SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
logic bomb
personal identification number (PIN)
Information Technology Security Evaluation Criteria (ITSEC)
-P0
2. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Secure Sockets Layer (SSL)
Brute-Force Password Attack
Port Address Translation (PAT)
End User Licensing Agreement (EULA)
3. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
Copyright
Kerberos
enumeration
-oN
4. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
human-based social engineering
Trapdoor Function
Information Technology (IT) asset valuation
spoofing
5. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
Wrapper
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Trapdoor Function
initial sequence number (ISN)
6. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
FTP
Digital Certificate
Cold Site
Data Link layer
7. A file system used by the Mac OS.
Wi-Fi
Internal access to the network
single loss expectancy (SLE)
Hierarchical File System (HFS)
8. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
queue
intranet
Anonymizer
operating system attack
9. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
Hypertext Transfer Protocol Secure (HTTPS)
promiscuous mode
-PS
iris scanner
10. The default network authentication suite of protocols for Windows NT 4.0
sniffer
Ethical Hacker
NT LAN Manager (NTLM)
EDGAR database
11. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
Dumpster Diving
network interface card (NIC)
packet
false negative
12. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
Internet Protocol (IP)
sidejacking
remote procedure call (RPC)
iris scanner
13. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Hacks with permission
Bastion host
Zero Subnet
Warm Site
14. An informed decision to accept the potential for damage to or loss of an IT asset.
Hypertext Transfer Protocol (HTTP)
Network Address Translation (NAT)
risk acceptance
hybrid attack
15. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
forwarding
Zombie
Presentation layer
Administratively Prohibited
16. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
symmetric algorithm
Ethernet
MD5
Institute of Electrical and Electronics Engineers (IEEE)
17. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
Cache
firewall
Kerberos
Certificate Authority (CA)
18. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Open System Interconnection (OSI) Reference Model
Man-in-the-middle attack
802.11
Corrective Controls
19. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Asymmetric Algorithm
Bluetooth
Anonymizer
rogue access point
20. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
Written Authorization
Bluesnarfing
802.11
A R
21. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
-PB
hash
service level agreements (SLAs)
Trojan Horse
22. SYN Ping
Wiretapping
-PS
Bluetooth
queue
23. Port 53
separation of duties
DNS
CIA triangle
polymorphic virus
24. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Authorization
Bluesnarfing
-sT
parallel scan
25. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Due Diligence
Authentication - Authorization - and Accounting (AAA)
-sR
International Organization for Standardization (ISO)
26. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
Auditing
EDGAR database
symmetric encryption
audit
27. A virus that plants itself in a system's boot sector and infects the master boot record.
Boot Sector Virus
-oN
Collision Domain
gray hat
28. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Ethical Hacker
Hacks without permission
Secure Multipurpose Mail Extension (S/MIME)
Syslog
29. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
false rejection rate (FRR)
MAC filtering
NetBSD
impersonation
30. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
private network address
Exploit
Unicode
TACACS
31. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Cryptography
-b
halo effect
impersonation
32. Insane scan timing
Trojan Horse
parallel scan & 75 sec timeout & 0.3 sec/probe
Zenmap
Mandatory access control (MAC)
33. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
gray hat
Web Spider
public key
private network address
34. Using conversation or some other interaction between people to gather useful information.
Secure Multipurpose Mail Extension (S/MIME)
Data Encryption Standard (DES)
Asset
human-based social engineering
35. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Zero Subnet
Transmission Control Protocol (TCP)
private key
Vulnerability
36. Port 88
Data Link layer
ECHO reply
RxBoot
Kerberos
37. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
Client
suicide hacker
Three-Way (TCP) Handshake
False Acceptance Rate (FAR)
38. The process of recording activity on a system for monitoring and later review.
Buffer
Auditing
Application Layer
Dumpster Diving
39. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Data Encryption Standard (DES)
LDAP
Multipartite virus
802.11 i
40. Microsoft SID 500
impersonation
Asymmetric Algorithm
Bluesnarfing
Local Administrator
41. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).
Level III assessment
Collision Domain
File Allocation Table (FAT)
port scanning
42. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.
RID Resource identifier
Echo Reply
fragmentation
Collision
43. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
false rejection rate (FRR)
red team
Asynchronous
identity theft
44. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Data Link layer
Asymmetric Algorithm
Bluesnarfing
Hypertext Transfer Protocol (HTTP)
45. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Packet Internet Groper (ping)
Exploit
Black Box Testing
gray hat
46. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Hypertext Transfer Protocol (HTTP)
Man-in-the-middle attack
GET
Bit Flipping
47. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
stream cipher
-PT
security by obscurity
War Dialing
48. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Common Internet File System/Server Message Block
Echo request
Malware
Authorization
49. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
shrink-wrap code attacks
single loss expectancy (SLE)
War Driving
Password Authentication Protocol (PAP)
50. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Threat
ISO 17799
security bulletins
Fast Ethernet