The Ethical Hacking Professional Certification Exam (CEHPC)

Pinging is a basic network diagnostic technique used to determine whether a host is reachable over a network. In most jurisdictions,pinging alone is not considered a crime, as it simply sends an Internet Control Message Protocol (ICMP) request and waits for a response. Therefore, option A is the correct answer.

In ethical hacking and cybersecurity operations, pinging is commonly used during theinitial reconnaissance phaseto identify live hosts within a network range. It does not access data, exploit vulnerabilities, or modify systems. Instead, it only confirms whether a system is online and responding to network traffic.

Option B is incorrect because ping is a fully functional and widely used networking utility. Option C is also incorrect because pinging does not violate privacy in itself; it does not retrieve personal data or system contents. However, it is important to note that while pinging is generally legal,organizational policies and laws vary, and repeated or aggressive scanning activity may still be considered suspicious.

From an ethical hacking standpoint, authorization is always required before performing any form of reconnaissance during a professional security assessment. Ethical hackers operate under strict legal agreements, even when using low-impact tools such as ping. Understanding the legal and ethical boundaries of reconnaissance techniques helps cybersecurity professionals avoid unintentional policy violations while conducting legitimate security testing.

A zero-day vulnerability refers to a software or hardware flaw that is unknown to the vendor or developer and, consequently, has no available patch or fix to mitigate the risk. The term " zero-day " signifies that the developers have had " zero days " to address the problem since it was discovered. These vulnerabilities are exceptionally dangerous because they exist in a window of time where users are completely unprotected, and standard security software like antivirus or intrusion detection systems may not have signatures to detect them.

The lifecycle of a zero-day often begins with a researcher or a malicious actor discovering a bug in a system ' s code. If a malicious actor finds it first, they may develop a " zero-day exploit " —a specific piece of code designed to take advantage of that flaw—to gain unauthorized access, steal data, or damage systems. These exploits are highly prized in the cyber-arms market due to their effectiveness against even well-defended targets.

In the context of ethical hacking, identifying potential zero-day vulnerabilities requires advanced techniques such asfuzzing(sending massive amounts of random data to a program to trigger crashes) andreverse engineering. Once a zero-day is discovered by a " White Hat, " the ethical protocol is " Responsible Disclosure, " where the researcher notifies the vendor privately to allow them time to create a patch before the information is made public. Managing the risk of zero-days requires " Defense in Depth, " where multiple layers of security (like network segmentation and behavioral analytics) work to contain an attack even if the initial entry point is an unpatched flaw.

The correct platform used to check whether an email address has been involved in known data breaches is https://haveibeenpwned.com

, making option B the correct answer. This service aggregates data from publicly disclosed breaches and allows users to verify if their credentials have been exposed.

Understanding data breaches is a key part of current security trends, as credential leaks remain one of the most common causes of account compromise. Ethical hackers, security professionals, and even everyday users use such services to assess exposure and take corrective action, such as changing passwords or enabling multi-factor authentication.

Option A, Facebook, is a social media platform and does not provide breach-checking services. Option C is unrelated and does not serve any cybersecurity or breach-monitoring function.

From an ethical hacking standpoint, breach-awareness tools help reinforce proactive defense strategies. They raise awareness of credential reuse risks and demonstrate how leaked data can be weaponized in phishing, credential stuffing, and social engineering attacks.

Monitoring breach exposure is not hacking; it is a defensive security measure. Ethical hackers use this knowledge to educate organizations on password hygiene, the importance of unique credentials, and the implementation of identity protection controls. Staying informed about breaches is essential in modern cybersecurity environments.

Privilege escalation is a critical concept in ethical hacking and penetration testing that refers to a situation where a user or processgains higher-level permissions than originally authorized. This makes option A the correct answer.

Privilege escalation commonly occurs after an attacker or ethical hacker gains initial access to a system with limited privileges. The next objective is often to escalate those privileges to gain administrative or root-level access. This can be achieved through misconfigurations, vulnerable software, weak file permissions, kernel exploits, or improper access control mechanisms.

Option B is incorrect because formally requesting permissions from an administrator is a legitimate administrative process, not privilege escalation. Option C is incorrect because privilege escalation does not involve requesting permissions; it involves exploiting weaknesses to obtain them without authorization.

In penetration testing, privilege escalation is typically tested during thepost-exploitation phase. Ethical hackers use it to demonstrate the potential impact of a breach, such as full system compromise, access to sensitive data, or lateral movement within a network.

Understanding privilege escalation is essential for improving defensive security. By identifying and mitigating escalation paths, organizations can enforce the principle of least privilege, strengthen access controls, and reduce the impact of successful attacks. Ethical testing of privilege escalation ultimately helps organizations harden systems against real-world threats.

An Acceptable Use Policy (AUP) is a fundamental administrative security control that outlines the rules and constraints an employee or user must agree to for access to a corporate network or its assets. It serves as a formal contract that defines how technology resources—including computers, internet access, and email—should be used within the organization. The primary goal of an AUP is to protect the organization’s integrity and minimize risk by preventing illegal or damaging actions, such as visiting malicious websites, installing unauthorized software, or engaging in online harassment using company equipment.

From an ethical hacking perspective, an AUP is a critical element of " Governance and Compliance. " When a penetration tester evaluates an organization, they often review the AUP to ensure that users are legally bound to security standards. This policy provides the legal and ethical framework for monitoring user behavior and enforcing disciplinary actions if a breach occurs. It acts as a primary defense against insider threats by clearly stating what constitutes " unacceptable " behavior, such as sharing passwords or bypassing security protocols.

