SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
qualitative analysis
S
security bulletins
Network Basic Input/Output System (NetBIOS)
2. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
-oN
integrity
piggybacking
-PB
3. Cracking Tools
shrink-wrap code attacks
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Mandatory access control (MAC)
session splicing
4. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
LDAP
local area network (LAN)
polymorphic virus
-b
5. ex 02
Virus Hoax
Adware
S
End User Licensing Agreement (EULA)
6. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Anonymizer
Interior Gateway Protocol (IGP)
Request for Comments (RFC)
impersonation
7. A systematic process for the assessment of security vulnerabilities.
Blowfish
Authorization
INFOSEC Assessment Methodology (IAM)
single loss expectancy (SLE)
8. An attack that exploits the common mistake many people make when installing operating systems
operating system attack
Accountability
Electronic Code Book (ECB)
Pretty Good Privacy (PGP)
9. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
packet filtering
DNS
Crossover Error Rate (CER)
Level II assessment
10. Another term for firewalking
port redirection
Cache
Copyright
port knocking
11. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
-PP
hot site
human-based social engineering
Authentication
12. The lack of clocking (imposed time ordering) on a bit stream.
spyware
Echo request
Asynchronous
Brute-Force Password Attack
13. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
Internet service provider (ISP)
Baseline
Zombie
risk assessment
14. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
queue
Hypertext Transfer Protocol Secure (HTTPS)
MAC filtering
-PB
15. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
Active Attack
-p <port ranges>
-sW
network access server
16. An organized collection of data.
service level agreements (SLAs)
Database
ring topology
-p <port ranges>
17. Window Scan
Collision
-sW
Routing Protocol
Challenge Handshake Authentication Protocol (CHAP)
18. A wireless networking mode where all clients connect to the wireless network through a central access point.
parallel scan & 75 sec timeout & 0.3 sec/probe
intranet
infrastructure mode
War Chalking
19. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
TACACS
Competitive Intelligence
Eavesdropping
identity theft
20. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Smurf attack
Anonymizer
-oA
Wi-Fi Protected Access (WPA)
21. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
-oX
session splicing
Rijndael
Administratively Prohibited
22. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
Certificate Authority (CA)
Virtual Private Network (VPN)
Time Bomb
audit
23. Transmitting one protocol encapsulated inside another protocol.
identity theft
Tunneling
Pretty Good Privacy (PGP)
Black Hat
24. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
Distributed DoS (DDoS)
SYN flood attack
hash
Asymmetric
25. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
Redundant Array of Independent Disks (RAID)
proxy server
human-based social engineering
remote procedure call (RPC)
26. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Multipartite virus
ECHO reply
Hacks without permission
Cracker
27. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Block Cipher
Telnet
Replacing numbers in a url to access other files
Wi-Fi
28. The concept of having more than one person required to complete a task
Wired Equivalent Privacy (WEP)
Audit Trail
role-based access control
separation of duties
29. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Traceroute
Access Point (AP)
NetBus
Access Creep
30. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Methodology
Electronic serial number
honeypot
A S
31. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
CIA triangle
GET
Simple Mail Transfer Protocol (SMTP)
ISO 17799
32. Incremental Substitution
Replacing numbers in a url to access other files
Cache
Trojan Horse
War Chalking
33. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Level III assessment
Bluesnarfing
Request for Comments (RFC)
Point-to-Point Protocol (PPP)
34. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
private network address
Tini
Buffer Overflow
Zone transfer
35. Port 53
parallel scan & 300 sec timeout & 1.25 sec/probe
DNS
Discretionary Access Control (DAC)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
36. List Scan
Master boot record infector
-sL
segment
sidejacking
37. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
Buffer
Ethical Hacker
intrusion prevention system (IPS)
Transport Layer Security (TLS)
38. A file system used by the Mac OS.
qualitative analysis
Hierarchical File System (HFS)
symmetric encryption
OpenBSD
39. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
protocol
flood
fragmentation
remote procedure call (RPC)
40. A document describing information security guidelines - policies - procedures - and standards.
Antivirus (AV) software
Network Address Translation (NAT)
Wi-Fi Protected Access (WPA)
Information Technology (IT) security architecture and framework
41. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
phishing
Authentication Header (AH)
Cold Site
RID Resource identifier
42. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
802.11
--randomize_hosts -O OS fingerprinting
ECHO reply
Point-to-Point Tunneling Protocol (PPTP)
43. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
SMB
Corrective Controls
port knocking
International Organization for Standardization (ISO)
44. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Internet Assigned Number Authority (IANA)
shoulder surfing
Accountability
War Chalking
45. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
Temporal Key Integrity Protocol (TKIP)
Daemon
Countermeasures
Corrective Controls
46. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Packet Internet Groper (ping)
NetBSD
Address Resolution Protocol (ARP) table
Countermeasures
47. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
Denial of Service (DoS)
Destination Unreachable
No previous knowledge of the network
Wired Equivalent Privacy (WEP)
48. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
-sS
Web Spider
patch
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
49. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
Defense in Depth
null session
Discretionary Access Control (DAC)
50. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
shoulder surfing
Presentation layer
ring topology
Domain Name
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests