SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
Methodology
-oA
protocol stack
Common Internet File System/Server Message Block
2. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
session splicing
War Dialing
Smurf attack
Unicode
3. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
enumeration
forwarding
segment
Zenmap
4. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
TACACS
Trojan Horse
Tunnel
NT LAN Manager (NTLM)
5. Nmap normal output
Demilitarized Zone (DMZ)
-oN
Directory Traversal
parallel scan & 75 sec timeout & 0.3 sec/probe
6. FTP Bounce Attack
Tunneling
Redundant Array of Independent Disks (RAID)
-b
FTP
7. Incremental Substitution
-P0
Certificate
International Organization for Standardization (ISO)
Replacing numbers in a url to access other files
8. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
scope creep
rootkit
parameter tampering
Internet Assigned Number Authority (IANA)
9. A computer network confined to a relatively small area - such as a single building or campus.
heuristic scanning
local area network (LAN)
XOR Operation
Internal access to the network
10. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
spyware
EDGAR database
Tumbling
-sT
11. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Eavesdropping
Due Diligence
Methodology
Console Port
12. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
role-based access control
Collision Domain
International Organization for Standardization (ISO)
security controls
13. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Access Control List (ACL)
operating system attack
Timestamping
local area network (LAN)
14. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Zombie
router
Cracker
hot site
15. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
CIA triangle
Echo request
serialize scans & 15 sec wait
payload
16. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
Wrapper
security kernel
U P F
-PB
17. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Information Technology (IT) infrastructure
Access Control List (ACL)
Vulnerability
Trusted Computer Base (TCB)
18. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
initial sequence number (ISN)
TACACS
Level III assessment
CAM table
19. Shifting responsibility from one party to another
risk transference
-oA
sniffer
Fast Ethernet
20. A virus that plants itself in a system's boot sector and infects the master boot record.
Boot Sector Virus
Post Office Protocol 3 (POP3)
Multipartite virus
Brute-Force Password Attack
21. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
security by obscurity
Finger
POST
Annualized Loss Expectancy (ALE)
22. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
Last In First Out (LIFO)
network operations center (NOC)
Daemon
ISO 17799
23. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
SAM
Competitive Intelligence
Antivirus (AV) software
passive attack
24. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Finger
Anonymizer
Black Hat
Zombie
25. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
encapsulation
Dumpster Diving
Timestamping
War Driving
26. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
R
SYN attack
-sP
Simple Network Management Protocol (SNMP)
27. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
802.11
self encrypting
FreeBSD
intrusion detection system (IDS)
28. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
POST
red team
RPC-DCOM
Trusted Computer System Evaluation Criteria (TCSEC)
29. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
POP 3
-sO
Annualized Loss Expectancy (ALE)
Hacks without permission
30. Any network incident that prompts some kind of log entry or other notification.
HTTP
A S
Wired Equivalent Privacy (WEP)
Event
31. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
EDGAR database
-sT
fully qualified domain name (FQDN)
Telnet
32. Port 22
flood
Methodology
SSH
--randomize_hosts -O OS fingerprinting
33. 18 U.S.C. 1030
Console Port
INFOSEC Assessment Methodology (IAM)
source routing
Fraud and related activity in connection with computers
34. Nmap ml output
open source
nslookup
-oX
Information Technology (IT) asset valuation
35. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
security by obscurity
enumeration
false negative
SYN attack
36. Black box test
Post Office Protocol 3 (POP3)
No previous knowledge of the network
Cold Site
Possession of access devices
37. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
gray box testing
social engineering
Local Administrator
-p <port ranges>
38. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
Routing Protocol
ad hoc mode
Wide Area Network (WAN)
Accountability
39. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
packet filtering
Buffer
Point-to-Point Protocol (PPP)
gray hat
40. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Active Directory (AD)
Internet Assigned Number Authority (IANA)
Bluetooth
Hypertext Transfer Protocol Secure (HTTPS)
41. ICMP Type/Code 8
enumeration
Echo request
port scanning
-oN
42. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Application Layer
Cold Site
payload
human-based social engineering
43. Computer software or hardware that can intercept and log traffic passing over a digital network.
-PS
sniffer
quantitative risk assessment
Collision
44. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
red team
Domain Name System (DNS) cache poisoning
Asymmetric Algorithm
Active Attack
45. The monetary value assigned to an IT asset.
Daemon
Information Technology (IT) asset valuation
overt channel
Asset
46. Using conversation or some other interaction between people to gather useful information.
RPC-DCOM
public key infrastructure (PKI)
human-based social engineering
Antivirus (AV) software
47. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
packet filtering
Minimum acceptable level of risk
sheepdip
File Transfer Protocol (FTP)
48. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
security defect
risk transference
RxBoot
Crossover Error Rate (CER)
49. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination
physical security
packet filtering
security incident response team (SIRT)
War Driving
50. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Google hacking
script kiddie
Internal access to the network
phishing
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests