SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Backdoor
network interface card (NIC)
Eavesdropping
Covert Channel
2. ACK Scan
Zenmap
-sA
Discretionary Access Control (DAC)
-sX
3. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
remote access
Last In First Out (LIFO)
network tap
Dumpster Diving
4. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
shrink-wrap code attacks
Contingency Plan
Routing Protocol
Active Directory (AD)
5. Hex 14
Internet Protocol Security (IPSec) architecture
A R
Virtual Private Network (VPN)
fully qualified domain name (FQDN)
6. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
Computer-Based Attack
NOP
phishing
Malicious code
7. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
security breach or security incident
hashing algorithm
Common Internet File System/Server Message Block
secure channel
8. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
HTTP tunneling
Tumbling
SAM
ISO 17799
9. A denial-of-service technique that uses numerous hosts to perform the attack.
-PM
Last In First Out (LIFO)
Contingency Plan
Distributed DoS (DDoS)
10. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
Decryption
scope creep
NetBSD
HTTP tunneling
11. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
private key
session splicing
Vulnerability
Packet Internet Groper (ping)
12. A business - government agency - or educational institution that provides access to the Internet.
Cracker
protocol stack
Internet service provider (ISP)
single loss expectancy (SLE)
13. A file system used by the Mac OS.
Hierarchical File System (HFS)
protocol stack
Simple Network Management Protocol (SNMP)
audit
14. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Tunnel
802.11 i
End User Licensing Agreement (EULA)
EDGAR database
15. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Virus Hoax
Self Replicating
Whois
Digital Signature
16. A Windows-based GUI version of nmap.
Zenmap
Kerberos
National Security Agency
Simple Object Access Protocol (SOAP)
17. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Due Diligence
suicide hacker
Biometrics
-P0
18. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
SNMP
Asymmetric Algorithm
Trapdoor Function
Electronic Code Book (ECB)
19. A tool that helps a company to compare its actual performance with its potential performance.
Black Box Testing
Domain Name System (DNS) lookup
Cloning
gap analysis
20. A group of people - gathered together by a business entity - working to address a specific problem or goal.
Tiger Team
802.11
queue
risk avoidance
21. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
Authentication
hybrid attack
CIA triangle
router
22. A virus written in a macro language and usually embedded in document or spreadsheet files.
No previous knowledge of the network
Macro virus
Daisy Chaining
asynchronous transmission
23. Wrapper or Binder
Cookie
Cryptography
Zenmap
Real application encompassing Trojan
24. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Hypertext Transfer Protocol Secure (HTTPS)
Information Technology (IT) security architecture and framework
Archive
network interface card (NIC)
25. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
404EE
NOP
spoofing
session splicing
26. ex 02
-P0
pattern matching
Asymmetric
S
27. 18 U.S.C. 1029
SNMP
Collision Domain
Possession of access devices
Tumbling
28. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
EDGAR database
Packet Internet Groper (ping)
Worm
Zone transfer
29. The transmission of digital signals without precise clocking or synchronization.
Methodology
separation of duties
public key
asynchronous transmission
30. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
CIA triangle
ECHO reply
Directory Traversal
R
31. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
rogue access point
R
sheepdip
enumeration
32. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
net use \[target ip]IPC$ '' /user:''
Boot Sector Virus
Daemon
Cold Site
33. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Countermeasures
Finding a directory listing and gaining access to a parent or root file for access to other files
private key
RPC-DCOM
34. The potential for damage to or loss of an IT asset
Authorization
penetration testing
Port Address Translation (PAT)
risk
35. ICMP Type/Code 0-0
remote procedure call (RPC)
integrity
port knocking
Echo Reply
36. Black box test
No previous knowledge of the network
Directory Traversal
security controls
Hypertext Transfer Protocol Secure (HTTPS)
37. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
security bulletins
Password Authentication Protocol (PAP)
Access Point (AP)
International Organization for Standardization (ISO)
38. TCP connect() scan
Daemon
War Chalking
keylogger
-sT
39. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
parallel scan
-sL
audit
Audit Trail
40. Polite scan timing
Self Replicating
Availability
encapsulation
serialize scans & 0.4 sec wait
41. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Application Layer
piggybacking
Institute of Electrical and Electronics Engineers (IEEE)
spoofing
42. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
Denial of Service (DoS)
local area network (LAN)
Kerberos
hot site
43. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
404EE
A R
firewall
POST
44. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Biometrics
Contingency Plan
White Box Testing
rootkit
45. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
gateway
-sF
CAM table
Address Resolution Protocol (ARP) table
46. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
false rejection rate (FRR)
Trapdoor Function
Droppers
Domain Name
47. Transmitting one protocol encapsulated inside another protocol.
Crossover Error Rate (CER)
Tunneling
A
port scanning
48. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Cookie
Trusted Computer Base (TCB)
Level II assessment
Internet service provider (ISP)
49. Another term for firewalking
Multipartite virus
Wrapper
port knocking
Exploit
50. Port 22
risk transference
Zombie
SSH
Trusted Computer Base (TCB)