SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer network confined to a relatively small area - such as a single building or campus.
Timestamping
local area network (LAN)
Event
Client
2. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
A
Replacing numbers in a url to access other files
War Chalking
piggybacking
3. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
War Chalking
Black Hat
Target Of Engagement (TOE)
network tap
4. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
parallel scan & 300 sec timeout & 1.25 sec/probe
Transport Layer Security (TLS)
Domain Name System (DNS)
Wrapper
5. Port 53
MD5
Defense in Depth
reconnaissance
DNS
6. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
Cold Site
File Transfer Protocol (FTP)
-sF
Cloning
7. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
enumeration
logic bomb
Wi-Fi Protected Access (WPA)
Wiretapping
8. SYN Ping
Bug
Pretty Good Privacy (PGP)
Active Directory (AD)
-PS
9. Policy stating what users of a system can and cannot do with the organization's assets.
risk assessment
Acceptable Use Policy (AUP)
Trusted Computer Base (TCB)
hash
10. Xmas Tree scan
Worm
physical security
Zone transfer
-sX
11. Polite scan timing
Vulnerability Scanning
serialize scans & 0.4 sec wait
A
802.11 i
12. Name given to expert groups that handle computer security incidents.
Baseline
Computer Emergency Response Team (CERT)
File Allocation Table (FAT)
sheepdip
13. ICMP Type/Code 8
Echo request
War Dialing
Self Replicating
-oA
14. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
Vulnerability
Corrective Controls
spam
Secure Sockets Layer (SSL)
15. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
promiscuous mode
Last In First Out (LIFO)
payload
port redirection
16. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
iris scanner
Archive
scope creep
CIA triangle
17. FTP Bounce Attack
Transport Layer Security (TLS)
Accountability
-b
Community String
18. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Mandatory access control (MAC)
Domain Name System (DNS) lookup
FreeBSD
payload
19. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Transmission Control Protocol (TCP)
-sF
Vulnerability
-PB
20. A social-engineering attack that manipulates the victim into calling the attacker for help.
reverse social engineering
key exchange protocol
Address Resolution Protocol (ARP)
R
21. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Due Diligence
security by obscurity
footprinting
22. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
Auditing
red team
Multipartite virus
audit
23. The process of using easily accessible DNS records to map a target network's internal hosts.
inference attack
DNS enumeration
passive attack
Virus
24. A systematic process for the assessment of security vulnerabilities.
protocol
INFOSEC Assessment Methodology (IAM)
ECHO reply
Black Hat
25. TCP SYN Scan
network access server
-sS
penetration testing
FreeBSD
26. UDP Scan
remote access
-sU
Pretty Good Privacy (PGP)
Digital Certificate
27. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
sniffer
Crossover Error Rate (CER)
Point-to-Point Protocol (PPP)
Audit Data
28. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
NetBSD
RxBoot
Secure Multipurpose Mail Extension (S/MIME)
Google hacking
29. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
Traceroute
net use \[target ip]IPC$ '' /user:''
Digital Certificate
Common Internet File System/Server Message Block
30. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
serialize scans & 15 sec wait
polymorphic virus
Malicious code
risk assessment
31. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
Buffer
Collision
spam
SYN flood attack
32. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Vulnerability Scanning
parallel scan
Telnet
Asymmetric
33. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Unicode
FTP
User Datagram Protocol (UDP)
Due Care
34. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Assessment
Discretionary Access Control (DAC)
Electronic serial number
Virtual Local Area Network (VLAN)
35. ICMP Ping
-PI
Vulnerability Assessment
port knocking
session hijacking
36. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
Vulnerability
protocol stack
Digital Certificate
OpenBSD
37. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
route
NetBus
Covert Channel
Possession of access devices
38. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Methodology
Demilitarized Zone (DMZ)
LDAP
SYN flood attack
39. An Internet routing protocol used to exchange routing information within an autonomous system.
Ethical Hacker
Ciphertext
Interior Gateway Protocol (IGP)
-oA
40. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
session hijacking
-PS
Database
-PT
41. Two or more LANs connected by a high-speed line across a large geographical area.
Wide Area Network (WAN)
serialize scans & 15 sec wait
Adware
No previous knowledge of the network
42. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Ethernet
queue
Bit Flipping
Local Administrator
43. Directing a protocol from one port to another.
Acceptable Use Policy (AUP)
port redirection
Application Layer
-sO
44. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
Audit Data
intrusion detection system (IDS)
Copyright
EDGAR database
45. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Audit Trail
R
Black Hat
shoulder surfing
46. White hat
Hacks with permission
gap analysis
File Allocation Table (FAT)
Network Basic Input/Output System (NetBIOS)
47. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
-PT
EDGAR database
infrastructure mode
Media Access Control (MAC)
48. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Traceroute
Smurf attack
network access server
sidejacking
49. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Audit Data
Algorithm
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Secure Sockets Layer (SSL)
50. A defined measure of service within a network system
network interface card (NIC)
operating system attack
SYN attack
quality of service (QoS)