SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A portion of memory used to temporarily store output or input data.
Application Layer
Secure Multipurpose Mail Extension (S/MIME)
-sL
Buffer
2. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
Wi-Fi Protected Access (WPA)
FreeBSD
CAM table
ring topology
3. Cracking Tools
Uniform Resource Locator (URL)
-sL
Internet Assigned Number Authority (IANA)
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
4. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Authentication Header (AH)
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Redundant Array of Independent Disks (RAID)
Network Address Translation (NAT)
5. A computer virus that infects and spreads in multiple ways.
Last In First Out (LIFO)
port knocking
No previous knowledge of the network
Multipartite virus
6. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Multipurpose Internet Mail Extensions (MIME)
symmetric encryption
Last In First Out (LIFO)
Dumpster Diving
7. Paranoid scan timing
-sW
serial scan & 300 sec wait
intrusion prevention system (IPS)
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
8. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Biometrics
-sT
Secure Sockets Layer (SSL)
Blowfish
9. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
private network address
Access Creep
security bulletins
Collision Domain
10. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Distributed DoS (DDoS)
HTTP tunneling
SNMP
Bluejacking
11. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
social engineering
Information Technology (IT) asset valuation
Mandatory access control (MAC)
Vulnerability Management
12. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
symmetric algorithm
patch
Bug
Wrapper
13. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Google hacking
spoofing
Possession of access devices
Demilitarized Zone (DMZ)
14. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Transport Layer Security (TLS)
Information Technology (IT) security architecture and framework
Cache
Digital Signature
15. ICMP Type/Code 8
-oX
Community String
Echo request
scope creep
16. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
404EE
Minimum acceptable level of risk
Archive
Malware
17. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Application-Level Attacks
proxy server
firewalking
signature scanning
18. SYN Ping
Baseline
Echo Reply
steganography
-PS
19. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Black Hat
Countermeasures
-sT
Filter
20. Xmas Tree scan
packet filtering
-sX
Asymmetric
Extensible Authentication Protocol (EAP)
21. Ports 20/21
FTP
-PI
single loss expectancy (SLE)
node
22. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Open System Interconnection (OSI) Reference Model
Information Technology Security Evaluation Criteria (ITSEC)
Routing Information Protocol (RIP)
Threat
23. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
Zero Subnet
Minimum acceptable level of risk
reverse social engineering
Sign in Seal
24. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
Competitive Intelligence
polymorphic virus
sidejacking
-sR
25. A data encryption/decryption program often used for e-mail and file storage.
Pretty Good Privacy (PGP)
RID Resource identifier
OpenBSD
footprinting
26. Hex 04
R
Wrapper
security incident response team (SIRT)
Acknowledgment (ACK)
27. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
impersonation
Availability
Digital Certificate
Daisy Chaining
28. A software or hardware defect that often results in system vulnerabilities.
Three-Way (TCP) Handshake
Active Fingerprinting
Bug
single loss expectancy (SLE)
29. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
INFOSEC Assessment Methodology (IAM)
Backdoor
Domain Name
Blowfish
30. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Internet Assigned Number Authority (IANA)
Mandatory access control (MAC)
National Security Agency
Self Replicating
31. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
null session
Password Authentication Protocol (PAP)
White Box Testing
network tap
32. A documented process for a procedure designed to be consistent - repeatable - and accountable.
-PB
null session
Methodology
-sA
33. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
firewalking
Asymmetric
key exchange protocol
hacktivism
34. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
serialize scans & 15 sec wait
Black Box Testing
Access Creep
SAM
35. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
symmetric encryption
piggybacking
Cryptography
National Security Agency
36. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Service Set Identifier (SSID)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Wireless Local Area Network (WLAN)
Anonymizer
37. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
SID
service level agreements (SLAs)
-P0
serialize scans & 0.4 sec wait
38. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Google hacking
Tunneling Virus
Digital Certificate
802.11
39. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Packet Internet Groper (ping)
Request for Comments (RFC)
session hijacking
hardware keystroke logger
40. A protocol for exchanging packets over a serial line.
null session
Confidentiality
Serial Line Internet Protocol (SLIP)
gray hat
41. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Port Address Translation (PAT)
Application Layer
Discretionary Access Control (DAC)
POP 3
42. Describes practices in production and development that promote access to the end product's source materials.
Time exceeded
open source
ad hoc mode
-sS
43. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Open System Interconnection (OSI) Reference Model
Black Box Testing
Smurf attack
Domain Name
44. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
Warm Site
heuristic scanning
End User Licensing Agreement (EULA)
Wrapper
45. A communications protocol used for browsing the Internet.
Hypertext Transfer Protocol (HTTP)
Hacks without permission
Trapdoor Function
queue
46. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Finger
symmetric encryption
Countermeasures
Open System Interconnection (OSI) Reference Model
47. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
Domain Name
Acceptable Use Policy (AUP)
audit
Digital Certificate
48. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Network Basic Input/Output System (NetBIOS)
Ethernet
network interface card (NIC)
risk assessment
49. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Point-to-Point Tunneling Protocol (PPTP)
honeynet
risk avoidance
Media Access Control (MAC)
50. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
passive attack
signature scanning
Challenge Handshake Authentication Protocol (CHAP)
Level III assessment