SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A portion of memory used to temporarily store output or input data.
Buffer
-sF
Third Party
source routing
2. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Wireless Local Area Network (WLAN)
Common Internet File System/Server Message Block
Application-Level Attacks
Decryption
3. A protocol for exchanging packets over a serial line.
Point-to-Point Tunneling Protocol (PPTP)
Written Authorization
-PI
Serial Line Internet Protocol (SLIP)
4. The process of using easily accessible DNS records to map a target network's internal hosts.
MD5
Virtual Private Network (VPN)
DNS enumeration
stateful packet filtering
5. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
parameter tampering
shrink-wrap code attacks
SMB
Tunnel
6. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
keylogger
port knocking
limitation of liability and remedies
Contingency Plan
7. SYN Ping
-PS
Corrective Controls
Internet service provider (ISP)
Rijndael
8. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
ping sweep
Black Box Testing
gap analysis
Multipartite virus
9. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
encryption
gray hat
Tiger Team
Wi-Fi
10. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
role-based access control
Common Internet File System/Server Message Block
Wired Equivalent Privacy (WEP)
GET
11. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
File Allocation Table (FAT)
Backdoor
Malware
NetBus
12. Version Detection Scan
Authentication Header (AH)
War Chalking
-sV
Transmission Control Protocol (TCP)
13. The transmission of digital signals without precise clocking or synchronization.
risk avoidance
CIA triangle
Accountability
asynchronous transmission
14. NSA
Challenge Handshake Authentication Protocol (CHAP)
sniffer
National Security Agency
Denial of Service (DoS)
15. ICMP Type/Code 3-13
logic bomb
Multipartite virus
Administratively Prohibited
A R
16. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Minimum acceptable level of risk
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Active Fingerprinting
local area network (LAN)
17. A virus written in a macro language and usually embedded in document or spreadsheet files.
Filter
-sI
Active Fingerprinting
Macro virus
18. The concept of having more than one person required to complete a task
separation of duties
Virtual Private Network (VPN)
Request for Comments (RFC)
hybrid attack
19. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Zero Subnet
Redundant Array of Independent Disks (RAID)
honeypot
Contingency Plan
20. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
War Driving
Mantrap
reverse lookup; reverse DNS lookup
TACACS
21. A business - government agency - or educational institution that provides access to the Internet.
Internet service provider (ISP)
Buffer
-sV
-sX
22. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
Minimum acceptable level of risk
Presentation layer
fully qualified domain name (FQDN)
Level II assessment
23. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption
Antivirus (AV) software
Cookie
Algorithm
S
24. A person or entity indirectly involved in a relationship between two principles.
Third Party
Virus
Digital Watermarking
promiscuous mode
25. Monitoring of telephone or Internet conversations - typically by covert means.
FTP
Wiretapping
Asymmetric
-oN
26. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
signature scanning
Written Authorization
Electronic Code Book (ECB)
Audit Data
27. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
heuristic scanning
infrastructure mode
Access Creep
protocol stack
28. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
router
Ethernet
penetration testing
Mantrap
29. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
DNS enumeration
sidejacking
Asset
30. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
spyware
initial sequence number (ISN)
quantitative risk assessment
NetBSD
31. The combination of all IT assets - resources - components - and systems.
Information Technology (IT) infrastructure
Network Basic Input/Output System (NetBIOS)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
RxBoot
32. nmap
-p <port ranges>
risk avoidance
War Dialing
R
33. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
Audit Data
service level agreements (SLAs)
-oX
Time exceeded
34. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Auditing
Eavesdropping
public key infrastructure (PKI)
Domain Name System (DNS) lookup
35. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
CAM table
MD5
quantitative risk assessment
penetration testing
36. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
-PI
-sW
Tumbling
intrusion detection system (IDS)
37. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
Buffer Overflow
Traceroute
Asymmetric Algorithm
Request for Comments (RFC)
38. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
A R
Network Basic Input/Output System (NetBIOS)
Asymmetric
Tunneling
39. A small Trojan program that listens on port 777.
Tini
Cryptographic Key
A S
Domain Name
40. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
Buffer Overflow
SNMP
POST
identity theft
41. Name given to expert groups that handle computer security incidents.
security breach or security incident
NetBSD
Computer Emergency Response Team (CERT)
Tiger Team
42. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Trapdoor Function
replay attack
Google hacking
Bastion host
43. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
Console Port
queue
Demilitarized Zone (DMZ)
Transport Layer Security (TLS)
44. Injecting traffic into the network to identify the operating system of a device.
site survey
Active Fingerprinting
Rijndael
Tini
45. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Multipurpose Internet Mail Extensions (MIME)
patch
Destination Unreachable
POP 3
46. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Hacks with permission
MAC filtering
Audit Trail
-P0
47. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
-sS
hashing algorithm
End User Licensing Agreement (EULA)
Network Basic Input/Output System (NetBIOS)
48. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
NT LAN Manager (NTLM)
-oA
rule-based access control
Digital Signature
49. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
forwarding
Adware
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Bluejacking
50. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
-sW
reverse lookup; reverse DNS lookup
Smurf attack
User Datagram Protocol (UDP)