SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCP connect() scan
script kiddie
-sT
single loss expectancy (SLE)
operating system attack
2. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
firewall
Authentication - Authorization - and Accounting (AAA)
Interior Gateway Protocol (IGP)
Multipurpose Internet Mail Extensions (MIME)
3. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Hierarchical File System (HFS)
Authentication - Authorization - and Accounting (AAA)
Vulnerability Management
Trusted Computer Base (TCB)
4. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
Zone transfer
Malicious code
Authentication
Access Point (AP)
5. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
piggybacking
Active Directory (AD)
-sW
Overwhelm CAM table to convert switch to hub mode
6. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
security kernel
Due Care
Certificate
-sI
7. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
security kernel
network operations center (NOC)
Cryptographic Key
Tini
8. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
operating system attack
INFOSEC Assessment Methodology (IAM)
quantitative risk assessment
Tunneling
9. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can
Common Internet File System/Server Message Block
route
Internet Protocol Security (IPSec) architecture
SID
10. The transmission of digital signals without precise clocking or synchronization.
-PT
Digital Signature
asynchronous transmission
Filter
11. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
Certificate Authority (CA)
Buffer
Bug
Buffer Overflow
12. RPC Scan
queue
Multipurpose Internet Mail Extensions (MIME)
shoulder surfing
-sR
13. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).
piggybacking
RxBoot
Rijndael
shoulder surfing
14. Nmap normal output
Vulnerability Scanning
script kiddie
-sI
-oN
15. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Routing Protocol
packet filtering
ad hoc mode
shoulder surfing
16. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Assessment
symmetric encryption
Presentation layer
Malware
17. A social-engineering attack using computer resources - such as e-mail or IRC.
Telnet
Computer-Based Attack
Data Link layer
Pretty Good Privacy (PGP)
18. ex 02
Trapdoor Function
session hijacking
S
Assessment
19. Hex 12
Black Box Testing
-PS
Asset
A S
20. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
NetBus
stream cipher
Collision Domain
Syslog
21. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
risk assessment
Web Spider
Extensible Authentication Protocol (EAP)
Internet Assigned Number Authority (IANA)
22. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
private network address
security breach or security incident
Bug
polymorphic virus
23. Access by information systems (or users) communicating from outside the information system security perimeter.
heuristic scanning
remote access
Discretionary Access Control (DAC)
Distributed DoS (DDoS)
24. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Competitive Intelligence
Level III assessment
smart card
Lightweight Directory Access Protocol (LDAP)
25. Normal scan timing
Network Address Translation (NAT)
hybrid attack
parallel scan
private key
26. Phases of an attack
integrity
Virus
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Computer-Based Attack
27. Name given to expert groups that handle computer security incidents.
Timestamping
Computer Emergency Response Team (CERT)
Digital Signature
key exchange protocol
28. A virus that plants itself in a system's boot sector and infects the master boot record.
-PT
Boot Sector Virus
Pretty Good Privacy (PGP)
Bluejacking
29. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
initial sequence number (ISN)
Ethical Hacker
site survey
Daisy Chaining
30. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Tumbling
MAC filtering
Wired Equivalent Privacy (WEP)
HTTP tunneling
31. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Methodology
Port Address Translation (PAT)
passive attack
Annualized Loss Expectancy (ALE)
32. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
Internet Protocol (IP)
proxy server
Community String
gray box testing
33. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
operating system attack
Accountability
Detective Controls
Archive
34. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Cookie
Post Office Protocol 3 (POP3)
Trusted Computer System Evaluation Criteria (TCSEC)
Accountability
35. A software or hardware application or device that captures user keystrokes.
rule-based access control
keylogger
risk assessment
phishing
36. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Application-Level Attacks
-sO
GET
Virus
37. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
-PS
enumeration
Zone transfer
Tini
38. A routing protocol developed to be used within a single organization.
port redirection
node
Defines legal email marketing
Interior Gateway Protocol (IGP)
39. A computer network confined to a relatively small area - such as a single building or campus.
Defense in Depth
--randomize_hosts -O OS fingerprinting
local area network (LAN)
Assessment
40. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
ISO 17799
steganography
Active Directory (AD)
Mandatory access control (MAC)
41. A program designed to execute at a specific time to release malicious code onto the computer system or network.
INFOSEC Assessment Methodology (IAM)
Time Bomb
National Security Agency
Network Basic Input/Output System (NetBIOS)
42. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Level II assessment
security kernel
Electronic serial number
Due Care
43. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
physical security
-sS
service level agreements (SLAs)
Pretty Good Privacy (PGP)
44. A record showing which user has accessed a given resource and what operations the user performed during a given period.
-PT
Level III assessment
Audit Trail
Point-to-Point Tunneling Protocol (PPTP)
45. Transmitting one protocol encapsulated inside another protocol.
security bulletins
Fraud and related activity in connection with computers
risk assessment
Tunneling
46. Hex 10
Tunnel
Cloning
A
Presentation layer
47. NSA
Zenmap
-sA
integrity
National Security Agency
48. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
Challenge Handshake Authentication Protocol (CHAP)
Electronic Code Book (ECB)
Service Set Identifier (SSID)
Asynchronous
49. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
promiscuous mode
-sR
security defect
parallel scan
50. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
Wired Equivalent Privacy (WEP)
open source
Backdoor
Virus