SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
International Organization for Standardization (ISO)
Timestamping
Countermeasures
2. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Back orifice
Block Cipher
Methodology
Electronic Code Book (ECB)
3. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Hierarchical File System (HFS)
-sS
Information Technology (IT) security architecture and framework
penetration testing
4. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
SOA record
Threat
passive attack
End User Licensing Agreement (EULA)
5. Version Detection Scan
DNS
footprinting
-sV
Secure Multipurpose Mail Extension (S/MIME)
6. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Lightweight Directory Access Protocol (LDAP)
false rejection rate (FRR)
File Allocation Table (FAT)
Timestamping
7. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
Virtual Private Network (VPN)
Cracker
Sign in Seal
Authorization
8. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
Virtual Local Area Network (VLAN)
Videocipher II Satellite Encryption System
port knocking
SID
9. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
Audit Data
segment
pattern matching
risk avoidance
10. Port 135
RPC-DCOM
Lightweight Directory Access Protocol (LDAP)
port scanning
Point-to-Point Tunneling Protocol (PPTP)
11. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Competitive Intelligence
Domain Name System (DNS) cache poisoning
intranet
Virus
12. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
physical security
non-repudiation
Videocipher II Satellite Encryption System
Computer-Based Attack
13. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
remote procedure call (RPC)
replay attack
War Driving
TACACS
14. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
-b
remote procedure call (RPC)
Defense in Depth
15. The art and science of creating a covert message or image within another message - image - audio - or video file.
Vulnerability
red team
Asymmetric Algorithm
steganography
16. Transmitting one protocol encapsulated inside another protocol.
Echo Reply
NetBus
Tunneling
serial scan & 300 sec wait
17. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
-sU
SYN flood attack
Sign in Seal
Denial of Service (DoS)
18. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Filter
Daisy Chaining
ring topology
proxy server
19. A systematic process for the assessment of security vulnerabilities.
Overwhelm CAM table to convert switch to hub mode
INFOSEC Assessment Methodology (IAM)
Unicode
Web Spider
20. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
personal identification number (PIN)
RID Resource identifier
TACACS
infrastructure mode
21. A method of external testing whereby several systems or resources are used together to effect an attack.
Trojan Horse
Daisy Chaining
Due Care
Man-in-the-middle attack
22. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
network operations center (NOC)
network interface card (NIC)
-sP
-p <port ranges>
23. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
-sR
Level III assessment
Fast Ethernet
SAM
24. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
red team
Last In First Out (LIFO)
security kernel
CIA triangle
25. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Ciphertext
overt channel
key exchange protocol
War Driving
26. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Serial Line Internet Protocol (SLIP)
Rijndael
Boot Sector Virus
Covert Channel
27. A device on a network.
node
quantitative risk assessment
passive attack
open source
28. ICMP Timestamp
SSH
inference attack
-PP
Self Replicating
29. A person or entity indirectly involved in a relationship between two principles.
Audit Data
Third Party
NOP
gray box testing
30. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
promiscuous mode
security defect
Active Fingerprinting
initial sequence number (ISN)
31. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
SAM
identity theft
Interior Gateway Protocol (IGP)
Tumbling
32. ICMP Netmask
-PM
queue
Detective Controls
Traceroute
33. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
CIA triangle
-PP
Virus Hoax
User Datagram Protocol (UDP)
34. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
inference attack
service level agreements (SLAs)
steganography
Last In First Out (LIFO)
35. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
ISO 17799
FreeBSD
encryption
fully qualified domain name (FQDN)
36. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
Digital Signature
Fraud and related activity in connection with computers
enumeration
Demilitarized Zone (DMZ)
37. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Buffer
network tap
Internet Assigned Number Authority (IANA)
Cryptography
38. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
gateway
Transmission Control Protocol (TCP)
queue
Administratively Prohibited
39. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
Active Fingerprinting
SSH
Cryptographic Key
protocol stack
40. TCP SYN Scan
-sS
Administratively Prohibited
S
User Datagram Protocol (UDP)
41. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
-p <port ranges>
SSH
NetBSD
security kernel
42. An Application layer protocol for sending electronic mail between servers.
Simple Mail Transfer Protocol (SMTP)
Data Link layer
Asset
Extensible Authentication Protocol (EAP)
43. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Banner Grabbing
sidejacking
network access server
Trusted Computer Base (TCB)
44. 18 U.S.C. 1029
Asymmetric
Possession of access devices
Multipurpose Internet Mail Extensions (MIME)
Password Authentication Protocol (PAP)
45. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Virus Hoax
Information Technology (IT) asset criticality
Minimum acceptable level of risk
gateway
46. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is
Third Party
--randomize_hosts -O OS fingerprinting
rule-based access control
flood
47. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
-P0
security kernel
Exposure Factor
Local Administrator
48. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
DNS
Temporal Key Integrity Protocol (TKIP)
Asymmetric
RPC-DCOM
49. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
Demilitarized Zone (DMZ)
War Chalking
passive attack
Acceptable Use Policy (AUP)
50. ICMP Type/Code 3
NT LAN Manager (NTLM)
Destination Unreachable
Cookie
hot site