SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
overt channel
Annualized Loss Expectancy (ALE)
CNAME record
-sF
2. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
red team
open source
Wired Equivalent Privacy (WEP)
R
3. Recording the time - normally in a log file - when an event happens or when information is created or modified.
sniffer
Hypertext Transfer Protocol (HTTP)
-sW
Timestamping
4. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
parallel scan & 75 sec timeout & 0.3 sec/probe
Bluetooth
ad hoc mode
FreeBSD
5. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
shoulder surfing
Cryptographic Key
proxy server
Open System Interconnection (OSI) Reference Model
6. A virus designed to infect the master boot record.
security by obscurity
Master boot record infector
Media Access Control (MAC)
Tunnel
7. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
packet filtering
A S
Routing Protocol
Telnet
8. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
self encrypting
A
Authentication - Authorization - and Accounting (AAA)
Digital Signature
9. A data encryption/decryption program often used for e-mail and file storage.
Information Technology Security Evaluation Criteria (ITSEC)
Pretty Good Privacy (PGP)
Network Basic Input/Output System (NetBIOS)
-sX
10. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Black Hat
Address Resolution Protocol (ARP)
Digital Watermarking
Backdoor
11. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
Bug
Traceroute
Electronic serial number
DNS
12. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
Buffer Overflow
Cracker
Crossover Error Rate (CER)
Digital Certificate
13. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
packet filtering
Community String
Authentication Header (AH)
Network Basic Input/Output System (NetBIOS)
14. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
Acknowledgment (ACK)
-sW
Anonymizer
SID
15. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
spyware
ad hoc mode
Boot Sector Virus
Hypertext Transfer Protocol (HTTP)
16. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Wrapper
Trapdoor Function
qualitative analysis
Black Hat
17. UDP Scan
node
Discretionary Access Control (DAC)
inference attack
-sU
18. Port 88
Active Fingerprinting
Kerberos
Cracker
Corrective Controls
19. Nmap ml output
-oX
Distributed DoS (DDoS)
Due Care
limitation of liability and remedies
20. Window Scan
Discretionary Access Control (DAC)
-sW
Baseline
Computer-Based Attack
21. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
Hierarchical File System (HFS)
Crossover Error Rate (CER)
Cryptographic Key
Internet Assigned Number Authority (IANA)
22. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
RID Resource identifier
penetration testing
-sW
NOP
23. Controls to detect anomalies or undesirable events occurring on a system.
Detective Controls
rootkit
Exploit
Authentication
24. Ports 20/21
security breach or security incident
FTP
Hypertext Transfer Protocol (HTTP)
U P F
25. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
Defense in Depth
Virus Hoax
Multipurpose Internet Mail Extensions (MIME)
26. Port 23
-sW
Traceroute
Telnet
Audit Trail
27. A computer process that requests a service from another computer and accepts the server's responses.
serialize scans & 0.4 sec wait
Client
Countermeasures
packet
28. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
Presentation layer
intrusion prevention system (IPS)
Malware
Virtual Local Area Network (VLAN)
29. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
intrusion detection system (IDS)
CAM table
Zero Subnet
Exposure Factor
30. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
footprinting
Unicode
physical security
Directory Traversal
31. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
HTTP tunneling
session hijacking
parallel scan
Vulnerability
32. nmap
-PT
-p <port ranges>
Certificate Authority (CA)
Ciphertext
33. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Address Resolution Protocol (ARP) table
Directory Traversal
Smurf attack
reconnaissance
34. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
S
null session
Competitive Intelligence
NT LAN Manager (NTLM)
35. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
Network Basic Input/Output System (NetBIOS)
Active Directory (AD)
asynchronous transmission
-sP
36. Name given to expert groups that handle computer security incidents.
Computer Emergency Response Team (CERT)
route
Web Spider
SOA record
37. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Common Internet File System/Server Message Block
physical security
Malware
Digital Watermarking
38. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
logic bomb
parallel scan & 75 sec timeout & 0.3 sec/probe
Data Link layer
NetBus
39. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
XOR Operation
Countermeasures
rogue access point
No previous knowledge of the network
40. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Address Resolution Protocol (ARP) table
Interior Gateway Protocol (IGP)
Detective Controls
Methodology
41. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
Local Administrator
Domain Name System (DNS) cache poisoning
Multipurpose Internet Mail Extensions (MIME)
Sign in Seal
42. A command used in HTTP and FTP to retrieve a file from a server.
gap analysis
network tap
GET
Active Directory (AD)
43. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Macro virus
script kiddie
heuristic scanning
Adware
44. A routing protocol developed to be used within a single organization.
Google hacking
RID Resource identifier
Interior Gateway Protocol (IGP)
Antivirus (AV) software
45. The steps taken to gather evidence and information on the targets you wish to attack.
stateful packet filtering
reconnaissance
Ciphertext
-PM
46. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
End User Licensing Agreement (EULA)
Serial Line Internet Protocol (SLIP)
Hypertext Transfer Protocol Secure (HTTPS)
public key infrastructure (PKI)
47. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Methodology
Wireless Local Area Network (WLAN)
Covert Channel
Secure Sockets Layer (SSL)
48. LM Hash for short passwords (under 7)
public key
--randomize_hosts -O OS fingerprinting
404EE
sidejacking
49. A protocol used to pass control and error messages between nodes on the Internet.
Internet Control Message Protocol (ICMP)
Trapdoor Function
Computer Emergency Response Team (CERT)
Malicious code
50. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
spam
Trojan Horse
gray hat
-sW
