Free CEH Practice Test 2026
Master ethical hacking techniques with our Certified Ethical Hacker v12 practice questions. Covering all 20 exam domains from reconnaissance to cryptography, our adaptive questions prepare you for the 125-question EC-Council exam.
CEH v12 Exam Quick Facts
| Exam Code | 312-50v12 |
| Full Name | EC-Council Certified Ethical Hacker |
| Number of Questions | 125 multiple-choice |
| Exam Duration | 4 hours |
| Passing Score | 70% (varies by exam form) |
| Exam Cost | $1,199 (exam only) + $100 application fee |
| Validity Period | 3 years |
| Renewal Cost | $80/year + 120 ECE credits |
| Prerequisites | 2 years experience OR official training |
| Average Salary | $102,000/year (Ethical Hacker) |
The 5-Phase Ethical Hacking Methodology
The CEH exam heavily tests your understanding of the systematic approach ethical hackers use. Master this methodology to excel on the exam.
๐ Phase 1: Reconnaissance
Passive: OSINT, WHOIS, social media, Google dorking, Shodan
Active: DNS enumeration, social engineering, website crawling
Goal: Gather information without directly touching target systems
๐ก Phase 2: Scanning
Network: Nmap TCP/UDP scans, ping sweeps, port identification
Vulnerability: Nessus, OpenVAS, Qualys vulnerability assessment
Goal: Identify live hosts, open ports, and potential vulnerabilities
๐ Phase 3: Gaining Access
Techniques: Password attacks, exploitation, social engineering, web attacks
Tools: Metasploit, Hydra, SQLmap, Burp Suite
Goal: Exploit vulnerabilities to gain initial system access
๐ Phase 4: Maintaining Access
Persistence: Backdoors, rootkits, trojans, scheduled tasks
Techniques: Privilege escalation, lateral movement, credential harvesting
Goal: Establish persistent access and elevate privileges
๐งน Phase 5: Covering Tracks
Techniques: Log clearing, timestomping, hiding files, steganography
Defense: Understanding these techniques helps build better detection
Goal: Understand how attackers evade detection
CEH v12 Exam Domains (20 Modules)
The CEH exam covers 20 comprehensive modules. Our practice questions address each domain to ensure complete exam coverage.
๐ Modules 1-5: Foundation
- Introduction to Ethical Hacking
- Footprinting and Reconnaissance
- Scanning Networks
- Enumeration Techniques
- Vulnerability Analysis
๐ป Modules 6-10: System Attacks
- System Hacking
- Malware Threats
- Sniffing
- Social Engineering
- Denial-of-Service Attacks
๐ Modules 11-15: Web/App Attacks
- Session Hijacking
- Evading IDS, Firewalls, Honeypots
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
๐ฑ Modules 16-20: Modern Attacks
- Hacking Wireless Networks
- Hacking Mobile Platforms
- IoT and OT Hacking
- Cloud Computing Security
- Cryptography
Ready to Master Ethical Hacking?
Practice with questions designed by security professionals covering all 20 CEH modules.
Start Practice Test โEssential Tools for CEH Exam
The CEH exam tests your knowledge of common hacking tools. You don't need to be an expert in each, but you should understand their purpose and basic usage.
๐ Nmap
The network mapper for host discovery, port scanning, service detection, and OS fingerprinting. Know the difference between SYN, TCP connect, UDP, and stealth scans.
๐ฃ Metasploit
The penetration testing framework for exploitation. Understand msfconsole, exploit modules, payloads (especially Meterpreter), and post-exploitation.
๐ Burp Suite
Web application testing proxy for intercepting requests, modifying parameters, and finding vulnerabilities like XSS, CSRF, and injection flaws.
๐ก Wireshark
Packet analyzer for network traffic analysis. Know how to capture packets, apply filters, and identify suspicious traffic patterns.
๐ John/Hashcat
Password cracking tools. Understand hash types (MD5, SHA, NTLM), wordlist attacks, brute force, and rainbow tables.
๐ถ Aircrack-ng
Wireless security assessment suite. Know WEP/WPA/WPA2 vulnerabilities, handshake capture, and dictionary attacks against wireless networks.
Sample CEH Practice Question
Question: During a penetration test, you captured the following Nmap output:
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 3306/tcp open mysql
Port 3306 is externally accessible. What is the MOST significant security concern?
A) SSH may allow brute force attacks
B) HTTP traffic is unencrypted
C) MySQL database is exposed to the internet
D) Multiple services increase attack surface
Show Answer
โ C) MySQL database is exposed to the internet
Having MySQL (port 3306) directly accessible from the internet is a critical security issue. Databases should never be exposed externally. This allows attackers to attempt SQL authentication attacks, exploit MySQL vulnerabilities, or access sensitive data if credentials are weak. While the other options are concerns, an exposed database is the highest-risk finding.
