SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The condition of a resource being ready for use and accessible by authorized users.
-PS
security kernel
Availability
NetBus
2. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Trusted Computer System Evaluation Criteria (TCSEC)
Internet Protocol (IP)
Bit Flipping
-sI
3. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
risk acceptance
Virtual Private Network (VPN)
Bluetooth
Address Resolution Protocol (ARP) table
4. Polymorphic Virus
Daisy Chaining
Information Technology (IT) asset criticality
gray hat
self encrypting
5. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
hot site
Digital Signature
Challenge Handshake Authentication Protocol (CHAP)
Back orifice
6. Network Scanning
SAM
Zero Subnet
Last In First Out (LIFO)
A procedure for identifying active hosts on a network.
7. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
shoulder surfing
Routing Protocol
Information Technology Security Evaluation Criteria (ITSEC)
routed protocol
8. The concept of having more than one person required to complete a task
Time Bomb
Ethical Hacker
separation of duties
Information Technology (IT) asset valuation
9. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
Archive
TACACS
Multipartite virus
Detective Controls
10. A method of external testing whereby several systems or resources are used together to effect an attack.
Fiber Distributed Data Interface (FDDI)
-sS
Daisy Chaining
File Allocation Table (FAT)
11. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
Vulnerability Assessment
Fraud and related activity in connection with computers
Hacks without permission
shrink-wrap code attacks
12. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Wiretapping
War Driving
signature scanning
false rejection rate (FRR)
13. A person or entity indirectly involved in a relationship between two principles.
Third Party
False Acceptance Rate (FAR)
Certificate
R
14. Xmas Tree scan
Due Diligence
-sX
Internal access to the network
Access Control List (ACL)
15. Directory Transversal
Finding a directory listing and gaining access to a parent or root file for access to other files
CNAME record
HTTP
audit
16. The combination of all IT assets - resources - components - and systems.
Information Technology (IT) infrastructure
Application-Level Attacks
NetBSD
Buffer
17. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
polymorphic virus
Virus Hoax
Wi-Fi Protected Access (WPA)
net use \[target ip]IPC$ '' /user:''
18. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
stream cipher
remote procedure call (RPC)
red team
risk
19. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
CAM table
Bluesnarfing
Fiber Distributed Data Interface (FDDI)
Virus
20. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
Virus
intranet
Authentication - Authorization - and Accounting (AAA)
risk transference
21. RPC Scan
sheepdip
network tap
-sR
Daisy Chaining
22. Port 80/81/8080
-PT
Filter
sniffer
HTTP
23. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Internet Control Message Protocol (ICMP)
network interface card (NIC)
SID
Lightweight Directory Access Protocol (LDAP)
24. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
network access server
Buffer Overflow
piggybacking
stateful packet filtering
25. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Address Resolution Protocol (ARP) table
Detective Controls
keylogger
remote procedure call (RPC)
26. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
encapsulation
Man-in-the-middle attack
Collision Domain
Level III assessment
27. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
Fast Ethernet
Exploit
Three-Way (TCP) Handshake
Man-in-the-middle attack
28. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
Post Office Protocol 3 (POP3)
A S
Hypertext Transfer Protocol (HTTP)
routed protocol
29. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
serial scan & 300 sec wait
Cloning
Interior Gateway Protocol (IGP)
Level III assessment
30. Polite scan timing
Pretty Good Privacy (PGP)
serialize scans & 0.4 sec wait
separation of duties
Authentication - Authorization - and Accounting (AAA)
31. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Authentication - Authorization - and Accounting (AAA)
risk assessment
Trusted Computer Base (TCB)
Asymmetric
32. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
rule-based access control
role-based access control
site survey
Trusted Computer Base (TCB)
33. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Last In First Out (LIFO)
Virtual Local Area Network (VLAN)
Finding a directory listing and gaining access to a parent or root file for access to other files
Information Technology (IT) asset criticality
34. A social-engineering attack using computer resources - such as e-mail or IRC.
Finding a directory listing and gaining access to a parent or root file for access to other files
security controls
Level III assessment
Computer-Based Attack
35. The level of importance assigned to an IT asset
Replacing numbers in a url to access other files
node
HTTP
Information Technology (IT) asset criticality
36. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).
Information Technology (IT) infrastructure
security incident response team (SIRT)
hash
port scanning
37. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
Cold Site
SYN attack
EDGAR database
Due Diligence
38. CAN-SPAM
piggybacking
Defines legal email marketing
Brute-Force Password Attack
session hijacking
39. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Cracker
Open System Interconnection (OSI) Reference Model
rootkit
security defect
40. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
SID
security defect
Transmission Control Protocol (TCP)
Network Address Translation (NAT)
41. Monitoring of telephone or Internet conversations - typically by covert means.
Archive
script kiddie
Wiretapping
Due Diligence
42. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Digital Signature
Daisy Chaining
security bulletins
Network Address Translation (NAT)
43. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Point-to-Point Tunneling Protocol (PPTP)
Domain Name System (DNS)
Exposure Factor
Asymmetric
44. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
Vulnerability Management
Possession of access devices
Time Bomb
parallel scan
45. Recording the time - normally in a log file - when an event happens or when information is created or modified.
private key
intrusion prevention system (IPS)
Internet Assigned Number Authority (IANA)
Timestamping
46. Wrapper or Binder
Blowfish
MAC filtering
Real application encompassing Trojan
SAM
47. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
Vulnerability Scanning
serialize scans & 0.4 sec wait
Web Spider
Vulnerability
48. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
honeynet
Tunneling Virus
Bug
RID Resource identifier
49. Hex 14
A R
Exploit
Asymmetric
Level III assessment
50. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Level II assessment
Antivirus (AV) software
sheepdip
-sI