SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Idlescan
Time To Live (TTL)
role-based access control
-sI
risk avoidance
2. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption
NetBSD
enumeration
Worm
Algorithm
3. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
public key
honeypot
Virtual Private Network (VPN)
Active Fingerprinting
4. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
Bastion host
Address Resolution Protocol (ARP) table
Telnet
red team
5. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Rijndael
queue
Filter
Overwhelm CAM table to convert switch to hub mode
6. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Cryptography
Cloning
Electronic Code Book (ECB)
S
7. Incremental Substitution
network interface card (NIC)
Replacing numbers in a url to access other files
penetration testing
Exposure Factor
8. Injecting traffic into the network to identify the operating system of a device.
Active Fingerprinting
single loss expectancy (SLE)
-P0
Hierarchical File System (HFS)
9. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
-sP
Asset
suicide hacker
HIDS
10. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Simple Object Access Protocol (SOAP)
Address Resolution Protocol (ARP)
Bluejacking
Accountability
11. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
out-of-band signaling
-sX
Cookie
encryption
12. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
remote access
Extensible Authentication Protocol (EAP)
Secure Sockets Layer (SSL)
Macro virus
13. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
Warm Site
remote access
RID Resource identifier
Eavesdropping
14. The art and science of creating a covert message or image within another message - image - audio - or video file.
Internet Assigned Number Authority (IANA)
Authentication Header (AH)
steganography
risk avoidance
15. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
Tunnel
Traceroute
Mantrap
No previous knowledge of the network
16. Ports 20/21
security by obscurity
FTP
network tap
port knocking
17. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
Defines legal email marketing
operating system attack
Vulnerability Scanning
stream cipher
18. A program designed to execute at a specific time to release malicious code onto the computer system or network.
firewalking
remote procedure call (RPC)
smart card
Time Bomb
19. White box test
Internal access to the network
network interface card (NIC)
Challenge Handshake Authentication Protocol (CHAP)
self encrypting
20. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
security controls
integrity
key exchange protocol
overt channel
21. White hat
sidejacking
Hacks with permission
Eavesdropping
Replacing numbers in a url to access other files
22. A protocol defining packets that are able to be routed by a router.
Telnet
routed protocol
Access Point (AP)
Lightweight Directory Access Protocol (LDAP)
23. nmap
802.11 i
Fraud and related activity in connection with computers
RxBoot
--randomize_hosts -O OS fingerprinting
24. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
NOP
Trusted Computer System Evaluation Criteria (TCSEC)
parallel scan & 300 sec timeout & 1.25 sec/probe
limitation of liability and remedies
25. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
risk avoidance
SYN flood attack
Time To Live (TTL)
POST
26. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
gray box testing
RPC-DCOM
Black Box Testing
piggybacking
27. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
Request for Comments (RFC)
key exchange protocol
Virtual Private Network (VPN)
hybrid attack
28. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
Whois
CAM table
Service Set Identifier (SSID)
-PP
29. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
International Organization for Standardization (ISO)
social engineering
parallel scan
Web Spider
30. Port 137/138/139
Internet Assigned Number Authority (IANA)
rootkit
impersonation
SMB
31. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
gap analysis
Cracker
Domain Name System (DNS) cache poisoning
-PT
32. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Dumpster Diving
Bluesnarfing
Worm
Exposure Factor
33. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
TACACS
gray hat
Domain Name System (DNS)
Collision Domain
34. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).
Rijndael
NetBSD
Baseline
protocol
35. A software or hardware defect that often results in system vulnerabilities.
Collision Domain
port redirection
Bug
MAC filtering
36. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Virus
CIA triangle
Cache
Console Port
37. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Target Of Engagement (TOE)
signature scanning
Application-Level Attacks
User Datagram Protocol (UDP)
38. A protocol for exchanging packets over a serial line.
NOP
Rijndael
INFOSEC Assessment Methodology (IAM)
Serial Line Internet Protocol (SLIP)
39. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.
hashing algorithm
source routing
Computer-Based Attack
intrusion detection system (IDS)
40. Another term for firewalking
Auditing
port knocking
Virus Hoax
steganography
41. The process of embedding information into a digital signal in a way that makes it difficult to remove.
HTTP tunneling
Digital Watermarking
single loss expectancy (SLE)
Echo request
42. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
Fiber Distributed Data Interface (FDDI)
Macro virus
HTTP
Zombie
43. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
FreeBSD
NOP
encryption
steganography
44. A wireless networking mode where all clients connect to the wireless network through a central access point.
infrastructure mode
segment
polymorphic virus
Acknowledgment (ACK)
45. The potential for damage to or loss of an IT asset
risk
Certificate Authority (CA)
Cracker
Antivirus (AV) software
46. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
suicide hacker
Cracker
Common Internet File System/Server Message Block
Network Basic Input/Output System (NetBIOS)
47. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
-sX
Back orifice
Challenge Handshake Authentication Protocol (CHAP)
queue
48. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
keylogger
-sT
Covert Channel
security defect
49. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
false rejection rate (FRR)
Trojan Horse
security incident response team (SIRT)
Transmission Control Protocol (TCP)
50. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
signature scanning
Directory Traversal
Ciphertext
Authentication Header (AH)