SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Tumbling
Bluetooth
Covert Channel
Address Resolution Protocol (ARP) table
2. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
-sX
Redundant Array of Independent Disks (RAID)
Adware
HTTP tunneling
3. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Threat
Authentication
Wiretapping
port scanning
4. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Antivirus (AV) software
halo effect
Wide Area Network (WAN)
POST
5. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Cookie
Three-Way (TCP) Handshake
Denial of Service (DoS)
parallel scan & 75 sec timeout & 0.3 sec/probe
6. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
Redundant Array of Independent Disks (RAID)
asynchronous transmission
route
Internet service provider (ISP)
7. FTP Bounce Attack
Threat
-b
Time To Live (TTL)
ISO 17799
8. Port 137/138/139
Timestamping
MAC filtering
Asymmetric
SMB
9. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
ad hoc mode
Due Diligence
reverse lookup; reverse DNS lookup
Transport Layer Security (TLS)
10. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Internet service provider (ISP)
payload
Internet Assigned Number Authority (IANA)
-sF
11. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Wired Equivalent Privacy (WEP)
Boot Sector Virus
Acceptable Use Policy (AUP)
Internet Protocol Security (IPSec) architecture
12. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Mandatory access control (MAC)
integrity
-PS
Vulnerability
13. Hex 14
Virtual Private Network (VPN)
hashing algorithm
A R
Archive
14. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Tunnel
Wired Equivalent Privacy (WEP)
Virus
Smurf attack
15. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
security bulletins
site survey
Banner Grabbing
Bluejacking
16. Access by information systems (or users) communicating from outside the information system security perimeter.
Methodology
remote access
Active Attack
Mantrap
17. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
separation of duties
S
Common Internet File System/Server Message Block
-oG
18. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Trojan Horse
Minimum acceptable level of risk
session hijacking
Rijndael
19. A point of reference used to mark an initial state in order to manage change.
Virtual Private Network (VPN)
Baseline
-sX
Multipurpose Internet Mail Extensions (MIME)
20. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
public key
Database
Ethical Hacker
secure channel
21. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Daisy Chaining
NT LAN Manager (NTLM)
Level II assessment
Baseline
22. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
A S
security kernel
Cache
Warm Site
23. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Black Hat
Routing Information Protocol (RIP)
Access Control List (ACL)
Auditing
24. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Malware
Zombie
Acceptable Use Policy (AUP)
Media Access Control (MAC)
25. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
social engineering
packet
ISO 17799
NetBSD
26. A software or hardware defect that often results in system vulnerabilities.
No previous knowledge of the network
integrity
Bug
Daemon
27. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Cracker
Zero Subnet
Minimum acceptable level of risk
honeypot
28. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
gateway
Destination Unreachable
Lightweight Directory Access Protocol (LDAP)
Cookie
29. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
security kernel
Time Bomb
-sA
Redundant Array of Independent Disks (RAID)
30. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
S
Information Technology (IT) asset criticality
route
31. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
Wi-Fi
Event
Password Authentication Protocol (PAP)
Malware
32. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
Zone transfer
Cryptography
promiscuous mode
Third Party
33. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
firewalking
Request for Comments (RFC)
Temporal Key Integrity Protocol (TKIP)
Event
34. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Man-in-the-middle attack
Destination Unreachable
Cryptography
Self Replicating
35. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Antivirus (AV) software
Domain Name System (DNS)
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Wrapper
36. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
-sP
Information Technology (IT) asset criticality
Zero Subnet
Worm
37. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
-PI
sniffer
shoulder surfing
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
38. An attack that combines a brute-force attack with a dictionary attack.
hybrid attack
symmetric encryption
false rejection rate (FRR)
U P F
39. A protocol used for sending and receiving log information for nodes on a network.
Syslog
War Driving
Data Link layer
Certificate
40. Injecting traffic into the network to identify the operating system of a device.
Active Fingerprinting
rule-based access control
red team
-PI
41. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
Macro virus
Confidentiality
parallel scan & 300 sec timeout & 1.25 sec/probe
A S
42. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Finger
Simple Network Management Protocol (SNMP)
Hacks with permission
Malware
43. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
network tap
Vulnerability Assessment
Secure Sockets Layer (SSL)
Crossover Error Rate (CER)
44. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
signature scanning
Methodology
service level agreements (SLAs)
Copyright
45. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
Tumbling
Zero Subnet
smart card
Last In First Out (LIFO)
46. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Address Resolution Protocol (ARP) table
Certificate
Computer-Based Attack
Overwhelm CAM table to convert switch to hub mode
47. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
key exchange protocol
Zero Subnet
Wi-Fi
Vulnerability Assessment
48. Incremental Substitution
RID Resource identifier
Replacing numbers in a url to access other files
404EE
Trojan Horse
49. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
local area network (LAN)
Mandatory access control (MAC)
rootkit
spyware
50. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
Zone transfer
Password Authentication Protocol (PAP)
Asynchronous
security incident response team (SIRT)