SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
Target Of Engagement (TOE)
CIA triangle
Internet Protocol (IP)
-sX
2. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Cold Site
Traceroute
Eavesdropping
ring topology
3. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
symmetric encryption
Countermeasures
-PB
segment
4. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Multipurpose Internet Mail Extensions (MIME)
Kerberos
Antivirus (AV) software
Banner Grabbing
5. Hex 14
Cloning
POP 3
A R
Database
6. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
phishing
Challenge Handshake Authentication Protocol (CHAP)
Bluesnarfing
Zenmap
7. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
Detective Controls
Hacks without permission
personal identification number (PIN)
Self Replicating
8. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Archive
remote access
Macro virus
Temporal Key Integrity Protocol (TKIP)
9. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
forwarding
--randomize_hosts -O OS fingerprinting
Threat
Three-Way (TCP) Handshake
10. FTP Bounce Attack
Warm Site
session splicing
Asset
-b
11. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
penetration testing
Dumpster Diving
Post Office Protocol 3 (POP3)
Self Replicating
12. TCP Ping
Tunneling Virus
-PT
Hacks with permission
Level III assessment
13. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
-oA
Trojan Horse
Wiretapping
CIA triangle
14. Wrapper or Binder
A
Real application encompassing Trojan
inference attack
Acceptable Use Policy (AUP)
15. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
Asynchronous
private network address
serialize scans & 0.4 sec wait
Port Address Translation (PAT)
16. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
steganography
node
A R
secure channel
17. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
rogue access point
Information Technology Security Evaluation Criteria (ITSEC)
Time exceeded
Countermeasures
18. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
gray box testing
Cloning
Interior Gateway Protocol (IGP)
Zero Subnet
19. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
False Acceptance Rate (FAR)
-sI
Three-Way (TCP) Handshake
20. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
router
limitation of liability and remedies
Backdoor
Corrective Controls
21. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Last In First Out (LIFO)
private network address
ping sweep
A S
22. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Discretionary Access Control (DAC)
FTP
INFOSEC Assessment Methodology (IAM)
Third Party
23. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
RxBoot
Banner Grabbing
initial sequence number (ISN)
-sU
24. The condition of a resource being ready for use and accessible by authorized users.
Availability
honeypot
Pretty Good Privacy (PGP)
Temporal Key Integrity Protocol (TKIP)
25. The conveying of official access or legal power to a person or entity.
Fiber Distributed Data Interface (FDDI)
false rejection rate (FRR)
Authorization
session splicing
26. The process of determining if a network entity (user or service) is legitimate
gray box testing
Telnet
Authentication
Asset
27. The act of dialing all numbers within an organization to discover open modems.
War Dialing
Man-in-the-middle attack
-PM
Digital Signature
28. A Windows-based GUI version of nmap.
risk acceptance
Simple Object Access Protocol (SOAP)
network access server
Zenmap
29. NSA
risk transference
Cryptographic Key
National Security Agency
White Box Testing
30. MAC Flooding
net use \[target ip]IPC$ '' /user:''
piggybacking
Buffer
Overwhelm CAM table to convert switch to hub mode
31. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
Daemon
Information Technology (IT) asset valuation
network operations center (NOC)
gray hat
32. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
Malicious code
stateful packet filtering
Digital Certificate
802.11 i
33. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
Information Technology (IT) security architecture and framework
Auditing
Password Authentication Protocol (PAP)
Internal access to the network
34. A protocol used to pass control and error messages between nodes on the Internet.
Internet Control Message Protocol (ICMP)
Sign in Seal
RID Resource identifier
personal identification number (PIN)
35. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
encryption
Black Box Testing
International Organization for Standardization (ISO)
User Datagram Protocol (UDP)
36. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
halo effect
red team
Cryptographic Key
false negative
37. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
-PT
Presentation layer
INFOSEC Assessment Methodology (IAM)
risk assessment
38. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
single loss expectancy (SLE)
Malicious code
public key
Application-Level Attacks
39. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Unicode
Exposure Factor
Rijndael
symmetric encryption
40. 18 U.S.C. 1029
payload
Possession of access devices
Telnet
Open System Interconnection (OSI) Reference Model
41. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Information Technology Security Evaluation Criteria (ITSEC)
Fast Ethernet
Backdoor
hashing algorithm
42. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
smart card
symmetric algorithm
shrink-wrap code attacks
Annualized Loss Expectancy (ALE)
43. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Vulnerability Management
Transmission Control Protocol (TCP)
hot site
--randomize_hosts -O OS fingerprinting
44. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
Hypertext Transfer Protocol Secure (HTTPS)
Cache
session splicing
hacktivism
45. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
TACACS
Wired Equivalent Privacy (WEP)
port redirection
Malware
46. A host designed to collect data on suspicious activity.
Boot Sector Virus
honeypot
End User Licensing Agreement (EULA)
Due Care
47. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
Tumbling
Address Resolution Protocol (ARP)
-p <port ranges>
War Chalking
48. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
security controls
802.11 i
parameter tampering
OpenBSD
49. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Temporal Key Integrity Protocol (TKIP)
Virtual Local Area Network (VLAN)
Blowfish
Domain Name System (DNS) lookup
50. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
symmetric algorithm
gateway
Three-Way (TCP) Handshake
Lightweight Directory Access Protocol (LDAP)