SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
suicide hacker
packet
Network Address Translation (NAT)
Address Resolution Protocol (ARP)
2. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Packet Internet Groper (ping)
public key infrastructure (PKI)
Asynchronous
Droppers
3. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
ISO 17799
Point-to-Point Protocol (PPP)
Antivirus (AV) software
Password Authentication Protocol (PAP)
4. LM Hash for short passwords (under 7)
War Chalking
404EE
router
Discretionary Access Control (DAC)
5. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
encryption
SYN flood attack
Telnet
Tunnel
6. A documented process for a procedure designed to be consistent - repeatable - and accountable.
intranet
Methodology
hashing algorithm
Daemon
7. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
Buffer
Simple Mail Transfer Protocol (SMTP)
session hijacking
protocol stack
8. Nmap ml output
Virus Hoax
shoulder surfing
Asynchronous
-oX
9. A virus designed to infect the master boot record.
Time Bomb
Master boot record infector
intranet
Trusted Computer Base (TCB)
10. 18 U.S.C. 1030
Multipartite virus
Fraud and related activity in connection with computers
Anonymizer
scope creep
11. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Audit Data
White Box Testing
End User Licensing Agreement (EULA)
Authentication - Authorization - and Accounting (AAA)
12. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Black Box Testing
iris scanner
POST
Telnet
13. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
null session
security incident response team (SIRT)
identity theft
site survey
14. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.
Address Resolution Protocol (ARP)
rule-based access control
TACACS
hardware keystroke logger
15. Polymorphic Virus
Due Care
SID
self encrypting
inference attack
16. Insane scan timing
Worm
Antivirus (AV) software
parallel scan & 75 sec timeout & 0.3 sec/probe
Destination Unreachable
17. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Challenge Handshake Authentication Protocol (CHAP)
Blowfish
-sP
security defect
18. A wireless networking mode where all clients connect to the wireless network through a central access point.
Trojan Horse
sidejacking
hybrid attack
infrastructure mode
19. The software product or system that is the subject of an evaluation.
single loss expectancy (SLE)
Bluejacking
Hypertext Transfer Protocol Secure (HTTPS)
Target Of Engagement (TOE)
20. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
-oA
single loss expectancy (SLE)
Due Care
security breach or security incident
21. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Secure Multipurpose Mail Extension (S/MIME)
Information Technology (IT) asset criticality
Cold Site
polymorphic virus
22. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Anonymizer
Level I assessment
qualitative analysis
Directory Traversal
23. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Data Encryption Standard (DES)
No previous knowledge of the network
overt channel
-PS
24. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Information Technology Security Evaluation Criteria (ITSEC)
audit
Transmission Control Protocol (TCP)
Adware
25. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Worm
public key
encapsulation
parallel scan & 75 sec timeout & 0.3 sec/probe
26. Hex 14
POP 3
network access server
Decryption
A R
27. Port 135
RPC-DCOM
Syslog
Time To Live (TTL)
Extensible Authentication Protocol (EAP)
28. A protocol defining packets that are able to be routed by a router.
Due Diligence
Daemon
Internal access to the network
routed protocol
29. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
Bluesnarfing
enumeration
XOR Operation
Interior Gateway Protocol (IGP)
30. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
network operations center (NOC)
FreeBSD
Corrective Controls
social engineering
31. UDP Scan
Cryptographic Key
Countermeasures
NetBSD
-sU
32. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
Packet Internet Groper (ping)
SYN attack
SOA record
Trojan Horse
33. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
A procedure for identifying active hosts on a network.
Competitive Intelligence
Confidentiality
Application Layer
34. ICMP Netmask
Network Address Translation (NAT)
Hacks without permission
R
-PM
35. Sneaky scan timing
A S
Domain Name System (DNS) lookup
serialize scans & 15 sec wait
Time To Live (TTL)
36. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
Community String
Secure Multipurpose Mail Extension (S/MIME)
NOP
Network Basic Input/Output System (NetBIOS)
37. Transmitting one protocol encapsulated inside another protocol.
routed protocol
out-of-band signaling
Tunneling
Simple Object Access Protocol (SOAP)
38. The default network authentication suite of protocols for Windows NT 4.0
POST
NT LAN Manager (NTLM)
Smurf attack
Biometrics
39. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
Fast Ethernet
Data Encryption Standard (DES)
intrusion detection system (IDS)
security defect
40. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
War Driving
hot site
Domain Name
Community String
41. Port 53
payload
Third Party
End User Licensing Agreement (EULA)
DNS
42. Computer software or hardware that can intercept and log traffic passing over a digital network.
Dumpster Diving
sniffer
-PS
Authorization
43. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
A R
Copyright
Temporal Key Integrity Protocol (TKIP)
Information Technology (IT) security architecture and framework
44. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Data Link layer
rootkit
Last In First Out (LIFO)
Finger
45. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Mandatory access control (MAC)
Extensible Authentication Protocol (EAP)
inference attack
logic bomb
46. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
CAM table
port scanning
Hacks with permission
stateful packet filtering
47. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.
hot site
source routing
Minimum acceptable level of risk
User Datagram Protocol (UDP)
48. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
Access Point (AP)
phishing
FreeBSD
49. The conveying of official access or legal power to a person or entity.
public key infrastructure (PKI)
Authorization
reverse social engineering
Collision Domain
50. An organized collection of data.
International Organization for Standardization (ISO)
Antivirus (AV) software
Asymmetric Algorithm
Database
