SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ex 02
Algorithm
S
Last In First Out (LIFO)
Covert Channel
2. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
firewall
remote access
Domain Name
NetBSD
3. ICMP Type/Code 3-13
session hijacking
-sR
Access Control List (ACL)
Administratively Prohibited
4. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
Hacks without permission
Directory Traversal
Collision
5. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
patch
Kerberos
Boot Sector Virus
Anonymizer
6. The potential for damage to or loss of an IT asset
self encrypting
HTTP tunneling
port knocking
risk
7. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Telnet
Certificate Authority (CA)
Adware
Access Control List (ACL)
8. nmap
Cracker
public key infrastructure (PKI)
Request for Comments (RFC)
-p <port ranges>
9. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
SNMP
War Dialing
Bluesnarfing
-sF
10. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
Virtual Private Network (VPN)
Availability
Possession of access devices
packet
11. Hex 04
hacktivism
Port Address Translation (PAT)
R
SYN attack
12. Injecting traffic into the network to identify the operating system of a device.
serial scan & 300 sec wait
Finger
Active Fingerprinting
protocol stack
13. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
Access Control List (ACL)
NetBSD
Baseline
NOP
14. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
hash
footprinting
Cryptography
packet filtering
15. The act of dialing all numbers within an organization to discover open modems.
CNAME record
patch
Multipurpose Internet Mail Extensions (MIME)
War Dialing
16. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
initial sequence number (ISN)
Cryptographic Key
security controls
A procedure for identifying active hosts on a network.
17. The combination of all IT assets - resources - components - and systems.
A S
White Box Testing
port scanning
Information Technology (IT) infrastructure
18. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
network access server
HTTP
Application Layer
19. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
-sA
Zone transfer
Hacks with permission
International Organization for Standardization (ISO)
20. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Due Diligence
Cracker
Fiber Distributed Data Interface (FDDI)
FTP
21. Black hat
Level III assessment
Videocipher II Satellite Encryption System
Cryptography
Hacks without permission
22. A device providing temporary - on-demand - point-to-point network access to users.
FTP
sheepdip
network access server
Digital Signature
23. Name given to expert groups that handle computer security incidents.
Pretty Good Privacy (PGP)
Computer Emergency Response Team (CERT)
Bluejacking
local area network (LAN)
24. Network Scanning
A procedure for identifying active hosts on a network.
remote access
Minimum acceptable level of risk
steganography
25. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
parallel scan & 300 sec timeout & 1.25 sec/probe
Virtual Private Network (VPN)
security defect
Kerberos
26. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
parameter tampering
false rejection rate (FRR)
Cryptography
Collision Domain
27. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
hybrid attack
enumeration
Information Technology Security Evaluation Criteria (ITSEC)
Zombie
28. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
Droppers
Bit Flipping
ad hoc mode
serialize scans & 0.4 sec wait
29. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
Certificate Authority (CA)
HTTP tunneling
sidejacking
Web Spider
30. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
payload
hot site
Adware
Acknowledgment (ACK)
31. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is
flood
Console Port
identity theft
Detective Controls
32. The transmission of digital signals without precise clocking or synchronization.
intrusion detection system (IDS)
non-repudiation
asynchronous transmission
Collision
33. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
infrastructure mode
-sX
Confidentiality
Authentication - Authorization - and Accounting (AAA)
34. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Multipartite virus
Pretty Good Privacy (PGP)
Backdoor
LDAP
35. Port 23
Telnet
router
Information Technology (IT) security architecture and framework
Unicode
36. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
queue
fully qualified domain name (FQDN)
Destination Unreachable
Bastion host
37. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Asymmetric Algorithm
separation of duties
hacktivism
Tumbling
38. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
-oX
Secure Multipurpose Mail Extension (S/MIME)
gray hat
Address Resolution Protocol (ARP) table
39. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
Wi-Fi
non-repudiation
risk assessment
Fast Ethernet
40. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
stream cipher
Kerberos
Copyright
signature scanning
41. A type of malware that covertly collects information about a user.
inference attack
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
spyware
Copyright
42. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Active Attack
Bug
Asymmetric
Audit Data
43. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
SMB
-sX
Black Hat
polymorphic virus
44. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
steganography
Real application encompassing Trojan
private key
Audit Data
45. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
Hypertext Transfer Protocol (HTTP)
qualitative analysis
Digital Signature
packet
46. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
TACACS
POST
non-repudiation
hardware keystroke logger
47. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
SMB
Open System Interconnection (OSI) Reference Model
-PM
Cryptographic Key
48. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
MD5
parallel scan & 300 sec timeout & 1.25 sec/probe
MAC filtering
Wi-Fi
49. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
SOA record
ECHO reply
Antivirus (AV) software
Tunneling
50. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Detective Controls
CNAME record
Mandatory access control (MAC)
Information Technology Security Evaluation Criteria (ITSEC)