SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Vulnerability Scanning
open source
Cracker
firewall
2. Insane scan timing
node
Smurf attack
parallel scan & 75 sec timeout & 0.3 sec/probe
Asymmetric
3. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
Archive
Data Encryption Standard (DES)
XOR Operation
-sV
4. 18 U.S.C. 1030
Fraud and related activity in connection with computers
SYN attack
Address Resolution Protocol (ARP)
Level I assessment
5. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
NOP
802.11
Self Replicating
Accountability
6. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
Real application encompassing Trojan
Decryption
iris scanner
honeypot
7. Hex 10
Asymmetric
A
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
risk transference
8. Directory Transversal
Target Of Engagement (TOE)
ring topology
Whois
Finding a directory listing and gaining access to a parent or root file for access to other files
9. A method of external testing whereby several systems or resources are used together to effect an attack.
ECHO reply
Daisy Chaining
Detective Controls
Collision
10. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
risk assessment
script kiddie
ECHO reply
Exposure Factor
11. A device on a network.
node
Zombie
Local Administrator
Banner Grabbing
12. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
pattern matching
replay attack
-oA
Authentication
13. An Internet routing protocol used to exchange routing information within an autonomous system.
forwarding
Interior Gateway Protocol (IGP)
Cookie
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
14. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Time To Live (TTL)
shoulder surfing
keylogger
-sP
15. Another term for firewalking
Wi-Fi Protected Access (WPA)
SID
port knocking
security defect
16. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
Zenmap
Threat
Audit Trail
stream cipher
17. A string that represents the location of a web resource
Uniform Resource Locator (URL)
Vulnerability Management
Computer Emergency Response Team (CERT)
Competitive Intelligence
18. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Computer-Based Attack
Wiretapping
Virus
infrastructure mode
19. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
Post Office Protocol 3 (POP3)
ring topology
Exposure Factor
serialize scans & 15 sec wait
20. The act of dialing all numbers within an organization to discover open modems.
End User Licensing Agreement (EULA)
War Dialing
HTTP tunneling
Console Port
21. The process of determining if a network entity (user or service) is legitimate
Back orifice
integrity
Authentication
MD5
22. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
Defines legal email marketing
False Acceptance Rate (FAR)
gray box testing
penetration testing
23. Shifting responsibility from one party to another
Level I assessment
network operations center (NOC)
risk transference
Possession of access devices
24. A point of reference used to mark an initial state in order to manage change.
Baseline
Data Link layer
Zenmap
National Security Agency
25. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
quality of service (QoS)
Level I assessment
security kernel
--randomize_hosts -O OS fingerprinting
26. Describes practices in production and development that promote access to the end product's source materials.
Domain Name
Domain Name System (DNS) cache poisoning
open source
quantitative risk assessment
27. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Hacks with permission
heuristic scanning
Exposure Factor
polymorphic virus
28. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
physical security
Digital Signature
Collision
Possession of access devices
29. Name given to expert groups that handle computer security incidents.
rootkit
audit
Computer Emergency Response Team (CERT)
Access Point (AP)
30. Hashing algorithm that results in a 128-bit output.
MD5
Collision
Virtual Local Area Network (VLAN)
network interface card (NIC)
31. Port 31337
Man-in-the-middle attack
private key
Back orifice
Internet Protocol Security (IPSec) architecture
32. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
hashing algorithm
script kiddie
rogue access point
Cracker
33. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Authentication
Auditing
Time Bomb
Audit Trail
34. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
Worm
audit
Vulnerability Management
Hypertext Transfer Protocol Secure (HTTPS)
35. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Antivirus (AV) software
Multipartite virus
Ethical Hacker
NetBSD
36. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
halo effect
Asset
suicide hacker
SID
37. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
symmetric algorithm
International Organization for Standardization (ISO)
Kerberos
Buffer Overflow
38. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
gateway
Fiber Distributed Data Interface (FDDI)
impersonation
Crossover Error Rate (CER)
39. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
Wired Equivalent Privacy (WEP)
security defect
reverse social engineering
Tiger Team
40. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
Post Office Protocol 3 (POP3)
NetBSD
Malware
Level II assessment
41. Hex 14
Tini
Smurf attack
A R
honeynet
42. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
Tini
TACACS
flood
-oN
43. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
-PS
piggybacking
human-based social engineering
Contingency Plan
44. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
flood
nslookup
Domain Name System (DNS) lookup
Vulnerability Management
45. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Fraud and related activity in connection with computers
Threat
War Dialing
hardware keystroke logger
46. A person or entity indirectly involved in a relationship between two principles.
Third Party
false rejection rate (FRR)
identity theft
Daemon
47. Nmap ml output
session hijacking
Active Fingerprinting
-oX
gray box testing
48. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
sheepdip
risk avoidance
-oA
Zero Subnet
49. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
open source
Three-Way (TCP) Handshake
Tunnel
impersonation
50. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
router
patch
Distributed DoS (DDoS)
RPC-DCOM
