SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
firewall
Tiger Team
-sU
2. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
Cracker
symmetric encryption
Directory Traversal
-oG
3. A person or entity indirectly involved in a relationship between two principles.
Routing Information Protocol (RIP)
Point-to-Point Protocol (PPP)
Third Party
risk acceptance
4. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
-PI
Point-to-Point Protocol (PPP)
Cloning
reconnaissance
5. Insane scan timing
Blowfish
parallel scan & 75 sec timeout & 0.3 sec/probe
Overwhelm CAM table to convert switch to hub mode
POST
6. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
packet filtering
Malicious code
HTTP
Exposure Factor
7. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Daisy Chaining
Whois
keylogger
Kerberos
8. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Internet service provider (ISP)
encapsulation
spam
Cookie
9. ICMP Netmask
-PM
Finding a directory listing and gaining access to a parent or root file for access to other files
Asynchronous
Target Of Engagement (TOE)
10. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
Computer Emergency Response Team (CERT)
HTTP tunneling
HIDS
Cracker
11. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
sidejacking
hot site
Defines legal email marketing
Tunnel
12. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
Active Directory (AD)
-sP
DNS enumeration
Cookie
13. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
false rejection rate (FRR)
Videocipher II Satellite Encryption System
security breach or security incident
14. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
Videocipher II Satellite Encryption System
gap analysis
Wi-Fi
spoofing
15. Any network incident that prompts some kind of log entry or other notification.
Domain Name System (DNS)
Secure Multipurpose Mail Extension (S/MIME)
Event
Audit Trail
16. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
Block Cipher
suicide hacker
-sL
Console Port
17. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
Third Party
International Organization for Standardization (ISO)
Temporal Key Integrity Protocol (TKIP)
Telnet
18. ICMP Type/Code 3-13
halo effect
Administratively Prohibited
Virus Hoax
Tiger Team
19. Polite scan timing
hacktivism
-PM
serialize scans & 0.4 sec wait
Cryptographic Key
20. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
RxBoot
Anonymizer
risk assessment
hybrid attack
21. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
Information Technology (IT) asset criticality
Serial Line Internet Protocol (SLIP)
flood
personal identification number (PIN)
22. Hex 10
A
Vulnerability Scanning
CNAME record
NOP
23. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
Wrapper
Ethical Hacker
Application-Level Attacks
non-repudiation
24. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
hot site
firewalking
Fiber Distributed Data Interface (FDDI)
Trapdoor Function
25. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Eavesdropping
-P0
serial scan & 300 sec wait
War Chalking
26. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Service Set Identifier (SSID)
Audit Trail
Information Technology (IT) security architecture and framework
Digital Watermarking
27. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
secure channel
Tunnel
Buffer Overflow
packet
28. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
-sA
Google hacking
Due Diligence
Filter
29. The transmission of digital signals without precise clocking or synchronization.
Tunneling Virus
International Organization for Standardization (ISO)
asynchronous transmission
RxBoot
30. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Written Authorization
enumeration
audit
Malware
31. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
private network address
Denial of Service (DoS)
Database
Interior Gateway Protocol (IGP)
32. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
Crossover Error Rate (CER)
Denial of Service (DoS)
hybrid attack
Threat
33. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
network tap
Secure Sockets Layer (SSL)
reverse social engineering
Bit Flipping
34. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
NetBus
risk acceptance
-sV
Domain Name System (DNS) lookup
35. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
impersonation
Access Control List (ACL)
SMB
-sV
36. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
public key
reverse lookup; reverse DNS lookup
S
Corrective Controls
37. Version Detection Scan
Digital Certificate
Post Office Protocol 3 (POP3)
-sV
Internet Protocol (IP)
38. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Electronic Code Book (ECB)
reverse lookup; reverse DNS lookup
Acknowledgment (ACK)
Point-to-Point Tunneling Protocol (PPTP)
39. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
out-of-band signaling
Black Box Testing
Virus
security by obscurity
40. A computer process that requests a service from another computer and accepts the server's responses.
Unicode
Password Authentication Protocol (PAP)
firewalking
Client
41. Directory Transversal
Finding a directory listing and gaining access to a parent or root file for access to other files
out-of-band signaling
SAM
-sL
42. A point of reference used to mark an initial state in order to manage change.
-PP
Common Internet File System/Server Message Block
inference attack
Baseline
43. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
CIA triangle
Secure Multipurpose Mail Extension (S/MIME)
DNS
Wi-Fi Protected Access (WPA)
44. RPC Scan
Domain Name System (DNS) lookup
S
-sR
DNS enumeration
45. Injecting traffic into the network to identify the operating system of a device.
Ciphertext
XOR Operation
Active Fingerprinting
Redundant Array of Independent Disks (RAID)
46. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
Self Replicating
private network address
POST
Malicious code
47. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Wi-Fi Protected Access (WPA)
Client
Simple Object Access Protocol (SOAP)
Multipurpose Internet Mail Extensions (MIME)
48. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Zombie
Cloning
hot site
Information Technology Security Evaluation Criteria (ITSEC)
49. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
private network address
Electronic serial number
Certificate Authority (CA)
-PT
50. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
stateful packet filtering
Internet Assigned Number Authority (IANA)
Electronic serial number