EC-Council CEH

Top 10 ethical hacking interview questions

Yassine Aboukir
May 10, 2022 by
Yassine Aboukir

Ethical hacking interview questions

Recent major cybersecurity breaches have urged organizations to recruit infosec professionals skilled in ethical hacking. Ethical hacking is not a typical job, as it does not require a college diploma. All you need is a good understanding of computers, software and decent hacking skills. Ethical hacking is another term for penetration testing, commonly referred to as pentesting.

In this article, we highlight some common questions you might be asked during a job interview for ethical hacking related positions.

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

1. What are the hacking stages? Explain each stage

Hacking, or targeting a specific machine, should follow and go through the following five phases:

  • Reconnaissance: This is the first phase where the hacker attempts to collect as much information as possible about the target.
  • Scanning: This stage involves exploiting the information gathered during the reconnaissance phase and using it to examine the victim. The hacker can use automated tools during the scanning phase which can include port scanners, mappers and vulnerability scanners.
  • Gaining access: This is the phase where the real hacking takes place. The hacker now attempts to exploit vulnerabilities discovered during the reconnaissance and scanning phase to gain access.
  • Maintaining access: Once access is gained, hackers want to keep that access for future exploitation and attacks by securing their exclusive access with backdoors, rootkits and trojans.
  • Covering tracks: Once hackers have been able to gain and maintain access, they cover their tracks and traces to avoid detection. This also allows them to continue the use of the hacked system and avoid legal actions.

2. What is scanning and what are some examples of the types of scanning used?

Scanning may be referred to as a set of procedures for identifying hosts, ports and the services attached to a network. Scanning is a critical component for information gathering. It allows the hacker to create a profile on the site of the organization to be hacked. Types of scanning include:

  • Port scanning
  • Vulnerability scanning
  • Network scanning

3. What is footprinting? What are the techniques used for footprinting?

Footprinting refers to accumulating and uncovering information about the target network before attempting to gain access. Hacking techniques include:

  • Open source footprinting: This technique will search for administrator contact information, which can be later used for guessing the correct password in social engineering.
  • Network enumeration: This is when the hacker attempts to identify the domain names and network blocks of the targeted
  • Scanning: Once the network is known, the second step is to pry on the active IP addresses on the network.
  • Stack fingerprinting: This technique should be the final footprinting step that takes place once the port and host are mapped.

4. What are some of the standard tools used by ethical hackers?

To facilitate some manual tasks and speed up the hacking process, hackers can use a set of tools such as:

  • Metasploit
  • Wireshark
  • NMAP
  • Burp Suite
  • Nikto
  • SQLmap

5. What is Burp Suite? What tools does it contain?

Burp Suite is an integrated platform used for attacking web applications. It contains all the possible tools a hacker would require for attacking an application. Some of these functionalities include, but are not limited to:

  • Proxy
  • Spider
  • Scanner
  • Intruder
  • Repeater
  • Decoder
  • Comparer
  • Sequencer

6. What is network sniffing?

Network sniffing involves using sniffer tools that enable real-time monitoring and analysis of data packets flowing over computer networks. Sniffers can be used for different purposes, whether it’s to steal information or manage networks.

Network sniffing is used for ethical as well as unethical purposes. Network administrators use these as network monitoring and analysis tools to diagnose and prevent network-related problems such as traffic bottlenecks. Cybercriminals use these tools for dishonest purposes such as identity usurpation, email, sensitive data hijacking and more.

7. What is SQL injection and its types?

A SQL injection occurs when the application does not sanitize the user input. Thus a malicious hacker would inject SQL query to gain unauthorized access and execute administration operations on the database. SQL injections can be classified as follows:

  • Error-based SQL injection
  • Blind SQL injection
  • Time-based SQL injection

8. What is cross-site scripting and its different variations?

Cross-site scripting (XSS) attacks are a type of injection where malicious scripts are injected into otherwise benign and trusted websites. XSS takes place when an attacker inserts a malicious payload, usually in the form of JavaScript code in a web form. XSS vulnerabilities are categorized as follows:

  • Reflected cross-site scripting
  • Stored cross-site scripting
  • DOM-based cross-site scripting

9. What is a denial of service (DOS) attack and what are the common forms?

DOS attacks involve flooding servers, systems or networks with traffic to cause over-consumption of victim resources. This makes it difficult or impossible for legitimate users to access or use targeted sites.

Common DOS attacks include:

  • Buffer overflow attacks
  • ICMP flood
  • SYN flood
  • Teardrop attack
  • Smurf attack

 10. How can you avoid or prevent ARP poisoning?

ARP poisoning is a form of network attack that can be mitigated through the following methods:

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

  • Use packet filtering: Packet filters can filter out and block packets with conflicting source address information.
  • Avoid trust relationship: Organizations should develop a protocol that relies on trust relationship as little as possible.
  • Use ARP spoofing detection software: Some programs inspect and certify data before it is transmitted and blocks data that is spoofed.
  • Use cryptographic network protocols: ARP spoofing attacks can be mitigated by the use of secure protocols such as SSH, TLS and HTTPS which send data encrypted before transmission and after reception.


It should come as no surprise that there are hundreds of other potential questions that you may be asked during an ethical hacker interview. For additional interview questions, see our Top 50 Information Security Interview Questions. And for more about the Certified Ethical Hacker (CEH) exam, job outlook and free resources, visit our CEH certification hub!

Yassine Aboukir
Yassine Aboukir

Yassine ABOUKIR (@yassineaboukir) is a security analyst at HackerOne by day, ethical hacker by night, actively participating in bug bounty programs. Acknowledged and rewarded by numerous companies including but not limited to Google, Facebook, Microsoft and Twitter etc. for his various responsible security disclosures. He is reachable at: &