SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software or hardware application or device that captures user keystrokes.
Internet Assigned Number Authority (IANA)
local area network (LAN)
keylogger
encryption
2. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Multipartite virus
Adware
RPC-DCOM
Level III assessment
3. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
Cold Site
Anonymizer
False Acceptance Rate (FAR)
Bluetooth
4. ex 02
S
Mantrap
Information Technology (IT) infrastructure
Cracker
5. Phases of an attack
shrink-wrap code attacks
Accountability
NOP
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
6. An Application layer protocol for managing devices on an IP network.
POP 3
End User Licensing Agreement (EULA)
Simple Network Management Protocol (SNMP)
-b
7. Port 389
LDAP
security kernel
asynchronous transmission
human-based social engineering
8. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
sniffer
self encrypting
Crossover Error Rate (CER)
RID Resource identifier
9. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
Wired Equivalent Privacy (WEP)
Local Administrator
Post Office Protocol 3 (POP3)
Password Authentication Protocol (PAP)
10. A string that represents the location of a web resource
HIDS
POP 3
Uniform Resource Locator (URL)
Vulnerability
11. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
steganography
Internet Assigned Number Authority (IANA)
Point-to-Point Tunneling Protocol (PPTP)
802.11 i
12. The concept of having more than one person required to complete a task
ISO 17799
separation of duties
-sT
Virtual Private Network (VPN)
13. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.
NetBus
Mantrap
service level agreements (SLAs)
Decryption
14. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
scope creep
Tumbling
Simple Network Management Protocol (SNMP)
SID
15. MAC Flooding
Buffer
Overwhelm CAM table to convert switch to hub mode
Cold Site
Cryptographic Key
16. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
INFOSEC Assessment Methodology (IAM)
role-based access control
Mandatory access control (MAC)
17. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
secure channel
spyware
logic bomb
Network Address Translation (NAT)
18. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
segment
-PI
Simple Object Access Protocol (SOAP)
Written Authorization
19. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
session hijacking
War Chalking
-sX
-p <port ranges>
20. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
rule-based access control
Crossover Error Rate (CER)
remote access
social engineering
21. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
Filter
Algorithm
SYN attack
initial sequence number (ISN)
22. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
Third Party
Audit Data
firewalking
footprinting
23. Network Scanning
A procedure for identifying active hosts on a network.
Web Spider
Administratively Prohibited
Directory Traversal
24. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
Vulnerability Scanning
Transport Layer Security (TLS)
S
Console Port
25. The act of dialing all numbers within an organization to discover open modems.
Active Attack
Transport Layer Security (TLS)
Time Bomb
War Dialing
26. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
--randomize_hosts -O OS fingerprinting
impersonation
replay attack
secure channel
27. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
No previous knowledge of the network
Media Access Control (MAC)
Black Box Testing
Multipartite virus
28. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Syslog
Address Resolution Protocol (ARP) table
hacktivism
Asymmetric
29. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
Man-in-the-middle attack
Denial of Service (DoS)
stream cipher
-sO
30. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
out-of-band signaling
private key
-sA
Trapdoor Function
31. Another term for firewalking
Authorization
port knocking
SAM
Sign in Seal
32. The exploitation of a security vulnerability
EDGAR database
security breach or security incident
Information Technology (IT) asset criticality
Audit Data
33. Nmap normal output
Information Technology (IT) security architecture and framework
hash
serial scan & 300 sec wait
-oN
34. An attack that exploits the common mistake many people make when installing operating systems
Kerberos
out-of-band signaling
operating system attack
Simple Mail Transfer Protocol (SMTP)
35. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Network Basic Input/Output System (NetBIOS)
quantitative risk assessment
Cryptography
Access Creep
36. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
node
enumeration
Three-Way (TCP) Handshake
router
37. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Daemon
risk acceptance
Open System Interconnection (OSI) Reference Model
Secure Multipurpose Mail Extension (S/MIME)
38. A routing protocol developed to be used within a single organization.
Interior Gateway Protocol (IGP)
hot site
initial sequence number (ISN)
EDGAR database
39. Port 22
SSH
Address Resolution Protocol (ARP)
Time exceeded
Denial of Service (DoS)
40. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
Mantrap
local area network (LAN)
802.11
footprinting
41. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
FreeBSD
Bit Flipping
hot site
Exposure Factor
42. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Corrective Controls
Point-to-Point Protocol (PPP)
Bastion host
audit
43. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.
Bluejacking
source routing
Destination Unreachable
network tap
44. TCP connect() scan
-sT
Malware
parallel scan
Active Fingerprinting
45. The software product or system that is the subject of an evaluation.
symmetric encryption
Virtual Local Area Network (VLAN)
Target Of Engagement (TOE)
Asymmetric
46. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Challenge Handshake Authentication Protocol (CHAP)
penetration testing
Trusted Computer Base (TCB)
Bug
47. A storage buffer that transparently stores data so future requests for the same data can be served faster.
remote access
scope creep
Active Fingerprinting
Cache
48. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Challenge Handshake Authentication Protocol (CHAP)
Tunneling Virus
Denial of Service (DoS)
Cloning
49. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
Community String
Audit Data
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
rule-based access control
50. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
-sT
404EE
risk assessment
honeynet