SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Cryptography
Access Control List (ACL)
End User Licensing Agreement (EULA)
Contingency Plan
2. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
out-of-band signaling
Time To Live (TTL)
Wi-Fi
Bluesnarfing
3. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
Covert Channel
Warm Site
SOA record
Sign in Seal
4. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.
hardware keystroke logger
service level agreements (SLAs)
Console Port
Buffer Overflow
5. The process of recording activity on a system for monitoring and later review.
limitation of liability and remedies
Auditing
Bit Flipping
Authorization
6. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Internet Protocol (IP)
Competitive Intelligence
intranet
Secure Multipurpose Mail Extension (S/MIME)
7. A software or hardware defect that often results in system vulnerabilities.
Secure Multipurpose Mail Extension (S/MIME)
Asymmetric Algorithm
Bug
War Driving
8. Version Detection Scan
Time Bomb
Countermeasures
SYN flood attack
-sV
9. A protocol defining packets that are able to be routed by a router.
Biometrics
security incident response team (SIRT)
routed protocol
Asymmetric Algorithm
10. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
Block Cipher
Port Address Translation (PAT)
rogue access point
Google hacking
11. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
Macro virus
fully qualified domain name (FQDN)
out-of-band signaling
public key
12. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
-sU
hardware keystroke logger
Authentication Header (AH)
MAC filtering
13. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
Blowfish
Ethical Hacker
Wireless Local Area Network (WLAN)
queue
14. The conveying of official access or legal power to a person or entity.
firewalking
Data Encryption Standard (DES)
-sR
Authorization
15. A software or hardware application or device that captures user keystrokes.
open source
keylogger
Secure Multipurpose Mail Extension (S/MIME)
NetBus
16. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
Eavesdropping
Client
Echo request
Domain Name System (DNS)
17. Port 80/81/8080
HTTP
Hypertext Transfer Protocol Secure (HTTPS)
Target Of Engagement (TOE)
Acceptable Use Policy (AUP)
18. An Application layer protocol for sending electronic mail between servers.
Simple Mail Transfer Protocol (SMTP)
Authentication - Authorization - and Accounting (AAA)
-oA
flood
19. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
Institute of Electrical and Electronics Engineers (IEEE)
integrity
replay attack
Internal access to the network
20. The change or growth of a project's scope
-P0
NOP
scope creep
Directory Traversal
21. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Audit Data
Echo Reply
remote access
-sP
22. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
FTP
-sO
protocol stack
CAM table
23. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Internet Control Message Protocol (ICMP)
Virus Hoax
Digital Signature
R
24. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
-sW
Point-to-Point Protocol (PPP)
rogue access point
Google hacking
25. MAC Flooding
HTTP tunneling
Replacing numbers in a url to access other files
Unicode
Overwhelm CAM table to convert switch to hub mode
26. White box test
Internal access to the network
Asynchronous
Wrapper
U P F
27. An Internet routing protocol used to exchange routing information within an autonomous system.
sidejacking
Interior Gateway Protocol (IGP)
honeynet
Traceroute
28. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Cache
Mantrap
Trusted Computer Base (TCB)
Trusted Computer System Evaluation Criteria (TCSEC)
29. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Droppers
network tap
Ciphertext
Boot Sector Virus
30. A device on a network.
node
false negative
SNMP
halo effect
31. Insane scan timing
-sL
parallel scan & 75 sec timeout & 0.3 sec/probe
smart card
risk acceptance
32. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
audit
Acceptable Use Policy (AUP)
site survey
Level III assessment
33. Port 110
physical security
public key
POP 3
session splicing
34. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
open source
protocol stack
encryption
Tunneling Virus
35. The lack of clocking (imposed time ordering) on a bit stream.
RID Resource identifier
public key infrastructure (PKI)
Trapdoor Function
Asynchronous
36. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
Mantrap
piggybacking
-PT
SNMP
37. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
Zero Subnet
segment
End User Licensing Agreement (EULA)
U P F
38. ACK Scan
Password Authentication Protocol (PAP)
-sA
port scanning
Authorization
39. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
Dumpster Diving
Buffer
separation of duties
phishing
40. Paranoid scan timing
self encrypting
Institute of Electrical and Electronics Engineers (IEEE)
serial scan & 300 sec wait
risk avoidance
41. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
session hijacking
spyware
Active Attack
firewalking
42. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
quality of service (QoS)
Cloning
Internet Protocol Security (IPSec) architecture
Warm Site
43. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
nslookup
forwarding
Event
intrusion prevention system (IPS)
44. ICMP Ping
firewall
Point-to-Point Tunneling Protocol (PPTP)
-PI
Assessment
45. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
Domain Name System (DNS) lookup
logic bomb
A R
Access Creep
46. A routing protocol developed to be used within a single organization.
Network Address Translation (NAT)
quantitative risk assessment
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Interior Gateway Protocol (IGP)
47. The transmission of digital signals without precise clocking or synchronization.
asynchronous transmission
parallel scan
piggybacking
Active Fingerprinting
48. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
War Dialing
Secure Sockets Layer (SSL)
Simple Network Management Protocol (SNMP)
-PM
49. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
packet
protocol stack
parallel scan & 300 sec timeout & 1.25 sec/probe
50. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Bug
hash
Assessment
security by obscurity