SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Cookie
qualitative analysis
security kernel
key exchange protocol
2. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Open System Interconnection (OSI) Reference Model
Black Hat
gray box testing
Biometrics
3. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
Annualized Loss Expectancy (ALE)
Smurf attack
rootkit
Fraud and related activity in connection with computers
4. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
firewall
Dumpster Diving
Copyright
security bulletins
5. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
parallel scan
Domain Name System (DNS) lookup
-oN
risk avoidance
6. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
secure channel
session splicing
Self Replicating
firewall
7. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
Traceroute
TACACS
Internet Protocol (IP)
Cryptography
8. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
File Allocation Table (FAT)
Bug
routed protocol
risk assessment
9. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Tunneling
Lightweight Directory Access Protocol (LDAP)
Trojan Horse
Mandatory access control (MAC)
10. Idlescan
Network Address Translation (NAT)
-sI
Internet Protocol (IP)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
11. Monitoring of telephone or Internet conversations - typically by covert means.
Secure Sockets Layer (SSL)
Wiretapping
Authentication - Authorization - and Accounting (AAA)
ECHO reply
12. A social-engineering attack that manipulates the victim into calling the attacker for help.
Authorization
risk avoidance
reverse social engineering
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
13. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
site survey
Local Administrator
Bit Flipping
Electronic Code Book (ECB)
14. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Temporal Key Integrity Protocol (TKIP)
Mandatory access control (MAC)
public key infrastructure (PKI)
User Datagram Protocol (UDP)
15. A software or hardware defect that often results in system vulnerabilities.
Syslog
intrusion detection system (IDS)
Electronic Code Book (ECB)
Bug
16. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Institute of Electrical and Electronics Engineers (IEEE)
Antivirus (AV) software
Syslog
halo effect
17. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
Wiretapping
HIDS
Network Basic Input/Output System (NetBIOS)
Collision
18. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
initial sequence number (ISN)
Warm Site
symmetric algorithm
Demilitarized Zone (DMZ)
19. A small Trojan program that listens on port 777.
A R
risk avoidance
Tini
Whois
20. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
quality of service (QoS)
Point-to-Point Tunneling Protocol (PPTP)
SYN attack
Cryptography
21. RPC Scan
-sR
Bug
piggybacking
logic bomb
22. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Bit Flipping
symmetric encryption
Level I assessment
routed protocol
23. A routing protocol developed to be used within a single organization.
Interior Gateway Protocol (IGP)
Common Internet File System/Server Message Block
Wired Equivalent Privacy (WEP)
shrink-wrap code attacks
24. don't ping
Corrective Controls
risk assessment
ISO 17799
-P0
25. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
A R
Asset
Competitive Intelligence
Warm Site
26. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Wiretapping
Covert Channel
Finger
Level II assessment
27. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Information Technology (IT) infrastructure
ping sweep
Bit Flipping
Open System Interconnection (OSI) Reference Model
28. Network Scanning
reverse social engineering
firewall
A procedure for identifying active hosts on a network.
RID Resource identifier
29. The steps taken to gather evidence and information on the targets you wish to attack.
reconnaissance
gray hat
802.11
integrity
30. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Sign in Seal
Black Hat
Block Cipher
Information Technology (IT) security architecture and framework
31. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is
security controls
flood
packet
quality of service (QoS)
32. 18 U.S.C. 1030
qualitative analysis
Fraud and related activity in connection with computers
GET
Black Hat
33. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
Data Encryption Standard (DES)
Wired Equivalent Privacy (WEP)
private key
Serial Line Internet Protocol (SLIP)
34. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
-sA
Digital Certificate
802.11 i
Defines legal email marketing
35. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
Extensible Authentication Protocol (EAP)
Time exceeded
Asymmetric
encryption
36. ICMP Netmask
-PT
Detective Controls
Virus
-PM
37. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
Virtual Private Network (VPN)
Tunnel
SYN attack
National Security Agency
38. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
session splicing
Cracker
symmetric encryption
Time exceeded
39. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
Virus
Access Control List (ACL)
Fast Ethernet
Exposure Factor
40. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Contingency Plan
Real application encompassing Trojan
Vulnerability Scanning
-sS
41. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
White Box Testing
Exposure Factor
-PB
MAC filtering
42. Formal description and evaluation of the vulnerabilities in an information system
Defense in Depth
Vulnerability Assessment
Denial of Service (DoS)
node
43. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
session splicing
Warm Site
Man-in-the-middle attack
symmetric algorithm
44. Hex 12
Blowfish
Target Of Engagement (TOE)
A S
spam
45. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
NetBus
nslookup
keylogger
Interior Gateway Protocol (IGP)
46. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
steganography
International Organization for Standardization (ISO)
Common Internet File System/Server Message Block
piggybacking
47. The change or growth of a project's scope
heuristic scanning
Fiber Distributed Data Interface (FDDI)
open source
scope creep
48. IP Protocol Scan
Third Party
NT LAN Manager (NTLM)
Anonymizer
-sO
49. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
script kiddie
Crossover Error Rate (CER)
hashing algorithm
Multipurpose Internet Mail Extensions (MIME)
50. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Virus
network operations center (NOC)
hash
-sU
