SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
U P F
script kiddie
Simple Network Management Protocol (SNMP)
Blowfish
2. A group of people - gathered together by a business entity - working to address a specific problem or goal.
Tiger Team
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
War Dialing
CNAME record
3. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Telnet
Authentication - Authorization - and Accounting (AAA)
Temporal Key Integrity Protocol (TKIP)
Collision Domain
4. A business - government agency - or educational institution that provides access to the Internet.
Internet service provider (ISP)
Challenge Handshake Authentication Protocol (CHAP)
Tunneling Virus
Common Internet File System/Server Message Block
5. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
quantitative risk assessment
Request for Comments (RFC)
footprinting
-b
6. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
Wireless Local Area Network (WLAN)
802.11
risk acceptance
Level II assessment
7. ex 02
S
Cookie
Asynchronous
-oA
8. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
SAM
signature scanning
key exchange protocol
Routing Protocol
9. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Ethical Hacker
Cryptography
Competitive Intelligence
Point-to-Point Tunneling Protocol (PPTP)
10. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
Finding a directory listing and gaining access to a parent or root file for access to other files
operating system attack
Self Replicating
Console Port
11. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
honeypot
Cracker
Directory Traversal
Trusted Computer Base (TCB)
12. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Adware
Contingency Plan
Black Box Testing
Authentication
13. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
phishing
Data Link layer
separation of duties
signature scanning
14. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Web Spider
-sF
suicide hacker
rootkit
15. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Threat
SSH
Computer-Based Attack
Certificate Authority (CA)
16. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Electronic serial number
false rejection rate (FRR)
Asymmetric Algorithm
serial scan & 300 sec wait
17. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
footprinting
Due Diligence
sidejacking
protocol
18. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
Hacks without permission
Information Technology (IT) security architecture and framework
session splicing
Collision
19. Incremental Substitution
Replacing numbers in a url to access other files
integrity
-sO
Dumpster Diving
20. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
smart card
Banner Grabbing
Level II assessment
Telnet
21. The default network authentication suite of protocols for Windows NT 4.0
INFOSEC Assessment Methodology (IAM)
stream cipher
Fraud and related activity in connection with computers
NT LAN Manager (NTLM)
22. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Due Diligence
Filter
Computer-Based Attack
-PT
23. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
Collision Domain
Cloning
Community String
sheepdip
24. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
Address Resolution Protocol (ARP)
A
Defense in Depth
single loss expectancy (SLE)
25. The process of using easily accessible DNS records to map a target network's internal hosts.
SID
gray box testing
DNS enumeration
U P F
26. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
logic bomb
Address Resolution Protocol (ARP)
Data Link layer
spam
27. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
Wiretapping
gray hat
Accountability
802.11 i
28. TCP SYN Scan
Wide Area Network (WAN)
-sS
forwarding
nslookup
29. ACK Scan
EDGAR database
-sA
Whois
Data Link layer
30. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
-sP
audit
Acknowledgment (ACK)
Virtual Private Network (VPN)
31. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
-oX
Discretionary Access Control (DAC)
Unicode
Fast Ethernet
32. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Address Resolution Protocol (ARP) table
Echo request
Sign in Seal
Droppers
33. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
SAM
logic bomb
Wired Equivalent Privacy (WEP)
Console Port
34. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
inference attack
Google hacking
INFOSEC Assessment Methodology (IAM)
RID Resource identifier
35. The lack of clocking (imposed time ordering) on a bit stream.
Asynchronous
symmetric encryption
SYN flood attack
TACACS
36. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
Asymmetric
Annualized Loss Expectancy (ALE)
Hierarchical File System (HFS)
social engineering
37. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
key exchange protocol
Event
encapsulation
passive attack
38. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
Vulnerability Management
Copyright
NetBus
security defect
39. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Sign in Seal
Wide Area Network (WAN)
U P F
parameter tampering
40. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Network Basic Input/Output System (NetBIOS)
SOA record
Hierarchical File System (HFS)
Cache
41. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
POST
risk acceptance
Zero Subnet
Active Attack
42. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Transmission Control Protocol (TCP)
Transport Layer Security (TLS)
Brute-Force Password Attack
The automated process of proactively identifying vulnerabilities of computing systems present in a network
43. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
-PP
Eavesdropping
infrastructure mode
integrity
44. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
SMB
Mantrap
Trusted Computer Base (TCB)
Sign in Seal
45. Injecting traffic into the network to identify the operating system of a device.
Ethernet
Active Fingerprinting
infrastructure mode
out-of-band signaling
46. Port 161/162
Videocipher II Satellite Encryption System
Multipartite virus
Tiger Team
SNMP
47. TCP connect() scan
operating system attack
Cold Site
-sT
Virtual Private Network (VPN)
48. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
non-repudiation
Certificate
Extensible Authentication Protocol (EAP)
hacktivism
49. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
Computer Emergency Response Team (CERT)
Lightweight Directory Access Protocol (LDAP)
private network address
node
50. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Active Attack
Biometrics
SID
Fraud and related activity in connection with computers