SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The monetary value assigned to an IT asset.
-oX
404EE
War Driving
Information Technology (IT) asset valuation
2. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption
Wi-Fi
-sI
Algorithm
parallel scan & 300 sec timeout & 1.25 sec/probe
3. A social-engineering attack using computer resources - such as e-mail or IRC.
Availability
Overwhelm CAM table to convert switch to hub mode
Active Directory (AD)
Computer-Based Attack
4. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
-oA
Bluesnarfing
Rijndael
Buffer Overflow
5. A routing protocol developed to be used within a single organization.
reverse lookup; reverse DNS lookup
Interior Gateway Protocol (IGP)
Multipurpose Internet Mail Extensions (MIME)
Macro virus
6. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
rule-based access control
session splicing
Network Address Translation (NAT)
Fiber Distributed Data Interface (FDDI)
7. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
gap analysis
-oX
Certificate
NetBus
8. The combination of all IT assets - resources - components - and systems.
session splicing
Community String
Cryptography
Information Technology (IT) infrastructure
9. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Domain Name System (DNS) lookup
Wired Equivalent Privacy (WEP)
Bluejacking
network tap
10. The act of dialing all numbers within an organization to discover open modems.
-PB
source routing
hashing algorithm
War Dialing
11. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
Competitive Intelligence
nslookup
Virtual Private Network (VPN)
Certificate
12. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
HTTP tunneling
logic bomb
-p <port ranges>
CAM table
13. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
ad hoc mode
serial scan & 300 sec wait
INFOSEC Assessment Methodology (IAM)
Ciphertext
14. Port 110
Request for Comments (RFC)
POP 3
Exploit
-sT
15. A program designed to execute at a specific time to release malicious code onto the computer system or network.
operating system attack
parallel scan
Time Bomb
Temporal Key Integrity Protocol (TKIP)
16. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Cryptography
rogue access point
NOP
Internal access to the network
17. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
Bit Flipping
Vulnerability
A S
SOA record
18. The software product or system that is the subject of an evaluation.
private network address
packet filtering
Annualized Loss Expectancy (ALE)
Target Of Engagement (TOE)
19. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Hierarchical File System (HFS)
802.11
Access Creep
payload
20. The process of recording activity on a system for monitoring and later review.
Collision Domain
Vulnerability
Auditing
Fraud and related activity in connection with computers
21. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Biometrics
Authentication Header (AH)
Time exceeded
Audit Data
22. Port 137/138/139
-b
security bulletins
Backdoor
SMB
23. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
Open System Interconnection (OSI) Reference Model
piggybacking
Hacks with permission
Application-Level Attacks
24. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
encapsulation
A procedure for identifying active hosts on a network.
scope creep
stream cipher
25. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
File Transfer Protocol (FTP)
Competitive Intelligence
-P0
firewall
26. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
integrity
Certificate
Port Address Translation (PAT)
Real application encompassing Trojan
27. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Domain Name System (DNS) lookup
Blowfish
Eavesdropping
Tiger Team
28. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Countermeasures
Digital Watermarking
hybrid attack
Console Port
29. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
A S
security defect
802.11
Time To Live (TTL)
30. White box test
Packet Internet Groper (ping)
asynchronous transmission
Self Replicating
Internal access to the network
31. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
encryption
session splicing
Vulnerability Assessment
Zero Subnet
32. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
serialize scans & 15 sec wait
out-of-band signaling
Eavesdropping
Internet Protocol (IP)
33. The exploitation of a security vulnerability
null session
Asymmetric Algorithm
security breach or security incident
Service Set Identifier (SSID)
34. An Internet routing protocol used to exchange routing information within an autonomous system.
Internet Assigned Number Authority (IANA)
Interior Gateway Protocol (IGP)
802.11 i
promiscuous mode
35. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Asymmetric
Archive
Hacks with permission
-PP
36. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.
Tunneling Virus
serial scan & 300 sec wait
hardware keystroke logger
Access Control List (ACL)
37. Nmap ml output
-oX
SOA record
separation of duties
Pretty Good Privacy (PGP)
38. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
Internet service provider (ISP)
-sO
segment
key exchange protocol
39. A Windows-based GUI version of nmap.
Extensible Authentication Protocol (EAP)
Simple Network Management Protocol (SNMP)
Cryptography
Zenmap
40. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Address Resolution Protocol (ARP) table
Last In First Out (LIFO)
impersonation
CIA triangle
41. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.
source routing
remote procedure call (RPC)
CNAME record
Virus
42. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
EDGAR database
gray box testing
Virus Hoax
Competitive Intelligence
43. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Due Care
Minimum acceptable level of risk
Daisy Chaining
The automated process of proactively identifying vulnerabilities of computing systems present in a network
44. The change or growth of a project's scope
scope creep
risk avoidance
hash
Droppers
45. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Worm
Request for Comments (RFC)
honeynet
security controls
46. A defined measure of service within a network system
-sX
quality of service (QoS)
International Organization for Standardization (ISO)
-sI
47. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Audit Data
Ethernet
symmetric encryption
risk assessment
48. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
Zero Subnet
Electronic serial number
-sS
gray box testing
49. SYN Ping
hashing algorithm
Packet Internet Groper (ping)
-PM
-PS
50. A document describing information security guidelines - policies - procedures - and standards.
Information Technology (IT) security architecture and framework
integrity
network tap
Due Care
