SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The potential for damage to or loss of an IT asset
Accountability
Master boot record infector
protocol stack
risk
2. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
--randomize_hosts -O OS fingerprinting
International Organization for Standardization (ISO)
Transmission Control Protocol (TCP)
Malware
3. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
RxBoot
session hijacking
International Organization for Standardization (ISO)
Lightweight Directory Access Protocol (LDAP)
4. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
Pretty Good Privacy (PGP)
packet filtering
null session
ad hoc mode
5. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
NetBus
LDAP
net use \[target ip]IPC$ '' /user:''
Wired Equivalent Privacy (WEP)
6. A group of people - gathered together by a business entity - working to address a specific problem or goal.
SNMP
-sA
Tiger Team
Temporal Key Integrity Protocol (TKIP)
7. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Trapdoor Function
Blowfish
Banner Grabbing
Serial Line Internet Protocol (SLIP)
8. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
--randomize_hosts -O OS fingerprinting
ISO 17799
serial scan & 300 sec wait
source routing
9. Vulnerability Scanning
-PM
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Hacks with permission
firewalking
10. ICMP Type/Code 3-13
Block Cipher
stream cipher
Administratively Prohibited
Last In First Out (LIFO)
11. A string that represents the location of a web resource
public key
Uniform Resource Locator (URL)
Wireless Local Area Network (WLAN)
single loss expectancy (SLE)
12. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
-sA
Mantrap
SMB
Bluetooth
13. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
ad hoc mode
serial scan & 300 sec wait
Tunnel
Internet Protocol (IP)
14. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Bluetooth
parallel scan
Ciphertext
shrink-wrap code attacks
15. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
War Dialing
Acknowledgment (ACK)
packet
Simple Object Access Protocol (SOAP)
16. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
RID Resource identifier
Destination Unreachable
human-based social engineering
Cryptographic Key
17. The concept of having more than one person required to complete a task
separation of duties
Client
MD5
Tini
18. Port 53
DNS
Cloning
Hypertext Transfer Protocol Secure (HTTPS)
Trapdoor Function
19. Insane scan timing
Target Of Engagement (TOE)
SID
-oA
parallel scan & 75 sec timeout & 0.3 sec/probe
20. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
False Acceptance Rate (FAR)
Level III assessment
Hypertext Transfer Protocol Secure (HTTPS)
Console Port
21. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
HTTP tunneling
Droppers
Fast Ethernet
Wired Equivalent Privacy (WEP)
22. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
-sU
Whois
Cracker
ECHO reply
23. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Wrapper
Bug
script kiddie
polymorphic virus
24. Computer software or hardware that can intercept and log traffic passing over a digital network.
Bug
Virtual Local Area Network (VLAN)
inference attack
sniffer
25. A protocol used to pass control and error messages between nodes on the Internet.
Virtual Private Network (VPN)
sniffer
Internet Control Message Protocol (ICMP)
Malware
26. Port 135
Back orifice
-oX
RPC-DCOM
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
27. An adapter that provides the physical connection to send and receive data between the computer and the network media.
Third Party
Back orifice
network interface card (NIC)
Fiber Distributed Data Interface (FDDI)
28. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Simple Network Management Protocol (SNMP)
DNS enumeration
Trapdoor Function
infrastructure mode
29. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
reverse lookup; reverse DNS lookup
Internal access to the network
hardware keystroke logger
MAC filtering
30. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
pattern matching
Due Care
symmetric algorithm
NetBus
31. The exploitation of a security vulnerability
security breach or security incident
Fast Ethernet
parameter tampering
Information Technology Security Evaluation Criteria (ITSEC)
32. A protocol for exchanging packets over a serial line.
Fraud and related activity in connection with computers
intrusion prevention system (IPS)
Asymmetric Algorithm
Serial Line Internet Protocol (SLIP)
33. An Internet routing protocol used to exchange routing information within an autonomous system.
Written Authorization
Ciphertext
Wiretapping
Interior Gateway Protocol (IGP)
34. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Malware
pattern matching
Internal access to the network
risk acceptance
35. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
Information Technology (IT) asset criticality
Local Administrator
802.11 i
sniffer
36. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all
File Allocation Table (FAT)
False Acceptance Rate (FAR)
Defense in Depth
Routing Information Protocol (RIP)
37. An attack that exploits the common mistake many people make when installing operating systems
Internet service provider (ISP)
operating system attack
red team
routed protocol
38. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
Password Authentication Protocol (PAP)
Application Layer
Interior Gateway Protocol (IGP)
Cloning
39. An attack that combines a brute-force attack with a dictionary attack.
Demilitarized Zone (DMZ)
Malicious code
Routing Information Protocol (RIP)
hybrid attack
40. TCP connect() scan
Bit Flipping
Telnet
-sT
parallel scan & 300 sec timeout & 1.25 sec/probe
41. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
Internet Protocol (IP)
false rejection rate (FRR)
hot site
Interior Gateway Protocol (IGP)
42. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
remote procedure call (RPC)
-sA
Challenge Handshake Authentication Protocol (CHAP)
Authentication Header (AH)
43. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
port redirection
Data Link layer
Network Address Translation (NAT)
personal identification number (PIN)
44. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
Secure Multipurpose Mail Extension (S/MIME)
footprinting
POST
hashing algorithm
45. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Media Access Control (MAC)
Tunneling
Wide Area Network (WAN)
Boot Sector Virus
46. Monitoring of telephone or Internet conversations - typically by covert means.
risk
Wiretapping
security kernel
-sF
47. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
parameter tampering
EDGAR database
Computer Emergency Response Team (CERT)
Zone transfer
48. Black hat
Hacks without permission
risk transference
queue
replay attack
49. The Security Accounts Manager file in Windows stores all the password hashes for the system.
SAM
War Driving
Data Link layer
Wi-Fi Protected Access (WPA)
50. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Extensible Authentication Protocol (EAP)
End User Licensing Agreement (EULA)
-sL
Defines legal email marketing