SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
-sA
false rejection rate (FRR)
Written Authorization
Exploit
2. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Acceptable Use Policy (AUP)
quantitative risk assessment
Domain Name System (DNS) lookup
Malware
3. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
-sR
stream cipher
Real application encompassing Trojan
-P0
4. A business - government agency - or educational institution that provides access to the Internet.
Information Technology Security Evaluation Criteria (ITSEC)
Internet service provider (ISP)
Due Care
Ethical Hacker
5. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
symmetric encryption
SAM
Ethernet
6. Port 22
DNS
Simple Object Access Protocol (SOAP)
Brute-Force Password Attack
SSH
7. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
Tunnel
Lightweight Directory Access Protocol (LDAP)
Port Address Translation (PAT)
out-of-band signaling
8. Polite scan timing
Exposure Factor
intrusion prevention system (IPS)
open source
serialize scans & 0.4 sec wait
9. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Application-Level Attacks
Tunneling
Virus
parallel scan & 300 sec timeout & 1.25 sec/probe
10. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
asynchronous transmission
Information Technology (IT) infrastructure
White Box Testing
Active Attack
11. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Contingency Plan
Active Directory (AD)
hardware keystroke logger
replay attack
12. The software product or system that is the subject of an evaluation.
Target Of Engagement (TOE)
Mantrap
Level III assessment
Active Attack
13. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
File Transfer Protocol (FTP)
serialize scans & 0.4 sec wait
Assessment
Cryptography
14. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Black Box Testing
Hierarchical File System (HFS)
Bluejacking
qualitative analysis
15. Formal description and evaluation of the vulnerabilities in an information system
Dumpster Diving
Bastion host
Vulnerability Assessment
Ciphertext
16. A group of people - gathered together by a business entity - working to address a specific problem or goal.
Serial Line Internet Protocol (SLIP)
Wi-Fi
NetBSD
Tiger Team
17. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
-sL
security controls
serialize scans & 15 sec wait
firewall
18. A Canonical Name record within DNS - used to provide an alias for a domain name.
Application Layer
-sF
Vulnerability Management
CNAME record
19. Cracking Tools
Routing Information Protocol (RIP)
false rejection rate (FRR)
-sF
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
20. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Bastion host
Local Administrator
-sX
Internet service provider (ISP)
21. A free and popular version of the Unix operating system.
SMB
Covert Channel
FreeBSD
SAM
22. 18 U.S.C. 1029
-sT
Possession of access devices
RPC-DCOM
penetration testing
23. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
Confidentiality
limitation of liability and remedies
Wi-Fi
Exploit
24. A computer network confined to a relatively small area - such as a single building or campus.
Virus
private key
local area network (LAN)
Zero Subnet
25. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
iris scanner
Mantrap
separation of duties
Black Box Testing
26. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
-sP
Countermeasures
polymorphic virus
Secure Sockets Layer (SSL)
27. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Corrective Controls
overt channel
Real application encompassing Trojan
POST
28. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Electronic Code Book (ECB)
Point-to-Point Protocol (PPP)
risk acceptance
LDAP
29. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
ring topology
rule-based access control
human-based social engineering
Annualized Loss Expectancy (ALE)
30. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Distributed DoS (DDoS)
Mandatory access control (MAC)
Cookie
node
31. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
gray hat
segment
-sP
Sign in Seal
32. A string that represents the location of a web resource
Uniform Resource Locator (URL)
Third Party
reverse social engineering
iris scanner
33. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
security incident response team (SIRT)
404EE
Bit Flipping
pattern matching
34. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
-oA
Request for Comments (RFC)
Directory Traversal
Discretionary Access Control (DAC)
35. The level of importance assigned to an IT asset
Address Resolution Protocol (ARP)
footprinting
Information Technology (IT) asset criticality
hashing algorithm
36. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Denial of Service (DoS)
International Organization for Standardization (ISO)
War Dialing
Telnet
37. Hex 10
OpenBSD
NetBSD
Active Fingerprinting
A
38. A communications protocol used for browsing the Internet.
parallel scan
intrusion detection system (IDS)
identity theft
Hypertext Transfer Protocol (HTTP)
39. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Boot Sector Virus
site survey
halo effect
proxy server
40. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
Wide Area Network (WAN)
human-based social engineering
firewalking
Vulnerability Assessment
41. 18 U.S.C. 1030
CIA triangle
-PM
script kiddie
Fraud and related activity in connection with computers
42. A host designed to collect data on suspicious activity.
Cryptography
Hypertext Transfer Protocol (HTTP)
Macro virus
honeypot
43. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
Timestamping
U P F
signature scanning
44. ICMP Type/Code 0-0
-oN
Cracker
-sR
Echo Reply
45. A social-engineering attack that manipulates the victim into calling the attacker for help.
hot site
parameter tampering
reverse social engineering
Third Party
46. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
halo effect
Audit Data
honeynet
Asset
47. A defined measure of service within a network system
Destination Unreachable
quality of service (QoS)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Tini
48. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
Information Technology Security Evaluation Criteria (ITSEC)
false negative
Port Address Translation (PAT)
Multipartite virus
49. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).
port scanning
Cloning
audit
Fast Ethernet
50. nmap
--randomize_hosts -O OS fingerprinting
Fast Ethernet
Demilitarized Zone (DMZ)
shrink-wrap code attacks
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests