SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Lightweight Directory Access Protocol (LDAP)
piggybacking
Asset
R
2. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Finger
parameter tampering
Denial of Service (DoS)
hashing algorithm
3. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t
risk avoidance
Wi-Fi
port knocking
Brute-Force Password Attack
4. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
Digital Certificate
Daemon
risk avoidance
Wide Area Network (WAN)
5. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
Zone transfer
Information Technology (IT) asset criticality
End User Licensing Agreement (EULA)
false rejection rate (FRR)
6. TCP connect() scan
-sI
-sT
Bit Flipping
segment
7. Using conversation or some other interaction between people to gather useful information.
hacktivism
human-based social engineering
firewalking
White Box Testing
8. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
Corrective Controls
risk assessment
Tiger Team
SYN attack
9. Port 137/138/139
-oX
SMB
service level agreements (SLAs)
HTTP
10. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Port Address Translation (PAT)
keylogger
Banner Grabbing
Assessment
11. A communications protocol used for browsing the Internet.
security defect
Hypertext Transfer Protocol (HTTP)
net use \[target ip]IPC$ '' /user:''
-sO
12. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
NetBSD
replay attack
Interior Gateway Protocol (IGP)
Address Resolution Protocol (ARP) table
13. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
Telnet
network tap
TACACS
Unicode
14. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Availability
SID
Google hacking
POP 3
15. An informed decision to accept the potential for damage to or loss of an IT asset.
A
Internet Protocol (IP)
Application Layer
risk acceptance
16. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
Replacing numbers in a url to access other files
out-of-band signaling
Address Resolution Protocol (ARP) table
Videocipher II Satellite Encryption System
17. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
hashing algorithm
Request for Comments (RFC)
reverse social engineering
Baseline
18. A host designed to collect data on suspicious activity.
honeypot
risk
network tap
identity theft
19. Formal description and evaluation of the vulnerabilities in an information system
Wireless Local Area Network (WLAN)
Vulnerability Assessment
Internet Control Message Protocol (ICMP)
Cold Site
20. Phases of an attack
SAM
Threat
NOP
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
21. IP Protocol Scan
Finger
War Driving
-sO
Target Of Engagement (TOE)
22. nmap all output
gateway
Hierarchical File System (HFS)
-oA
DNS enumeration
23. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Institute of Electrical and Electronics Engineers (IEEE)
Virus Hoax
reconnaissance
spyware
24. The potential for damage to or loss of an IT asset
gateway
risk
Extensible Authentication Protocol (EAP)
honeypot
25. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
Droppers
single loss expectancy (SLE)
MAC filtering
Wi-Fi
26. The monetary value assigned to an IT asset.
sheepdip
Denial of Service (DoS)
Information Technology (IT) asset valuation
separation of duties
27. Describes practices in production and development that promote access to the end product's source materials.
limitation of liability and remedies
Extensible Authentication Protocol (EAP)
Level III assessment
open source
28. A person or entity indirectly involved in a relationship between two principles.
Routing Protocol
Trapdoor Function
Third Party
Ethical Hacker
29. Hashing algorithm that results in a 128-bit output.
penetration testing
MD5
Corrective Controls
Dumpster Diving
30. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
-PT
Daemon
public key infrastructure (PKI)
Community String
31. SYN Ping
SYN flood attack
Blowfish
Institute of Electrical and Electronics Engineers (IEEE)
-PS
32. The process of using easily accessible DNS records to map a target network's internal hosts.
DNS enumeration
Simple Mail Transfer Protocol (SMTP)
Secure Sockets Layer (SSL)
404EE
33. ACK Scan
POP 3
-sA
Time Bomb
Post Office Protocol 3 (POP3)
34. The ability to trace actions performed on a system to a specific user or system entity.
intrusion detection system (IDS)
NetBus
Accountability
security by obscurity
35. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Asymmetric
private network address
Media Access Control (MAC)
Common Internet File System/Server Message Block
36. ICMP Type/Code 3-13
War Dialing
rogue access point
Audit Trail
Administratively Prohibited
37. Directory Transversal
Finding a directory listing and gaining access to a parent or root file for access to other files
SOA record
Uniform Resource Locator (URL)
-sA
38. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Telnet
Denial of Service (DoS)
Ethernet
parameter tampering
39. Hex 29
U P F
halo effect
false negative
A R
40. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
Trusted Computer Base (TCB)
Cryptographic Key
Internet Protocol Security (IPSec) architecture
Virus Hoax
41. Aggressive scan timing
intranet
initial sequence number (ISN)
parallel scan & 300 sec timeout & 1.25 sec/probe
Virus
42. Port 161/162
-sW
Malicious code
CIA triangle
SNMP
43. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
Algorithm
SMB
footprinting
encryption
44. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Master boot record infector
out-of-band signaling
Data Link layer
45. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Bastion host
impersonation
Eavesdropping
ISO 17799
46. A protocol used for sending and receiving log information for nodes on a network.
Syslog
Domain Name System (DNS) lookup
Authorization
firewall
47. A protocol that allows a client computer to request services from a server and the server to return the results.
Level II assessment
U P F
remote procedure call (RPC)
security defect
48. A virus written in a macro language and usually embedded in document or spreadsheet files.
Macro virus
Worm
International Organization for Standardization (ISO)
Media Access Control (MAC)
49. The act of dialing all numbers within an organization to discover open modems.
halo effect
War Dialing
Black Hat
hash
50. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
key exchange protocol
Bluesnarfing
footprinting
RPC-DCOM
