SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Aggressive scan timing
parallel scan & 300 sec timeout & 1.25 sec/probe
Self Replicating
Interior Gateway Protocol (IGP)
Virtual Private Network (VPN)
2. A file system used by the Mac OS.
Institute of Electrical and Electronics Engineers (IEEE)
Domain Name
CAM table
Hierarchical File System (HFS)
3. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
-sR
A
Internet service provider (ISP)
Password Authentication Protocol (PAP)
4. ex 02
sniffer
nslookup
S
Crossover Error Rate (CER)
5. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
logic bomb
Wi-Fi
War Driving
Virtual Private Network (VPN)
6. An early network application that provides information on users currently logged on to a machine.
Finger
Information Technology (IT) infrastructure
NOP
security bulletins
7. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
A R
gateway
Domain Name System (DNS) lookup
Electronic Code Book (ECB)
8. Formal description and evaluation of the vulnerabilities in an information system
Administratively Prohibited
Uniform Resource Locator (URL)
Hacks with permission
Vulnerability Assessment
9. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Distributed DoS (DDoS)
parameter tampering
802.11 i
node
10. UDP Scan
false rejection rate (FRR)
Database
-sU
HTTP tunneling
11. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
Defense in Depth
parallel scan & 300 sec timeout & 1.25 sec/probe
forwarding
Eavesdropping
12. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
MAC filtering
FreeBSD
Fast Ethernet
Trusted Computer Base (TCB)
13. Port 22
Community String
Daisy Chaining
SSH
Cracker
14. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
Echo Reply
piggybacking
Cloning
security controls
15. A tool that helps a company to compare its actual performance with its potential performance.
gap analysis
Assessment
Local Administrator
single loss expectancy (SLE)
16. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
SNMP
-oN
Administratively Prohibited
Threat
17. The level of importance assigned to an IT asset
Challenge Handshake Authentication Protocol (CHAP)
false rejection rate (FRR)
Information Technology (IT) asset criticality
service level agreements (SLAs)
18. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Black Hat
Vulnerability
Destination Unreachable
Denial of Service (DoS)
19. Port 23
Digital Signature
Google hacking
Telnet
heuristic scanning
20. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
ping sweep
Active Attack
spam
Zero Subnet
21. A program designed to execute at a specific time to release malicious code onto the computer system or network.
honeynet
-sL
segment
Time Bomb
22. A computer virus that infects and spreads in multiple ways.
Community String
Wi-Fi Protected Access (WPA)
hybrid attack
Multipartite virus
23. An Application layer protocol for managing devices on an IP network.
Destination Unreachable
Ciphertext
Simple Network Management Protocol (SNMP)
replay attack
24. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.
File Transfer Protocol (FTP)
hashing algorithm
-sU
SYN attack
25. MAC Flooding
parallel scan & 75 sec timeout & 0.3 sec/probe
Overwhelm CAM table to convert switch to hub mode
Daisy Chaining
Tini
26. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
sheepdip
802.11
Domain Name System (DNS) lookup
Simple Object Access Protocol (SOAP)
27. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
Confidentiality
A R
Vulnerability
Cloning
28. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
Pretty Good Privacy (PGP)
proxy server
End User Licensing Agreement (EULA)
rootkit
29. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
risk
U P F
NetBSD
CIA triangle
30. Incremental Substitution
802.11 i
Transmission Control Protocol (TCP)
Replacing numbers in a url to access other files
-PB
31. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
RID Resource identifier
Collision Domain
Trusted Computer Base (TCB)
User Datagram Protocol (UDP)
32. A portion of memory used to temporarily store output or input data.
queue
Smurf attack
-PM
Buffer
33. Shifting responsibility from one party to another
risk transference
red team
proxy server
Fast Ethernet
34. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Bluetooth
Three-Way (TCP) Handshake
Fiber Distributed Data Interface (FDDI)
Web Spider
35. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
false rejection rate (FRR)
reverse lookup; reverse DNS lookup
Wi-Fi
802.11
36. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
ad hoc mode
Bluetooth
encapsulation
ping sweep
37. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
White Box Testing
halo effect
Buffer Overflow
Blowfish
38. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Virus
Tiger Team
Audit Data
War Dialing
39. The software product or system that is the subject of an evaluation.
remote access
packet
security defect
Target Of Engagement (TOE)
40. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Password Authentication Protocol (PAP)
Bit Flipping
Asymmetric Algorithm
symmetric algorithm
41. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
secure channel
-p <port ranges>
infrastructure mode
shoulder surfing
42. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Redundant Array of Independent Disks (RAID)
Event
-sS
ECHO reply
43. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
Tumbling
reverse social engineering
public key
Interior Gateway Protocol (IGP)
44. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
Routing Protocol
rule-based access control
gray hat
Internet Protocol Security (IPSec) architecture
45. Port 53
DNS
Cryptography
steganography
Man-in-the-middle attack
46. The act of dialing all numbers within an organization to discover open modems.
Post Office Protocol 3 (POP3)
SMB
overt channel
War Dialing
47. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Wireless Local Area Network (WLAN)
security incident response team (SIRT)
Bug
Electronic serial number
48. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
false negative
promiscuous mode
hacktivism
network tap
49. The lack of clocking (imposed time ordering) on a bit stream.
logic bomb
Target Of Engagement (TOE)
pattern matching
Asynchronous
50. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Internet Protocol Security (IPSec) architecture
Sign in Seal
404EE
Kerberos
