SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A virus designed to infect the master boot record.
Distributed DoS (DDoS)
Master boot record infector
Syslog
encapsulation
2. Port 137/138/139
SMB
piggybacking
Finger
Audit Trail
3. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
Possession of access devices
Rijndael
router
Zombie
4. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Simple Object Access Protocol (SOAP)
Tunnel
802.11 i
logic bomb
5. Port 110
Asymmetric Algorithm
rootkit
Tiger Team
POP 3
6. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
private key
Hypertext Transfer Protocol Secure (HTTPS)
private network address
Uniform Resource Locator (URL)
7. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
signature scanning
serialize scans & 15 sec wait
Biometrics
Blowfish
8. A device on a network.
Malware
Tumbling
node
Console Port
9. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
Destination Unreachable
Wide Area Network (WAN)
Traceroute
Lightweight Directory Access Protocol (LDAP)
10. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
security incident response team (SIRT)
SYN attack
Virus Hoax
shoulder surfing
11. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Certificate Authority (CA)
Domain Name System (DNS) lookup
Minimum acceptable level of risk
Written Authorization
12. ICMP Ping
Domain Name System (DNS) cache poisoning
-PI
Detective Controls
Competitive Intelligence
13. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
HTTP tunneling
Electronic Code Book (ECB)
Algorithm
port redirection
14. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
gateway
War Dialing
XOR Operation
service level agreements (SLAs)
15. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
War Chalking
smart card
Cloning
White Box Testing
16. ICMP Type/Code 0-0
Echo Reply
security by obscurity
Active Fingerprinting
Decryption
17. A type of encryption where the same key is used to encrypt and decrypt the message.
GET
-oG
Transmission Control Protocol (TCP)
symmetric encryption
18. A group of people - gathered together by a business entity - working to address a specific problem or goal.
payload
risk
Tiger Team
promiscuous mode
19. LM Hash for short passwords (under 7)
Redundant Array of Independent Disks (RAID)
404EE
Possession of access devices
network tap
20. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination
packet filtering
-sX
Bit Flipping
Secure Sockets Layer (SSL)
21. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
Internet Control Message Protocol (ICMP)
ping sweep
smart card
Interior Gateway Protocol (IGP)
22. Hex 29
Presentation layer
non-repudiation
net use \[target ip]IPC$ '' /user:''
U P F
23. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
-p <port ranges>
Bluetooth
Tunnel
stateful packet filtering
24. A device providing temporary - on-demand - point-to-point network access to users.
Active Attack
network access server
Hypertext Transfer Protocol (HTTP)
nslookup
25. A software or hardware application or device that captures user keystrokes.
HIDS
hashing algorithm
Third Party
keylogger
26. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
quantitative risk assessment
-sW
Information Technology (IT) asset criticality
payload
27. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
protocol
security bulletins
Directory Traversal
Worm
28. Another term for firewalking
port knocking
Acceptable Use Policy (AUP)
Open System Interconnection (OSI) Reference Model
Asset
29. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
Audit Data
security controls
Fiber Distributed Data Interface (FDDI)
serialize scans & 15 sec wait
30. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Discretionary Access Control (DAC)
gateway
Active Fingerprinting
Wiretapping
31. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
polymorphic virus
Three-Way (TCP) Handshake
packet
Computer Emergency Response Team (CERT)
32. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Kerberos
Serial Line Internet Protocol (SLIP)
Data Encryption Standard (DES)
-sT
33. A person or entity indirectly involved in a relationship between two principles.
Level II assessment
false negative
Real application encompassing Trojan
Third Party
34. A protocol used for sending and receiving log information for nodes on a network.
Annualized Loss Expectancy (ALE)
initial sequence number (ISN)
Media Access Control (MAC)
Syslog
35. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
ad hoc mode
hardware keystroke logger
proxy server
Ethical Hacker
36. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Simple Mail Transfer Protocol (SMTP)
National Security Agency
Vulnerability Scanning
DNS enumeration
37. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
Trusted Computer Base (TCB)
Cold Site
gray hat
Multipartite virus
38. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
honeynet
rootkit
Blowfish
Algorithm
39. Attacks on the actual programming code of an application.
Application-Level Attacks
suicide hacker
Corrective Controls
promiscuous mode
40. nmap all output
-oA
remote procedure call (RPC)
Hacks with permission
quantitative risk assessment
41. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
signature scanning
intrusion detection system (IDS)
Exploit
separation of duties
42. PI and PT Ping
spam
-PB
Smurf attack
Denial of Service (DoS)
43. The steps taken to gather evidence and information on the targets you wish to attack.
reconnaissance
local area network (LAN)
Routing Protocol
session hijacking
44. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
RPC-DCOM
payload
sheepdip
Banner Grabbing
45. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
NetBus
Asset
public key infrastructure (PKI)
-oN
46. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
sniffer
secure channel
rule-based access control
False Acceptance Rate (FAR)
47. Cracking Tools
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
parallel scan & 75 sec timeout & 0.3 sec/probe
-sF
port redirection
48. A free and popular version of the Unix operating system.
FreeBSD
HTTP
Zero Subnet
Auditing
49. A protocol used to pass control and error messages between nodes on the Internet.
Exposure Factor
Password Authentication Protocol (PAP)
Internet Control Message Protocol (ICMP)
Virtual Local Area Network (VLAN)
50. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Application-Level Attacks
scope creep
Access Control List (ACL)
Overwhelm CAM table to convert switch to hub mode