SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
HIDS
Smurf attack
Simple Object Access Protocol (SOAP)
Access Control List (ACL)
2. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
public key
Real application encompassing Trojan
A
Temporal Key Integrity Protocol (TKIP)
3. The steps taken to gather evidence and information on the targets you wish to attack.
node
service level agreements (SLAs)
NetBSD
reconnaissance
4. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Lightweight Directory Access Protocol (LDAP)
Ciphertext
TACACS
Trusted Computer Base (TCB)
5. The change or growth of a project's scope
Network Basic Input/Output System (NetBIOS)
scope creep
rule-based access control
Virus Hoax
6. The transmission of digital signals without precise clocking or synchronization.
Virus Hoax
intrusion prevention system (IPS)
Filter
asynchronous transmission
7. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
End User Licensing Agreement (EULA)
security by obscurity
Internet Protocol (IP)
Access Creep
8. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
CAM table
Blowfish
firewall
-PS
9. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
false rejection rate (FRR)
Assessment
Event
routed protocol
10. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
fully qualified domain name (FQDN)
risk acceptance
non-repudiation
Warm Site
11. Shifting responsibility from one party to another
Tiger Team
Buffer Overflow
risk transference
Contingency Plan
12. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
shoulder surfing
single loss expectancy (SLE)
Buffer
Multipurpose Internet Mail Extensions (MIME)
13. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
quality of service (QoS)
Auditing
self encrypting
suicide hacker
14. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.
-sF
symmetric algorithm
Serial Line Internet Protocol (SLIP)
Collision
15. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Packet Internet Groper (ping)
DNS enumeration
Auditing
Cryptographic Key
16. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
Macro virus
Simple Network Management Protocol (SNMP)
sidejacking
Digital Certificate
17. Phases of an attack
false negative
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
-sX
Certificate
18. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
audit
File Allocation Table (FAT)
Digital Signature
RPC-DCOM
19. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
Secure Sockets Layer (SSL)
Fraud and related activity in connection with computers
CNAME record
Cryptographic Key
20. Port 389
LDAP
Tunneling
International Organization for Standardization (ISO)
Information Technology (IT) security architecture and framework
21. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
Fast Ethernet
Zone transfer
SMB
hot site
22. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Antivirus (AV) software
Adware
Wired Equivalent Privacy (WEP)
Cache
23. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Backdoor
Demilitarized Zone (DMZ)
symmetric encryption
Cache
24. A computer network confined to a relatively small area - such as a single building or campus.
Cracker
Wi-Fi Protected Access (WPA)
local area network (LAN)
Media Access Control (MAC)
25. A routing protocol developed to be used within a single organization.
-oX
HTTP tunneling
network operations center (NOC)
Interior Gateway Protocol (IGP)
26. Microsoft SID 500
Competitive Intelligence
Local Administrator
Cache
footprinting
27. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
encapsulation
Bit Flipping
Open System Interconnection (OSI) Reference Model
Internet Assigned Number Authority (IANA)
28. A computer virus that infects and spreads in multiple ways.
Multipartite virus
Hypertext Transfer Protocol (HTTP)
piggybacking
Backdoor
29. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
penetration testing
Authentication - Authorization - and Accounting (AAA)
Port Address Translation (PAT)
Master boot record infector
30. Policy stating what users of a system can and cannot do with the organization's assets.
Multipurpose Internet Mail Extensions (MIME)
Acceptable Use Policy (AUP)
Administratively Prohibited
Wired Equivalent Privacy (WEP)
31. Hex 12
-P0
Kerberos
A S
Cracker
32. ICMP Type/Code 0-0
Echo request
Address Resolution Protocol (ARP) table
Echo Reply
-PP
33. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
LDAP
CAM table
Droppers
Authentication Header (AH)
34. Port 80/81/8080
GET
Telnet
HTTP
Google hacking
35. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
Third Party
-oG
Wi-Fi
SAM
36. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
firewall
ISO 17799
Application-Level Attacks
identity theft
37. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Trapdoor Function
Internet Control Message Protocol (ICMP)
FTP
Domain Name System (DNS) lookup
38. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Block Cipher
Target Of Engagement (TOE)
Trusted Computer Base (TCB)
Boot Sector Virus
39. ICMP Ping
Network Address Translation (NAT)
-PI
Wi-Fi Protected Access (WPA)
XOR Operation
40. A social-engineering attack that manipulates the victim into calling the attacker for help.
Digital Signature
reverse social engineering
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
intrusion detection system (IDS)
41. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
inference attack
Three-Way (TCP) Handshake
Detective Controls
White Box Testing
42. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
Backdoor
Vulnerability Management
Hypertext Transfer Protocol Secure (HTTPS)
hardware keystroke logger
43. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
risk avoidance
Vulnerability
Mantrap
risk
44. LM Hash for short passwords (under 7)
encapsulation
--randomize_hosts -O OS fingerprinting
port redirection
404EE
45. A small Trojan program that listens on port 777.
red team
Sign in Seal
Due Diligence
Tini
46. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
initial sequence number (ISN)
War Dialing
route
Event
47. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
human-based social engineering
Virus Hoax
security bulletins
Traceroute
48. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
Internet Protocol (IP)
Threat
heuristic scanning
Buffer Overflow
49. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
-oX
Google hacking
Certificate
network access server
50. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
Malicious code
false rejection rate (FRR)
Worm
risk avoidance