ceh-v13 prep questions. Jorge - [Link].
com/@itbestpractice2741
CEH v13 Practice Questions – Module 5:
Vulnerability Analysis
1. What is the primary goal of vulnerability analysis?
• A. Exploit known vulnerabilities
• B. Discover and classify security weaknesses
• C. Perform brute-force attacks
• D. Capture network traffic
Answer: B
2. Which of the following tools is widely used for vulnerability scanning?
• A. Nmap
• B. Nikto
• C. Nessus
• D. Netcat
Answer: C
3. Which type of vulnerability is most commonly found in web applications?
• A. Buffer overflow
• B. Cross-site scripting (XSS)
• C. Open SMTP relays
• D. Open SNMP ports
Answer: B
4. Which of the following represents a false positive in vulnerability scanning?
• A. A vulnerability detected and successfully exploited
• B. A vulnerability reported that does not exist
• C. A vulnerability discovered via banner grabbing
• D. A vulnerability used in a red team exercise
Answer: B
5. Which protocol is often scanned for default community strings in vulnerability analysis?
� ceh-v13 prep questions. Jorge - [Link]/@itbestpractice2741
• A. FTP
• B. SMTP
• C. SNMP
• D. RDP
Answer: C
6. Which tool helps identify outdated software and patch levels?
• A. Sqlmap
• B. Nikto
• C. Nessus
• D. Wireshark
Answer: C
7. What does CVE stand for?
• A. Common Vulnerabilities Enumeration
• B. Certified Vulnerability Expert
• C. Common Vulnerabilities and Exposures
• D. Computer Vulnerability Engine
Answer: C
8. Which vulnerability scanning tool is open-source?
• A. Nexpose
• B. Burp Suite Professional
• C. OpenVAS
• D. Qualys
Answer: C
9. What is a major drawback of automated vulnerability scanners?
• A. They don’t detect any vulnerabilities
• B. They require no configuration
• C. They may produce false positives and false negatives
• D. They can only run on Linux
Answer: C
� ceh-v13 prep questions. Jorge - [Link]/@itbestpractice2741
10. Which of the following is a benefit of performing regular vulnerability assessments?
• A. It prevents ransomware attacks
• B. It ensures compliance and reduces risk exposure
• C. It replaces the need for antivirus
• D. It guarantees 100% security
Answer: B
11. Which component of a vulnerability report helps in prioritizing risks?
• A. IP address of the host
• B. Scanner log files
• C. CVSS score
• D. File size of the target
Answer: C
12. What is the typical first step in a vulnerability assessment process?
• A. Exploitation
• B. Information gathering
• C. Reporting
• D. Patch deployment
Answer: B
13. Which term describes a vulnerability with no known patch or fix?
• A. Open vulnerability
• B. Zero-day
• C. Known error
• D. Buffer flaw
Answer: B
14. Which of these is typically NOT a vulnerability scanning category?
• A. Credentialed scan
• B. Non-credentialed scan
• C. Heuristic scan
• D. Exploit scan
� ceh-v13 prep questions. Jorge - [Link]/@itbestpractice2741
Answer: D
15. Which scanning approach involves using system credentials for deeper insight?
• A. Passive scan
• B. Active scan
• C. Non-credentialed scan
• D. Credentialed scan
Answer: D
16. Which of the following vulnerabilities can lead to privilege escalation?
• A. Open DNS port
• B. Misconfigured sudo permissions
• C. Lack of TLS
• D. Incorrect NTP settings
Answer: B
17. What is the purpose of CVSS in vulnerability analysis?
• A. It encrypts the vulnerability scanner
• B. It standardizes vulnerability detection tools
• C. It provides a scoring system to prioritize vulnerabilities
• D. It tracks login attempts
Answer: C
18. Which tool focuses specifically on web application vulnerabilities?
• A. Nikto
• B. Netcat
• C. Traceroute
• D. Nmap
Answer: A
19. Which type of vulnerability would allow attackers to inject unauthorized SQL
commands?
• A. Path traversal
� ceh-v13 prep questions. Jorge - [Link]/@itbestpractice2741
• B. Cross-site request forgery
• C. SQL injection
• D. XSS
Answer: C
20. Which of the following is a limitation of non-credentialed scans?
• A. They require root privileges
• B. They miss internal OS-level vulnerabilities
• C. They patch vulnerabilities automatically
• D. They identify too many critical issues
Answer: B
21. Which command-line tool can be used for basic vulnerability checking via HTTP
headers?
• A. curl -I
• B. netstat
• C. dig
• D. arp
Answer: A
22. Which of the following is NOT typically included in a vulnerability report?
• A. Risk rating
• B. Suggested remediation
• C. Number of emails sent
• D. Affected systems
Answer: C
23. What is a zero false-positive vulnerability assessment?
• A. One that only runs manual scans
• B. An ideal scenario with no incorrect alerts
• C. A scanner that detects phishing attacks
• D. A credentialed scan with no results
Answer: B
� ceh-v13 prep questions. Jorge - [Link]/@itbestpractice2741
24. Which cloud-based tool is often used for external vulnerability analysis?
• A. OpenVAS
• B. Qualys
• C. Netcat
• D. Aircrack-ng
Answer: B
