CEHPC Certification Exam Guide + Practice Questions Updated 2026

Explanation:
Google Dorks, also known as Google hacking, are advanced search queries that use specific operators to locate publicly accessible information indexed by search engines. Therefore, option A is the correct answer.
Google Dorks do not hack systems, compromise computers, or act as backdoors. Instead, they reveal information that is already publicly available but may be unintentionally exposed due to poor configuration. Examples include exposed login pages, backup files, configuration files, error messages, or sensitive documents that should not be indexed.
Option B is incorrect because Google Dorks do not provide unauthorized access to web pages.
Option C is also incorrect because Google Dorks do not exploit vulnerabilities or bypass authentication mechanisms.
From an ethical hacking perspective, Google Dorks are commonly used during the passive reconnaissance phase to identify information leakage without directly interacting with the target system. This makes them low-impact but highly effective for discovering misconfigurations.
Understanding Google Dorks is important for managing information exposure risks. Ethical hackers use them to demonstrate how attackers can gather intelligence without triggering security alerts. Defenders can mitigate these risks by properly configuring robots.txt files, access controls, and removing sensitive content from public indexing.

Explanation:
Cross-Site Scripting (XSS) is a web application security vulnerability that allows attackers to inject malicious client-side scripts into trusted web pages. This makes option A the correct answer. XSS occurs when applications fail to properly validate, sanitize, or encode user input before displaying it to other users.
When an XSS vulnerability is exploited, the injected script runs in the victim’s browser within the security context of the vulnerable website. This can lead to session hijacking, cookie theft, credential harvesting, keylogging, or redirection to malicious websites. XSS is commonly categorized into stored XSS, reflected XSS, and DOM-based XSS, all of which ethical hackers test during web application assessments.
Option B is incorrect because cloned websites are typically associated with phishing attacks, not XSS vulnerabilities.
Option C is incorrect because XSS is primarily a web-based vulnerability, not a mobile-specific issue involving balance or contact theft.
From a defensive perspective, understanding XSS is critical for implementing secure coding practices such as input validation, output encoding, Content Security Policy (CSP), and proper use of modern frameworks. Ethical hackers test for XSS to help organizations prevent client-side attacks and protect user data.

Explanation:
Comprehensive and Detailed 250 to 300 words of Explanation From Ethical Hacking documents: Nmap, short for "Network Mapper," is one of the most critical tools in the reconnaissance and scanning phases of a penetration test. It is an open-source command-line utility primarily used for network discovery and security auditing. While many beginners associate it simply with "pinging" devices (Option A), its functionality is significantly more sophisticated, allowing a tester to map out an entire network infrastructure, identify active hosts, and determine the specific services (and their versions) running on open ports.
In the pentesting process, Nmap is used to perform "Active Reconnaissance." By sending specially crafted packets to a target IP address, Nmap analyzes the responses to determine the operating system of the target (OS Fingerprinting), the types of firewalls or filters in use, and the specific applications listening on various ports. This information is vital for the next phase of an attack, as it allows the ethical hacker to identify specific versions of software that may have known vulnerabilities.
Nmap supports various scanning techniques, such as TCP SYN scans (stealthy), UDP scans, and comprehensive Scripting Engine (NSE) scans that can even detect common misconfigurations or vulnerabilities automatically. However, it is important to distinguish Nmap from an exploitation tool (Option B); while it identifies the "door" and "what is behind it," it does not perform the actual "break-in" or exploitation. In a professional environment, Nmap provides the foundation for the attack surface analysis, giving the pentester a clear picture of what services are exposed and providing the necessary data to plan a targeted and efficient security assessment.

Explanation:
Comprehensive and Detailed 250 to 300 words of Explanation From Ethical Hacking documents: Risk assessment is a systematic and critical component of information security management. It is the process of identifying, analyzing, and evaluating risks to determine their significance and to prioritize how they should be addressed. According to formal security standards, it involves comparing the findings of a risk analysis―which identifies threats and vulnerabilities―against established risk assessment criteria. These criteria represent the organization's "risk appetite," or the level of risk they are willing to accept in exchange for pursuing their business objectives.
The risk assessment process typically involves three major steps:
Identification: Finding out what could happen and why (e.g., identifying that a database is vulnerable to SQL injection).
Analysis: Determining the likelihood of a threat occurring and the potential impact it would have on the organization's confidentiality, integrity, or availability.
Evaluation: Deciding whether the resulting risk level is acceptable or tolerable.
If a risk is deemed intolerable, the organization must decide on a treatment strategy: Mitigation (reducing the risk via controls like firewalls), Transfer (buying insurance), Avoidance (stopping the risky activity), or Acceptance (acknowledging the risk if the cost of fixing it is too high). For an ethical hacker, a risk assessment provides the context for their work; it helps them understand which assets are most critical to the business and ensures that their findings are prioritized based on actual business impact rather than just technical severity.

Explanation:
Pinging is a basic network diagnostic technique used to determine whether a host is reachable over a network. In most jurisdictions, pinging alone is not considered a crime, as it simply sends an Internet Control Message Protocol (ICMP) request and waits for a response. Therefore, option A is the correct answer.
In ethical hacking and cybersecurity operations, pinging is commonly used during the initial reconnaissance phase to identify live hosts within a network range. It does not access data, exploit vulnerabilities, or modify systems. Instead, it only confirms whether a system is online and responding to network traffic.
Option B is incorrect because ping is a fully functional and widely used networking utility.
Option C is also incorrect because pinging does not violate privacy in itself; it does not retrieve personal data or system contents. However, it is important to note that while pinging is generally legal, organizational policies and laws vary, and repeated or aggressive scanning activity may still be considered suspicious.
From an ethical hacking standpoint, authorization is always required before performing any form of reconnaissance during a professional security assessment. Ethical hackers operate under strict legal agreements, even when using low-impact tools such as ping. Understanding the legal and ethical boundaries of reconnaissance techniques helps cybersecurity professionals avoid unintentional policy violations while conducting legitimate security testing.