SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack that combines a brute-force attack with a dictionary attack.
-PB
session hijacking
hybrid attack
forwarding
2. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Computer Emergency Response Team (CERT)
Exploit
False Acceptance Rate (FAR)
Simple Object Access Protocol (SOAP)
3. FIN Scan
Block Cipher
Post Office Protocol 3 (POP3)
-sF
Media Access Control (MAC)
4. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Authentication - Authorization - and Accounting (AAA)
Man-in-the-middle attack
SOA record
Telnet
5. Computer software or hardware that can intercept and log traffic passing over a digital network.
A
sniffer
hashing algorithm
Administratively Prohibited
6. The monetary value assigned to an IT asset.
SNMP
Information Technology (IT) asset valuation
self encrypting
Decryption
7. Port 53
Buffer
DNS
risk transference
hashing algorithm
8. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
XOR Operation
packet
Internal access to the network
qualitative analysis
9. ex 02
S
Vulnerability Assessment
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
hacktivism
10. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
non-repudiation
honeypot
Back orifice
Local Administrator
11. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
Secure Sockets Layer (SSL)
Back orifice
parallel scan & 300 sec timeout & 1.25 sec/probe
identity theft
12. The art and science of creating a covert message or image within another message - image - audio - or video file.
Redundant Array of Independent Disks (RAID)
steganography
serialize scans & 0.4 sec wait
routed protocol
13. Phases of an attack
Third Party
penetration testing
shoulder surfing
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
14. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
Vulnerability
security bulletins
Whois
Secure Sockets Layer (SSL)
15. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Copyright
hardware keystroke logger
protocol stack
halo effect
16. LM Hash for short passwords (under 7)
Web Spider
-p <port ranges>
Service Set Identifier (SSID)
404EE
17. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Cold Site
Electronic serial number
impersonation
session splicing
18. A document describing information security guidelines - policies - procedures - and standards.
HTTP tunneling
Information Technology (IT) security architecture and framework
Open System Interconnection (OSI) Reference Model
Exploit
19. A data encryption/decryption program often used for e-mail and file storage.
Auditing
Pretty Good Privacy (PGP)
risk transference
Virus Hoax
20. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Certificate Authority (CA)
RPC-DCOM
Tunneling Virus
Information Technology (IT) asset valuation
21. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Banner Grabbing
rootkit
risk avoidance
Time exceeded
22. The process of using easily accessible DNS records to map a target network's internal hosts.
Internet Protocol Security (IPSec) architecture
infrastructure mode
-sP
DNS enumeration
23. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can
stateful packet filtering
Secure Sockets Layer (SSL)
risk acceptance
route
24. A computer network confined to a relatively small area - such as a single building or campus.
local area network (LAN)
A
Vulnerability Management
Certificate
25. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
qualitative analysis
Internet service provider (ISP)
SNMP
Active Attack
26. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
Active Directory (AD)
Decryption
Asymmetric
footprinting
27. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
Access Control List (ACL)
SAM
security controls
Point-to-Point Protocol (PPP)
28. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
Written Authorization
hashing algorithm
Crossover Error Rate (CER)
protocol
29. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
-sL
security incident response team (SIRT)
symmetric encryption
Due Care
30. Controls to detect anomalies or undesirable events occurring on a system.
Authentication Header (AH)
Hacks without permission
Detective Controls
Cryptography
31. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
Zone transfer
Audit Trail
Certificate
personal identification number (PIN)
32. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
red team
physical security
Hacks with permission
phishing
33. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
A S
net use \[target ip]IPC$ '' /user:''
Pretty Good Privacy (PGP)
Trojan Horse
34. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
Backdoor
overt channel
reverse social engineering
Fiber Distributed Data Interface (FDDI)
35. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
rule-based access control
Crossover Error Rate (CER)
RPC-DCOM
Due Diligence
36. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
-sP
Cryptographic Key
router
piggybacking
37. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
remote procedure call (RPC)
Cookie
Wide Area Network (WAN)
Videocipher II Satellite Encryption System
38. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Hacks without permission
Electronic Code Book (ECB)
Internet Protocol Security (IPSec) architecture
Defense in Depth
39. A group of people - gathered together by a business entity - working to address a specific problem or goal.
parallel scan
Hypertext Transfer Protocol (HTTP)
script kiddie
Tiger Team
40. Evaluation in which testers attempt to penetrate the network.
Wi-Fi
Level III assessment
audit
-P0
41. A protocol defining packets that are able to be routed by a router.
Auditing
routed protocol
ECHO reply
passive attack
42. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
self encrypting
Domain Name System (DNS)
Authentication Header (AH)
Anonymizer
43. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Trusted Computer Base (TCB)
serialize scans & 0.4 sec wait
-sL
integrity
44. ICMP Type/Code 0-0
Echo Reply
quality of service (QoS)
Client
Directory Traversal
45. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
ping sweep
Vulnerability
Certificate
NOP
46. Another term for firewalking
qualitative analysis
Block Cipher
packet filtering
port knocking
47. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Common Internet File System/Server Message Block
role-based access control
ECHO reply
payload
48. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Domain Name
Rijndael
Vulnerability Management
Blowfish
49. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
CAM table
fully qualified domain name (FQDN)
Transmission Control Protocol (TCP)
spoofing
50. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
security by obscurity
-sS
Due Care
Asymmetric