SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Written Authorization
Authentication Header (AH)
-PM
Asymmetric
2. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
Traceroute
gateway
risk avoidance
parallel scan
3. Insane scan timing
parallel scan & 75 sec timeout & 0.3 sec/probe
Simple Object Access Protocol (SOAP)
Information Technology (IT) asset criticality
Buffer Overflow
4. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Directory Traversal
limitation of liability and remedies
-sL
Tunneling Virus
5. ICMP Type/Code 11
risk assessment
Time exceeded
Kerberos
Authentication
6. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Multipartite virus
End User Licensing Agreement (EULA)
HTTP tunneling
risk avoidance
7. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
role-based access control
Electronic Code Book (ECB)
halo effect
Dumpster Diving
8. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
forwarding
stateful packet filtering
signature scanning
scope creep
9. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
Request for Comments (RFC)
Dumpster Diving
SNMP
Timestamping
10. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Antivirus (AV) software
-sA
Annualized Loss Expectancy (ALE)
Virtual Local Area Network (VLAN)
11. Port 23
Acceptable Use Policy (AUP)
Bit Flipping
Telnet
OpenBSD
12. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
network interface card (NIC)
Self Replicating
Mantrap
human-based social engineering
13. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can
route
Threat
DNS enumeration
quantitative risk assessment
14. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
Tiger Team
Wide Area Network (WAN)
Decryption
User Datagram Protocol (UDP)
15. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
Domain Name System (DNS)
Cryptographic Key
Boot Sector Virus
Due Diligence
16. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
security incident response team (SIRT)
NOP
Information Technology (IT) security architecture and framework
router
17. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
self encrypting
Trojan Horse
replay attack
Web Spider
18. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
Mantrap
Videocipher II Satellite Encryption System
intrusion prevention system (IPS)
Due Diligence
19. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
-sL
Event
shoulder surfing
Malware
20. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
-PT
social engineering
-PB
reverse social engineering
21. A device providing temporary - on-demand - point-to-point network access to users.
network access server
Fraud and related activity in connection with computers
No previous knowledge of the network
Hypertext Transfer Protocol (HTTP)
22. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Secure Multipurpose Mail Extension (S/MIME)
Finger
Zero Subnet
Banner Grabbing
23. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Trusted Computer Base (TCB)
limitation of liability and remedies
Buffer
reverse social engineering
24. Normal scan timing
Tunneling
parallel scan
Fiber Distributed Data Interface (FDDI)
OpenBSD
25. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Real application encompassing Trojan
private key
Console Port
Adware
26. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
SOA record
limitation of liability and remedies
security controls
-PB
27. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
smart card
Service Set Identifier (SSID)
Due Diligence
Banner Grabbing
28. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
--randomize_hosts -O OS fingerprinting
Corrective Controls
Blowfish
qualitative analysis
29. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
spam
initial sequence number (ISN)
Access Point (AP)
Boot Sector Virus
30. A method of external testing whereby several systems or resources are used together to effect an attack.
Cache
Daisy Chaining
ping sweep
private key
31. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Simple Object Access Protocol (SOAP)
passive attack
Time To Live (TTL)
Google hacking
32. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
quality of service (QoS)
firewall
-PM
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
33. Monitoring of telephone or Internet conversations - typically by covert means.
Corrective Controls
Wiretapping
Bug
-sS
34. Using conversation or some other interaction between people to gather useful information.
Hierarchical File System (HFS)
human-based social engineering
National Security Agency
passive attack
35. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
infrastructure mode
Secure Multipurpose Mail Extension (S/MIME)
Self Replicating
intrusion detection system (IDS)
36. A device on a network.
node
Tunneling Virus
Electronic serial number
Cryptography
37. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
Decryption
Address Resolution Protocol (ARP)
RID Resource identifier
rule-based access control
38. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
R
security bulletins
Simple Mail Transfer Protocol (SMTP)
404EE
39. Hex 04
R
security controls
Target Of Engagement (TOE)
Digital Certificate
40. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Secure Multipurpose Mail Extension (S/MIME)
network interface card (NIC)
stateful packet filtering
Wireless Local Area Network (WLAN)
41. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
Cryptographic Key
-PI
nslookup
MD5
42. Idlescan
Covert Channel
-sI
Data Encryption Standard (DES)
SAM
43. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
Echo request
spam
Covert Channel
Lightweight Directory Access Protocol (LDAP)
44. Attacks on the actual programming code of an application.
Cold Site
Routing Information Protocol (RIP)
404EE
Application-Level Attacks
45. Any network incident that prompts some kind of log entry or other notification.
Event
GET
Network Basic Input/Output System (NetBIOS)
Zero Subnet
46. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
Collision
piggybacking
Mantrap
-PB
47. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
Tiger Team
Tunneling Virus
Acceptable Use Policy (AUP)
48. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
Domain Name
serialize scans & 15 sec wait
Zenmap
spoofing
49. A protocol defining packets that are able to be routed by a router.
Man-in-the-middle attack
Overwhelm CAM table to convert switch to hub mode
routed protocol
SYN flood attack
50. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Finger
patch
physical security
A
