SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Computer software or hardware that can intercept and log traffic passing over a digital network.
sniffer
security by obscurity
Domain Name System (DNS) lookup
-b
2. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
Domain Name System (DNS) lookup
Buffer Overflow
Common Internet File System/Server Message Block
Application Layer
3. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.
parallel scan & 75 sec timeout & 0.3 sec/probe
Block Cipher
-PM
Black Hat
4. ICMP Timestamp
Address Resolution Protocol (ARP) table
Request for Comments (RFC)
-PP
Packet Internet Groper (ping)
5. The level of importance assigned to an IT asset
firewalking
passive attack
Information Technology (IT) asset criticality
Due Care
6. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
Biometrics
Level II assessment
replay attack
integrity
7. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
Buffer Overflow
payload
Database
impersonation
8. A string that represents the location of a web resource
packet
Point-to-Point Tunneling Protocol (PPTP)
Uniform Resource Locator (URL)
Hacks with permission
9. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
-oA
Community String
NOP
War Driving
10. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
null session
LDAP
Virtual Private Network (VPN)
heuristic scanning
11. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
TACACS
802.11
Echo request
Port Address Translation (PAT)
12. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Tunneling
false rejection rate (FRR)
Wireless Local Area Network (WLAN)
security kernel
13. An adapter that provides the physical connection to send and receive data between the computer and the network media.
Information Technology (IT) infrastructure
Computer Emergency Response Team (CERT)
S
network interface card (NIC)
14. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
firewall
Access Control List (ACL)
Digital Certificate
overt channel
15. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
Domain Name System (DNS) cache poisoning
Minimum acceptable level of risk
HTTP tunneling
Vulnerability Scanning
16. Black box test
No previous knowledge of the network
Pretty Good Privacy (PGP)
-PT
hot site
17. Another term for firewalking
packet
port knocking
Daemon
802.11
18. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Covert Channel
ad hoc mode
Competitive Intelligence
hashing algorithm
19. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Smurf attack
Fiber Distributed Data Interface (FDDI)
Institute of Electrical and Electronics Engineers (IEEE)
Secure Multipurpose Mail Extension (S/MIME)
20. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Trusted Computer System Evaluation Criteria (TCSEC)
Anonymizer
Algorithm
security by obscurity
21. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
packet
Interior Gateway Protocol (IGP)
-sI
Application Layer
22. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Multipartite virus
Tunneling Virus
Annualized Loss Expectancy (ALE)
Access Creep
23. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Acceptable Use Policy (AUP)
DNS
Exposure Factor
Virus Hoax
24. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
reverse lookup; reverse DNS lookup
security controls
encryption
Access Control List (ACL)
25. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
Three-Way (TCP) Handshake
Service Set Identifier (SSID)
Event
packet filtering
26. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
Authentication Header (AH)
red team
Point-to-Point Protocol (PPP)
ping sweep
27. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
Bluejacking
shrink-wrap code attacks
queue
Videocipher II Satellite Encryption System
28. An attack that combines a brute-force attack with a dictionary attack.
-sV
R
Event
hybrid attack
29. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
footprinting
Simple Network Management Protocol (SNMP)
risk avoidance
Audit Trail
30. Hex 12
-PM
physical security
A S
--randomize_hosts -O OS fingerprinting
31. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
risk assessment
honeynet
Black Box Testing
smart card
32. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Domain Name System (DNS)
Information Technology (IT) asset valuation
Ciphertext
POST
33. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
session hijacking
Request for Comments (RFC)
Internet Protocol (IP)
Assessment
34. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
audit
Telnet
firewall
Cookie
35. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
parameter tampering
Dumpster Diving
hashing algorithm
Finger
36. A method of external testing whereby several systems or resources are used together to effect an attack.
stateful packet filtering
Daisy Chaining
honeypot
false negative
37. Polymorphic Virus
net use \[target ip]IPC$ '' /user:''
Open System Interconnection (OSI) Reference Model
self encrypting
session hijacking
38. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Kerberos
Information Technology Security Evaluation Criteria (ITSEC)
security incident response team (SIRT)
key exchange protocol
39. An organized collection of data.
Database
FTP
parallel scan
Digital Signature
40. The process of using easily accessible DNS records to map a target network's internal hosts.
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
DNS enumeration
logic bomb
packet filtering
41. Window Scan
Timestamping
footprinting
honeynet
-sW
42. Ports 20/21
FTP
Console Port
Digital Signature
Boot Sector Virus
43. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
hashing algorithm
security bulletins
Client
A R
44. Hex 14
A R
node
serialize scans & 0.4 sec wait
Acceptable Use Policy (AUP)
45. Transmitting one protocol encapsulated inside another protocol.
operating system attack
SYN flood attack
Tunneling
ISO 17799
46. A computer virus that infects and spreads in multiple ways.
Multipartite virus
Real application encompassing Trojan
Address Resolution Protocol (ARP) table
Point-to-Point Tunneling Protocol (PPTP)
47. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
site survey
Collision
NOP
R
48. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Trusted Computer Base (TCB)
-oX
-PS
Auditing
49. A computer file system architecture used in Windows - OS/2 - and most memory cards.
security controls
Exposure Factor
false rejection rate (FRR)
File Allocation Table (FAT)
50. Nmap ml output
-oX
Routing Information Protocol (RIP)
Pretty Good Privacy (PGP)
stream cipher
