SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Internet routing protocol used to exchange routing information within an autonomous system.
ad hoc mode
Interior Gateway Protocol (IGP)
Wi-Fi Protected Access (WPA)
FreeBSD
2. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
SYN flood attack
-sL
Exploit
Destination Unreachable
3. The process of using easily accessible DNS records to map a target network's internal hosts.
DNS enumeration
public key
Collision Domain
Rijndael
4. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
S
Wrapper
Domain Name System (DNS) lookup
Point-to-Point Protocol (PPP)
5. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
Filter
SOA record
Contingency Plan
SAM
6. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
-sT
protocol stack
Worm
hacktivism
7. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
reverse lookup; reverse DNS lookup
SNMP
encapsulation
Tunneling Virus
8. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption
Block Cipher
inference attack
Macro virus
Algorithm
9. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
Ethernet
SYN flood attack
logic bomb
hot site
10. A device providing temporary - on-demand - point-to-point network access to users.
service level agreements (SLAs)
network access server
POP 3
A procedure for identifying active hosts on a network.
11. The exploitation of a security vulnerability
security breach or security incident
Interior Gateway Protocol (IGP)
risk
Malware
12. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
NetBSD
parameter tampering
Vulnerability
Last In First Out (LIFO)
13. A program designed to execute at a specific time to release malicious code onto the computer system or network.
operating system attack
Internet Protocol (IP)
Time Bomb
Computer Emergency Response Team (CERT)
14. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination
Tumbling
remote access
packet filtering
polymorphic virus
15. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
-oN
Serial Line Internet Protocol (SLIP)
War Driving
Vulnerability Assessment
16. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
NetBSD
session splicing
Trusted Computer Base (TCB)
Crossover Error Rate (CER)
17. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
rootkit
File Transfer Protocol (FTP)
Possession of access devices
Institute of Electrical and Electronics Engineers (IEEE)
18. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
Vulnerability Assessment
Zone transfer
FreeBSD
Domain Name
19. Port 22
Virtual Local Area Network (VLAN)
SSH
Fraud and related activity in connection with computers
ECHO reply
20. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
serial scan & 300 sec wait
Event
Syslog
ping sweep
21. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
No previous knowledge of the network
protocol
Simple Object Access Protocol (SOAP)
network tap
22. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
OpenBSD
Hypertext Transfer Protocol (HTTP)
Methodology
Request for Comments (RFC)
23. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
proxy server
Application-Level Attacks
Exposure Factor
Serial Line Internet Protocol (SLIP)
24. Nmap grepable output
-oG
Black Hat
secure channel
Traceroute
25. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
honeynet
single loss expectancy (SLE)
Wiretapping
-P0
26. CAN-SPAM
Tunnel
false negative
Defines legal email marketing
quantitative risk assessment
27. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
Presentation layer
-oA
-PP
EDGAR database
28. Idlescan
logic bomb
fragmentation
Droppers
-sI
29. UDP Scan
Cache
GET
nslookup
-sU
30. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
segment
footprinting
spam
signature scanning
31. The transmission of digital signals without precise clocking or synchronization.
Discretionary Access Control (DAC)
Local Administrator
asynchronous transmission
flood
32. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
heuristic scanning
CIA triangle
Domain Name
Worm
33. The steps taken to gather evidence and information on the targets you wish to attack.
reconnaissance
replay attack
War Driving
Tumbling
34. Computer software or hardware that can intercept and log traffic passing over a digital network.
Bluejacking
sniffer
sidejacking
Man-in-the-middle attack
35. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
Level II assessment
port redirection
CNAME record
qualitative analysis
36. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Macro virus
802.11 i
Tumbling
War Driving
37. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
Authentication - Authorization - and Accounting (AAA)
halo effect
Point-to-Point Protocol (PPP)
null session
38. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Zero Subnet
symmetric algorithm
Level II assessment
limitation of liability and remedies
39. An attack that combines a brute-force attack with a dictionary attack.
RPC-DCOM
personal identification number (PIN)
hybrid attack
symmetric algorithm
40. A computer file system architecture used in Windows - OS/2 - and most memory cards.
Zone transfer
Extensible Authentication Protocol (EAP)
File Allocation Table (FAT)
Trapdoor Function
41. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
Password Authentication Protocol (PAP)
Level II assessment
Echo Reply
Telnet
42. A software or hardware defect that often results in system vulnerabilities.
SID
POP 3
Bug
Internet Assigned Number Authority (IANA)
43. Monitoring of telephone or Internet conversations - typically by covert means.
-oN
Zone transfer
Wiretapping
Boot Sector Virus
44. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Domain Name System (DNS)
shoulder surfing
Acknowledgment (ACK)
-PM
45. A small Trojan program that listens on port 777.
Multipurpose Internet Mail Extensions (MIME)
Tini
Competitive Intelligence
Black Box Testing
46. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Vulnerability Management
Possession of access devices
fragmentation
Unicode
47. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
fragmentation
Electronic Code Book (ECB)
Internet Protocol Security (IPSec) architecture
File Allocation Table (FAT)
48. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
Challenge Handshake Authentication Protocol (CHAP)
-sR
Certificate
private key
49. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
Domain Name System (DNS)
security by obscurity
CNAME record
Ethical Hacker
50. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
Wired Equivalent Privacy (WEP)
serialize scans & 15 sec wait
red team
flood