grey box testing, PTES methodology, OWASP Testing Guide, STRIDE threat modelling, container escape, Kubernetes RBAC, SAST/DAST/SCA, and responsible disclosure.

10. Ethics, Laws & Compliance

EC-Council Code of Ethics, CFAA, UK Computer Misuse Act, GDPR, HIPAA, PCI-DSS pen testing requirements, rules of engagement, NDAs, scope definition, responsible disclosure timelines, CEH exam format, CVSS, CVE, NIST SP 800-115, ISO 27001, and the five phases of ethical hacking.

CEH Exam Format & Requirements

The EC-Council Certified Ethical Hacker (CEH) exam consists of 125 multiple-choice questions with a 4-hour time limit. The passing score varies by exam form (typically 60–85%, commonly around 70%). The exam is available as a proctored online exam through EC-Council’s ECC Exam Centre or Pearson VUE testing centres worldwide.

Prerequisites: Candidates should have at least two years of information security work experience, or complete the official EC-Council CEH training programme. The certification is accredited by ANSI and recognised by NICE, DoD 8570/8140, and numerous government and enterprise security frameworks.

Tips for Passing the CEH on Your First Attempt

• Understand the five phases: Reconnaissance → Scanning → Gaining Access → Maintaining Access → Covering Tracks. Every domain maps back to one of these phases.
• Know your tools by function: CEH exams frequently ask which tool is used for a specific task. Learn Nmap, Metasploit, Wireshark, Aircrack-ng, Burp Suite, Mimikatz, and Maltego by purpose — not just by name.
• Memorise port numbers: SSH (22), FTP (21), SMTP (25), DNS (53), HTTP (80), SMB (445), RDP (3389), LDAP (389), MySQL (3306), MSSQL (1433).
• Study OWASP Top 10 thoroughly: Web application security makes up a significant portion of CEH questions, and OWASP definitions are frequently quoted verbatim.
• Take timed practice sessions: Use this tool regularly. The 50-minute timer on 25 questions trains you to allocate roughly 2 minutes per question — the same pace as the real exam.
• Read every explanation: Even for questions you answered correctly, the explanations in this tool often contain nuances that appear in exam variations.
• Focus on your weak domains: Use the domain breakdown on the results screen to identify and systematically target your weakest areas before exam day.

Frequently Asked Questions

How many questions are in the CEH practice database?

The practice database contains 1,000 questions — 100 per each of the 10 CEH v13 domains. Every session draws 25 different questions at random, so you can retake the exam many times without seeing the same set.

Is this CEH practice test free?

Yes, completely. No account, sign-up, or payment is required. Click Start Practice Exam and begin immediately.

When are the correct answers shown?

Answers are hidden throughout the exam and revealed only after you click Submit Exam or the 50-minute timer expires — matching the format of the real CEH test so you can assess your actual readiness.

What does the domain breakdown show?

After submitting, the results screen displays a bar chart showing your score in each CEH domain that appeared in your session. Domains where you scored below 70% are highlighted in red, giving you a clear study roadmap.

What version of CEH does this cover?

Questions are aligned with CEH v13 (2025–2026 blueprint), covering all current domains including cloud hacking, IoT and OT security, AI-assisted attacks, and the latest web application security techniques.

How is the passing score calculated?

This tool uses 70% as the pass/fail threshold (18 out of 25 questions correct). The actual CEH exam uses a variable passing score depending on the exam form — typically between 60% and 85%.

Related SecurityElites Tools