SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
network tap
Backdoor
DNS
Virtual Local Area Network (VLAN)
2. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Finger
Daisy Chaining
parameter tampering
smart card
3. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
-sA
security breach or security incident
Temporal Key Integrity Protocol (TKIP)
Wi-Fi
4. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
-sF
keylogger
-P0
Institute of Electrical and Electronics Engineers (IEEE)
5. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
asynchronous transmission
Boot Sector Virus
-p <port ranges>
reverse lookup; reverse DNS lookup
6. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
impersonation
Temporal Key Integrity Protocol (TKIP)
signature scanning
Unicode
7. A social-engineering attack that manipulates the victim into calling the attacker for help.
Ethernet
reverse social engineering
-sA
Internet Protocol Security (IPSec) architecture
8. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
National Security Agency
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Network Address Translation (NAT)
Last In First Out (LIFO)
9. A computer network confined to a relatively small area - such as a single building or campus.
polymorphic virus
local area network (LAN)
-sL
Corrective Controls
10. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
parallel scan & 75 sec timeout & 0.3 sec/probe
Black Hat
Database
phishing
11. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Collision Domain
HTTP
Man-in-the-middle attack
single loss expectancy (SLE)
12. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
TACACS
Daemon
hybrid attack
parameter tampering
13. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Electronic Code Book (ECB)
Local Administrator
EDGAR database
Telnet
14. The monetary value assigned to an IT asset.
smart card
Information Technology (IT) asset valuation
Buffer Overflow
Multipurpose Internet Mail Extensions (MIME)
15. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
Community String
single loss expectancy (SLE)
Request for Comments (RFC)
Man-in-the-middle attack
16. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
router
File Transfer Protocol (FTP)
Web Spider
forwarding
17. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
Digital Certificate
footprinting
-sP
intrusion prevention system (IPS)
18. 18 U.S.C. 1030
Bluetooth
Fraud and related activity in connection with computers
Virtual Private Network (VPN)
Time exceeded
19. Establish Null Session
net use \[target ip]IPC$ '' /user:''
Request for Comments (RFC)
NT LAN Manager (NTLM)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
20. The process of using easily accessible DNS records to map a target network's internal hosts.
Temporal Key Integrity Protocol (TKIP)
Address Resolution Protocol (ARP)
Request for Comments (RFC)
DNS enumeration
21. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
Biometrics
gray box testing
Vulnerability Management
FreeBSD
22. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
Level II assessment
heuristic scanning
Target Of Engagement (TOE)
Time exceeded
23. A protocol used for sending and receiving log information for nodes on a network.
Syslog
Telnet
Vulnerability Scanning
Address Resolution Protocol (ARP)
24. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
XOR Operation
Due Diligence
Baseline
open source
25. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
Cryptography
symmetric algorithm
parallel scan
-sS
26. ICMP Ping
Domain Name
serialize scans & 0.4 sec wait
Minimum acceptable level of risk
-PI
27. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
spyware
Electronic serial number
false rejection rate (FRR)
Trusted Computer System Evaluation Criteria (TCSEC)
28. A list of IP addresses and corresponding MAC addresses stored on a local computer.
-PP
Address Resolution Protocol (ARP) table
-sI
Demilitarized Zone (DMZ)
29. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
Warm Site
source routing
Virtual Local Area Network (VLAN)
Minimum acceptable level of risk
30. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
key exchange protocol
-sF
serialize scans & 15 sec wait
quality of service (QoS)
31. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
null session
Cookie
promiscuous mode
Internet Control Message Protocol (ICMP)
32. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Trusted Computer Base (TCB)
single loss expectancy (SLE)
802.11 i
Wireless Local Area Network (WLAN)
33. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Level III assessment
Authentication - Authorization - and Accounting (AAA)
non-repudiation
White Box Testing
34. A person or entity indirectly involved in a relationship between two principles.
Third Party
keylogger
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
-oA
35. Hex 10
Boot Sector Virus
False Acceptance Rate (FAR)
CIA triangle
A
36. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Time To Live (TTL)
Third Party
router
network tap
37. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
spam
-sU
honeynet
Destination Unreachable
38. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
Smurf attack
piggybacking
Defense in Depth
gray hat
39. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
Electronic serial number
Bluejacking
Bastion host
Media Access Control (MAC)
40. A document describing information security guidelines - policies - procedures - and standards.
Information Technology (IT) security architecture and framework
Extensible Authentication Protocol (EAP)
honeynet
key exchange protocol
41. ACK Scan
Wide Area Network (WAN)
-sA
-sP
Telnet
42. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
MD5
Information Technology (IT) asset criticality
qualitative analysis
-PM
43. IP Protocol Scan
qualitative analysis
-sO
User Datagram Protocol (UDP)
-oA
44. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
NetBSD
Tumbling
Cryptography
Secure Multipurpose Mail Extension (S/MIME)
45. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
Simple Object Access Protocol (SOAP)
Baseline
-oG
Cloning
46. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Ethical Hacker
halo effect
Denial of Service (DoS)
Address Resolution Protocol (ARP) table
47. The potential for damage to or loss of an IT asset
Internet Protocol Security (IPSec) architecture
risk
Wrapper
Application Layer
48. Another term for firewalking
Domain Name System (DNS) cache poisoning
SYN attack
port knocking
White Box Testing
49. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Application Layer
Collision Domain
MAC filtering
File Transfer Protocol (FTP)
50. An Internet routing protocol used to exchange routing information within an autonomous system.
initial sequence number (ISN)
security incident response team (SIRT)
Cookie
Interior Gateway Protocol (IGP)