Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Idlescan
-sI
risk acceptance
-sP
NOP

2. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
Service Set Identifier (SSID)
Sign in Seal
U P F
Event

3. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
-p <port ranges>
Macro virus
Ciphertext
Due Care

4. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Mandatory access control (MAC)
Web Spider
Confidentiality
gray hat

5. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
stateful packet filtering
FreeBSD
Audit Trail
smart card

6. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
Media Access Control (MAC)
Extensible Authentication Protocol (EAP)
Cracker
Ethical Hacker

7. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Assessment
suicide hacker
Denial of Service (DoS)
false rejection rate (FRR)

8. Port 80/81/8080
false rejection rate (FRR)
Tumbling
Fast Ethernet
HTTP

9. Port 22
Serial Line Internet Protocol (SLIP)
SSH
ring topology
rule-based access control

10. The change or growth of a project's scope
scope creep
parallel scan & 75 sec timeout & 0.3 sec/probe
spam
A

11. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
secure channel
Possession of access devices
-oA
Block Cipher

12. A protocol used to pass control and error messages between nodes on the Internet.
Internet Control Message Protocol (ICMP)
asynchronous transmission
Trapdoor Function
Authentication

13. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Packet Internet Groper (ping)
Fast Ethernet
Wireless Local Area Network (WLAN)
Antivirus (AV) software

14. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Third Party
physical security
security by obscurity
gray box testing

15. A device on a network.
node
POST
Master boot record infector
Hacks without permission

16. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
Authentication
Blowfish
key exchange protocol
gateway

17. Hex 12
-PS
A S
session hijacking
flood

18. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Adware
Event
Tiger Team
Backdoor

19. The level of importance assigned to an IT asset
intranet
Information Technology (IT) asset criticality
Accountability
Hacks with permission

20. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Acknowledgment (ACK)
Vulnerability
Information Technology (IT) asset criticality
Tini

21. MAC Flooding
Packet Internet Groper (ping)
Overwhelm CAM table to convert switch to hub mode
Active Attack
404EE

22. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
secure channel
Redundant Array of Independent Disks (RAID)
Mantrap
Google hacking

23. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Extensible Authentication Protocol (EAP)
DNS
Malicious code
Active Directory (AD)

24. Incremental Substitution
Replacing numbers in a url to access other files
File Transfer Protocol (FTP)
remote procedure call (RPC)
Password Authentication Protocol (PAP)

25. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Network Address Translation (NAT)
Vulnerability Assessment
-sA
Hypertext Transfer Protocol Secure (HTTPS)

26. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
Simple Mail Transfer Protocol (SMTP)
-sL
intrusion prevention system (IPS)
Bluejacking

27. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
-sT
Finger
Access Control List (ACL)
Fiber Distributed Data Interface (FDDI)

28. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
site survey
Contingency Plan
Warm Site
promiscuous mode

29. Phases of an attack
Bug
physical security
gap analysis
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks

30. The default network authentication suite of protocols for Windows NT 4.0
piggybacking
parallel scan & 75 sec timeout & 0.3 sec/probe
NT LAN Manager (NTLM)
Denial of Service (DoS)

31. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Hypertext Transfer Protocol (HTTP)
Digital Watermarking
Internet service provider (ISP)
Mantrap

32. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Methodology
Vulnerability Management
audit
Filter

33. The exploitation of a security vulnerability
HTTP tunneling
Address Resolution Protocol (ARP)
audit
security breach or security incident

34. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Digital Certificate
Time To Live (TTL)
EDGAR database
-sX

35. ACK Scan
War Dialing
Adware
Eavesdropping
-sA

36. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Point-to-Point Tunneling Protocol (PPTP)
Internet Protocol (IP)
Trapdoor Function
local area network (LAN)

37. An Application layer protocol for sending electronic mail between servers.
Electronic serial number
Simple Mail Transfer Protocol (SMTP)
Domain Name System (DNS) lookup
Request for Comments (RFC)

38. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
Trapdoor Function
payload
Post Office Protocol 3 (POP3)
Internal access to the network

39. Attacks on the actual programming code of an application.
Application-Level Attacks
INFOSEC Assessment Methodology (IAM)
Wi-Fi Protected Access (WPA)
nslookup

40. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
payload
Asset
Overwhelm CAM table to convert switch to hub mode
Simple Mail Transfer Protocol (SMTP)

41. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
-PS
Virtual Local Area Network (VLAN)
Asset
Bluejacking

42. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Secure Multipurpose Mail Extension (S/MIME)
Electronic serial number
Level I assessment
Syslog

43. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
sheepdip
session splicing
Replacing numbers in a url to access other files
security bulletins

44. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
proxy server
Ethernet
Authentication - Authorization - and Accounting (AAA)
spoofing

45. The Security Accounts Manager file in Windows stores all the password hashes for the system.
Information Technology (IT) asset valuation
Asymmetric Algorithm
SAM
hash

46. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
Simple Network Management Protocol (SNMP)
Corrective Controls
-PB
Crossover Error Rate (CER)

47. ex 02
risk assessment
Crossover Error Rate (CER)
Daisy Chaining
S

48. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
service level agreements (SLAs)
session hijacking
End User Licensing Agreement (EULA)
risk transference

49. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
User Datagram Protocol (UDP)
Fast Ethernet
parallel scan
Interior Gateway Protocol (IGP)

50. don't ping
Audit Trail
-P0
Finding a directory listing and gaining access to a parent or root file for access to other files
Syslog