SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Interior Gateway Protocol (IGP)
International Organization for Standardization (ISO)
Tunneling Virus
RxBoot
2. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
Interior Gateway Protocol (IGP)
Access Creep
ECHO reply
spam
3. Any network incident that prompts some kind of log entry or other notification.
risk avoidance
Buffer
Daemon
Event
4. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Asynchronous
signature scanning
segment
reverse lookup; reverse DNS lookup
5. The steps taken to gather evidence and information on the targets you wish to attack.
Smurf attack
reconnaissance
forwarding
local area network (LAN)
6. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
port knocking
Brute-Force Password Attack
FreeBSD
Sign in Seal
7. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
Electronic serial number
Worm
steganography
payload
8. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
security defect
Vulnerability
Challenge Handshake Authentication Protocol (CHAP)
risk transference
9. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
Access Control List (ACL)
OpenBSD
-sT
Bluejacking
10. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
security controls
Bluesnarfing
Biometrics
SYN attack
11. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Data Link layer
Three-Way (TCP) Handshake
Filter
Level II assessment
12. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
port knocking
Cryptographic Key
Buffer Overflow
Web Spider
13. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Ethernet
Access Control List (ACL)
Extensible Authentication Protocol (EAP)
Institute of Electrical and Electronics Engineers (IEEE)
14. Computer software or hardware that can intercept and log traffic passing over a digital network.
sniffer
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol 3 (POP3)
Network Address Translation (NAT)
15. A computer virus that infects and spreads in multiple ways.
Multipartite virus
Level I assessment
R
Data Encryption Standard (DES)
16. A Canonical Name record within DNS - used to provide an alias for a domain name.
RPC-DCOM
protocol
Exposure Factor
CNAME record
17. RPC Scan
sniffer
-sR
security defect
Database
18. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
Port Address Translation (PAT)
Certificate
Redundant Array of Independent Disks (RAID)
National Security Agency
19. A social-engineering attack using computer resources - such as e-mail or IRC.
Open System Interconnection (OSI) Reference Model
Computer-Based Attack
White Box Testing
Authorization
20. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Domain Name System (DNS) lookup
Blowfish
security controls
Pretty Good Privacy (PGP)
21. The transmission of digital signals without precise clocking or synchronization.
Written Authorization
International Organization for Standardization (ISO)
Acknowledgment (ACK)
asynchronous transmission
22. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
Assessment
Telnet
NetBus
Trojan Horse
23. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
security kernel
firewall
Authentication
Covert Channel
24. Port 137/138/139
Adware
SMB
Zone transfer
National Security Agency
25. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
risk avoidance
scope creep
intranet
rule-based access control
26. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
quality of service (QoS)
RxBoot
Address Resolution Protocol (ARP)
halo effect
27. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
Defense in Depth
secure channel
Domain Name
Port Address Translation (PAT)
28. Incremental Substitution
non-repudiation
Replacing numbers in a url to access other files
ad hoc mode
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
29. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Virtual Private Network (VPN)
Dumpster Diving
Transmission Control Protocol (TCP)
human-based social engineering
30. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
quantitative risk assessment
Redundant Array of Independent Disks (RAID)
Mantrap
A procedure for identifying active hosts on a network.
31. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
Defense in Depth
red team
Port Address Translation (PAT)
Access Control List (ACL)
32. Port 88
Kerberos
initial sequence number (ISN)
Echo request
Defense in Depth
33. An Application layer protocol for sending electronic mail between servers.
session splicing
replay attack
Simple Mail Transfer Protocol (SMTP)
Boot Sector Virus
34. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
symmetric algorithm
Smurf attack
security bulletins
Presentation layer
35. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
Directory Traversal
-sU
security defect
Fast Ethernet
36. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
-sX
Transport Layer Security (TLS)
Defense in Depth
EDGAR database
37. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Virus Hoax
Wi-Fi Protected Access (WPA)
hybrid attack
protocol stack
38. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
Challenge Handshake Authentication Protocol (CHAP)
Application-Level Attacks
Client
Data Encryption Standard (DES)
39. LM Hash for short passwords (under 7)
Certificate
Demilitarized Zone (DMZ)
404EE
qualitative analysis
40. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Zone transfer
Request for Comments (RFC)
intranet
Countermeasures
41. Port 31337
Back orifice
overt channel
proxy server
S
42. Xmas Tree scan
-sX
Due Care
Tini
End User Licensing Agreement (EULA)
43. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
Algorithm
parallel scan & 300 sec timeout & 1.25 sec/probe
hybrid attack
heuristic scanning
44. Port 80/81/8080
Internet Protocol Security (IPSec) architecture
HTTP
FTP
Defense in Depth
45. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Man-in-the-middle attack
White Box Testing
Written Authorization
Hacks without permission
46. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Availability
ring topology
shoulder surfing
-sF
47. nmap all output
firewall
Echo request
-oA
Countermeasures
48. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
MD5
A S
Minimum acceptable level of risk
private key
49. Port 110
Syslog
POP 3
single loss expectancy (SLE)
Droppers
50. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
Daemon
flood
Administratively Prohibited
User Datagram Protocol (UDP)