SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Black box test
-sP
No previous knowledge of the network
Wide Area Network (WAN)
NetBus
2. Hex 14
reverse lookup; reverse DNS lookup
Interior Gateway Protocol (IGP)
-sS
A R
3. A person or entity indirectly involved in a relationship between two principles.
Buffer Overflow
Biometrics
Third Party
Application-Level Attacks
4. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Cryptography
Active Fingerprinting
GET
Secure Sockets Layer (SSL)
5. A small Trojan program that listens on port 777.
Tini
DNS enumeration
role-based access control
Tumbling
6. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
ad hoc mode
Bluejacking
Cryptography
qualitative analysis
7. The potential for damage to or loss of an IT asset
Real application encompassing Trojan
risk
secure channel
Collision Domain
8. The exploitation of a security vulnerability
Eavesdropping
Internet Protocol Security (IPSec) architecture
Trusted Computer Base (TCB)
security breach or security incident
9. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
-sR
SYN attack
security defect
Certificate
10. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
-b
802.11 i
OpenBSD
Trusted Computer System Evaluation Criteria (TCSEC)
11. A host designed to collect data on suspicious activity.
honeypot
Echo Reply
CIA triangle
Blowfish
12. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
Written Authorization
payload
ping sweep
secure channel
13. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Uniform Resource Locator (URL)
Blowfish
Information Technology (IT) infrastructure
Crossover Error Rate (CER)
14. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
protocol
Due Care
Fast Ethernet
15. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.
secure channel
Block Cipher
-PP
session splicing
16. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Internal access to the network
polymorphic virus
qualitative analysis
Electronic serial number
17. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
service level agreements (SLAs)
queue
Cryptography
network access server
18. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Internet Protocol Security (IPSec) architecture
Multipartite virus
Address Resolution Protocol (ARP) table
SYN flood attack
19. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Vulnerability Scanning
Internet Assigned Number Authority (IANA)
MD5
human-based social engineering
20. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
White Box Testing
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Internal access to the network
Routing Information Protocol (RIP)
21. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Filter
Access Creep
Methodology
promiscuous mode
22. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
Buffer Overflow
CAM table
risk
route
23. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
-PB
Acceptable Use Policy (AUP)
parameter tampering
-sF
24. Port 31337
Back orifice
Packet Internet Groper (ping)
risk acceptance
Data Link layer
25. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
identity theft
Domain Name System (DNS) cache poisoning
Unicode
SYN attack
26. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Administratively Prohibited
Acknowledgment (ACK)
Tunneling
Competitive Intelligence
27. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Event
local area network (LAN)
network operations center (NOC)
Bluejacking
28. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
shoulder surfing
Covert Channel
Temporal Key Integrity Protocol (TKIP)
Internet Protocol Security (IPSec) architecture
29. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Internal access to the network
physical security
Back orifice
Digital Watermarking
30. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
risk acceptance
false negative
Brute-Force Password Attack
HIDS
31. The steps taken to gather evidence and information on the targets you wish to attack.
Internal access to the network
Multipurpose Internet Mail Extensions (MIME)
End User Licensing Agreement (EULA)
reconnaissance
32. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
-sR
Presentation layer
honeypot
role-based access control
33. ICMP Timestamp
-PP
Audit Data
Authentication
Detective Controls
34. A virus that plants itself in a system's boot sector and infects the master boot record.
Information Technology (IT) asset valuation
Boot Sector Virus
private key
-PM
35. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
Mantrap
Request for Comments (RFC)
Domain Name
Crossover Error Rate (CER)
36. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
security breach or security incident
Active Attack
self encrypting
false negative
37. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
logic bomb
risk avoidance
Ciphertext
Extensible Authentication Protocol (EAP)
38. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
MAC filtering
Due Diligence
sidejacking
false rejection rate (FRR)
39. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Ciphertext
Cold Site
Denial of Service (DoS)
Dumpster Diving
40. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
Hacks without permission
Address Resolution Protocol (ARP) table
script kiddie
Directory Traversal
41. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
keylogger
Internet Protocol Security (IPSec) architecture
Digital Certificate
intrusion detection system (IDS)
42. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Cache
hardware keystroke logger
Last In First Out (LIFO)
Audit Trail
43. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
Availability
Port Address Translation (PAT)
promiscuous mode
Daemon
44. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Overwhelm CAM table to convert switch to hub mode
-sI
Filter
Third Party
45. nmap
Decryption
Confidentiality
Secure Multipurpose Mail Extension (S/MIME)
-p <port ranges>
46. ICMP Type/Code 3-13
RID Resource identifier
Administratively Prohibited
Interior Gateway Protocol (IGP)
segment
47. Paranoid scan timing
serial scan & 300 sec wait
CNAME record
Eavesdropping
Kerberos
48. Microsoft SID 500
Demilitarized Zone (DMZ)
payload
Buffer Overflow
Local Administrator
49. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
spyware
HIDS
Extensible Authentication Protocol (EAP)
Buffer Overflow
50. Sneaky scan timing
404EE
false negative
serialize scans & 15 sec wait
Temporal Key Integrity Protocol (TKIP)
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests