SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
payload
Confidentiality
Certificate
network operations center (NOC)
2. A routing protocol developed to be used within a single organization.
Interior Gateway Protocol (IGP)
Cold Site
Redundant Array of Independent Disks (RAID)
HIDS
3. FTP Bounce Attack
Banner Grabbing
-b
site survey
DNS enumeration
4. Port 88
Client
security controls
Kerberos
-sS
5. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Cookie
physical security
Echo request
Cache
6. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
Fiber Distributed Data Interface (FDDI)
SID
NetBSD
encryption
7. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
passive attack
Unicode
Certificate Authority (CA)
CNAME record
8. A device providing temporary - on-demand - point-to-point network access to users.
network access server
802.11
role-based access control
Man-in-the-middle attack
9. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
replay attack
Bluetooth
Annualized Loss Expectancy (ALE)
Malware
10. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Whois
Event
Authentication Header (AH)
Overwhelm CAM table to convert switch to hub mode
11. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
risk acceptance
Access Control List (ACL)
SOA record
Tunneling Virus
12. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
protocol stack
NT LAN Manager (NTLM)
SAM
shrink-wrap code attacks
13. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
parameter tampering
Antivirus (AV) software
Directory Traversal
footprinting
14. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
Cryptography
Google hacking
human-based social engineering
SYN attack
15. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
802.11 i
security by obscurity
Man-in-the-middle attack
Common Internet File System/Server Message Block
16. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Cracker
S
Bit Flipping
POST
17. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Covert Channel
-sX
key exchange protocol
intrusion detection system (IDS)
18. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
Multipartite virus
hot site
sidejacking
open source
19. An Application layer protocol for managing devices on an IP network.
session hijacking
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Kerberos
Simple Network Management Protocol (SNMP)
20. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
Due Care
Transmission Control Protocol (TCP)
Directory Traversal
POP 3
21. Another term for firewalking
forwarding
Accountability
port knocking
RxBoot
22. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Kerberos
identity theft
Local Administrator
Media Access Control (MAC)
23. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Wired Equivalent Privacy (WEP)
Last In First Out (LIFO)
Assessment
XOR Operation
24. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
False Acceptance Rate (FAR)
Written Authorization
Authentication
SAM
25. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Virtual Local Area Network (VLAN)
RxBoot
Droppers
Black Box Testing
26. ICMP Type/Code 8
Simple Network Management Protocol (SNMP)
Echo request
Fraud and related activity in connection with computers
Exploit
27. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Data Encryption Standard (DES)
Adware
Audit Data
shoulder surfing
28. A document describing information security guidelines - policies - procedures - and standards.
NT LAN Manager (NTLM)
passive attack
Certificate
Information Technology (IT) security architecture and framework
29. Directory Transversal
Finding a directory listing and gaining access to a parent or root file for access to other files
patch
remote access
Serial Line Internet Protocol (SLIP)
30. 18 U.S.C. 1029
Wide Area Network (WAN)
Internet service provider (ISP)
Possession of access devices
pattern matching
31. LM Hash for short passwords (under 7)
Internet Assigned Number Authority (IANA)
local area network (LAN)
404EE
Fiber Distributed Data Interface (FDDI)
32. The process of recording activity on a system for monitoring and later review.
Auditing
File Allocation Table (FAT)
spam
sidejacking
33. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Contingency Plan
Vulnerability
port knocking
Banner Grabbing
34. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
steganography
Open System Interconnection (OSI) Reference Model
Temporal Key Integrity Protocol (TKIP)
Malware
35. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Asymmetric Algorithm
Wireless Local Area Network (WLAN)
CAM table
replay attack
36. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Wi-Fi
Acceptable Use Policy (AUP)
private key
Bluetooth
37. CAN-SPAM
Local Administrator
Defines legal email marketing
Application-Level Attacks
symmetric encryption
38. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
network access server
Echo request
Copyright
Domain Name System (DNS) cache poisoning
39. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
false rejection rate (FRR)
port scanning
secure channel
Overwhelm CAM table to convert switch to hub mode
40. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
Banner Grabbing
Auditing
Transmission Control Protocol (TCP)
proxy server
41. Describes practices in production and development that promote access to the end product's source materials.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Contingency Plan
open source
proxy server
42. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
Vulnerability Management
halo effect
non-repudiation
Active Attack
43. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
Due Care
secure channel
Tiger Team
halo effect
44. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Virus Hoax
Auditing
protocol
Unicode
45. A Windows-based GUI version of nmap.
-sO
Zenmap
Access Creep
Annualized Loss Expectancy (ALE)
46. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.
-sV
Availability
Bluetooth
hashing algorithm
47. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
replay attack
qualitative analysis
network operations center (NOC)
War Driving
48. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Man-in-the-middle attack
Post Office Protocol 3 (POP3)
Daemon
Access Control List (ACL)
49. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
personal identification number (PIN)
Audit Data
Zombie
Distributed DoS (DDoS)
50. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
-PS
Digital Certificate
Malicious code
-sI
