SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Countermeasures
Point-to-Point Protocol (PPP)
R
Demilitarized Zone (DMZ)
2. A program designed to execute at a specific time to release malicious code onto the computer system or network.
Access Control List (ACL)
Audit Trail
Point-to-Point Tunneling Protocol (PPTP)
Time Bomb
3. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Last In First Out (LIFO)
social engineering
Extensible Authentication Protocol (EAP)
remote procedure call (RPC)
4. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
routed protocol
Kerberos
Denial of Service (DoS)
role-based access control
5. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
packet filtering
R
Macro virus
Certificate Authority (CA)
6. Window Scan
-sW
Vulnerability Scanning
security bulletins
Hypertext Transfer Protocol (HTTP)
7. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
risk assessment
NetBSD
encapsulation
Bluesnarfing
8. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
-oG
Kerberos
Hypertext Transfer Protocol Secure (HTTPS)
Wi-Fi
9. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Extensible Authentication Protocol (EAP)
SMB
Due Care
fully qualified domain name (FQDN)
10. Port 80/81/8080
packet filtering
HTTP
Interior Gateway Protocol (IGP)
serialize scans & 15 sec wait
11. A device on a network.
ping sweep
Defense in Depth
Detective Controls
node
12. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Ethical Hacker
Worm
Serial Line Internet Protocol (SLIP)
Wi-Fi Protected Access (WPA)
13. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Discretionary Access Control (DAC)
Minimum acceptable level of risk
Wi-Fi
War Dialing
14. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
End User Licensing Agreement (EULA)
honeynet
Smurf attack
Defines legal email marketing
15. Injecting traffic into the network to identify the operating system of a device.
Web Spider
Digital Signature
serial scan & 300 sec wait
Active Fingerprinting
16. The level of importance assigned to an IT asset
packet filtering
Information Technology (IT) asset criticality
A R
Wrapper
17. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Bastion host
Tiger Team
hardware keystroke logger
red team
18. Nmap ml output
Network Address Translation (NAT)
fully qualified domain name (FQDN)
Bluetooth
-oX
19. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Tunnel
Virus
NetBus
Active Attack
20. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
-sA
Vulnerability Assessment
quality of service (QoS)
logic bomb
21. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
SYN flood attack
role-based access control
Countermeasures
Eavesdropping
22. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
Covert Channel
reconnaissance
Written Authorization
out-of-band signaling
23. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
packet filtering
Ethernet
Asymmetric
File Transfer Protocol (FTP)
24. Two or more LANs connected by a high-speed line across a large geographical area.
Wide Area Network (WAN)
Temporal Key Integrity Protocol (TKIP)
smart card
packet filtering
25. Paranoid scan timing
smart card
Pretty Good Privacy (PGP)
serial scan & 300 sec wait
Console Port
26. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Man-in-the-middle attack
shoulder surfing
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
sidejacking
27. A person or entity indirectly involved in a relationship between two principles.
Third Party
Virus Hoax
Address Resolution Protocol (ARP)
Level II assessment
28. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Administratively Prohibited
proxy server
Finding a directory listing and gaining access to a parent or root file for access to other files
Cookie
29. Hex 04
forwarding
R
MAC filtering
Telnet
30. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
forwarding
gray box testing
-PB
hashing algorithm
31. Computer software or hardware that can intercept and log traffic passing over a digital network.
Traceroute
network access server
sniffer
Presentation layer
32. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
protocol
Replacing numbers in a url to access other files
Information Technology (IT) asset valuation
Zone transfer
33. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
-oN
patch
Decryption
Authentication Header (AH)
34. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
CNAME record
Bluetooth
Trojan Horse
Cloning
35. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
promiscuous mode
Zone transfer
Event
polymorphic virus
36. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
security controls
Defines legal email marketing
Authentication - Authorization - and Accounting (AAA)
-sI
37. Directing a protocol from one port to another.
port redirection
Access Creep
-sV
symmetric encryption
38. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Wired Equivalent Privacy (WEP)
Timestamping
self encrypting
encryption
39. A group of people - gathered together by a business entity - working to address a specific problem or goal.
Open System Interconnection (OSI) Reference Model
DNS
Tiger Team
Telnet
40. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Trapdoor Function
White Box Testing
Access Point (AP)
Virus Hoax
41. The transmission of digital signals without precise clocking or synchronization.
Unicode
POST
asynchronous transmission
stream cipher
42. The process of determining if a network entity (user or service) is legitimate
Authentication
Finger
segment
Web Spider
43. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
SSH
Bluejacking
SMB
Digital Signature
44. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
port knocking
RxBoot
Active Attack
False Acceptance Rate (FAR)
45. Port 22
security incident response team (SIRT)
SSH
patch
network interface card (NIC)
46. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
802.11
Acceptable Use Policy (AUP)
Man-in-the-middle attack
Fraud and related activity in connection with computers
47. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
Decryption
packet
Possession of access devices
Blowfish
48. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
Domain Name
risk
Zero Subnet
ring topology
49. A free and popular version of the Unix operating system.
Point-to-Point Tunneling Protocol (PPTP)
-PM
Sign in Seal
FreeBSD
50. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Post Office Protocol 3 (POP3)
Certificate Authority (CA)
Bit Flipping
social engineering