SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
XOR Operation
security controls
Routing Protocol
International Organization for Standardization (ISO)
2. A computer virus that infects and spreads in multiple ways.
serial scan & 300 sec wait
FreeBSD
Multipartite virus
Application-Level Attacks
3. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
Domain Name System (DNS) lookup
Authentication
Overwhelm CAM table to convert switch to hub mode
Exploit
4. nmap all output
Wi-Fi
Data Link layer
null session
-oA
5. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
risk
initial sequence number (ISN)
secure channel
War Driving
6. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
keylogger
Cache
Internet Assigned Number Authority (IANA)
Zone transfer
7. nmap
infrastructure mode
-p <port ranges>
Discretionary Access Control (DAC)
spyware
8. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
Three-Way (TCP) Handshake
Presentation layer
private key
false rejection rate (FRR)
9. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is
Internet Protocol Security (IPSec) architecture
SOA record
flood
public key
10. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
Multipartite virus
pattern matching
Multipurpose Internet Mail Extensions (MIME)
footprinting
11. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
Directory Traversal
Crossover Error Rate (CER)
Administratively Prohibited
false rejection rate (FRR)
12. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
SMB
risk acceptance
remote procedure call (RPC)
service level agreements (SLAs)
13. A device providing temporary - on-demand - point-to-point network access to users.
NOP
network access server
Block Cipher
Defines legal email marketing
14. PI and PT Ping
keylogger
replay attack
Routing Protocol
-PB
15. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
forwarding
Exposure Factor
social engineering
Trusted Computer Base (TCB)
16. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
R
Information Technology (IT) security architecture and framework
Level I assessment
Tumbling
17. ex 02
inference attack
Bug
War Driving
S
18. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
FreeBSD
Block Cipher
Black Hat
reconnaissance
19. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
spam
Written Authorization
Web Spider
RID Resource identifier
20. Aggressive scan timing
security breach or security incident
parallel scan & 300 sec timeout & 1.25 sec/probe
routed protocol
Information Technology (IT) asset valuation
21. A data encryption/decryption program often used for e-mail and file storage.
Last In First Out (LIFO)
Overwhelm CAM table to convert switch to hub mode
packet
Pretty Good Privacy (PGP)
22. A host designed to collect data on suspicious activity.
Defines legal email marketing
personal identification number (PIN)
SYN flood attack
honeypot
23. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
enumeration
Zero Subnet
Ciphertext
Trusted Computer Base (TCB)
24. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination
Baseline
Trapdoor Function
packet filtering
enumeration
25. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
Annualized Loss Expectancy (ALE)
Fiber Distributed Data Interface (FDDI)
Countermeasures
network access server
26. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
reverse lookup; reverse DNS lookup
Minimum acceptable level of risk
proxy server
Application-Level Attacks
27. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Three-Way (TCP) Handshake
Denial of Service (DoS)
-sX
infrastructure mode
28. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Local Administrator
forwarding
local area network (LAN)
Mandatory access control (MAC)
29. 18 U.S.C. 1030
hacktivism
Fraud and related activity in connection with computers
Hypertext Transfer Protocol Secure (HTTPS)
-sA
30. An early network application that provides information on users currently logged on to a machine.
Finger
Distributed DoS (DDoS)
Secure Sockets Layer (SSL)
TACACS
31. Evaluation in which testers attempt to penetrate the network.
intrusion prevention system (IPS)
Level III assessment
Internal access to the network
White Box Testing
32. A computer process that requests a service from another computer and accepts the server's responses.
Virus
Client
open source
patch
33. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
heuristic scanning
Availability
False Acceptance Rate (FAR)
symmetric algorithm
34. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
fully qualified domain name (FQDN)
Packet Internet Groper (ping)
Application Layer
Malicious code
35. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
human-based social engineering
limitation of liability and remedies
Bluesnarfing
NetBSD
36. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
rootkit
Computer Emergency Response Team (CERT)
Algorithm
37. Any item of value or worth to an organization - whether physical or virtual.
limitation of liability and remedies
Asset
remote procedure call (RPC)
HIDS
38. Hex 04
MAC filtering
OpenBSD
Filter
R
39. White hat
Destination Unreachable
Local Administrator
protocol stack
Hacks with permission
40. RPC Scan
-sR
remote procedure call (RPC)
audit
Brute-Force Password Attack
41. Version Detection Scan
-sV
SOA record
Virus Hoax
Vulnerability Scanning
42. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
-sO
symmetric algorithm
File Allocation Table (FAT)
honeypot
43. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
Service Set Identifier (SSID)
-sX
remote procedure call (RPC)
replay attack
44. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
proxy server
honeynet
Worm
Network Address Translation (NAT)
45. A protocol for exchanging packets over a serial line.
Serial Line Internet Protocol (SLIP)
false rejection rate (FRR)
hashing algorithm
Domain Name System (DNS) lookup
46. A social-engineering attack that manipulates the victim into calling the attacker for help.
security controls
reverse social engineering
Wi-Fi
qualitative analysis
47. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Trapdoor Function
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Three-Way (TCP) Handshake
Interior Gateway Protocol (IGP)
48. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
Unicode
War Chalking
Defense in Depth
Baseline
49. Controls to detect anomalies or undesirable events occurring on a system.
packet filtering
Detective Controls
Bastion host
Domain Name System (DNS) cache poisoning
50. The level of importance assigned to an IT asset
Information Technology (IT) asset criticality
-PP
Secure Multipurpose Mail Extension (S/MIME)
SYN flood attack