SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
smart card
encryption
integrity
Confidentiality
2. ACK Scan
Virus Hoax
Detective Controls
Macro virus
-sA
3. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
site survey
reverse lookup; reverse DNS lookup
Routing Protocol
Virus Hoax
4. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
MD5
Corrective Controls
port redirection
overt channel
5. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
CNAME record
RID Resource identifier
Media Access Control (MAC)
operating system attack
6. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
Information Technology (IT) infrastructure
Mantrap
Kerberos
Countermeasures
7. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption
Telnet
Vulnerability Management
Algorithm
asynchronous transmission
8. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Google hacking
Confidentiality
Port Address Translation (PAT)
Level I assessment
9. Cracking Tools
port redirection
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
network tap
Archive
10. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Wireless Local Area Network (WLAN)
Kerberos
ECHO reply
Virtual Private Network (VPN)
11. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
integrity
Level III assessment
-sO
Whois
12. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
false rejection rate (FRR)
non-repudiation
script kiddie
Post Office Protocol 3 (POP3)
13. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Authentication - Authorization - and Accounting (AAA)
intrusion detection system (IDS)
spoofing
Console Port
14. A method of external testing whereby several systems or resources are used together to effect an attack.
NetBSD
Virus Hoax
Daisy Chaining
Temporal Key Integrity Protocol (TKIP)
15. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
quantitative risk assessment
-sV
Dumpster Diving
POST
16. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
single loss expectancy (SLE)
Auditing
Digital Watermarking
White Box Testing
17. nmap all output
User Datagram Protocol (UDP)
EDGAR database
-oA
Address Resolution Protocol (ARP)
18. The process of recording activity on a system for monitoring and later review.
Buffer
risk transference
Auditing
network access server
19. ICMP Ping
-PI
iris scanner
Acceptable Use Policy (AUP)
Threat
20. NSA
National Security Agency
Trapdoor Function
-PT
Service Set Identifier (SSID)
21. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
404EE
session splicing
SYN attack
Copyright
22. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all
Interior Gateway Protocol (IGP)
Routing Information Protocol (RIP)
Dumpster Diving
Anonymizer
23. ICMP Timestamp
Videocipher II Satellite Encryption System
-PP
War Dialing
RPC-DCOM
24. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
security bulletins
security controls
Tunneling Virus
Self Replicating
25. Incremental Substitution
White Box Testing
Replacing numbers in a url to access other files
Biometrics
pattern matching
26. The act of dialing all numbers within an organization to discover open modems.
Time To Live (TTL)
Finger
War Dialing
qualitative analysis
27. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
ping sweep
CAM table
logic bomb
queue
28. A host designed to collect data on suspicious activity.
Authentication Header (AH)
MD5
INFOSEC Assessment Methodology (IAM)
honeypot
29. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
asynchronous transmission
security kernel
Countermeasures
Digital Signature
30. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
Availability
Secure Sockets Layer (SSL)
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
-PS
31. Hex 12
personal identification number (PIN)
Point-to-Point Protocol (PPP)
A S
Database
32. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
Cloning
Address Resolution Protocol (ARP)
parameter tampering
EDGAR database
33. Paranoid scan timing
steganography
serial scan & 300 sec wait
Acceptable Use Policy (AUP)
security bulletins
34. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
shrink-wrap code attacks
personal identification number (PIN)
Methodology
Antivirus (AV) software
35. A computer file system architecture used in Windows - OS/2 - and most memory cards.
-sV
End User Licensing Agreement (EULA)
Zenmap
File Allocation Table (FAT)
36. The default network authentication suite of protocols for Windows NT 4.0
Point-to-Point Protocol (PPP)
Internal access to the network
Cryptographic Key
NT LAN Manager (NTLM)
37. A protocol used to pass control and error messages between nodes on the Internet.
honeypot
A R
-b
Internet Control Message Protocol (ICMP)
38. A computer network confined to a relatively small area - such as a single building or campus.
Discretionary Access Control (DAC)
local area network (LAN)
OpenBSD
Simple Mail Transfer Protocol (SMTP)
39. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
Google hacking
Event
Tumbling
Sign in Seal
40. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
-P0
Lightweight Directory Access Protocol (LDAP)
Brute-Force Password Attack
public key infrastructure (PKI)
41. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Smurf attack
Man-in-the-middle attack
SAM
ECHO reply
42. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Hypertext Transfer Protocol (HTTP)
quantitative risk assessment
-sP
Ethernet
43. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Copyright
CNAME record
Warm Site
Contingency Plan
44. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Wi-Fi
Domain Name System (DNS) lookup
open source
Worm
45. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
router
promiscuous mode
Back orifice
Domain Name System (DNS) lookup
46. Controls to detect anomalies or undesirable events occurring on a system.
Detective Controls
Adware
Electronic Code Book (ECB)
Cryptographic Key
47. Port 135
security by obscurity
network interface card (NIC)
suicide hacker
RPC-DCOM
48. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Hypertext Transfer Protocol (HTTP)
Temporal Key Integrity Protocol (TKIP)
Pretty Good Privacy (PGP)
Trusted Computer System Evaluation Criteria (TCSEC)
49. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
Destination Unreachable
intranet
Black Hat
script kiddie
50. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.
single loss expectancy (SLE)
Decryption
Fast Ethernet
Macro virus