SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
Fast Ethernet
Cryptography
Collision
single loss expectancy (SLE)
2. Polymorphic Virus
false rejection rate (FRR)
heuristic scanning
self encrypting
Crossover Error Rate (CER)
3. An Application layer protocol for sending electronic mail between servers.
Simple Mail Transfer Protocol (SMTP)
false rejection rate (FRR)
reverse social engineering
open source
4. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all
Routing Information Protocol (RIP)
Antivirus (AV) software
International Organization for Standardization (ISO)
-PB
5. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
Address Resolution Protocol (ARP) table
TACACS
symmetric algorithm
keylogger
6. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
False Acceptance Rate (FAR)
risk transference
Digital Signature
risk
7. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
patch
segment
End User Licensing Agreement (EULA)
Google hacking
8. An adapter that provides the physical connection to send and receive data between the computer and the network media.
network interface card (NIC)
-sR
gap analysis
Challenge Handshake Authentication Protocol (CHAP)
9. ICMP Type/Code 11
inference attack
Transmission Control Protocol (TCP)
Time exceeded
No previous knowledge of the network
10. Vulnerability Scanning
FTP
The automated process of proactively identifying vulnerabilities of computing systems present in a network
-oX
Information Technology (IT) asset criticality
11. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Virtual Private Network (VPN)
Ethical Hacker
Google hacking
Fiber Distributed Data Interface (FDDI)
12. Port 22
NT LAN Manager (NTLM)
-sL
SSH
Cryptography
13. Port 80/81/8080
HTTP
Due Diligence
forwarding
single loss expectancy (SLE)
14. Incremental Substitution
802.11 i
U P F
Replacing numbers in a url to access other files
Hacks without permission
15. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
piggybacking
null session
risk assessment
Man-in-the-middle attack
16. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Time To Live (TTL)
gray hat
hashing algorithm
Information Technology Security Evaluation Criteria (ITSEC)
17. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
quality of service (QoS)
network access server
Certificate Authority (CA)
Virus Hoax
18. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
signature scanning
spam
Vulnerability
symmetric algorithm
19. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
parallel scan & 75 sec timeout & 0.3 sec/probe
route
Wi-Fi
qualitative analysis
20. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
forwarding
Trusted Computer Base (TCB)
Whois
sidejacking
21. Port 31337
Back orifice
Wired Equivalent Privacy (WEP)
sheepdip
Tumbling
22. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
802.11
Availability
hacktivism
non-repudiation
23. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Covert Channel
security controls
DNS enumeration
ECHO reply
24. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Bug
proxy server
Trapdoor Function
Audit Data
25. nmap
Network Address Translation (NAT)
-p <port ranges>
Cold Site
Daisy Chaining
26. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
symmetric algorithm
Biometrics
Level II assessment
User Datagram Protocol (UDP)
27. A host designed to collect data on suspicious activity.
International Organization for Standardization (ISO)
honeypot
Malware
U P F
28. The process of recording activity on a system for monitoring and later review.
private network address
A R
Auditing
halo effect
29. 18 U.S.C. 1029
Possession of access devices
site survey
Hypertext Transfer Protocol Secure (HTTPS)
Time Bomb
30. FIN Scan
intranet
-sF
Algorithm
Information Technology (IT) asset valuation
31. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
sheepdip
Authentication Header (AH)
hacktivism
-sP
32. Ports 20/21
FTP
hot site
hybrid attack
risk acceptance
33. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Data Link layer
Acknowledgment (ACK)
Contingency Plan
polymorphic virus
34. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
Application Layer
site survey
ping sweep
The automated process of proactively identifying vulnerabilities of computing systems present in a network
35. Xmas Tree scan
non-repudiation
spoofing
Hierarchical File System (HFS)
-sX
36. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Finger
Access Control List (ACL)
inference attack
Ethical Hacker
37. The potential for damage to or loss of an IT asset
Wi-Fi
risk
separation of duties
GET
38. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Password Authentication Protocol (PAP)
Information Technology (IT) infrastructure
Cloning
Internet Protocol Security (IPSec) architecture
39. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
firewalking
spyware
session splicing
local area network (LAN)
40. A computer virus that infects and spreads in multiple ways.
Address Resolution Protocol (ARP) table
RxBoot
Internet Protocol Security (IPSec) architecture
Multipartite virus
41. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
signature scanning
session splicing
security kernel
Master boot record infector
42. Nmap grepable output
-oG
Routing Protocol
Asymmetric
parameter tampering
43. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
red team
Digital Signature
Bluejacking
-sA
44. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
forwarding
Vulnerability Management
inference attack
hybrid attack
45. A software or hardware defect that often results in system vulnerabilities.
Bug
Detective Controls
A procedure for identifying active hosts on a network.
risk acceptance
46. Window Scan
Zenmap
Asset
-sW
Vulnerability
47. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
passive attack
Audit Trail
-PP
48. List Scan
port knocking
Smurf attack
-sL
Defines legal email marketing
49. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
802.11 i
Crossover Error Rate (CER)
security by obscurity
Authentication
50. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
MD5
-PM
piggybacking
open source