SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hex 14
Defines legal email marketing
MD5
Blowfish
A R
2. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Cryptography
Collision Domain
Discretionary Access Control (DAC)
Detective Controls
3. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Black Hat
Tumbling
Auditing
Possession of access devices
4. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
single loss expectancy (SLE)
FreeBSD
Event
NetBSD
5. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
sidejacking
Rijndael
null session
encapsulation
6. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
ECHO reply
Dumpster Diving
security bulletins
Vulnerability Management
7. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Web Spider
Point-to-Point Protocol (PPP)
Mandatory access control (MAC)
role-based access control
8. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
Tiger Team
script kiddie
Cryptographic Key
Internet Protocol (IP)
9. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Access Creep
single loss expectancy (SLE)
Internet Protocol Security (IPSec) architecture
White Box Testing
10. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
Filter
qualitative analysis
Telnet
Bug
11. nmap
Computer Emergency Response Team (CERT)
identity theft
integrity
--randomize_hosts -O OS fingerprinting
12. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
symmetric algorithm
protocol
War Chalking
sheepdip
13. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Data Encryption Standard (DES)
Dumpster Diving
Asymmetric Algorithm
Community String
14. A Windows-based GUI version of nmap.
protocol stack
Zenmap
Internet Protocol Security (IPSec) architecture
Simple Object Access Protocol (SOAP)
15. Phases of an attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Point-to-Point Protocol (PPP)
symmetric encryption
Written Authorization
16. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
firewalking
Copyright
RxBoot
quantitative risk assessment
17. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
false rejection rate (FRR)
Challenge Handshake Authentication Protocol (CHAP)
Wiretapping
physical security
18. ex 02
penetration testing
secure channel
White Box Testing
S
19. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
CIA triangle
rule-based access control
rogue access point
International Organization for Standardization (ISO)
20. 18 U.S.C. 1030
SOA record
Bluetooth
Interior Gateway Protocol (IGP)
Fraud and related activity in connection with computers
21. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Information Technology (IT) asset criticality
iris scanner
router
Bluejacking
22. Hex 29
Overwhelm CAM table to convert switch to hub mode
Due Diligence
MAC filtering
U P F
23. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Unicode
Zone transfer
honeypot
patch
24. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Bluesnarfing
-PM
SSH
enumeration
25. A type of encryption where the same key is used to encrypt and decrypt the message.
404EE
Hacks with permission
Interior Gateway Protocol (IGP)
symmetric encryption
26. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Adware
Transport Layer Security (TLS)
Countermeasures
Internet service provider (ISP)
27. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
Wiretapping
Service Set Identifier (SSID)
Malware
intrusion prevention system (IPS)
28. White box test
Echo Reply
Internal access to the network
Packet Internet Groper (ping)
-sA
29. ICMP Netmask
net use \[target ip]IPC$ '' /user:''
-PM
-sX
SYN attack
30. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
Smurf attack
firewalking
Wide Area Network (WAN)
encapsulation
31. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
hardware keystroke logger
Wired Equivalent Privacy (WEP)
NOP
Information Technology Security Evaluation Criteria (ITSEC)
32. Establish Null Session
Finding a directory listing and gaining access to a parent or root file for access to other files
DNS enumeration
net use \[target ip]IPC$ '' /user:''
XOR Operation
33. Normal scan timing
parallel scan
hacktivism
Third Party
suicide hacker
34. A documented process for a procedure designed to be consistent - repeatable - and accountable.
404EE
sheepdip
Methodology
Ethical Hacker
35. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Application-Level Attacks
Time To Live (TTL)
Biometrics
Whois
36. A systematic process for the assessment of security vulnerabilities.
risk
INFOSEC Assessment Methodology (IAM)
operating system attack
port redirection
37. Network Scanning
Tini
-PM
proxy server
A procedure for identifying active hosts on a network.
38. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
802.11
-p <port ranges>
Packet Internet Groper (ping)
parallel scan
39. PI and PT Ping
-PB
secure channel
network operations center (NOC)
Defines legal email marketing
40. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Finger
Transmission Control Protocol (TCP)
Time To Live (TTL)
impersonation
41. Directing a protocol from one port to another.
fully qualified domain name (FQDN)
Bluesnarfing
port redirection
Vulnerability
42. A program designed to execute at a specific time to release malicious code onto the computer system or network.
Wireless Local Area Network (WLAN)
Time Bomb
Real application encompassing Trojan
Level I assessment
43. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Demilitarized Zone (DMZ)
Information Technology (IT) asset criticality
private key
HTTP tunneling
44. Formal description and evaluation of the vulnerabilities in an information system
phishing
Black Box Testing
Audit Data
Vulnerability Assessment
45. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
SSH
Certificate
scope creep
Bluetooth
46. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
Asset
stateful packet filtering
A procedure for identifying active hosts on a network.
patch
47. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
War Chalking
Algorithm
Certificate Authority (CA)
network tap
48. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Bit Flipping
SNMP
Bluetooth
Virtual Local Area Network (VLAN)
49. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
Droppers
Fiber Distributed Data Interface (FDDI)
Access Creep
War Chalking
50. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
serial scan & 300 sec wait
infrastructure mode
segment
identity theft