A well-crafted AUP includes specific sections on data privacy, prohibited activities, and the organization ' s right to monitor communications. By mandating that all employees sign this policy, the organization establishes a " security-first " culture. In the event of a security incident, the AUP serves as a vital document for legal teams to prove that the user was aware of their responsibilities. Effective information security management relies on these controls to bridge the gap between technical defenses and human behavior, ensuring that the human element is guided by clear, documented expectations.

Open-Source Intelligence (OSINT) refers to the collection and analysis of information that is gathered from public or " open " sources. In the context of ethical hacking and digital investigations,Sherlockis a powerful, terminal-based tool specifically designed to hunt for social media accounts and profiles associated with a specific username or email address. When a researcher has a target email or username, they can run Sherlock to see where else that identity exists across hundreds of different websites.

The tool works by rapidly querying hundreds of social media platforms (such as Twitter, Instagram, GitHub, Reddit, and many niche sites) to see if a profile with that specific name exists. This is vital for building a " digital profile " of a target. For instance, an ethical hacker might find a target ' s professional profile on LinkedIn and then discover their personal interests or technical discussions on Reddit or GitHub. These various profiles can provide clues for password guessing, identify software the person uses, or provide a " pretext " for a social engineering attack.

Unlike " Seeker, " which is often used for high-accuracy geolocation phishing, or " Shodan, " which is a search engine for internet-connected devices (the " Google of IoT " ), Sherlock is focused on human identity and cross-platform presence. It automates a process that would otherwise take hours of manual searching. From a security standpoint, tools like Sherlock illustrate why it is important for users to be mindful of their " digital footprint " and to avoid using the same unique username across both sensitive and public accounts.

A Web Application Firewall (WAF) is a specialized information security control designed to protect web applications by filtering, monitoring, and blocking HTTP/HTTPS traffic to and from a web service. Unlike a traditional network firewall that filters traffic based on IP addresses and ports, a WAF operates at the Application Layer (Layer 7 of the OSI model). It inspects the actual content of the web traffic to identify and neutralize sophisticated application-level attacks such as SQL Injection (SQLi), Cross-Site Scripting (XSS), and File Inclusion.

A WAF acts as a " reverse proxy, " sitting in front of the web application server and acting as an intermediary. It uses a set of rules (often based on the OWASP Top 10) to determine which traffic is legitimate and which is malicious. For example, if a user submits a search query containing suspicious SQL commands, the WAF will recognize the pattern and drop the request before it ever reaches the database, thereby protecting the server from compromise.

In the context of ethical hacking, a WAF is a formidable defense that testers must learn to navigate. During a penetration test, a WAF may block automated scanning tools, forcing the tester to use manual, stealthy techniques to identify vulnerabilities. For organizations, implementing a WAF is a critical " defense-in-depth " strategy. Even if a web application has an underlying code vulnerability, the WAF can provide a " virtual patch " by blocking the exploit attempt at the network edge. This allows developers time to fix the code without leaving the application exposed. Mastering WAF configuration and bypass techniques is essential for security professionals who aim to protect modern, web-centric business environments.

In the Linux operating system, " root " is the conventional name of the superuser who possesses the highest level of administrative control and access rights. Unlike standard user accounts, which are restricted to their own home directories and limited system actions, the root user has the authority to read, write, and execute any file on the system, regardless of the permissions set. This makes " root " the ultimate authority for system configuration, security management, and software installation.

Technically, the root user is identified by a User ID (UID) of 0. This account is essential for performing critical tasks such as managing user accounts, modifying the kernel, accessing protected hardware ports, and altering system-wide configuration files located in directories like /etc. In the context of ethical hacking and penetration testing, gaining " root access " —often referred to as " Privilege Escalation " —is frequently the ultimate goal. If an attacker gains root access, they have " full system compromise, " meaning they can install backdoors, disable security logging, and pivot to other systems on the network.

Because of the immense power associated with this account, security controls dictate that it should be used sparingly. Most modern Linux distributions encourage the use of the sudo command, which allows a regular user to execute a specific task with root privileges temporarily. This minimizes the risk of accidental system damage or the permanent exposure of the root credentials. Protecting the root account is a fundamental master information security control; if the root password is weak or the account is left exposed via a remote service like SSH, the entire integrity of the information system is at risk. Understanding root is not just about identifying a user, but about understanding the hierarchy of permissions that governs all Linux-based security.

A firewall is a fundamental network security component that acts as a barrier between a trusted internal network and an untrusted external network, such as the internet. Its primary function is to monitor, control, and filter incoming and outgoing network traffic based on a set of predefined security rules. By inspecting each packet of data, the firewall determines whether to allow it to pass through or to block it entirely, thereby preventing unauthorized access and malicious activity.

Firewalls can be implemented as either hardware or software, and they generally operate at different levels of the network stack:

Packet Filtering: The most basic form, which inspects packets based on source/destination IP addresses and ports.

Stateful Inspection: A more advanced method that tracks the state of active connections to ensure that incoming traffic is a legitimate response to an internal request.

Application Level (Proxy Firewalls): These inspect the actual content of the data (the payload) for specific applications, such as web traffic (HTTP) or email (SMTP), to identify sophisticated threats that simple packet filters might miss.

In the context of ethical hacking, firewalls are the " first line of defense " . During a penetration test, a tester must identify the type of firewall in place and attempt to find " holes " or misconfigurations in its rule set. For example, a common goal is to find a port that the firewall accidentally left open, which can then be used to establish areverse shell. A properly configured firewall is essential for minimizing an organization ' s attack surface and protecting its servers and individuals from being compromised.