Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Access by information systems (or users) communicating from outside the information system security perimeter.
remote access
enumeration
Computer-Based Attack
Electronic serial number

2. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
Finger
replay attack
Videocipher II Satellite Encryption System
social engineering

3. A string that represents the location of a web resource
Uniform Resource Locator (URL)
shoulder surfing
serialize scans & 0.4 sec wait
hacktivism

4. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
scope creep
encryption
802.11
Replacing numbers in a url to access other files

5. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
session splicing
piggybacking
A R
Pretty Good Privacy (PGP)

6. don't ping
Backdoor
-P0
Acknowledgment (ACK)
serialize scans & 15 sec wait

7. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Level II assessment
Vulnerability Scanning
ring topology
RID Resource identifier

8. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Ethical Hacker
Anonymizer
source routing
overt channel

9. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
Acknowledgment (ACK)
self encrypting
red team
Telnet

10. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
Authentication
risk transference
Challenge Handshake Authentication Protocol (CHAP)
Transport Layer Security (TLS)

11. The level of importance assigned to an IT asset
Exploit
Information Technology (IT) asset criticality
Kerberos
HIDS

12. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Address Resolution Protocol (ARP)
FreeBSD
passive attack

13. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Access Creep
inference attack
Ethernet
non-repudiation

14. A protocol used to pass control and error messages between nodes on the Internet.
Echo Reply
International Organization for Standardization (ISO)
-sT
Internet Control Message Protocol (ICMP)

15. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Real application encompassing Trojan
Droppers
Redundant Array of Independent Disks (RAID)
out-of-band signaling

16. The lack of clocking (imposed time ordering) on a bit stream.
Internet service provider (ISP)
-sW
Asynchronous
DNS enumeration

17. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
-PT
Address Resolution Protocol (ARP)
spam
Presentation layer

18. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
NetBus
encapsulation
Google hacking
phishing

19. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
EDGAR database
port redirection
suicide hacker
SID

20. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
risk transference
serialize scans & 15 sec wait
stateful packet filtering
limitation of liability and remedies

21. Port 53
self encrypting
Simple Network Management Protocol (SNMP)
Wiretapping
DNS

22. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
NetBus
Hypertext Transfer Protocol Secure (HTTPS)
intranet
symmetric encryption

23. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Domain Name System (DNS) lookup
Audit Data
Rijndael
sniffer

24. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
Institute of Electrical and Electronics Engineers (IEEE)
Digital Signature
security kernel
RxBoot

25. Nmap normal output
-oN
Asset
encryption
-sU

26. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
rootkit
Multipurpose Internet Mail Extensions (MIME)
Malware
Internal access to the network

27. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
penetration testing
Tunnel
Exploit
CNAME record

28. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
Domain Name
Replacing numbers in a url to access other files
symmetric algorithm
Dumpster Diving

29. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Timestamping
Telnet
reconnaissance
net use \[target ip]IPC$ '' /user:''

30. A host designed to collect data on suspicious activity.
security breach or security incident
S
honeypot
gray hat

31. Window Scan
-sW
Audit Data
Countermeasures
personal identification number (PIN)

32. ICMP Ping
Block Cipher
secure channel
-PI
Annualized Loss Expectancy (ALE)

33. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
Routing Protocol
physical security
DNS enumeration
Information Technology Security Evaluation Criteria (ITSEC)

34. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
Application-Level Attacks
Electronic Code Book (ECB)
Zone transfer
honeynet

35. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Secure Multipurpose Mail Extension (S/MIME)
Buffer
Three-Way (TCP) Handshake
rule-based access control

36. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
false negative
Exposure Factor
human-based social engineering
-sL

37. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
No previous knowledge of the network
Finding a directory listing and gaining access to a parent or root file for access to other files
Virtual Local Area Network (VLAN)
-p <port ranges>

38. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
-sS
fully qualified domain name (FQDN)
remote access
Google hacking

39. A group of experts that handles computer security incidents.
Internet Protocol Security (IPSec) architecture
Exploit
NOP
security incident response team (SIRT)

40. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
Access Control List (ACL)
overt channel
-p <port ranges>
Transmission Control Protocol (TCP)

41. ICMP Netmask
802.11
spyware
Algorithm
-PM

42. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Active Fingerprinting
Tunneling Virus
Filter
Kerberos

43. A person or entity indirectly involved in a relationship between two principles.
Algorithm
DNS
Third Party
Blowfish

44. Any item of value or worth to an organization - whether physical or virtual.
security controls
-PP
Asynchronous
Asset

45. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
Bit Flipping
rogue access point
phishing
Real application encompassing Trojan

46. A file system used by the Mac OS.
Hierarchical File System (HFS)
Fraud and related activity in connection with computers
scope creep
parallel scan & 300 sec timeout & 1.25 sec/probe

47. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Information Technology Security Evaluation Criteria (ITSEC)
Defines legal email marketing
signature scanning
Exposure Factor

48. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Baseline
Possession of access devices
Filter
Sign in Seal

49. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
net use \[target ip]IPC$ '' /user:''
Last In First Out (LIFO)
Domain Name
Hypertext Transfer Protocol Secure (HTTPS)

50. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
patch
reverse social engineering
Black Box Testing
Minimum acceptable level of risk