EC-Council · EHE
Validates foundational understanding of ethical hacking and penetration testing concepts, covering information security fundamentals, threats and vulnerabilities, password cracking, web application attacks, IoT and OT security, cloud computing threats, and penetration testing methodology.
Questions
627
Duration
120 minutes
Passing Score
70%
Difficulty
FoundationalLast Updated
Feb 2026
Use this EHE practice exam to prepare for Ethical Hacking Essentials (EHE) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 627 questions for EC-Council EHE, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to patterns in your missed answers. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The Ethical Hacking Essentials (EHE) is an entry-level cybersecurity certification from EC-Council, designed to validate foundational knowledge of ethical hacking principles, penetration testing concepts, and information security fundamentals. Delivered under EC-Council's Essentials Series, it covers a broad spectrum of attack surfaces and defensive countermeasures across 12 modules, including network-level attacks, web application vulnerabilities, social engineering, wireless security, IoT and operational technology (OT) threats, and cloud computing risks. The certification carries exam code 112-52 and is valid for three years, with no continuing education fees or EC-Council Continuing Education Credits (ECEs) required during that period.
EHE serves as a structured on-ramp for individuals new to the cybersecurity field, bridging the gap between general IT knowledge and the more advanced Certified Ethical Hacker (CEH) credential. The course includes 15 hours of premium learning content and 11 hands-on labs, ensuring candidates gain both conceptual understanding and practical exposure to real-world attack techniques and countermeasures.
EHE is aimed at individuals who are beginning their journey in cybersecurity and information security. There are no formal IT or cybersecurity experience requirements, making it accessible to career changers, recent graduates, and students exploring the field. Job roles that align with this certification include entry-level security analyst, junior penetration tester, IT support professional seeking to pivot into security, and cybersecurity student.
The credential is also well-suited for professionals in adjacent IT roles—such as system administrators or network technicians—who want to formalize their understanding of attacker methodologies and threat landscapes. It is frequently pursued as a first step before attempting the CEH or other intermediate-level certifications.
There are no formal eligibility requirements or prerequisites to register for the EHE exam. EC-Council explicitly states that no prior IT or cybersecurity experience is necessary, making this one of the most accessible credentials in the EC-Council portfolio.
However, candidates benefit from a basic understanding of how computers and networks operate, including familiarity with operating system concepts, IP addressing, and common internet protocols. Those with some exposure to IT fundamentals—through coursework, self-study, or personal projects—will find the material easier to absorb and retain during preparation.
The EHE exam (code 112-52) consists of 75 multiple-choice questions and must be completed within 120 minutes. A passing score of 70% is required. The exam is administered through EC-Council's ECC Exam Center and can be taken online in a proctored environment. The exam cost is $49.99 for the exam voucher through select channels, though pricing may vary by region and training bundle.
The certification is valid for three years from the date of a successful attempt. Recertification is achieved by retaking the exam at the end of the three-year validity period. No continuing education credits or fees are required to maintain the credential during its active term.
Earning the EHE credential demonstrates to employers that a candidate possesses structured, vendor-validated knowledge of ethical hacking fundamentals, which can differentiate entry-level applicants in a competitive cybersecurity job market. The certification is recognized as a stepping stone toward higher-value EC-Council credentials, most notably the Certified Ethical Hacker (CEH), which is widely required or preferred for penetration tester, security analyst, and red team roles. EHE holders are positioned for roles such as junior security analyst, cybersecurity support specialist, and IT risk analyst.
While the EHE itself is a foundational credential and does not command the same salary premium as CEH or OSCP, it validates commitment to the field and provides a recognized credential for candidates building their first cybersecurity resume. Entry-level cybersecurity roles in the United States typically range from $55,000 to $85,000 annually, and holding a recognized certification from EC-Council can accelerate hiring and interview opportunities, particularly at organizations that already use EC-Council training for their security teams.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 627 questions.
Preview — answers shown1. A penetration tester executes a command that generates a Windows executable payload with a reverse TCP Meterpreter shell. The payload is encoded three times using the shikata_ga_nai encoder to evade antivirus detection. Which tool is the tester using? (Select one!)
Explanation
msfvenom is the Metasploit standalone payload generator that combines msfpayload and msfencode functionality. It creates payloads in various formats (exe, elf, php, etc.) and can apply encoders multiple times for AV evasion. The command syntax includes -p for payload, -e for encoder, -i for iterations, and -f for format. msfconsole is the interactive Metasploit interface. msf-pattern_create generates cyclic patterns for buffer overflow exploitation. metasploit-framework is the overall framework, not a specific tool.
2. An organization implements Platform as a Service for application development. According to the shared responsibility model, which component remains the customer's security responsibility? (Select one!)
Explanation
In the PaaS model, customers always retain responsibility for their data classification, application code security, and access controls regardless of service model. The cloud provider manages the operating system, runtime, middleware, and underlying infrastructure including physical security, virtualization, and OS patching. As you move from IaaS to PaaS to SaaS, the provider assumes more infrastructure responsibilities, but data governance and application-level security always remain with the customer. This principle applies across all cloud deployment models.
3. A security analyst investigates a data breach where attackers used a password hash to authenticate to multiple systems without cracking the actual password. The attack leveraged the NTLM authentication protocol's weakness. Which tool is commonly used to extract and reuse password hashes in this type of attack? (Select one!)
Explanation
Mimikatz is the primary tool used for Pass-the-Hash attacks. It extracts NTLM hashes from LSASS process memory using commands like sekurlsa::logonpasswords and can authenticate using the hash directly with sekurlsa::pth without cracking the password. Nmap is a network scanner. Wireshark is a packet analyzer. Burp Suite is a web application testing tool. None of these specialize in credential extraction and Pass-the-Hash attacks like Mimikatz.
4. A cloud security architect designs a hybrid cloud deployment where sensitive customer data is processed in a private cloud while public-facing web applications run in a public cloud. Financial data must remain on-premises for regulatory compliance. Which cloud deployment model is being implemented? (Select one!)
Explanation
Hybrid cloud deployment combines public cloud resources for scalable web applications with private cloud or on-premises infrastructure for sensitive data requiring regulatory compliance. This model allows organizations to leverage public cloud benefits while maintaining control over sensitive workloads. Public cloud uses shared multi-tenant infrastructure but does not address the private component. Private cloud provides dedicated infrastructure but does not include public cloud resources. Community cloud is shared among organizations with similar requirements. The combination of public web hosting and private sensitive data processing defines hybrid cloud.
5. A forensic investigator analyzes a compromised system and discovers malicious code operating entirely in memory without writing executable files to disk. The malware uses legitimate system tools like PowerShell and WMI to execute attacks. What type of malware technique is being employed? (Select one!)
Explanation
Fileless malware operates entirely in memory without writing executable files to disk, making detection extremely difficult. This technique uses legitimate system administration tools like PowerShell, WMI, and scripting engines in living-off-the-land attacks. Polymorphic malware changes its code signature with each replication but still writes files to disk. Metamorphic malware completely rewrites its code but exists as files. Boot sector viruses infect the Master Boot Record or boot sector, residing in disk storage.
Certified Threat Intelligence Analyst (CTIA)
CTIA · 740 questions
Certified Cybersecurity Technician (CCT)
CCT · 630 questions
Certified Secure Computer User (CSCU)
CSCU · 630 questions
EC-Council Certified Encryption Specialist (ECES)
ECES · 627 questions
ICS/SCADA Cybersecurity
ICS-SCADA · 627 questions
Network Defense Essentials (NDE)
NDE · 627 questions
$17.99
One-time access to this exam