SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
-PT
Google hacking
Buffer Overflow
Cracker
2. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Asymmetric Algorithm
CAM table
parameter tampering
Internet Protocol (IP)
3. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Smurf attack
Brute-Force Password Attack
limitation of liability and remedies
-PS
4. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
MD5
FTP
Internet Assigned Number Authority (IANA)
Virtual Private Network (VPN)
5. An Application layer protocol for sending electronic mail between servers.
Replacing numbers in a url to access other files
Tiger Team
gray box testing
Simple Mail Transfer Protocol (SMTP)
6. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Virus Hoax
Multipurpose Internet Mail Extensions (MIME)
Transport Layer Security (TLS)
sheepdip
7. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
qualitative analysis
queue
Ethernet
Wi-Fi Protected Access (WPA)
8. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Open System Interconnection (OSI) Reference Model
stream cipher
Asymmetric
Virus
9. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
FreeBSD
Institute of Electrical and Electronics Engineers (IEEE)
shoulder surfing
source routing
10. Port 53
Transport Layer Security (TLS)
stateful packet filtering
DNS
Availability
11. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
Annualized Loss Expectancy (ALE)
Address Resolution Protocol (ARP) table
Corrective Controls
Virtual Local Area Network (VLAN)
12. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Asymmetric
passive attack
Local Administrator
source routing
13. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
spyware
National Security Agency
Database
Unicode
14. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
Third Party
Information Technology (IT) asset criticality
Point-to-Point Tunneling Protocol (PPTP)
identity theft
15. The condition of a resource being ready for use and accessible by authorized users.
Availability
enumeration
halo effect
Simple Object Access Protocol (SOAP)
16. MAC Flooding
serialize scans & 15 sec wait
Active Attack
Overwhelm CAM table to convert switch to hub mode
U P F
17. Incremental Substitution
hybrid attack
Kerberos
Mandatory access control (MAC)
Replacing numbers in a url to access other files
18. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Written Authorization
Serial Line Internet Protocol (SLIP)
script kiddie
penetration testing
19. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
Written Authorization
Media Access Control (MAC)
sniffer
initial sequence number (ISN)
20. Network Scanning
A procedure for identifying active hosts on a network.
Detective Controls
port knocking
Bug
21. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
public key infrastructure (PKI)
S
Syslog
Digital Signature
22. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Cookie
gateway
Hypertext Transfer Protocol (HTTP)
separation of duties
23. nmap all output
Application-Level Attacks
-oA
social engineering
Interior Gateway Protocol (IGP)
24. The change or growth of a project's scope
scope creep
Level III assessment
Certificate
sheepdip
25. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
Internet Control Message Protocol (ICMP)
-oX
separation of duties
International Organization for Standardization (ISO)
26. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
-sP
hash
network tap
Bug
27. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
shoulder surfing
ad hoc mode
limitation of liability and remedies
Transport Layer Security (TLS)
28. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Last In First Out (LIFO)
Simple Mail Transfer Protocol (SMTP)
-PB
Virus Hoax
29. A wireless networking mode where all clients connect to the wireless network through a central access point.
router
Overwhelm CAM table to convert switch to hub mode
False Acceptance Rate (FAR)
infrastructure mode
30. The process of using easily accessible DNS records to map a target network's internal hosts.
-oX
security kernel
risk acceptance
DNS enumeration
31. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
logic bomb
Event
Wi-Fi Protected Access (WPA)
gateway
32. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
null session
network operations center (NOC)
open source
Simple Network Management Protocol (SNMP)
33. Hashing algorithm that results in a 128-bit output.
MD5
Address Resolution Protocol (ARP) table
Multipurpose Internet Mail Extensions (MIME)
Asymmetric Algorithm
34. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
piggybacking
halo effect
MD5
Fraud and related activity in connection with computers
35. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Bug
Bastion host
DNS
impersonation
36. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Buffer Overflow
Threat
Internet service provider (ISP)
Bit Flipping
37. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Acknowledgment (ACK)
Application Layer
The automated process of proactively identifying vulnerabilities of computing systems present in a network
CIA triangle
38. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
DNS enumeration
Threat
encapsulation
serialize scans & 15 sec wait
39. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
session hijacking
shrink-wrap code attacks
script kiddie
Web Spider
40. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
802.11
Service Set Identifier (SSID)
rule-based access control
Access Creep
41. Cracking Tools
suicide hacker
Virtual Private Network (VPN)
NT LAN Manager (NTLM)
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
42. Black box test
human-based social engineering
Droppers
self encrypting
No previous knowledge of the network
43. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
integrity
hot site
honeynet
Wi-Fi
44. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Videocipher II Satellite Encryption System
Exposure Factor
risk acceptance
Eavesdropping
45. A defined measure of service within a network system
quality of service (QoS)
protocol stack
Secure Sockets Layer (SSL)
Authentication - Authorization - and Accounting (AAA)
46. Black hat
gray hat
Hacks without permission
Acceptable Use Policy (AUP)
Crossover Error Rate (CER)
47. A tool that helps a company to compare its actual performance with its potential performance.
private network address
Tiger Team
Bit Flipping
gap analysis
48. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Boot Sector Virus
RID Resource identifier
Warm Site
Trojan Horse
49. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
private key
Bluejacking
Active Directory (AD)
Bug
50. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
audit
security controls
Active Attack
shoulder surfing
