SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
network operations center (NOC)
hybrid attack
Virtual Local Area Network (VLAN)
Tunnel
2. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
Multipurpose Internet Mail Extensions (MIME)
Domain Name
session splicing
A
3. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
sheepdip
Adware
hot site
route
4. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
human-based social engineering
Unicode
security incident response team (SIRT)
Active Directory (AD)
5. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Cookie
MAC filtering
Trusted Computer Base (TCB)
Destination Unreachable
6. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
Digital Certificate
parallel scan & 75 sec timeout & 0.3 sec/probe
encapsulation
impersonation
7. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
Tumbling
key exchange protocol
-sI
social engineering
8. White box test
Written Authorization
Bug
parameter tampering
Internal access to the network
9. Network Scanning
Dumpster Diving
A procedure for identifying active hosts on a network.
shoulder surfing
Fraud and related activity in connection with computers
10. MAC Flooding
Echo request
Overwhelm CAM table to convert switch to hub mode
Defense in Depth
Information Technology (IT) infrastructure
11. A computer file system architecture used in Windows - OS/2 - and most memory cards.
Cold Site
port knocking
ECHO reply
File Allocation Table (FAT)
12. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
Virus Hoax
A R
Crossover Error Rate (CER)
qualitative analysis
13. Aggressive scan timing
Asymmetric
DNS
File Allocation Table (FAT)
parallel scan & 300 sec timeout & 1.25 sec/probe
14. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Telnet
quantitative risk assessment
Network Address Translation (NAT)
HTTP tunneling
15. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Minimum acceptable level of risk
Replacing numbers in a url to access other files
Rijndael
open source
16. Normal scan timing
No previous knowledge of the network
parallel scan
-oG
Self Replicating
17. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
NetBSD
Application-Level Attacks
penetration testing
Self Replicating
18. The Security Accounts Manager file in Windows stores all the password hashes for the system.
Corrective Controls
SAM
heuristic scanning
Bit Flipping
19. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
Crossover Error Rate (CER)
Copyright
operating system attack
Threat
20. Insane scan timing
Detective Controls
Bluejacking
parallel scan & 75 sec timeout & 0.3 sec/probe
security breach or security incident
21. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Transmission Control Protocol (TCP)
service level agreements (SLAs)
passive attack
Eavesdropping
22. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Cache
Data Encryption Standard (DES)
remote procedure call (RPC)
physical security
23. Port 389
LDAP
Master boot record infector
Discretionary Access Control (DAC)
-sT
24. A Canonical Name record within DNS - used to provide an alias for a domain name.
Denial of Service (DoS)
protocol
CNAME record
Wired Equivalent Privacy (WEP)
25. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
local area network (LAN)
signature scanning
Antivirus (AV) software
scope creep
26. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
Target Of Engagement (TOE)
FreeBSD
-PS
CAM table
27. A protocol for exchanging packets over a serial line.
audit
Active Fingerprinting
Serial Line Internet Protocol (SLIP)
Trojan Horse
28. Nmap normal output
Virus Hoax
Information Technology (IT) security architecture and framework
-oN
Demilitarized Zone (DMZ)
29. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
firewalking
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
shrink-wrap code attacks
RxBoot
30. Directing a protocol from one port to another.
Countermeasures
Cryptography
Tumbling
port redirection
31. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.
packet
-sS
Port Address Translation (PAT)
source routing
32. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination
packet filtering
Exploit
spyware
operating system attack
33. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
parameter tampering
Time Bomb
Competitive Intelligence
Archive
34. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
Data Encryption Standard (DES)
Fiber Distributed Data Interface (FDDI)
gateway
RID Resource identifier
35. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
A R
Mantrap
security controls
rogue access point
36. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
War Driving
Bluetooth
Anonymizer
MAC filtering
37. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
Defense in Depth
Tumbling
SMB
operating system attack
38. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Internet Protocol Security (IPSec) architecture
Buffer Overflow
Certificate
Temporal Key Integrity Protocol (TKIP)
39. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
Zombie
RxBoot
Wide Area Network (WAN)
ad hoc mode
40. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
nslookup
Active Directory (AD)
security defect
Level II assessment
41. A device providing temporary - on-demand - point-to-point network access to users.
network access server
security breach or security incident
A procedure for identifying active hosts on a network.
War Dialing
42. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Bit Flipping
Authentication
Simple Object Access Protocol (SOAP)
Assessment
43. A virus written in a macro language and usually embedded in document or spreadsheet files.
local area network (LAN)
Wrapper
patch
Macro virus
44. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
risk avoidance
Threat
Bluesnarfing
proxy server
45. A social-engineering attack that manipulates the victim into calling the attacker for help.
Common Internet File System/Server Message Block
Target Of Engagement (TOE)
Information Technology (IT) security architecture and framework
reverse social engineering
46. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
rule-based access control
Droppers
-sP
XOR Operation
47. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
Authentication
Buffer Overflow
No previous knowledge of the network
honeypot
48. nmap
Pretty Good Privacy (PGP)
-p <port ranges>
audit
Malicious code
49. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
pattern matching
router
integrity
queue
50. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
Client
-oG
Wi-Fi Protected Access (WPA)
personal identification number (PIN)
