SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An adapter that provides the physical connection to send and receive data between the computer and the network media.
Unicode
Wi-Fi
network interface card (NIC)
Last In First Out (LIFO)
2. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Tumbling
open source
role-based access control
Time exceeded
3. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
Trapdoor Function
self encrypting
Level I assessment
Virtual Private Network (VPN)
4. Metamorphic Virus
Self Replicating
security defect
-sT
reconnaissance
5. Nmap grepable output
Information Technology (IT) infrastructure
Time To Live (TTL)
risk transference
-oG
6. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
fully qualified domain name (FQDN)
Certificate
Secure Multipurpose Mail Extension (S/MIME)
risk
7. The process of determining if a network entity (user or service) is legitimate
War Driving
null session
Authentication
Timestamping
8. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
packet filtering
shoulder surfing
ring topology
session hijacking
9. nmap all output
-sV
iris scanner
-oA
Network Basic Input/Output System (NetBIOS)
10. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
FreeBSD
-oA
gray box testing
personal identification number (PIN)
11. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
-sL
No previous knowledge of the network
Information Technology (IT) infrastructure
Virus
12. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Tunnel
Assessment
queue
Bluetooth
13. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Institute of Electrical and Electronics Engineers (IEEE)
Cracker
physical security
Zombie
14. An Application layer protocol for managing devices on an IP network.
Simple Network Management Protocol (SNMP)
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
open source
404EE
15. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
key exchange protocol
Possession of access devices
GET
overt channel
16. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Three-Way (TCP) Handshake
patch
Asynchronous
Collision
17. The combination of all IT assets - resources - components - and systems.
Challenge Handshake Authentication Protocol (CHAP)
POST
Information Technology (IT) infrastructure
Fast Ethernet
18. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Ciphertext
hacktivism
Vulnerability Management
-sA
19. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
serial scan & 300 sec wait
Active Fingerprinting
Temporal Key Integrity Protocol (TKIP)
Web Spider
20. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
audit
Redundant Array of Independent Disks (RAID)
security controls
U P F
21. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Trusted Computer Base (TCB)
stateful packet filtering
signature scanning
Wi-Fi Protected Access (WPA)
22. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
Block Cipher
SYN flood attack
Information Technology (IT) asset criticality
Denial of Service (DoS)
23. Paranoid scan timing
Zero Subnet
serial scan & 300 sec wait
Wide Area Network (WAN)
War Chalking
24. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Tunnel
Corrective Controls
Black Hat
Trusted Computer Base (TCB)
25. Injecting traffic into the network to identify the operating system of a device.
Active Fingerprinting
intrusion prevention system (IPS)
hybrid attack
scope creep
26. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Asset
Whois
802.11 i
TACACS
27. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Threat
War Driving
encapsulation
remote access
28. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
Console Port
Traceroute
Secure Sockets Layer (SSL)
SYN attack
29. A protocol used to pass control and error messages between nodes on the Internet.
File Allocation Table (FAT)
Mandatory access control (MAC)
Internet Control Message Protocol (ICMP)
Information Technology Security Evaluation Criteria (ITSEC)
30. A type of encryption where the same key is used to encrypt and decrypt the message.
Finding a directory listing and gaining access to a parent or root file for access to other files
Malicious code
symmetric encryption
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
31. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
HTTP tunneling
shoulder surfing
quantitative risk assessment
symmetric encryption
32. MAC Flooding
Overwhelm CAM table to convert switch to hub mode
XOR Operation
hardware keystroke logger
service level agreements (SLAs)
33. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Network Address Translation (NAT)
Timestamping
International Organization for Standardization (ISO)
parameter tampering
34. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
Bit Flipping
International Organization for Standardization (ISO)
Transport Layer Security (TLS)
Access Point (AP)
35. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Third Party
remote procedure call (RPC)
Timestamping
Buffer Overflow
36. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Copyright
limitation of liability and remedies
ring topology
Boot Sector Virus
37. Ping Scan
Computer Emergency Response Team (CERT)
-sP
SAM
XOR Operation
38. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
firewalking
Address Resolution Protocol (ARP)
sidejacking
role-based access control
39. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
scope creep
intrusion prevention system (IPS)
-PI
keylogger
40. A portion of memory used to temporarily store output or input data.
Buffer
Cookie
Auditing
-PI
41. An attack that exploits the common mistake many people make when installing operating systems
operating system attack
Tunnel
Certificate Authority (CA)
service level agreements (SLAs)
42. ICMP Type/Code 11
Time exceeded
-PI
Hacks with permission
Exploit
43. Hashing algorithm that results in a 128-bit output.
NT LAN Manager (NTLM)
MD5
serial scan & 300 sec wait
risk assessment
44. Port 80/81/8080
Replacing numbers in a url to access other files
HTTP
network operations center (NOC)
404EE
45. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
Data Link layer
honeynet
-PP
intrusion detection system (IDS)
46. Computer software or hardware that can intercept and log traffic passing over a digital network.
Internet Control Message Protocol (ICMP)
personal identification number (PIN)
A R
sniffer
47. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Crossover Error Rate (CER)
Wide Area Network (WAN)
-P0
Virus Hoax
48. The process of embedding information into a digital signal in a way that makes it difficult to remove.
security by obscurity
Digital Watermarking
Zero Subnet
router
49. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Certificate
sheepdip
Wi-Fi Protected Access (WPA)
Cryptography
50. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Bit Flipping
signature scanning
firewall
-oX
