SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
Wrapper
ping sweep
stateful packet filtering
RID Resource identifier
2. The software product or system that is the subject of an evaluation.
parameter tampering
Target Of Engagement (TOE)
Cookie
Zenmap
3. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
intrusion detection system (IDS)
shoulder surfing
SYN flood attack
intranet
4. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
non-repudiation
Possession of access devices
Telnet
Cold Site
5. Port 80/81/8080
iris scanner
HTTP
hot site
Defense in Depth
6. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
rogue access point
Redundant Array of Independent Disks (RAID)
Zone transfer
gateway
7. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Black Box Testing
stream cipher
Hacks with permission
Simple Object Access Protocol (SOAP)
8. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
Bit Flipping
Vulnerability Assessment
Due Diligence
network access server
9. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
-PP
War Dialing
Digital Certificate
security bulletins
10. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
Zombie
Database
Transmission Control Protocol (TCP)
Corrective Controls
11. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
EDGAR database
session hijacking
Access Control List (ACL)
Application-Level Attacks
12. ICMP Netmask
Corrective Controls
Point-to-Point Protocol (PPP)
-PM
404EE
13. Wrapper or Binder
non-repudiation
risk assessment
Real application encompassing Trojan
Smurf attack
14. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
Bluesnarfing
SID
stateful packet filtering
Post Office Protocol 3 (POP3)
15. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
site survey
CAM table
802.11
smart card
16. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
RID Resource identifier
overt channel
Antivirus (AV) software
Cryptography
17. nmap
hybrid attack
Request for Comments (RFC)
--randomize_hosts -O OS fingerprinting
-PI
18. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
Exploit
Assessment
Domain Name
audit
19. A documented process for a procedure designed to be consistent - repeatable - and accountable.
suicide hacker
Assessment
Methodology
802.11 i
20. An organized collection of data.
-PT
Vulnerability Assessment
Simple Mail Transfer Protocol (SMTP)
Database
21. An attack that exploits the common mistake many people make when installing operating systems
red team
initial sequence number (ISN)
Bit Flipping
operating system attack
22. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
Network Basic Input/Output System (NetBIOS)
Covert Channel
-p <port ranges>
Routing Information Protocol (RIP)
23. A computer virus that infects and spreads in multiple ways.
Transmission Control Protocol (TCP)
Multipartite virus
Echo Reply
key exchange protocol
24. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
audit
Wired Equivalent Privacy (WEP)
Wireless Local Area Network (WLAN)
risk
25. Name given to expert groups that handle computer security incidents.
Information Technology (IT) infrastructure
Computer Emergency Response Team (CERT)
Fiber Distributed Data Interface (FDDI)
Time exceeded
26. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Tunneling Virus
reconnaissance
Network Address Translation (NAT)
Active Directory (AD)
27. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Authorization
Transmission Control Protocol (TCP)
Audit Data
Filter
28. ICMP Type/Code 3-13
Administratively Prohibited
Network Address Translation (NAT)
Information Technology (IT) infrastructure
infrastructure mode
29. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Copyright
INFOSEC Assessment Methodology (IAM)
gap analysis
Cookie
30. An adapter that provides the physical connection to send and receive data between the computer and the network media.
network interface card (NIC)
End User Licensing Agreement (EULA)
risk assessment
passive attack
31. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
packet filtering
Common Internet File System/Server Message Block
Trusted Computer Base (TCB)
Electronic Code Book (ECB)
32. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
Service Set Identifier (SSID)
remote access
initial sequence number (ISN)
Pretty Good Privacy (PGP)
33. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
Exposure Factor
-sT
protocol stack
Password Authentication Protocol (PAP)
34. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
security controls
Cookie
GET
piggybacking
35. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Access Creep
queue
Domain Name System (DNS) lookup
Authentication - Authorization - and Accounting (AAA)
36. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
social engineering
honeynet
NT LAN Manager (NTLM)
identity theft
37. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
-sP
steganography
Copyright
remote access
38. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
Institute of Electrical and Electronics Engineers (IEEE)
-sR
Local Administrator
SID
39. A device providing temporary - on-demand - point-to-point network access to users.
Accountability
network access server
Methodology
-PI
40. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
Port Address Translation (PAT)
Corrective Controls
FreeBSD
Tini
41. Nmap grepable output
-oG
Defense in Depth
RID Resource identifier
Finding a directory listing and gaining access to a parent or root file for access to other files
42. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Trojan Horse
Baseline
Asymmetric
Point-to-Point Protocol (PPP)
43. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
-PM
Daemon
SYN flood attack
HIDS
44. Hex 14
A R
serial scan & 300 sec wait
-oN
Annualized Loss Expectancy (ALE)
45. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
symmetric algorithm
Detective Controls
Interior Gateway Protocol (IGP)
red team
46. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Asymmetric Algorithm
Worm
Data Link layer
keylogger
47. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
-oA
parallel scan & 75 sec timeout & 0.3 sec/probe
Block Cipher
Ethical Hacker
48. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Black Box Testing
Port Address Translation (PAT)
Adware
Wired Equivalent Privacy (WEP)
49. 18 U.S.C. 1029
forwarding
Possession of access devices
port redirection
-sL
50. Hex 04
packet filtering
R
hashing algorithm
-p <port ranges>
