Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
node
integrity
Institute of Electrical and Electronics Engineers (IEEE)
reverse lookup; reverse DNS lookup

2. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
reconnaissance
Block Cipher
Copyright
Videocipher II Satellite Encryption System

3. Shifting responsibility from one party to another
Tiger Team
flood
risk transference
Copyright

4. ICMP Type/Code 3
Destination Unreachable
GET
Wi-Fi Protected Access (WPA)
Buffer

5. A group of people - gathered together by a business entity - working to address a specific problem or goal.
Tiger Team
Application-Level Attacks
Fast Ethernet
Tunneling

6. A computer process that requests a service from another computer and accepts the server's responses.
rogue access point
Man-in-the-middle attack
SSH
Client

7. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
Active Attack
War Dialing
Internet Control Message Protocol (ICMP)
impersonation

8. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Access Creep
Hypertext Transfer Protocol Secure (HTTPS)
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Electronic serial number

9. A computer network confined to a relatively small area - such as a single building or campus.
local area network (LAN)
ISO 17799
Authentication - Authorization - and Accounting (AAA)
piggybacking

10. Port 23
signature scanning
DNS
net use \[target ip]IPC$ '' /user:''
Telnet

11. Hex 14
NetBus
Collision
Sign in Seal
A R

12. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Ciphertext
Discretionary Access Control (DAC)
-PT
-sL

13. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
Due Care
Backdoor
Hacks with permission
payload

14. Access by information systems (or users) communicating from outside the information system security perimeter.
remote access
hybrid attack
Crossover Error Rate (CER)
Finger

15. An early network application that provides information on users currently logged on to a machine.
Finger
Domain Name
Hacks without permission
802.11 i

16. A group of experts that handles computer security incidents.
Domain Name System (DNS) cache poisoning
security incident response team (SIRT)
private key
A

17. The concept of having more than one person required to complete a task
fully qualified domain name (FQDN)
separation of duties
FreeBSD
sidejacking

18. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
Third Party
Application Layer
Warm Site
Master boot record infector

19. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Port Address Translation (PAT)
ad hoc mode
War Chalking
Wi-Fi Protected Access (WPA)

20. The potential for damage to or loss of an IT asset
risk
Port Address Translation (PAT)
Finding a directory listing and gaining access to a parent or root file for access to other files
encapsulation

21. A social-engineering attack that manipulates the victim into calling the attacker for help.
reverse social engineering
--randomize_hosts -O OS fingerprinting
Whois
White Box Testing

22. Policy stating what users of a system can and cannot do with the organization's assets.
Acceptable Use Policy (AUP)
Buffer
Hacks without permission
Replacing numbers in a url to access other files

23. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Secure Multipurpose Mail Extension (S/MIME)
source routing
-PI
Digital Watermarking

24. The Security Accounts Manager file in Windows stores all the password hashes for the system.
SAM
Mantrap
A R
Collision

25. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
Exposure Factor
reverse social engineering
footprinting
rogue access point

26. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
Fast Ethernet
SAM
Post Office Protocol 3 (POP3)
Electronic Code Book (ECB)

27. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Denial of Service (DoS)
node
Telnet
White Box Testing

28. Port 53
infrastructure mode
Internet Assigned Number Authority (IANA)
DNS
Exploit

29. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
hot site
packet
Tini
Cloning

30. Vulnerability Scanning
replay attack
Droppers
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Time Bomb

31. Establish Null Session
Mantrap
Destination Unreachable
ECHO reply
net use \[target ip]IPC$ '' /user:''

32. Directory Transversal
Finding a directory listing and gaining access to a parent or root file for access to other files
-sU
Cold Site
Extensible Authentication Protocol (EAP)

33. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
security bulletins
Bluesnarfing
Target Of Engagement (TOE)
role-based access control

34. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination
A procedure for identifying active hosts on a network.
honeypot
Tini
packet filtering

35. 18 U.S.C. 1029
Internet Control Message Protocol (ICMP)
A procedure for identifying active hosts on a network.
Possession of access devices
-p <port ranges>

36. Port 110
Man-in-the-middle attack
Master boot record infector
Access Control List (ACL)
POP 3

37. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
hash
segment
Time Bomb
encryption

38. A Windows-based GUI version of nmap.
spoofing
initial sequence number (ISN)
Zenmap
Media Access Control (MAC)

39. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Multipartite virus
remote access
Multipurpose Internet Mail Extensions (MIME)
-sS

40. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Domain Name System (DNS) lookup
Simple Object Access Protocol (SOAP)
CIA triangle
-oG

41. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
Due Care
Filter
route
network operations center (NOC)

42. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
Address Resolution Protocol (ARP)
Bastion host
Institute of Electrical and Electronics Engineers (IEEE)
File Transfer Protocol (FTP)

43. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
service level agreements (SLAs)
nslookup
Collision
Confidentiality

44. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
hashing algorithm
TACACS
Wrapper
source routing

45. Paranoid scan timing
serial scan & 300 sec wait
Asymmetric
-sI
keylogger

46. Transmitting one protocol encapsulated inside another protocol.
Wi-Fi Protected Access (WPA)
Tunneling
rule-based access control
Archive

47. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
Fraud and related activity in connection with computers
Ethical Hacker
enumeration
Computer-Based Attack

48. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
risk acceptance
Telnet
self encrypting
sidejacking

49. A document describing information security guidelines - policies - procedures - and standards.
impersonation
Decryption
Information Technology (IT) security architecture and framework
SYN flood attack

50. Monitoring of telephone or Internet conversations - typically by covert means.
Wiretapping
Information Technology (IT) asset valuation
Threat
Worm