SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
flood
hash
Bit Flipping
Videocipher II Satellite Encryption System
2. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Electronic Code Book (ECB)
Presentation layer
Address Resolution Protocol (ARP) table
local area network (LAN)
3. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
R
Adware
script kiddie
White Box Testing
4. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
network tap
Ciphertext
Vulnerability Management
security incident response team (SIRT)
5. A software or hardware defect that often results in system vulnerabilities.
Written Authorization
-oX
Institute of Electrical and Electronics Engineers (IEEE)
Bug
6. A Windows-based GUI version of nmap.
FreeBSD
Zenmap
payload
-sR
7. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
Cold Site
Internet Protocol (IP)
quantitative risk assessment
Open System Interconnection (OSI) Reference Model
8. An Application layer protocol for sending electronic mail between servers.
Acknowledgment (ACK)
Algorithm
Information Technology (IT) asset criticality
Simple Mail Transfer Protocol (SMTP)
9. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
limitation of liability and remedies
Archive
footprinting
Distributed DoS (DDoS)
10. A routing protocol developed to be used within a single organization.
Hypertext Transfer Protocol (HTTP)
Videocipher II Satellite Encryption System
Interior Gateway Protocol (IGP)
U P F
11. An attack that combines a brute-force attack with a dictionary attack.
hybrid attack
serialize scans & 15 sec wait
ring topology
Cookie
12. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Internet Protocol Security (IPSec) architecture
-oX
Threat
Sign in Seal
13. The change or growth of a project's scope
-sU
Contingency Plan
Three-Way (TCP) Handshake
scope creep
14. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Daisy Chaining
Tumbling
-sV
POST
15. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
War Driving
Eavesdropping
Authentication Header (AH)
Smurf attack
16. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
Certificate Authority (CA)
shrink-wrap code attacks
Kerberos
security kernel
17. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
War Chalking
Data Encryption Standard (DES)
protocol
NetBus
18. Shifting responsibility from one party to another
risk transference
Timestamping
spyware
Corrective Controls
19. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
null session
User Datagram Protocol (UDP)
steganography
key exchange protocol
20. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
honeypot
Ethical Hacker
Bastion host
MD5
21. Port 80/81/8080
Buffer Overflow
Annualized Loss Expectancy (ALE)
HTTP
--randomize_hosts -O OS fingerprinting
22. A computer virus that infects and spreads in multiple ways.
Multipartite virus
Target Of Engagement (TOE)
Asymmetric Algorithm
Minimum acceptable level of risk
23. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
-sS
Digital Certificate
false rejection rate (FRR)
Serial Line Internet Protocol (SLIP)
24. A business - government agency - or educational institution that provides access to the Internet.
encryption
Internet service provider (ISP)
White Box Testing
Level II assessment
25. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
Multipartite virus
Directory Traversal
Presentation layer
enumeration
26. UDP Scan
HIDS
-sF
single loss expectancy (SLE)
-sU
27. A free and popular version of the Unix operating system.
Domain Name System (DNS) cache poisoning
FreeBSD
-sV
NOP
28. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.
nslookup
Multipartite virus
Decryption
Destination Unreachable
29. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
hacktivism
Backdoor
public key
initial sequence number (ISN)
30. ICMP Type/Code 0-0
Application Layer
Zombie
Echo Reply
Time exceeded
31. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
firewalking
Bluejacking
No previous knowledge of the network
piggybacking
32. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
null session
script kiddie
firewalking
Internet Control Message Protocol (ICMP)
33. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Defines legal email marketing
Competitive Intelligence
RID Resource identifier
firewall
34. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
Service Set Identifier (SSID)
hacktivism
Archive
Level II assessment
35. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
Domain Name System (DNS) lookup
Virtual Local Area Network (VLAN)
heuristic scanning
Computer Emergency Response Team (CERT)
36. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
social engineering
Multipurpose Internet Mail Extensions (MIME)
Confidentiality
Mantrap
37. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
Tumbling
Redundant Array of Independent Disks (RAID)
risk avoidance
Written Authorization
38. The process of embedding information into a digital signal in a way that makes it difficult to remove.
remote access
Vulnerability Management
Open System Interconnection (OSI) Reference Model
Digital Watermarking
39. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
Password Authentication Protocol (PAP)
ring topology
session hijacking
INFOSEC Assessment Methodology (IAM)
40. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
SID
Address Resolution Protocol (ARP) table
logic bomb
CIA triangle
41. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
Application Layer
Availability
International Organization for Standardization (ISO)
Ciphertext
42. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Malware
routed protocol
Real application encompassing Trojan
Assessment
43. Injecting traffic into the network to identify the operating system of a device.
Syslog
session hijacking
Active Fingerprinting
Information Technology (IT) asset criticality
44. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
patch
Lightweight Directory Access Protocol (LDAP)
Defense in Depth
Tunnel
45. Paranoid scan timing
RPC-DCOM
DNS enumeration
security controls
serial scan & 300 sec wait
46. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Time To Live (TTL)
Internet service provider (ISP)
Console Port
Network Address Translation (NAT)
47. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
Fraud and related activity in connection with computers
limitation of liability and remedies
HTTP tunneling
SYN flood attack
48. Cracking Tools
SOA record
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Fast Ethernet
rule-based access control
49. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
segment
Open System Interconnection (OSI) Reference Model
SYN flood attack
source routing
50. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
Google hacking
proxy server
human-based social engineering
White Box Testing