Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Destination Unreachable
rogue access point
Tunneling Virus
Multipurpose Internet Mail Extensions (MIME)

2. The change or growth of a project's scope
scope creep
parallel scan
intranet
false rejection rate (FRR)

3. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
reverse lookup; reverse DNS lookup
Collision
Redundant Array of Independent Disks (RAID)
SID

4. Port 161/162
shoulder surfing
Level I assessment
SNMP
Availability

5. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
ping sweep
Due Care
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Baseline

6. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Archive
site survey
network interface card (NIC)
Secure Sockets Layer (SSL)

7. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Due Diligence
Smurf attack
Audit Trail
fragmentation

8. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
Macro virus
asynchronous transmission
public key
Redundant Array of Independent Disks (RAID)

9. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
network access server
Sign in Seal
Trusted Computer System Evaluation Criteria (TCSEC)
Unicode

10. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Asynchronous
Finger
End User Licensing Agreement (EULA)
overt channel

11. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Bastion host
Simple Object Access Protocol (SOAP)
protocol
Daemon

12. A file system used by the Mac OS.
Echo request
source routing
Adware
Hierarchical File System (HFS)

13. Any item of value or worth to an organization - whether physical or virtual.
Algorithm
Asset
Auditing
POP 3

14. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Port Address Translation (PAT)
Corrective Controls
security bulletins
ECHO reply

15. don't ping
File Transfer Protocol (FTP)
route
Active Fingerprinting
-P0

16. A wireless networking mode where all clients connect to the wireless network through a central access point.
Man-in-the-middle attack
integrity
infrastructure mode
Digital Signature

17. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
firewall
SYN attack
Exploit
reverse social engineering

18. An Application layer protocol for sending electronic mail between servers.
Daemon
Simple Mail Transfer Protocol (SMTP)
Asymmetric
A R

19. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
Bastion host
End User Licensing Agreement (EULA)
Tunnel
Point-to-Point Tunneling Protocol (PPTP)

20. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
net use \[target ip]IPC$ '' /user:''
FTP
No previous knowledge of the network
private network address

21. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
Address Resolution Protocol (ARP)
serialize scans & 0.4 sec wait
Authentication
Assessment

22. ICMP Type/Code 0-0
Echo Reply
-sW
Digital Watermarking
Telnet

23. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
EDGAR database
-sT
-oX
Minimum acceptable level of risk

24. A host designed to collect data on suspicious activity.
hot site
Redundant Array of Independent Disks (RAID)
Boot Sector Virus
honeypot

25. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Request for Comments (RFC)
router
Challenge Handshake Authentication Protocol (CHAP)
Mandatory access control (MAC)

26. A software or hardware defect that often results in system vulnerabilities.
Bug
Authentication
risk
Telnet

27. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Google hacking
Bluesnarfing
-sV
logic bomb

28. A protocol defining packets that are able to be routed by a router.
proxy server
Mantrap
routed protocol
Tunnel

29. Idlescan
-sF
-sI
Time To Live (TTL)
Worm

30. Any network incident that prompts some kind of log entry or other notification.
port knocking
Exposure Factor
Event
Trapdoor Function

31. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
CIA triangle
Console Port
Information Technology (IT) infrastructure
shrink-wrap code attacks

32. Black box test
No previous knowledge of the network
ad hoc mode
Buffer
POP 3

33. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
TACACS
session hijacking
Internet Protocol Security (IPSec) architecture
-P0

34. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
private network address
Tunneling
Anonymizer
Trojan Horse

35. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
Secure Multipurpose Mail Extension (S/MIME)
pattern matching
Trusted Computer System Evaluation Criteria (TCSEC)
Data Link layer

36. Port 110
Data Link layer
Annualized Loss Expectancy (ALE)
POP 3
Password Authentication Protocol (PAP)

37. A Windows-based GUI version of nmap.
Digital Watermarking
Zenmap
Domain Name System (DNS)
Tunneling

38. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
Eavesdropping
ring topology
rule-based access control
NetBus

39. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
promiscuous mode
keylogger
Certificate Authority (CA)
Bit Flipping

40. Normal scan timing
Warm Site
Boot Sector Virus
Simple Network Management Protocol (SNMP)
parallel scan

41. nmap
RPC-DCOM
Countermeasures
-p <port ranges>
Authentication - Authorization - and Accounting (AAA)

42. The Security Accounts Manager file in Windows stores all the password hashes for the system.
SAM
Rijndael
Kerberos
hash

43. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
hardware keystroke logger
Daemon
shrink-wrap code attacks
network interface card (NIC)

44. Formal description and evaluation of the vulnerabilities in an information system
Vulnerability Assessment
Finger
Certificate Authority (CA)
route

45. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.
Finding a directory listing and gaining access to a parent or root file for access to other files
hardware keystroke logger
Level I assessment
Fast Ethernet

46. A tool that helps a company to compare its actual performance with its potential performance.
ring topology
Self Replicating
gap analysis
-sP

47. A virus written in a macro language and usually embedded in document or spreadsheet files.
Target Of Engagement (TOE)
Macro virus
physical security
iris scanner

48. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
Level II assessment
Wi-Fi
risk avoidance
Packet Internet Groper (ping)

49. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Port Address Translation (PAT)
Accountability
false negative
Black Hat

50. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Minimum acceptable level of risk
Baseline
firewalking
Cryptographic Key