SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
Timestamping
FreeBSD
Application Layer
2. Nmap normal output
intranet
Information Technology (IT) security architecture and framework
Demilitarized Zone (DMZ)
-oN
3. Cracking Tools
-PB
router
Authentication Header (AH)
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
4. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
International Organization for Standardization (ISO)
Blowfish
Data Encryption Standard (DES)
Cracker
5. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
-b
Filter
Wi-Fi Protected Access (WPA)
shoulder surfing
6. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
Decryption
Mandatory access control (MAC)
Droppers
Service Set Identifier (SSID)
7. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
symmetric algorithm
spyware
HIDS
gateway
8. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
Local Administrator
Cracker
Contingency Plan
encapsulation
9. ACK Scan
phishing
sidejacking
-sA
protocol stack
10. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Antivirus (AV) software
Wireless Local Area Network (WLAN)
Time To Live (TTL)
Buffer Overflow
11. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
-PB
Defense in Depth
hybrid attack
single loss expectancy (SLE)
12. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
ring topology
Exposure Factor
Methodology
Simple Network Management Protocol (SNMP)
13. A documented process for a procedure designed to be consistent - repeatable - and accountable.
MAC filtering
Methodology
Hypertext Transfer Protocol (HTTP)
NetBus
14. Controls to detect anomalies or undesirable events occurring on a system.
Backdoor
NT LAN Manager (NTLM)
risk
Detective Controls
15. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Black Box Testing
firewall
intranet
quantitative risk assessment
16. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
honeypot
Adware
Vulnerability Management
Destination Unreachable
17. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Archive
TACACS
Access Control List (ACL)
network tap
18. A file system used by the Mac OS.
Client
Hierarchical File System (HFS)
Buffer
Confidentiality
19. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
Videocipher II Satellite Encryption System
session hijacking
FTP
HTTP tunneling
20. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
spyware
Pretty Good Privacy (PGP)
self encrypting
packet
21. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Detective Controls
-PI
halo effect
Cache
22. A free and popular version of the Unix operating system.
ad hoc mode
Blowfish
Mantrap
FreeBSD
23. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
SNMP
polymorphic virus
Simple Object Access Protocol (SOAP)
Crossover Error Rate (CER)
24. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Smurf attack
Hacks without permission
Contingency Plan
Multipartite virus
25. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
piggybacking
Crossover Error Rate (CER)
gray box testing
Asynchronous
26. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
infrastructure mode
hot site
Transport Layer Security (TLS)
security breach or security incident
27. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
risk assessment
Asynchronous
-PM
Access Creep
28. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
Ciphertext
802.11
-sO
A S
29. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Three-Way (TCP) Handshake
stateful packet filtering
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Asymmetric
30. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
red team
intrusion detection system (IDS)
Application-Level Attacks
symmetric algorithm
31. Recording the time - normally in a log file - when an event happens or when information is created or modified.
False Acceptance Rate (FAR)
Timestamping
DNS enumeration
Active Attack
32. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
private key
Competitive Intelligence
parameter tampering
Computer Emergency Response Team (CERT)
33. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
risk avoidance
security controls
Open System Interconnection (OSI) Reference Model
Baseline
34. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
--randomize_hosts -O OS fingerprinting
hash
segment
red team
35. The process of using easily accessible DNS records to map a target network's internal hosts.
-sX
U P F
Antivirus (AV) software
DNS enumeration
36. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a
site survey
-sL
Information Technology (IT) security architecture and framework
Demilitarized Zone (DMZ)
37. Hex 29
Fraud and related activity in connection with computers
U P F
enumeration
Port Address Translation (PAT)
38. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
passive attack
reconnaissance
Simple Object Access Protocol (SOAP)
intrusion prevention system (IPS)
39. A tool that helps a company to compare its actual performance with its potential performance.
gap analysis
risk avoidance
Vulnerability Management
integrity
40. A person or entity indirectly involved in a relationship between two principles.
physical security
Third Party
sheepdip
packet
41. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).
SYN flood attack
ping sweep
Rijndael
SID
42. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
logic bomb
GET
red team
parameter tampering
43. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
stream cipher
Fiber Distributed Data Interface (FDDI)
Warm Site
POP 3
44. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
honeynet
Internet Assigned Number Authority (IANA)
Cache
Worm
45. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Extensible Authentication Protocol (EAP)
Unicode
RPC-DCOM
Transmission Control Protocol (TCP)
46. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
Authentication Header (AH)
protocol stack
802.11
packet filtering
47. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
Asymmetric
quantitative risk assessment
Ethical Hacker
Confidentiality
48. A social-engineering attack that manipulates the victim into calling the attacker for help.
Tunnel
RID Resource identifier
reverse social engineering
open source
49. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Authentication - Authorization - and Accounting (AAA)
security incident response team (SIRT)
Bit Flipping
Network Basic Input/Output System (NetBIOS)
50. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
null session
Wireless Local Area Network (WLAN)
Simple Network Management Protocol (SNMP)
Algorithm