CEH vs Other Ethical Hacking Certifications
| Aspect | CEH | OSCP | PenTest+ |
|---|---|---|---|
| Vendor | EC-Council | Offensive Security | CompTIA |
| Exam Type | Multiple-choice | Hands-on practical | MCQ + Performance-based |
| Duration | 4 hours | 24 hours + report | 165 minutes |
| Difficulty | Intermediate | Advanced | Intermediate |
| Cost | $1,199-$3,500 | $1,749-$2,749 | $392 |
| Best For | Corporate security, HR recognition | Professional pentesters | Cost-effective validation |
| DoD 8570 | Yes (CSSP Analyst) | No | Yes (CSSP Analyst) |
All 20 Modules Covered
Comprehensive questions spanning every CEH v12 domain from reconnaissance to cryptography and cloud security.
Tool-Focused Questions
Practice questions on Nmap, Metasploit, Burp Suite, Wireshark, and other tools commonly tested on the exam.
Attack Methodology
Learn the 5-phase ethical hacker methodology from information gathering to covering tracks.
Adaptive Variety
Fresh questions each session ensure you're learning concepts, not memorizing answers.
Career Opportunities with CEH
According to PrepForCerts analysis, CEH certification opens doors to numerous cybersecurity roles:
๐ Security Analyst
Salary: $75,000 - $110,000
Monitor security systems, analyze threats, and respond to security incidents. CEH demonstrates offensive knowledge for better defense.
๐ฏ Penetration Tester
Salary: $90,000 - $140,000
Conduct authorized attacks to find vulnerabilities. CEH is often a stepping stone, with OSCP for advanced roles.
๐ก๏ธ SOC Analyst
Salary: $65,000 - $95,000
Work in Security Operations Centers monitoring alerts. Understanding attacker methods improves threat detection.
๐ Security Consultant
Salary: $95,000 - $150,000
Advise organizations on security posture. CEH provides credibility when recommending security improvements.
Frequently Asked Questions
What is the CEH exam format?
The CEH exam (312-50v12) consists of 125 multiple-choice questions to be completed in 4 hours. The passing score is typically 70%, though it varies by exam form. CEH v12 is the current version with updated content on cloud security, IoT, and operational technology.
What are the prerequisites for CEH?
To take CEH, you either need to attend official EC-Council training (iClass, iLearn, or authorized training center) OR have 2 years of verified information security work experience. Self-study candidates must pay a $100 application fee and have their experience approved before receiving an eligibility code.
What topics does CEH v12 cover?
CEH v12 covers 20 modules including: Ethical Hacking Introduction, Footprinting, Scanning, Enumeration, Vulnerability Analysis, System Hacking, Malware Threats, Sniffing, Social Engineering, DoS Attacks, Session Hijacking, Evading Defenses, Web Server/Application Hacking, SQL Injection, Wireless Hacking, Mobile Hacking, IoT/OT Hacking, Cloud Computing, and Cryptography.
How does CEH compare to OSCP?
CEH is theory-based with multiple-choice questions, making it more accessible. OSCP is hands-on, requiring you to exploit systems in a 24-hour practical exam. OSCP is more respected for penetration testing roles and demonstrates practical skills, while CEH is better for HR recognition, compliance requirements, and corporate security positions.
How much does CEH cost?
CEH exam voucher costs approximately $1,199 for self-study candidates (plus $100 application fee). Official EC-Council training packages range from $2,000-$3,500 depending on format (iLearn self-paced, iClass live online, or in-person). Many employers cover certification costs for cybersecurity staff.
How long is CEH certification valid?
CEH certification is valid for 3 years. To maintain it, you must earn 120 EC-Council Continuing Education (ECE) credits through activities like training, conferences, or teaching. You also pay an annual maintenance fee of $80/year ($240 total over the 3-year cycle).
Is CEH worth it in 2026?
CEH is valuable for career changers entering cybersecurity, meeting DoD 8570 compliance requirements (CSSP Analyst), and corporate security roles where HR departments recognize the certification. It's less valued for pure penetration testing roles where OSCP or practical skills matter more, but it provides a solid foundation of offensive security knowledge.
What CEH study resources are best?
Top resources include: Official EC-Council courseware (comprehensive but expensive), Matt Walker's "CEH All-in-One Exam Guide" (best book), TryHackMe/HackTheBox for hands-on practice, and our CEH practice tests for exam-style questions. Combine theoretical study with practical labs for best results.