Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
Annualized Loss Expectancy (ALE)
pattern matching
Countermeasures
False Acceptance Rate (FAR)

2. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
War Driving
RPC-DCOM
Challenge Handshake Authentication Protocol (CHAP)
identity theft

3. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
security defect
Secure Sockets Layer (SSL)
risk avoidance
Adware

4. FTP Bounce Attack
audit
gap analysis
Syslog
-b

5. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Redundant Array of Independent Disks (RAID)
quality of service (QoS)
penetration testing
parallel scan & 75 sec timeout & 0.3 sec/probe

6. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
Destination Unreachable
audit
Collision Domain
Real application encompassing Trojan

7. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Whois
Worm
HIDS
network access server

8. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
ECHO reply
Vulnerability
social engineering
Three-Way (TCP) Handshake

9. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
Data Encryption Standard (DES)
intrusion detection system (IDS)
RxBoot
Traceroute

10. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
Electronic serial number
quality of service (QoS)
Lightweight Directory Access Protocol (LDAP)
-b

11. UDP Scan
Pretty Good Privacy (PGP)
Information Technology Security Evaluation Criteria (ITSEC)
-sU
A

12. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Backdoor
Collision Domain
asynchronous transmission
-PB

13. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
packet filtering
Cloning
ISO 17799
Finding a directory listing and gaining access to a parent or root file for access to other files

14. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
security bulletins
spam
Simple Mail Transfer Protocol (SMTP)
Application Layer

15. The software product or system that is the subject of an evaluation.
Target Of Engagement (TOE)
HTTP tunneling
qualitative analysis
Kerberos

16. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
serialize scans & 0.4 sec wait
Telnet
site survey
Threat

17. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Exploit
--randomize_hosts -O OS fingerprinting
parameter tampering
Third Party

18. A virus that plants itself in a system's boot sector and infects the master boot record.
Boot Sector Virus
Transport Layer Security (TLS)
parallel scan
overt channel

19. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
signature scanning
Post Office Protocol 3 (POP3)
Acknowledgment (ACK)
hot site

20. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
smart card
Master boot record infector
spam
sniffer

21. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
GET
Competitive Intelligence
Dumpster Diving
router

22. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Digital Watermarking
Request for Comments (RFC)
Archive
Time exceeded

23. Port 135
Kerberos
RPC-DCOM
Serial Line Internet Protocol (SLIP)
Adware

24. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Level I assessment
Blowfish
Transport Layer Security (TLS)
Acknowledgment (ACK)

25. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Tunneling Virus
Asymmetric
source routing
-PT

26. Any item of value or worth to an organization - whether physical or virtual.
operating system attack
flood
Asset
Web Spider

27. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
infrastructure mode
802.11
session splicing
False Acceptance Rate (FAR)

28. Port 22
Serial Line Internet Protocol (SLIP)
Tumbling
SSH
halo effect

29. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
Boot Sector Virus
Wi-Fi
red team
integrity

30. nmap
-b
--randomize_hosts -O OS fingerprinting
International Organization for Standardization (ISO)
Videocipher II Satellite Encryption System

31. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
War Chalking
Last In First Out (LIFO)
halo effect
Fast Ethernet

32. A type of encryption where the same key is used to encrypt and decrypt the message.
Rijndael
social engineering
Exploit
symmetric encryption

33. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can
route
network operations center (NOC)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
symmetric encryption

34. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
Domain Name System (DNS)
hot site
Target Of Engagement (TOE)
intranet

35. Policy stating what users of a system can and cannot do with the organization's assets.
RPC-DCOM
Buffer
Acceptable Use Policy (AUP)
Trusted Computer Base (TCB)

36. CAN-SPAM
Defines legal email marketing
Black Hat
polymorphic virus
passive attack

37. Attacks on the actual programming code of an application.
Defense in Depth
Application-Level Attacks
serialize scans & 15 sec wait
Media Access Control (MAC)

38. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Authorization
Redundant Array of Independent Disks (RAID)
sidejacking
Cache

39. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Detective Controls
Internet Control Message Protocol (ICMP)
Filter
intrusion detection system (IDS)

40. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
End User Licensing Agreement (EULA)
Virtual Private Network (VPN)
Detective Controls
proxy server

41. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
A R
Secure Sockets Layer (SSL)
Challenge Handshake Authentication Protocol (CHAP)
node

42. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
Anonymizer
suicide hacker
Simple Mail Transfer Protocol (SMTP)
segment

43. Black box test
Timestamping
gray hat
Written Authorization
No previous knowledge of the network

44. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Open System Interconnection (OSI) Reference Model
Asymmetric Algorithm
Sign in Seal
Trapdoor Function

45. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
-sU
A procedure for identifying active hosts on a network.
rule-based access control
Mandatory access control (MAC)

46. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
ping sweep
Active Attack
security controls
Routing Information Protocol (RIP)

47. A person or entity indirectly involved in a relationship between two principles.
Hacks with permission
Level I assessment
Buffer Overflow
Third Party

48. FIN Scan
-sF
Media Access Control (MAC)
integrity
flood

49. Insane scan timing
audit
parallel scan & 75 sec timeout & 0.3 sec/probe
Point-to-Point Protocol (PPP)
R

50. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
HTTP tunneling
private key
-PS
Fast Ethernet