SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
Electronic Code Book (ECB)
ping sweep
SSH
HTTP tunneling
2. A protocol that allows a client computer to request services from a server and the server to return the results.
encapsulation
remote procedure call (RPC)
passive attack
Routing Protocol
3. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
A procedure for identifying active hosts on a network.
steganography
Cache
Packet Internet Groper (ping)
4. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
network operations center (NOC)
signature scanning
social engineering
Wireless Local Area Network (WLAN)
5. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Worm
Cryptography
Smurf attack
packet filtering
6. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Acknowledgment (ACK)
risk avoidance
Bluetooth
Console Port
7. A storage buffer that transparently stores data so future requests for the same data can be served faster.
War Dialing
Buffer
Banner Grabbing
Cache
8. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Password Authentication Protocol (PAP)
Zombie
red team
Man-in-the-middle attack
9. A record showing which user has accessed a given resource and what operations the user performed during a given period.
replay attack
suicide hacker
Trapdoor Function
Audit Trail
10. A virus written in a macro language and usually embedded in document or spreadsheet files.
INFOSEC Assessment Methodology (IAM)
Macro virus
Local Administrator
S
11. Black hat
Hacks without permission
shrink-wrap code attacks
Interior Gateway Protocol (IGP)
Virus
12. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.
POST
payload
Collision
RID Resource identifier
13. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
Transport Layer Security (TLS)
Wi-Fi Protected Access (WPA)
Community String
War Chalking
14. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
Internet Protocol (IP)
Acceptable Use Policy (AUP)
spam
security defect
15. Nmap ml output
-oX
promiscuous mode
EDGAR database
Virus
16. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
-oN
Ethical Hacker
personal identification number (PIN)
promiscuous mode
17. A point of reference used to mark an initial state in order to manage change.
Whois
Baseline
GET
Wireless Local Area Network (WLAN)
18. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Transmission Control Protocol (TCP)
-sO
Cold Site
Trojan Horse
19. A software or hardware defect that often results in system vulnerabilities.
End User Licensing Agreement (EULA)
Mandatory access control (MAC)
Bug
spyware
20. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
fragmentation
Demilitarized Zone (DMZ)
Three-Way (TCP) Handshake
A
21. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
reverse social engineering
smart card
Network Address Translation (NAT)
suicide hacker
22. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
MD5
hot site
Sign in Seal
A procedure for identifying active hosts on a network.
23. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
Active Directory (AD)
sheepdip
ping sweep
Address Resolution Protocol (ARP) table
24. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
risk assessment
-p <port ranges>
hardware keystroke logger
Digital Certificate
25. An informed decision to accept the potential for damage to or loss of an IT asset.
risk acceptance
Black Hat
fully qualified domain name (FQDN)
security breach or security incident
26. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
War Chalking
Event
integrity
War Driving
27. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
segment
rootkit
Hypertext Transfer Protocol (HTTP)
network access server
28. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
personal identification number (PIN)
social engineering
risk transference
Ethical Hacker
29. Port 110
POP 3
Countermeasures
Challenge Handshake Authentication Protocol (CHAP)
Computer-Based Attack
30. Hex 04
Black Box Testing
HTTP
payload
R
31. Hex 29
Collision
-P0
U P F
net use \[target ip]IPC$ '' /user:''
32. Port 88
HTTP tunneling
Electronic Code Book (ECB)
steganography
Kerberos
33. Any item of value or worth to an organization - whether physical or virtual.
Virus
Black Box Testing
Asset
Level I assessment
34. A device on a network.
public key infrastructure (PKI)
node
Wi-Fi Protected Access (WPA)
Authentication
35. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
private key
Copyright
non-repudiation
Annualized Loss Expectancy (ALE)
36. RPC Scan
Local Administrator
-sR
DNS enumeration
Computer-Based Attack
37. The potential for damage to or loss of an IT asset
Trusted Computer Base (TCB)
private network address
Cache
risk
38. Hex 14
Application-Level Attacks
User Datagram Protocol (UDP)
A R
Cold Site
39. List Scan
-sL
File Allocation Table (FAT)
self encrypting
Black Hat
40. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Wired Equivalent Privacy (WEP)
key exchange protocol
Application Layer
Secure Multipurpose Mail Extension (S/MIME)
41. A computer process that requests a service from another computer and accepts the server's responses.
U P F
Service Set Identifier (SSID)
Client
network tap
42. The lack of clocking (imposed time ordering) on a bit stream.
public key infrastructure (PKI)
Asynchronous
limitation of liability and remedies
intrusion prevention system (IPS)
43. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
-PM
ISO 17799
RPC-DCOM
physical security
44. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
User Datagram Protocol (UDP)
keylogger
Ciphertext
CAM table
45. nmap
network tap
-sX
-p <port ranges>
shoulder surfing
46. A string that represents the location of a web resource
scope creep
Extensible Authentication Protocol (EAP)
Bluetooth
Uniform Resource Locator (URL)
47. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
802.11
XOR Operation
Secure Multipurpose Mail Extension (S/MIME)
Access Control List (ACL)
48. Name given to expert groups that handle computer security incidents.
Computer Emergency Response Team (CERT)
Three-Way (TCP) Handshake
private network address
parallel scan & 300 sec timeout & 1.25 sec/probe
49. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Tumbling
Asset
End User Licensing Agreement (EULA)
Backdoor
50. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
intrusion prevention system (IPS)
port redirection
False Acceptance Rate (FAR)
Virtual Private Network (VPN)