SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
private network address
operating system attack
Community String
risk transference
2. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Denial of Service (DoS)
Request for Comments (RFC)
sidejacking
Cookie
3. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
Finding a directory listing and gaining access to a parent or root file for access to other files
Eavesdropping
Mantrap
Point-to-Point Tunneling Protocol (PPTP)
4. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
War Chalking
Eavesdropping
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Black Box Testing
5. A protocol used to pass control and error messages between nodes on the Internet.
operating system attack
-sT
Internet Control Message Protocol (ICMP)
Interior Gateway Protocol (IGP)
6. Idlescan
Point-to-Point Tunneling Protocol (PPTP)
Active Fingerprinting
Bluetooth
-sI
7. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
LDAP
Google hacking
integrity
Active Fingerprinting
8. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
ring topology
Decryption
Malicious code
infrastructure mode
9. White box test
International Organization for Standardization (ISO)
Data Link layer
Internal access to the network
reverse social engineering
10. Vulnerability Scanning
Timestamping
Confidentiality
The automated process of proactively identifying vulnerabilities of computing systems present in a network
false negative
11. A method of external testing whereby several systems or resources are used together to effect an attack.
Service Set Identifier (SSID)
firewalking
Daisy Chaining
Simple Mail Transfer Protocol (SMTP)
12. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Cryptographic Key
White Box Testing
stream cipher
Authentication - Authorization - and Accounting (AAA)
13. don't ping
logic bomb
White Box Testing
-P0
encryption
14. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Vulnerability
Filter
Detective Controls
gray box testing
15. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
Vulnerability Assessment
A R
Fast Ethernet
false rejection rate (FRR)
16. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
sniffer
Last In First Out (LIFO)
War Chalking
Three-Way (TCP) Handshake
17. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
nslookup
single loss expectancy (SLE)
Wireless Local Area Network (WLAN)
Routing Information Protocol (RIP)
18. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
SYN flood attack
Simple Network Management Protocol (SNMP)
Level III assessment
-sT
19. Port 161/162
gap analysis
piggybacking
SNMP
Virtual Private Network (VPN)
20. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
footprinting
pattern matching
site survey
MD5
21. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
DNS enumeration
Password Authentication Protocol (PAP)
Interior Gateway Protocol (IGP)
encryption
22. The steps taken to gather evidence and information on the targets you wish to attack.
Wi-Fi
Tunneling Virus
reconnaissance
ring topology
23. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
--randomize_hosts -O OS fingerprinting
Port Address Translation (PAT)
Information Technology (IT) security architecture and framework
fully qualified domain name (FQDN)
24. A Canonical Name record within DNS - used to provide an alias for a domain name.
piggybacking
CNAME record
XOR Operation
false rejection rate (FRR)
25. The lack of clocking (imposed time ordering) on a bit stream.
File Allocation Table (FAT)
queue
Asynchronous
NT LAN Manager (NTLM)
26. A portion of memory used to temporarily store output or input data.
Transport Layer Security (TLS)
CNAME record
Buffer
Fraud and related activity in connection with computers
27. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Extensible Authentication Protocol (EAP)
rogue access point
Tumbling
Asynchronous
28. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Daemon
Domain Name System (DNS)
Internal access to the network
Audit Data
29. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Tiger Team
Dumpster Diving
Mandatory access control (MAC)
Backdoor
30. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
Presentation layer
SYN attack
Internet Assigned Number Authority (IANA)
DNS enumeration
31. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
-PS
encryption
asynchronous transmission
Point-to-Point Protocol (PPP)
32. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
shrink-wrap code attacks
SID
Time To Live (TTL)
pattern matching
33. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
security incident response team (SIRT)
-PM
RxBoot
Google hacking
34. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
Domain Name System (DNS)
Computer-Based Attack
Unicode
protocol stack
35. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Access Creep
Tumbling
Lightweight Directory Access Protocol (LDAP)
Contingency Plan
36. Hashing algorithm that results in a 128-bit output.
Cryptography
HTTP
MD5
Cookie
37. A command used in HTTP and FTP to retrieve a file from a server.
halo effect
GET
Directory Traversal
penetration testing
38. An Application layer protocol for managing devices on an IP network.
File Allocation Table (FAT)
-sT
Simple Network Management Protocol (SNMP)
ECHO reply
39. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Assessment
Timestamping
SOA record
risk acceptance
40. Hex 14
A R
Multipurpose Internet Mail Extensions (MIME)
POST
DNS enumeration
41. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
Authentication
Simple Object Access Protocol (SOAP)
EDGAR database
Active Fingerprinting
42. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
-oG
stream cipher
gap analysis
security bulletins
43. A document describing information security guidelines - policies - procedures - and standards.
quality of service (QoS)
Information Technology (IT) security architecture and framework
Certificate
Acknowledgment (ACK)
44. A type of encryption where the same key is used to encrypt and decrypt the message.
Algorithm
-oN
symmetric encryption
packet
45. Sneaky scan timing
SYN flood attack
Packet Internet Groper (ping)
Biometrics
serialize scans & 15 sec wait
46. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Simple Mail Transfer Protocol (SMTP)
Annualized Loss Expectancy (ALE)
patch
Wi-Fi
47. Port 389
key exchange protocol
Electronic Code Book (ECB)
SNMP
LDAP
48. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Trojan Horse
War Dialing
encryption
intranet
49. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
role-based access control
Level II assessment
Confidentiality
Discretionary Access Control (DAC)
50. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Internet Assigned Number Authority (IANA)
Vulnerability Management
Temporal Key Integrity Protocol (TKIP)
Cracker
