SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. MAC Flooding
National Security Agency
Overwhelm CAM table to convert switch to hub mode
SYN flood attack
Assessment
2. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
-b
Request for Comments (RFC)
source routing
Point-to-Point Protocol (PPP)
3. Port 161/162
Decryption
shrink-wrap code attacks
reverse social engineering
SNMP
4. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Collision Domain
initial sequence number (ISN)
rootkit
National Security Agency
5. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
HIDS
payload
nslookup
Written Authorization
6. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
self encrypting
Malicious code
Detective Controls
Vulnerability Scanning
7. ICMP Type/Code 3
Destination Unreachable
session hijacking
A procedure for identifying active hosts on a network.
ping sweep
8. List Scan
Destination Unreachable
Crossover Error Rate (CER)
-sL
-sX
9. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Last In First Out (LIFO)
Wide Area Network (WAN)
Tiger Team
spoofing
10. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
identity theft
network operations center (NOC)
Digital Signature
Internet Control Message Protocol (ICMP)
11. Port 110
Droppers
POP 3
Syslog
public key infrastructure (PKI)
12. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
FreeBSD
inference attack
Level I assessment
End User Licensing Agreement (EULA)
13. FTP Bounce Attack
-b
firewall
intrusion prevention system (IPS)
Certificate
14. Port 31337
Last In First Out (LIFO)
Telnet
Network Address Translation (NAT)
Back orifice
15. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
Hacks with permission
Crossover Error Rate (CER)
Community String
Due Care
16. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
single loss expectancy (SLE)
Contingency Plan
Collision Domain
Tumbling
17. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Virus
security incident response team (SIRT)
Collision
Level III assessment
18. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Adware
local area network (LAN)
routed protocol
piggybacking
19. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
honeynet
Data Encryption Standard (DES)
ping sweep
net use \[target ip]IPC$ '' /user:''
20. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
symmetric algorithm
risk assessment
Backdoor
queue
21. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Event
Minimum acceptable level of risk
Tumbling
Archive
22. A Canonical Name record within DNS - used to provide an alias for a domain name.
CNAME record
Master boot record infector
Application-Level Attacks
802.11 i
23. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
Challenge Handshake Authentication Protocol (CHAP)
Macro virus
White Box Testing
Cryptography
24. A free and popular version of the Unix operating system.
FreeBSD
suicide hacker
port redirection
intrusion prevention system (IPS)
25. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
impersonation
patch
Finding a directory listing and gaining access to a parent or root file for access to other files
Echo Reply
26. Nmap ml output
Level I assessment
-oX
Authentication - Authorization - and Accounting (AAA)
Information Technology Security Evaluation Criteria (ITSEC)
27. A virus written in a macro language and usually embedded in document or spreadsheet files.
Transmission Control Protocol (TCP)
Macro virus
Mantrap
sheepdip
28. Another term for firewalking
physical security
port knocking
Tini
ring topology
29. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
phishing
Authorization
enumeration
Annualized Loss Expectancy (ALE)
30. Hex 14
A R
symmetric algorithm
footprinting
security controls
31. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Computer-Based Attack
Trapdoor Function
Written Authorization
Contingency Plan
32. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
Anonymizer
private network address
replay attack
Banner Grabbing
33. A type of malware that covertly collects information about a user.
Time exceeded
spyware
Domain Name System (DNS)
Fraud and related activity in connection with computers
34. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
Post Office Protocol 3 (POP3)
Institute of Electrical and Electronics Engineers (IEEE)
NOP
Authentication - Authorization - and Accounting (AAA)
35. A protocol defining packets that are able to be routed by a router.
Adware
routed protocol
source routing
asynchronous transmission
36. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
route
Data Encryption Standard (DES)
HTTP tunneling
honeynet
37. The software product or system that is the subject of an evaluation.
Address Resolution Protocol (ARP) table
Target Of Engagement (TOE)
Third Party
Three-Way (TCP) Handshake
38. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
Wi-Fi Protected Access (WPA)
Bluesnarfing
ISO 17799
Administratively Prohibited
39. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
Bluetooth
Simple Network Management Protocol (SNMP)
personal identification number (PIN)
NOP
40. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Computer-Based Attack
R
Port Address Translation (PAT)
Biometrics
41. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
War Chalking
Point-to-Point Protocol (PPP)
packet filtering
Information Technology (IT) asset valuation
42. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Domain Name
Simple Network Management Protocol (SNMP)
physical security
-oG
43. Directing a protocol from one port to another.
port redirection
Challenge Handshake Authentication Protocol (CHAP)
Collision
Internet Protocol (IP)
44. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
Information Technology Security Evaluation Criteria (ITSEC)
heuristic scanning
Computer Emergency Response Team (CERT)
network interface card (NIC)
45. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
Zombie
honeynet
Request for Comments (RFC)
Vulnerability Assessment
46. A virus designed to infect the master boot record.
Three-Way (TCP) Handshake
parallel scan
Master boot record infector
SNMP
47. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Internet Protocol Security (IPSec) architecture
Cryptographic Key
Kerberos
Point-to-Point Tunneling Protocol (PPTP)
48. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
hardware keystroke logger
Certificate Authority (CA)
XOR Operation
Asymmetric
49. Wrapper or Binder
Annualized Loss Expectancy (ALE)
Computer-Based Attack
Real application encompassing Trojan
Secure Multipurpose Mail Extension (S/MIME)
50. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
session hijacking
Certificate Authority (CA)
Asymmetric
gray box testing