SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
fragmentation
Audit Data
remote procedure call (RPC)
replay attack
2. Port 31337
symmetric encryption
risk avoidance
International Organization for Standardization (ISO)
Back orifice
3. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Local Administrator
Discretionary Access Control (DAC)
Zombie
social engineering
4. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Hypertext Transfer Protocol Secure (HTTPS)
Authorization
infrastructure mode
Last In First Out (LIFO)
5. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Echo Reply
Malicious code
Trojan Horse
FTP
6. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
network operations center (NOC)
Bastion host
suicide hacker
Virtual Local Area Network (VLAN)
7. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
A
Administratively Prohibited
Algorithm
Asymmetric
8. CAN-SPAM
Defines legal email marketing
Black Hat
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Service Set Identifier (SSID)
9. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
session hijacking
Echo request
Kerberos
Bluetooth
10. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
INFOSEC Assessment Methodology (IAM)
Corrective Controls
security controls
Time Bomb
11. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
Demilitarized Zone (DMZ)
Internet Control Message Protocol (ICMP)
Hypertext Transfer Protocol Secure (HTTPS)
remote access
12. Port 80/81/8080
firewall
Algorithm
HTTP
intrusion detection system (IDS)
13. Ping Scan
serialize scans & 15 sec wait
SSH
Due Diligence
-sP
14. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
serialize scans & 15 sec wait
Asynchronous
hacktivism
Tini
15. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
impersonation
Common Internet File System/Server Message Block
Worm
Access Creep
16. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Hacks with permission
Trapdoor Function
NetBus
forwarding
17. A social-engineering attack that manipulates the victim into calling the attacker for help.
sheepdip
Cracker
reverse social engineering
risk avoidance
18. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
risk avoidance
Discretionary Access Control (DAC)
public key
non-repudiation
19. A group of experts that handles computer security incidents.
-PB
security incident response team (SIRT)
Last In First Out (LIFO)
Defense in Depth
20. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
honeynet
Transmission Control Protocol (TCP)
logic bomb
serialize scans & 0.4 sec wait
21. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.
Decryption
Zombie
Simple Mail Transfer Protocol (SMTP)
Trusted Computer System Evaluation Criteria (TCSEC)
22. Hex 10
A
Three-Way (TCP) Handshake
Boot Sector Virus
Exploit
23. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
key exchange protocol
protocol stack
Time To Live (TTL)
Zone transfer
24. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
Trusted Computer System Evaluation Criteria (TCSEC)
SNMP
802.11
Port Address Translation (PAT)
25. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
Distributed DoS (DDoS)
role-based access control
Bluesnarfing
smart card
26. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
packet filtering
Wi-Fi
key exchange protocol
null session
27. Version Detection Scan
Network Basic Input/Output System (NetBIOS)
-sV
security defect
Vulnerability
28. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
separation of duties
shoulder surfing
Simple Object Access Protocol (SOAP)
Digital Signature
29. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Fraud and related activity in connection with computers
public key infrastructure (PKI)
Temporal Key Integrity Protocol (TKIP)
router
30. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Trusted Computer System Evaluation Criteria (TCSEC)
Multipurpose Internet Mail Extensions (MIME)
audit
Digital Certificate
31. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
Ethernet
physical security
Malicious code
Request for Comments (RFC)
32. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
social engineering
XOR Operation
quality of service (QoS)
symmetric algorithm
33. NSA
RxBoot
public key
route
National Security Agency
34. The process of recording activity on a system for monitoring and later review.
impersonation
Auditing
security defect
logic bomb
35. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Pretty Good Privacy (PGP)
public key infrastructure (PKI)
Blowfish
Backdoor
36. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Possession of access devices
Contingency Plan
human-based social engineering
honeynet
37. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Rijndael
Ethernet
Threat
ECHO reply
38. Hashing algorithm that results in a 128-bit output.
MD5
Hypertext Transfer Protocol Secure (HTTPS)
null session
File Allocation Table (FAT)
39. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
private network address
limitation of liability and remedies
INFOSEC Assessment Methodology (IAM)
-sS
40. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Information Technology (IT) asset criticality
Time Bomb
protocol stack
Cache
41. Establish Null Session
War Chalking
-p <port ranges>
net use \[target ip]IPC$ '' /user:''
risk
42. A computer virus that infects and spreads in multiple ways.
Multipartite virus
non-repudiation
Access Creep
remote procedure call (RPC)
43. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
piggybacking
rule-based access control
Authentication - Authorization - and Accounting (AAA)
Digital Watermarking
44. A protocol used for sending and receiving log information for nodes on a network.
Tunneling
suicide hacker
Discretionary Access Control (DAC)
Syslog
45. A computer file system architecture used in Windows - OS/2 - and most memory cards.
security bulletins
session splicing
false negative
File Allocation Table (FAT)
46. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
Authentication - Authorization - and Accounting (AAA)
ISO 17799
Ethernet
security bulletins
47. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Contingency Plan
Presentation layer
parallel scan
Access Creep
48. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
Syslog
SID
separation of duties
Methodology
49. TCP SYN Scan
-sS
firewalking
Daemon
Distributed DoS (DDoS)
50. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
Network Basic Input/Output System (NetBIOS)
File Allocation Table (FAT)
smart card
Domain Name