Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
security defect
Bluejacking
Eavesdropping
Internet service provider (ISP)

2. A social-engineering attack that manipulates the victim into calling the attacker for help.
Filter
Syslog
reverse social engineering
User Datagram Protocol (UDP)

3. CAN-SPAM
Hacks with permission
Zombie
Defines legal email marketing
Access Point (AP)

4. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
SOA record
Echo request
Tunneling Virus
Adware

5. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Digital Certificate
Archive
local area network (LAN)
encryption

6. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
Transport Layer Security (TLS)
RPC-DCOM
encapsulation
Bluejacking

7. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Rijndael
Methodology
Bluesnarfing
network access server

8. TCP connect() scan
-sT
nslookup
Digital Certificate
gap analysis

9. ICMP Type/Code 3
Wired Equivalent Privacy (WEP)
identity theft
Destination Unreachable
Domain Name System (DNS)

10. Evaluation in which testers attempt to penetrate the network.
protocol stack
Level III assessment
RID Resource identifier
--randomize_hosts -O OS fingerprinting

11. Sneaky scan timing
public key infrastructure (PKI)
Information Technology (IT) infrastructure
serialize scans & 15 sec wait
Tumbling

12. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a
symmetric encryption
Demilitarized Zone (DMZ)
site survey
Defines legal email marketing

13. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
router
Smurf attack
stateful packet filtering
passive attack

14. RPC Scan
802.11 i
shoulder surfing
-PM
-sR

15. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Finding a directory listing and gaining access to a parent or root file for access to other files
Tunnel
Access Creep
Vulnerability Scanning

16. An Application layer protocol for managing devices on an IP network.
Simple Network Management Protocol (SNMP)
steganography
Boot Sector Virus
smart card

17. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
War Driving
End User Licensing Agreement (EULA)
queue
Cookie

18. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
service level agreements (SLAs)
Baseline
open source
hashing algorithm

19. Controls to detect anomalies or undesirable events occurring on a system.
inference attack
Detective Controls
-sP
firewalking

20. A protocol for exchanging packets over a serial line.
signature scanning
port knocking
Buffer Overflow
Serial Line Internet Protocol (SLIP)

21. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Asymmetric
802.11
Internet Control Message Protocol (ICMP)
POST

22. A virus that plants itself in a system's boot sector and infects the master boot record.
Real application encompassing Trojan
Boot Sector Virus
Defense in Depth
RID Resource identifier

23. Hex 12
Point-to-Point Protocol (PPP)
A S
security bulletins
Echo request

24. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
OpenBSD
Routing Information Protocol (RIP)
Database
Network Address Translation (NAT)

25. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
secure channel
Kerberos
Archive
Google hacking

26. Insane scan timing
SYN flood attack
ping sweep
parallel scan & 75 sec timeout & 0.3 sec/probe
qualitative analysis

27. Two or more LANs connected by a high-speed line across a large geographical area.
Corrective Controls
sidejacking
Wide Area Network (WAN)
INFOSEC Assessment Methodology (IAM)

28. Port 80/81/8080
HTTP
network interface card (NIC)
remote access
security by obscurity

29. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
open source
HTTP tunneling
Multipurpose Internet Mail Extensions (MIME)
Domain Name System (DNS)

30. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
open source
Decryption
stream cipher
Multipartite virus

31. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
Common Internet File System/Server Message Block
Written Authorization
Network Address Translation (NAT)
routed protocol

32. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
POST
-sO
Database
rogue access point

33. ICMP Type/Code 0-0
forwarding
Auditing
Institute of Electrical and Electronics Engineers (IEEE)
Echo Reply

34. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
Tumbling
secure channel
Address Resolution Protocol (ARP)
Certificate Authority (CA)

35. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
Last In First Out (LIFO)
Due Care
Application Layer
Asynchronous

36. The exploitation of a security vulnerability
Malware
Uniform Resource Locator (URL)
security breach or security incident
NOP

37. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
Routing Protocol
War Chalking
Minimum acceptable level of risk
security defect

38. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
honeypot
Dumpster Diving
protocol
physical security

39. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
Buffer Overflow
rule-based access control
RID Resource identifier
private network address

40. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
impersonation
Banner Grabbing
-sV
Adware

41. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
private network address
Virus
Client
-sA

42. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.
hashing algorithm
hacktivism
Echo Reply
Traceroute

43. Port 110
POP 3
Event
Dumpster Diving
security by obscurity

44. A tool that helps a company to compare its actual performance with its potential performance.
War Driving
Man-in-the-middle attack
Time exceeded
gap analysis

45. An informed decision to accept the potential for damage to or loss of an IT asset.
Challenge Handshake Authentication Protocol (CHAP)
S
-sT
risk acceptance

46. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
SYN flood attack
personal identification number (PIN)
Active Attack
HTTP tunneling

47. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
remote procedure call (RPC)
Media Access Control (MAC)
Droppers
Redundant Array of Independent Disks (RAID)

48. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
Domain Name
scope creep
War Chalking
Overwhelm CAM table to convert switch to hub mode

49. Paranoid scan timing
sidejacking
parallel scan
serial scan & 300 sec wait
risk

50. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
shrink-wrap code attacks
Open System Interconnection (OSI) Reference Model
Address Resolution Protocol (ARP) table
POP 3