EC-Council · CEH v13

Certified Ethical Hacker (CEH v13) Practice Questions & Labs

The Certified Ethical Hacker (CEH v13) from EC-Council is one of the most recognized entry-to-mid-level offensive security certifications — covering reconnaissance, scanning, exploitation, post-exploitation, web app attacks, and more. CyberCertPrep gives you free exam-style practice questions plus access to hands-on labs, flashcards, cheat sheets, and exam simulations across all 20 CEH modules. Start free with 20 questions per cert (no card required) or upgrade to Premium for unlimited practice and the full 150+ lab scenarios.

Start Free — No Card Required See Premium Plans

20 free practice questions per cert · Cancel anytime on Premium

240 min

Exam Duration

70%

Passing Score

125

Max Questions

Exam Domains

What's covered on the CEH v13 exam

Domain	Exam Weight
Information Security & Ethical Hacking Overview	6%
Reconnaissance Techniques	12%
System Hacking Phases & Attack Techniques	18%
Network & Perimeter Hacking	14%
Web Application Hacking	16%
Wireless Network Hacking	6%
Mobile, IoT & OT Hacking	8%
Cloud Computing & AI Threats	10%
Cryptography & Social Engineering	10%

Sample CEH practice questions

Click to reveal answers

Question 1

During reconnaissance, an attacker uses `theHarvester -d example.com -b google` to gather email addresses and subdomains. This technique is BEST classified as:

AActive reconnaissance
BPassive reconnaissance (OSINT)
CVulnerability scanning
DSocial engineering

Question 2

An ethical hacker runs `nmap -sS -p- 10.0.0.5` against a target. What kind of scan is this?

ATCP Connect scan on port 80
BSYN (half-open) stealth scan across all 65,535 ports
CUDP scan on the first 1024 ports
DPing sweep

Question 3

Which of the following BEST describes a reflected XSS attack?

AMalicious script is permanently stored on the server and served to all visitors
BMalicious script is sent in a request (typically via URL) and echoed back in the response, executing in the victim's browser when they click the crafted link
CAttacker modifies the DOM in the victim's browser without touching the server
DAttacker injects SQL via a form field to read the user table

Question 4

An ethical hacker obtains a Windows password hash and cracks it offline. This attack is called:

APass-the-hash
BRainbow table attack
CKerberoasting
DCredential stuffing

Question 5

Which tool is PRIMARILY used for intercepting and modifying web application traffic during an assessment?

AWireshark
BBurp Suite
CNessus
DMetasploit

Unlock the full CEH question bank

Sign up free to start answering exam-style questions right away. Founding members get 10% off Premium with code LAUNCH10.

Start Free

Frequently asked questions

Is CyberCertPrep's CEH practice really free?+

Yes. The free tier gives you 20 CEH practice questions, flashcards, cheat sheets, and lab access forever — no credit card required. Premium ($8.99/mo) unlocks the full question bank, all 150+ hands-on labs (including web app attacks, malware analysis, and penetration testing), and exam simulation.

How many questions are on the CEH v13 exam?+

125 multiple-choice questions in 4 hours. Passing score varies (60-85%) depending on exam form, as EC-Council uses cut-score equating. There's also an optional CEH Practical (a 6-hour, 20-question hands-on exam) that together with the written earns you CEH Master status.

What topics does CEH v13 cover?+

20 modules: reconnaissance, scanning, enumeration, vulnerability analysis, system hacking, malware, sniffing, social engineering, DoS, session hijacking, evading IDS/firewalls/honeypots, web server hacking, web app hacking, SQL injection, wireless, mobile, IoT/OT, cloud, cryptography, and AI-related attacks (new in v13).

Do I need experience before taking CEH?+

EC-Council requires 2 years of information security work experience OR you must take official EC-Council training. The self-study path (like using CyberCertPrep) requires you to apply for the exam eligibility with proof of 2+ years of infosec experience.

CEH vs OSCP vs PenTest+: which should I take?+

CEH is broader but lighter on hands-on — recognized by HR and the DoD 8570 (baseline certification). OSCP is hands-on-only, 24-hour practical — much harder but carries enormous weight in offensive security roles. PenTest+ from CompTIA sits between them and is vendor-neutral. If you want a job-market credential fast, CEH; if you want the technical depth, OSCP; balanced middle ground, PenTest+.

How long should I study for CEH?+

With some IT/networking background: 6-10 weeks of focused prep. Without: 12-16 weeks. Aim for 80%+ on practice questions consistently before scheduling. The lab practice is where most candidates underinvest.

Do you have hands-on lab environments?+

Yes — Premium includes 150+ lab scenarios covering penetration testing, malware analysis, web app hacking, SQL injection, XSS, wireless attacks, and more. Many map directly to CEH module topics.

Can I cancel Premium anytime?+

Yes. Monthly and yearly subscriptions cancel anytime; your access continues until the end of the billing period.

Study tip: CEH is strong on breadth of attack knowledge — use CyberCertPrep's labs for the hands-on depth the written exam doesn't fully test, and to prep for the optional CEH Practical.

Ready to start practicing?

Free forever tier · 20 questions per cert · No credit card required

Start Free CEH Practice