SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer process that requests a service from another computer and accepts the server's responses.
Client
Media Access Control (MAC)
suicide hacker
Malware
2. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
Asynchronous
NOP
-sF
File Transfer Protocol (FTP)
3. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
Post Office Protocol 3 (POP3)
security incident response team (SIRT)
Domain Name System (DNS)
Certificate Authority (CA)
4. A social-engineering attack that manipulates the victim into calling the attacker for help.
-sU
hardware keystroke logger
reverse social engineering
out-of-band signaling
5. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
National Security Agency
Anonymizer
protocol
suicide hacker
6. A device on a network.
router
Authentication
node
port scanning
7. nmap
social engineering
The automated process of proactively identifying vulnerabilities of computing systems present in a network
firewall
-p <port ranges>
8. NSA
Trusted Computer System Evaluation Criteria (TCSEC)
Backdoor
Baseline
National Security Agency
9. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
Cracker
sniffer
Corrective Controls
Warm Site
10. The lack of clocking (imposed time ordering) on a bit stream.
Password Authentication Protocol (PAP)
port knocking
Asynchronous
Black Box Testing
11. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
service level agreements (SLAs)
public key
Covert Channel
Wi-Fi
12. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
RID Resource identifier
Cold Site
firewall
Trusted Computer System Evaluation Criteria (TCSEC)
13. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
Tini
File Allocation Table (FAT)
heuristic scanning
Community String
14. ICMP Type/Code 3-13
False Acceptance Rate (FAR)
Administratively Prohibited
remote procedure call (RPC)
Droppers
15. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Timestamping
Confidentiality
Vulnerability Scanning
Kerberos
16. A communications protocol used for browsing the Internet.
Hypertext Transfer Protocol (HTTP)
Replacing numbers in a url to access other files
Mantrap
network operations center (NOC)
17. RPC Scan
hacktivism
hash
-sR
red team
18. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Cryptographic Key
U P F
Multipurpose Internet Mail Extensions (MIME)
Tunneling
19. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
Tunneling
reverse lookup; reverse DNS lookup
route
session hijacking
20. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
hash
Tunneling
encryption
Computer-Based Attack
21. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
Annualized Loss Expectancy (ALE)
-PI
Application-Level Attacks
Defense in Depth
22. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
payload
Computer Emergency Response Team (CERT)
secure channel
LDAP
23. UDP Scan
Unicode
Cryptography
Zero Subnet
-sU
24. Metamorphic Virus
port redirection
proxy server
Self Replicating
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
25. 18 U.S.C. 1029
fragmentation
Wrapper
Possession of access devices
sidejacking
26. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Point-to-Point Tunneling Protocol (PPTP)
CIA triangle
Demilitarized Zone (DMZ)
Unicode
27. A computer virus that infects and spreads in multiple ways.
Virtual Local Area Network (VLAN)
nslookup
Syslog
Multipartite virus
28. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
serialize scans & 15 sec wait
-sX
social engineering
Due Diligence
29. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
Zombie
Temporal Key Integrity Protocol (TKIP)
-oA
Challenge Handshake Authentication Protocol (CHAP)
30. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
initial sequence number (ISN)
phishing
FTP
Fiber Distributed Data Interface (FDDI)
31. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
limitation of liability and remedies
Electronic Code Book (ECB)
Decryption
White Box Testing
32. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
replay attack
Client
Trusted Computer Base (TCB)
Macro virus
33. A Canonical Name record within DNS - used to provide an alias for a domain name.
Certificate
XOR Operation
Tunnel
CNAME record
34. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
Domain Name
hot site
EDGAR database
Address Resolution Protocol (ARP)
35. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Threat
encryption
Point-to-Point Tunneling Protocol (PPTP)
Mandatory access control (MAC)
36. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
End User Licensing Agreement (EULA)
Certificate Authority (CA)
File Allocation Table (FAT)
Minimum acceptable level of risk
37. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
firewalking
proxy server
Web Spider
ISO 17799
38. ICMP Ping
rootkit
Data Link layer
Backdoor
-PI
39. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
-sF
security controls
Daisy Chaining
Virus
40. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
File Transfer Protocol (FTP)
-sW
Archive
Trapdoor Function
41. An informed decision to accept the potential for damage to or loss of an IT asset.
Wi-Fi Protected Access (WPA)
Administratively Prohibited
risk acceptance
network operations center (NOC)
42. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
Possession of access devices
DNS
-PS
Due Care
43. A software or hardware defect that often results in system vulnerabilities.
Wireless Local Area Network (WLAN)
Cold Site
Brute-Force Password Attack
Bug
44. The concept of having more than one person required to complete a task
POP 3
Buffer
Presentation layer
separation of duties
45. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
Multipartite virus
hash
ping sweep
protocol
46. A social-engineering attack using computer resources - such as e-mail or IRC.
Time Bomb
Computer-Based Attack
Information Technology Security Evaluation Criteria (ITSEC)
Audit Data
47. A documented process for a procedure designed to be consistent - repeatable - and accountable.
fragmentation
Methodology
node
smart card
48. The ability to trace actions performed on a system to a specific user or system entity.
Accountability
infrastructure mode
asynchronous transmission
Worm
49. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
session hijacking
Routing Information Protocol (RIP)
Back orifice
Adware
50. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
POST
queue
Tumbling
firewall