CEHPC Exam Questions Tutorials

SQL Injection is acritical web application vulnerabilitythat allows attackers to manipulate SQL queries executed by a database, making option A the correct answer. This vulnerability occurs when user input is improperly validated or sanitized before being included in SQL statements.

By exploiting SQL Injection, attackers can bypass authentication, retrieve sensitive data, modify or delete database contents, and in some cases execute administrative operations on the database server. Ethical hackers test for SQL Injection during web application penetration testing to identify insecure coding practices.

Option B is incorrect because SQL Injection is not a database system. Option C is incorrect because SQL Injection allows unauthorized users to execute SQL commands, not just administrators.

From a defensive security perspective, SQL Injection highlights the importance of secure coding practices such as parameterized queries, prepared statements, input validation, and least-privilege database access.

SQL Injection remains a top threat due to legacy applications and poor development practices. Ethical hackers use controlled testing to demonstrate the real-world impact of these vulnerabilities and help organizations protect critical data assets.

Yes, the FTP protocol can be breached, making option B the correct answer. FTP transmits usernames, passwords, and datain clear text, which makes it highly vulnerable to interception and attack.

Attackers can exploit FTP through techniques such as credential sniffing, brute-force attacks, anonymous access abuse, and man-in-the-middle attacks. Ethical hackers frequently demonstrate FTP weaknesses during penetration testing to highlight the risks of using outdated protocols.

Option A is incorrect because asking for credentials is not an attack technique. Option C is incorrect because FTP is considered insecure by modern security standards.

From a defensive standpoint, FTP should be replaced with secure alternatives such asSFTP or FTPS, which encrypt authentication and data transfers. Ethical hackers use FTP breach demonstrations to encourage protocol modernization and better access controls.

Understanding insecure protocols is essential for managing information security threats. Eliminating weak services like FTP significantly reduces an organization’s attack surface and exposure to credential compromise.

In ethical hacking and penetration testing, a dictionary used for brute-force or dictionary attacks is afile containing a list of potential passwordsthat an attacker or tester attempts against a target authentication mechanism. Therefore, option C is the correct answer.

Dictionary files are typically plain text documents that include commonly used passwords, leaked credentials, default passwords, variations of words, and patterns frequently chosen by users. Ethical hackers use these dictionaries duringpassword auditing and authentication testingto assess the strength of password policies implemented by an organization.

Option A is incorrect because a traditional language dictionary explains word meanings and is not structured for authentication testing. Option B is also incorrect because passwords are not normally stored in readable plain text documents; secure systems store passwords using hashing and salting mechanisms.

From a security perspective, dictionary attacks exploithuman behavior, particularly the tendency to choose weak or predictable passwords. Ethical hackers simulate these attacks in controlled environments to demonstrate the risks of poor password hygiene. The results help organizations enforce stronger password policies, multi-factor authentication, and account lockout mechanisms.

Understanding dictionary-based brute-force attacks is essential for managing attack vectors, as credential compromise remains one of the most common entry points for attackers. Ethical use of dictionaries allows organizations to proactively identify weaknesses before malicious actors exploit them.

Active reconnaissance is a phase of ethical hacking in which information is gathered bydirectly interacting with the target system. This makes option C the correct answer. Unlike passive reconnaissance, active reconnaissance involves sending requests, probes, or packets to the target to elicit responses that reveal useful technical details.

Common active reconnaissance techniques includeport scanning,service enumeration,banner grabbing,DNS queries, andnetwork mapping. These methods help ethical hackers identify open ports, running services, operating systems, and potential vulnerabilities. Active reconnaissance is typically conducted after passive techniques have provided initial intelligence.

Option A is incorrect because recognizing a target without action does not describe reconnaissance behavior. Option B is also incorrect because observing without interaction definespassive reconnaissance, not active reconnaissance.

From an ethical hacking perspective, active reconnaissance is more intrusive and therefore more likely to be detected by intrusion detection systems or firewalls. Because of this, it must always be performed withexplicit authorization. Despite the increased risk of detection, active reconnaissance provides far more accurate and actionable information, making it essential for effective penetration testing.

Understanding the distinction between active and passive reconnaissance helps security professionals choose the correct techniques based on scope, authorization, and risk tolerance. Properly managed, active reconnaissance enables organizations to identify weaknesses early and strengthen their defensive security posture.