SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
Information Technology Security Evaluation Criteria (ITSEC)
Vulnerability Assessment
-sP
SYN attack
2. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
Exploit
Videocipher II Satellite Encryption System
-PM
secure channel
3. The change or growth of a project's scope
scope creep
-oG
session hijacking
Target Of Engagement (TOE)
4. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Ciphertext
White Box Testing
Common Internet File System/Server Message Block
Authorization
5. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
Fraud and related activity in connection with computers
integrity
symmetric encryption
Internet service provider (ISP)
6. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Blowfish
Timestamping
A
Tunneling Virus
7. A point of reference used to mark an initial state in order to manage change.
Acknowledgment (ACK)
risk avoidance
Zero Subnet
Baseline
8. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
packet
Crossover Error Rate (CER)
SID
Due Care
9. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
Transport Layer Security (TLS)
Audit Trail
qualitative analysis
security incident response team (SIRT)
10. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
Confidentiality
iris scanner
role-based access control
Domain Name System (DNS) lookup
11. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
Presentation layer
protocol stack
Routing Information Protocol (RIP)
phishing
12. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Anonymizer
Open System Interconnection (OSI) Reference Model
Assessment
secure channel
13. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
Black Hat
Competitive Intelligence
RPC-DCOM
File Transfer Protocol (FTP)
14. Describes practices in production and development that promote access to the end product's source materials.
Eavesdropping
Asymmetric
Asynchronous
open source
15. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
Cryptographic Key
security defect
Telnet
Authentication - Authorization - and Accounting (AAA)
16. FIN Scan
-sU
signature scanning
Bluejacking
-sF
17. A tool that helps a company to compare its actual performance with its potential performance.
gap analysis
site survey
Packet Internet Groper (ping)
ring topology
18. Evaluation in which testers attempt to penetrate the network.
promiscuous mode
sniffer
Authentication
Level III assessment
19. ICMP Type/Code 8
Fast Ethernet
SAM
Echo request
passive attack
20. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Bluetooth
Simple Mail Transfer Protocol (SMTP)
Challenge Handshake Authentication Protocol (CHAP)
Biometrics
21. A group of experts that handles computer security incidents.
proxy server
security incident response team (SIRT)
DNS
Wide Area Network (WAN)
22. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
Overwhelm CAM table to convert switch to hub mode
R
patch
symmetric algorithm
23. TCP SYN Scan
infrastructure mode
-sS
NOP
spoofing
24. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
Wi-Fi Protected Access (WPA)
security kernel
Access Point (AP)
TACACS
25. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Ethical Hacker
rootkit
encapsulation
Black Box Testing
26. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
CIA triangle
rogue access point
private key
protocol
27. A social-engineering attack that manipulates the victim into calling the attacker for help.
reverse social engineering
Boot Sector Virus
null session
logic bomb
28. ICMP Timestamp
-PP
overt channel
parallel scan & 75 sec timeout & 0.3 sec/probe
Certificate
29. A type of malware that covertly collects information about a user.
Distributed DoS (DDoS)
spyware
Information Technology (IT) security architecture and framework
Replacing numbers in a url to access other files
30. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
Malicious code
network tap
HTTP tunneling
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
31. Network Scanning
POP 3
Decryption
A procedure for identifying active hosts on a network.
routed protocol
32. Sneaky scan timing
S
Echo Reply
serialize scans & 15 sec wait
Certificate
33. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
Virus Hoax
Access Creep
Baseline
EDGAR database
34. Monitoring of telephone or Internet conversations - typically by covert means.
ping sweep
impersonation
Wiretapping
CAM table
35. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Post Office Protocol 3 (POP3)
RID Resource identifier
Virus Hoax
nslookup
36. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
SYN attack
Data Link layer
secure channel
Fast Ethernet
37. Port 135
RPC-DCOM
security incident response team (SIRT)
Written Authorization
impersonation
38. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Eavesdropping
intrusion detection system (IDS)
Back orifice
The automated process of proactively identifying vulnerabilities of computing systems present in a network
39. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
quantitative risk assessment
Information Technology (IT) security architecture and framework
gray hat
Authentication - Authorization - and Accounting (AAA)
40. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
-oX
Defines legal email marketing
Web Spider
hacktivism
41. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
identity theft
Collision
Digital Certificate
Network Address Translation (NAT)
42. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Black Hat
Computer-Based Attack
Bluesnarfing
Common Internet File System/Server Message Block
43. A data encryption/decryption program often used for e-mail and file storage.
Kerberos
private key
Administratively Prohibited
Pretty Good Privacy (PGP)
44. The act of dialing all numbers within an organization to discover open modems.
War Dialing
Defense in Depth
Secure Sockets Layer (SSL)
NOP
45. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Asset
red team
Transmission Control Protocol (TCP)
keylogger
46. White box test
Audit Data
Media Access Control (MAC)
Bug
Internal access to the network
47. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
-sX
routed protocol
SSH
Kerberos
48. Phases of an attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Syslog
File Transfer Protocol (FTP)
queue
49. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
initial sequence number (ISN)
gray hat
serialize scans & 0.4 sec wait
Point-to-Point Protocol (PPP)
50. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
hash
Exploit
Internet Protocol Security (IPSec) architecture
Anonymizer
