SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The conveying of official access or legal power to a person or entity.
Network Address Translation (NAT)
Syslog
Console Port
Authorization
2. CAN-SPAM
Defines legal email marketing
Virus
service level agreements (SLAs)
net use \[target ip]IPC$ '' /user:''
3. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Point-to-Point Tunneling Protocol (PPTP)
network tap
Boot Sector Virus
Unicode
4. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
NetBus
Point-to-Point Protocol (PPP)
Temporal Key Integrity Protocol (TKIP)
Contingency Plan
5. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Defines legal email marketing
Password Authentication Protocol (PAP)
Virus
-sU
6. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Eavesdropping
route
Active Directory (AD)
hybrid attack
7. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
Telnet
ring topology
Warm Site
Vulnerability
8. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
honeynet
ad hoc mode
Denial of Service (DoS)
ISO 17799
9. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
forwarding
Adware
route
Transport Layer Security (TLS)
10. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
Collision
security kernel
-sS
Multipurpose Internet Mail Extensions (MIME)
11. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
Interior Gateway Protocol (IGP)
Digital Signature
intrusion prevention system (IPS)
parallel scan
12. A command used in HTTP and FTP to retrieve a file from a server.
GET
File Allocation Table (FAT)
Digital Certificate
Virtual Private Network (VPN)
13. Hex 12
A S
open source
hacktivism
risk assessment
14. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
-sU
phishing
Port Address Translation (PAT)
Man-in-the-middle attack
15. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
replay attack
null session
personal identification number (PIN)
File Transfer Protocol (FTP)
16. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
Address Resolution Protocol (ARP)
logic bomb
Network Basic Input/Output System (NetBIOS)
symmetric encryption
17. Port 137/138/139
-sT
802.11 i
symmetric encryption
SMB
18. Port 53
polymorphic virus
source routing
DNS
Bastion host
19. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Corrective Controls
Three-Way (TCP) Handshake
symmetric encryption
Authentication
20. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
RID Resource identifier
shoulder surfing
Cracker
sidejacking
21. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Filter
Cryptography
parallel scan
Tiger Team
22. Nmap grepable output
-oG
Level III assessment
Authorization
reverse lookup; reverse DNS lookup
23. The software product or system that is the subject of an evaluation.
Zenmap
private key
Data Encryption Standard (DES)
Target Of Engagement (TOE)
24. 18 U.S.C. 1030
GET
Wi-Fi Protected Access (WPA)
firewalking
Fraud and related activity in connection with computers
25. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
Archive
honeynet
risk assessment
hybrid attack
26. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
reconnaissance
Bug
security controls
Assessment
27. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Archive
risk avoidance
Request for Comments (RFC)
human-based social engineering
28. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
network access server
private network address
logic bomb
Filter
29. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
Malicious code
Hypertext Transfer Protocol Secure (HTTPS)
Wrapper
Internet Assigned Number Authority (IANA)
30. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
War Driving
Biometrics
Vulnerability Assessment
Daisy Chaining
31. ACK Scan
Telnet
Due Diligence
-sA
Echo request
32. RPC Scan
Master boot record infector
Port Address Translation (PAT)
-sR
Buffer
33. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
A procedure for identifying active hosts on a network.
Community String
Blowfish
TACACS
34. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
false negative
Address Resolution Protocol (ARP) table
Bit Flipping
RxBoot
35. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
Domain Name
Port Address Translation (PAT)
hash
36. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
security by obscurity
Hypertext Transfer Protocol Secure (HTTPS)
smart card
Challenge Handshake Authentication Protocol (CHAP)
37. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
RxBoot
passive attack
Cookie
Vulnerability Management
38. A tool that helps a company to compare its actual performance with its potential performance.
Redundant Array of Independent Disks (RAID)
Wrapper
gap analysis
Time Bomb
39. The level of importance assigned to an IT asset
Information Technology (IT) asset criticality
Challenge Handshake Authentication Protocol (CHAP)
RxBoot
script kiddie
40. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Ethernet
-sX
Minimum acceptable level of risk
802.11
41. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
-oN
MD5
Trusted Computer Base (TCB)
heuristic scanning
42. A small Trojan program that listens on port 777.
Tini
Fast Ethernet
Transmission Control Protocol (TCP)
ad hoc mode
43. Controls to detect anomalies or undesirable events occurring on a system.
Detective Controls
private key
A procedure for identifying active hosts on a network.
false rejection rate (FRR)
44. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
identity theft
HIDS
Accountability
Active Directory (AD)
45. An Application layer protocol for sending electronic mail between servers.
Virtual Local Area Network (VLAN)
Simple Mail Transfer Protocol (SMTP)
shrink-wrap code attacks
Temporal Key Integrity Protocol (TKIP)
46. A point of reference used to mark an initial state in order to manage change.
--randomize_hosts -O OS fingerprinting
Trapdoor Function
Baseline
Uniform Resource Locator (URL)
47. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
stream cipher
Daemon
reverse lookup; reverse DNS lookup
remote access
48. Hex 14
Exposure Factor
SSH
A R
-P0
49. The act of dialing all numbers within an organization to discover open modems.
Point-to-Point Protocol (PPP)
War Dialing
Droppers
payload
50. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
impersonation
802.11 i
Tunneling
Countermeasures
