SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hex 29
session splicing
rogue access point
security by obscurity
U P F
2. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
-oA
Active Directory (AD)
Wi-Fi Protected Access (WPA)
Demilitarized Zone (DMZ)
3. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Administratively Prohibited
TACACS
null session
Vulnerability Scanning
4. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Access Creep
-PS
Crossover Error Rate (CER)
Adware
5. A virus that plants itself in a system's boot sector and infects the master boot record.
-sL
gap analysis
Boot Sector Virus
-sX
6. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
service level agreements (SLAs)
heuristic scanning
shrink-wrap code attacks
intrusion detection system (IDS)
7. The condition of a resource being ready for use and accessible by authorized users.
-sV
Availability
Time exceeded
Echo Reply
8. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Level II assessment
Anonymizer
Covert Channel
Certificate Authority (CA)
9. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
Due Diligence
stateful packet filtering
Active Attack
spoofing
10. 18 U.S.C. 1030
nslookup
Fraud and related activity in connection with computers
Malicious code
Multipartite virus
11. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
Echo request
Internet Assigned Number Authority (IANA)
MAC filtering
Wrapper
12. A protocol for exchanging packets over a serial line.
signature scanning
Antivirus (AV) software
Asset
Serial Line Internet Protocol (SLIP)
13. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Cookie
End User Licensing Agreement (EULA)
Open System Interconnection (OSI) Reference Model
serial scan & 300 sec wait
14. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
War Chalking
Tunneling Virus
Database
rogue access point
15. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
red team
Availability
Kerberos
sidejacking
16. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
Virtual Local Area Network (VLAN)
session hijacking
Bluesnarfing
security incident response team (SIRT)
17. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
quantitative risk assessment
Defines legal email marketing
Buffer Overflow
private key
18. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
hot site
Wrapper
Possession of access devices
reverse lookup; reverse DNS lookup
19. Incremental Substitution
Wired Equivalent Privacy (WEP)
Replacing numbers in a url to access other files
R
802.11
20. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
Password Authentication Protocol (PAP)
RxBoot
Three-Way (TCP) Handshake
packet
21. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
-oN
Zenmap
Fraud and related activity in connection with computers
Level II assessment
22. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
iris scanner
NT LAN Manager (NTLM)
sidejacking
Open System Interconnection (OSI) Reference Model
23. White hat
nslookup
Hacks with permission
protocol
Rijndael
24. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
Request for Comments (RFC)
NOP
qualitative analysis
Pretty Good Privacy (PGP)
25. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
POP 3
Adware
Malware
Minimum acceptable level of risk
26. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
remote access
payload
identity theft
port knocking
27. Nmap ml output
Countermeasures
-oX
The automated process of proactively identifying vulnerabilities of computing systems present in a network
A R
28. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
operating system attack
Information Technology Security Evaluation Criteria (ITSEC)
Tunneling Virus
Zombie
29. The change or growth of a project's scope
Certificate
scope creep
SAM
Tunneling
30. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
EDGAR database
Data Link layer
Virus Hoax
Copyright
31. Hashing algorithm that results in a 128-bit output.
MD5
quantitative risk assessment
honeypot
Internet Protocol (IP)
32. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Biometrics
Network Basic Input/Output System (NetBIOS)
Data Encryption Standard (DES)
honeypot
33. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
false negative
Virus
Open System Interconnection (OSI) Reference Model
-sP
34. A social-engineering attack using computer resources - such as e-mail or IRC.
human-based social engineering
risk assessment
gray box testing
Computer-Based Attack
35. nmap
risk acceptance
HTTP
pattern matching
-p <port ranges>
36. Wrapper or Binder
risk avoidance
social engineering
Real application encompassing Trojan
phishing
37. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Asset
Authentication
serial scan & 300 sec wait
limitation of liability and remedies
38. The monetary value assigned to an IT asset.
Certificate Authority (CA)
Information Technology (IT) asset valuation
piggybacking
symmetric encryption
39. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
Port Address Translation (PAT)
INFOSEC Assessment Methodology (IAM)
Open System Interconnection (OSI) Reference Model
audit
40. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
public key infrastructure (PKI)
Zero Subnet
Bit Flipping
Computer-Based Attack
41. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
rogue access point
Competitive Intelligence
risk acceptance
Network Basic Input/Output System (NetBIOS)
42. A computer file system architecture used in Windows - OS/2 - and most memory cards.
serialize scans & 15 sec wait
File Transfer Protocol (FTP)
risk acceptance
File Allocation Table (FAT)
43. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
shoulder surfing
Filter
site survey
CIA triangle
44. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
NetBSD
Defense in Depth
Hacks with permission
Hacks without permission
45. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
open source
ad hoc mode
HTTP
Discretionary Access Control (DAC)
46. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
Written Authorization
Virtual Private Network (VPN)
ad hoc mode
session splicing
47. The combination of all IT assets - resources - components - and systems.
Information Technology (IT) infrastructure
-PM
honeypot
Access Point (AP)
48. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
TACACS
Virus Hoax
Trusted Computer Base (TCB)
Confidentiality
49. The level of importance assigned to an IT asset
Asymmetric
Information Technology (IT) asset criticality
stream cipher
protocol
50. An early network application that provides information on users currently logged on to a machine.
flood
Information Technology (IT) asset valuation
polymorphic virus
Finger