SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
Methodology
audit
Blowfish
Cracker
2. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Worm
Asymmetric
Tunneling Virus
Ethical Hacker
3. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption
CAM table
separation of duties
Last In First Out (LIFO)
Algorithm
4. A portion of memory used to temporarily store output or input data.
Buffer
steganography
sniffer
EDGAR database
5. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is
signature scanning
SYN attack
Replacing numbers in a url to access other files
flood
6. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
-sW
Network Address Translation (NAT)
Exposure Factor
qualitative analysis
7. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
flood
Zero Subnet
SSH
Assessment
8. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Internal access to the network
Web Spider
Last In First Out (LIFO)
Internet Protocol (IP)
9. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
Timestamping
Application-Level Attacks
port knocking
Defense in Depth
10. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
Mantrap
Access Creep
International Organization for Standardization (ISO)
security bulletins
11. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
routed protocol
Exposure Factor
red team
Vulnerability Scanning
12. Controls to detect anomalies or undesirable events occurring on a system.
quality of service (QoS)
War Chalking
-sL
Detective Controls
13. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
-sX
Media Access Control (MAC)
Tunneling
Corrective Controls
14. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Point-to-Point Protocol (PPP)
intrusion detection system (IDS)
Uniform Resource Locator (URL)
15. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
Domain Name System (DNS) cache poisoning
protocol
risk avoidance
POP 3
16. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
--randomize_hosts -O OS fingerprinting
Sign in Seal
quality of service (QoS)
overt channel
17. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
private key
Tunnel
hot site
heuristic scanning
18. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
Real application encompassing Trojan
Transport Layer Security (TLS)
File Transfer Protocol (FTP)
Droppers
19. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).
SYN attack
Rijndael
Cracker
iris scanner
20. Port 110
parallel scan & 300 sec timeout & 1.25 sec/probe
Confidentiality
POP 3
Local Administrator
21. LM Hash for short passwords (under 7)
Level II assessment
404EE
-sS
The automated process of proactively identifying vulnerabilities of computing systems present in a network
22. Port 80/81/8080
HTTP
risk assessment
RID Resource identifier
limitation of liability and remedies
23. Idlescan
Cookie
-sI
Media Access Control (MAC)
Digital Watermarking
24. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
File Allocation Table (FAT)
Digital Certificate
RPC-DCOM
25. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
security incident response team (SIRT)
Bluejacking
security defect
patch
26. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
EDGAR database
site survey
integrity
27. A type of encryption where the same key is used to encrypt and decrypt the message.
symmetric encryption
Redundant Array of Independent Disks (RAID)
honeypot
Computer-Based Attack
28. ICMP Type/Code 8
hot site
Black Hat
Echo request
Bit Flipping
29. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
Antivirus (AV) software
site survey
Availability
HTTP
30. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
U P F
Multipartite virus
Cryptographic Key
hardware keystroke logger
31. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
FreeBSD
social engineering
Warm Site
Back orifice
32. ICMP Ping
802.11
-PI
RxBoot
limitation of liability and remedies
33. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
public key infrastructure (PKI)
Eavesdropping
-sU
Confidentiality
34. UDP Scan
Hypertext Transfer Protocol (HTTP)
Information Technology (IT) security architecture and framework
-sU
protocol
35. NSA
ISO 17799
Zenmap
fully qualified domain name (FQDN)
National Security Agency
36. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.
Block Cipher
Telnet
Electronic serial number
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
37. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
User Datagram Protocol (UDP)
Telnet
Zombie
service level agreements (SLAs)
38. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
Virus Hoax
session splicing
Wired Equivalent Privacy (WEP)
Auditing
39. The process of embedding information into a digital signal in a way that makes it difficult to remove.
patch
Hypertext Transfer Protocol Secure (HTTPS)
Digital Watermarking
A
40. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Crossover Error Rate (CER)
Domain Name System (DNS)
halo effect
Access Creep
41. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.
Collision
security by obscurity
NetBus
Level II assessment
42. A protocol for exchanging packets over a serial line.
War Driving
initial sequence number (ISN)
false negative
Serial Line Internet Protocol (SLIP)
43. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
FreeBSD
MD5
Domain Name
-sO
44. 18 U.S.C. 1029
Trapdoor Function
Level III assessment
Possession of access devices
promiscuous mode
45. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
routed protocol
Mandatory access control (MAC)
Active Fingerprinting
reconnaissance
46. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
site survey
security defect
halo effect
Certificate
47. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
-PM
nslookup
Telnet
War Dialing
48. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
hash
Virtual Local Area Network (VLAN)
network access server
false rejection rate (FRR)
49. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Asymmetric
Challenge Handshake Authentication Protocol (CHAP)
Tumbling
patch
50. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
POP 3
firewall
ping sweep
Web Spider