SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
Authentication
OpenBSD
sidejacking
Electronic serial number
2. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
ring topology
Secure Sockets Layer (SSL)
parameter tampering
risk transference
3. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
private network address
intrusion detection system (IDS)
Backdoor
Zombie
4. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
protocol
Access Point (AP)
Community String
Virus Hoax
5. A free and popular version of the Unix operating system.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Internet Assigned Number Authority (IANA)
-sL
FreeBSD
6. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Corrective Controls
Vulnerability
Audit Trail
Internet service provider (ISP)
7. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
Ciphertext
security controls
Trojan Horse
Digital Signature
8. A systematic process for the assessment of security vulnerabilities.
INFOSEC Assessment Methodology (IAM)
Confidentiality
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Banner Grabbing
9. Policy stating what users of a system can and cannot do with the organization's assets.
Digital Signature
sheepdip
Acceptable Use Policy (AUP)
Worm
10. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
Media Access Control (MAC)
phishing
Collision
security controls
11. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
ring topology
Countermeasures
suicide hacker
Boot Sector Virus
12. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
separation of duties
Address Resolution Protocol (ARP) table
Multipurpose Internet Mail Extensions (MIME)
Droppers
13. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
404EE
packet
Network Address Translation (NAT)
War Dialing
14. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
hashing algorithm
Adware
RID Resource identifier
open source
15. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Unicode
-sI
Trusted Computer System Evaluation Criteria (TCSEC)
Adware
16. A host designed to collect data on suspicious activity.
Timestamping
Real application encompassing Trojan
segment
honeypot
17. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
ad hoc mode
File Transfer Protocol (FTP)
Domain Name System (DNS)
self encrypting
18. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
NetBus
Sign in Seal
hybrid attack
-sA
19. Insane scan timing
network tap
Banner Grabbing
National Security Agency
parallel scan & 75 sec timeout & 0.3 sec/probe
20. Controls to detect anomalies or undesirable events occurring on a system.
Detective Controls
reverse social engineering
spam
Tunneling Virus
21. ICMP Netmask
local area network (LAN)
Collision Domain
-PM
Third Party
22. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
Discretionary Access Control (DAC)
firewalking
SYN flood attack
fully qualified domain name (FQDN)
23. A software or hardware defect that often results in system vulnerabilities.
XOR Operation
SYN attack
Bug
Overwhelm CAM table to convert switch to hub mode
24. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Interior Gateway Protocol (IGP)
-oA
Authentication Header (AH)
Collision Domain
25. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Smurf attack
802.11
Daisy Chaining
-sI
26. Describes practices in production and development that promote access to the end product's source materials.
role-based access control
Bit Flipping
White Box Testing
open source
27. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
replay attack
rootkit
symmetric algorithm
FTP
28. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
promiscuous mode
-sX
out-of-band signaling
rogue access point
29. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Tunneling
Asymmetric
HTTP tunneling
Address Resolution Protocol (ARP) table
30. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all
parallel scan & 300 sec timeout & 1.25 sec/probe
spam
Cryptographic Key
Routing Information Protocol (RIP)
31. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Access Creep
A S
node
Lightweight Directory Access Protocol (LDAP)
32. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
replay attack
802.11
Challenge Handshake Authentication Protocol (CHAP)
parameter tampering
33. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Point-to-Point Tunneling Protocol (PPTP)
Web Spider
Extensible Authentication Protocol (EAP)
Buffer
34. ACK Scan
serial scan & 300 sec wait
INFOSEC Assessment Methodology (IAM)
-sA
-p <port ranges>
35. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
spoofing
hardware keystroke logger
NOP
Kerberos
36. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Buffer Overflow
Discretionary Access Control (DAC)
Pretty Good Privacy (PGP)
Institute of Electrical and Electronics Engineers (IEEE)
37. Attacks on the actual programming code of an application.
Hierarchical File System (HFS)
Application-Level Attacks
promiscuous mode
Zero Subnet
38. A wireless networking mode where all clients connect to the wireless network through a central access point.
infrastructure mode
-oA
ECHO reply
phishing
39. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
spyware
network tap
sidejacking
FreeBSD
40. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
Videocipher II Satellite Encryption System
User Datagram Protocol (UDP)
Finger
Methodology
41. The transmission of digital signals without precise clocking or synchronization.
Simple Object Access Protocol (SOAP)
-PI
Whois
asynchronous transmission
42. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
Digital Certificate
port scanning
Virus Hoax
Threat
43. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Asymmetric Algorithm
SMB
Trojan Horse
rogue access point
44. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
remote procedure call (RPC)
encapsulation
Cryptography
Replacing numbers in a url to access other files
45. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
-oX
A procedure for identifying active hosts on a network.
Bastion host
rogue access point
46. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Virus
Temporal Key Integrity Protocol (TKIP)
Countermeasures
port scanning
47. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
symmetric encryption
The automated process of proactively identifying vulnerabilities of computing systems present in a network
TACACS
false rejection rate (FRR)
48. The process of embedding information into a digital signal in a way that makes it difficult to remove.
XOR Operation
Asset
Post Office Protocol 3 (POP3)
Digital Watermarking
49. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
identity theft
Information Technology (IT) asset criticality
-sL
session hijacking
50. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
RID Resource identifier
SMB
ring topology
logic bomb
