SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The transmission of digital signals without precise clocking or synchronization.
Worm
hardware keystroke logger
asynchronous transmission
Threat
2. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
Transport Layer Security (TLS)
Demilitarized Zone (DMZ)
SID
Wide Area Network (WAN)
3. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
SID
intrusion detection system (IDS)
limitation of liability and remedies
protocol
4. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Internet Protocol Security (IPSec) architecture
Detective Controls
Service Set Identifier (SSID)
Asymmetric Algorithm
5. A small Trojan program that listens on port 777.
Tini
Audit Trail
Bastion host
private key
6. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.
spam
Collision
security breach or security incident
penetration testing
7. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
NOP
Certificate
802.11
Assessment
8. 18 U.S.C. 1029
Administratively Prohibited
Possession of access devices
Defines legal email marketing
hybrid attack
9. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
-p <port ranges>
intrusion detection system (IDS)
gap analysis
Internet Protocol Security (IPSec) architecture
10. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Zero Subnet
HTTP tunneling
Vulnerability Management
fully qualified domain name (FQDN)
11. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
security bulletins
gray hat
Level III assessment
fully qualified domain name (FQDN)
12. A defined measure of service within a network system
Presentation layer
Covert Channel
quality of service (QoS)
serial scan & 300 sec wait
13. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
Ethical Hacker
Kerberos
POST
Level I assessment
14. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
-sX
ad hoc mode
Algorithm
patch
15. The software product or system that is the subject of an evaluation.
Secure Multipurpose Mail Extension (S/MIME)
Target Of Engagement (TOE)
Hierarchical File System (HFS)
Kerberos
16. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Target Of Engagement (TOE)
penetration testing
packet filtering
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
17. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
signature scanning
Community String
HIDS
The automated process of proactively identifying vulnerabilities of computing systems present in a network
18. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
POST
Active Fingerprinting
Routing Protocol
NOP
19. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
heuristic scanning
Redundant Array of Independent Disks (RAID)
Hypertext Transfer Protocol (HTTP)
hash
20. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Information Technology Security Evaluation Criteria (ITSEC)
sheepdip
Minimum acceptable level of risk
Bluejacking
21. A data encryption/decryption program often used for e-mail and file storage.
session hijacking
Pretty Good Privacy (PGP)
International Organization for Standardization (ISO)
hardware keystroke logger
22. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
Domain Name System (DNS) lookup
-sT
Cold Site
Cloning
23. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
Tunneling
security by obscurity
Time exceeded
Authentication Header (AH)
24. An informed decision to accept the potential for damage to or loss of an IT asset.
steganography
Dumpster Diving
risk acceptance
MAC filtering
25. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Access Creep
limitation of liability and remedies
Black Box Testing
network tap
26. A portion of memory used to temporarily store output or input data.
Hierarchical File System (HFS)
smart card
footprinting
Buffer
27. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
Distributed DoS (DDoS)
Discretionary Access Control (DAC)
security bulletins
quantitative risk assessment
28. A software or hardware application or device that captures user keystrokes.
XOR Operation
War Driving
polymorphic virus
keylogger
29. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
Defense in Depth
Master boot record infector
firewall
false rejection rate (FRR)
30. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
audit
Black Box Testing
NetBus
gray hat
31. Two or more LANs connected by a high-speed line across a large geographical area.
Syslog
International Organization for Standardization (ISO)
Wide Area Network (WAN)
White Box Testing
32. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
Domain Name System (DNS)
White Box Testing
Institute of Electrical and Electronics Engineers (IEEE)
Hacks without permission
33. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
risk assessment
-sS
Lightweight Directory Access Protocol (LDAP)
Time To Live (TTL)
34. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
Acceptable Use Policy (AUP)
Zombie
RID Resource identifier
initial sequence number (ISN)
35. A group of experts that handles computer security incidents.
End User Licensing Agreement (EULA)
Wiretapping
security incident response team (SIRT)
hot site
36. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
shoulder surfing
Eavesdropping
reconnaissance
802.11 i
37. Vulnerability Scanning
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Target Of Engagement (TOE)
penetration testing
hardware keystroke logger
38. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
Multipartite virus
Algorithm
spoofing
pattern matching
39. nmap all output
Level III assessment
forwarding
-oA
fragmentation
40. Nmap normal output
Vulnerability
hardware keystroke logger
-oN
Transport Layer Security (TLS)
41. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
forwarding
Cold Site
Cracker
Macro virus
42. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
Vulnerability Management
Annualized Loss Expectancy (ALE)
Copyright
Web Spider
43. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
HTTP tunneling
halo effect
network tap
Hypertext Transfer Protocol Secure (HTTPS)
44. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a
-sA
Data Link layer
Trusted Computer System Evaluation Criteria (TCSEC)
Demilitarized Zone (DMZ)
45. The exploitation of a security vulnerability
security breach or security incident
Cryptographic Key
Defines legal email marketing
shrink-wrap code attacks
46. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Application Layer
reverse social engineering
War Driving
-sW
47. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
Zero Subnet
Crossover Error Rate (CER)
Asymmetric Algorithm
Anonymizer
48. Formal description and evaluation of the vulnerabilities in an information system
hashing algorithm
ISO 17799
Vulnerability Assessment
Computer-Based Attack
49. A wireless networking mode where all clients connect to the wireless network through a central access point.
infrastructure mode
Collision Domain
Target Of Engagement (TOE)
TACACS
50. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
security controls
Electronic serial number
Back orifice
audit
