SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Network Scanning
MAC filtering
A procedure for identifying active hosts on a network.
sniffer
Certificate Authority (CA)
2. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Ethernet
Information Technology Security Evaluation Criteria (ITSEC)
network interface card (NIC)
-PB
3. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Simple Object Access Protocol (SOAP)
shoulder surfing
Common Internet File System/Server Message Block
NetBus
4. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
serialize scans & 0.4 sec wait
FreeBSD
Defense in Depth
User Datagram Protocol (UDP)
5. Name given to expert groups that handle computer security incidents.
Detective Controls
Computer Emergency Response Team (CERT)
Hierarchical File System (HFS)
HTTP tunneling
6. Access by information systems (or users) communicating from outside the information system security perimeter.
Tini
Domain Name System (DNS) lookup
remote access
-sS
7. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Routing Information Protocol (RIP)
Address Resolution Protocol (ARP) table
Bug
Domain Name System (DNS)
8. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Demilitarized Zone (DMZ)
Asymmetric
-sT
Exposure Factor
9. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
Buffer
Third Party
Baseline
public key infrastructure (PKI)
10. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
Computer-Based Attack
null session
TACACS
promiscuous mode
11. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Archive
HTTP
protocol
Exposure Factor
12. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
-PT
White Box Testing
security kernel
risk assessment
13. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
Black Box Testing
Common Internet File System/Server Message Block
smart card
integrity
14. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
session hijacking
Wired Equivalent Privacy (WEP)
passive attack
encryption
15. A string that represents the location of a web resource
Level II assessment
Denial of Service (DoS)
Defense in Depth
Uniform Resource Locator (URL)
16. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
fully qualified domain name (FQDN)
Three-Way (TCP) Handshake
firewall
-PI
17. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Smurf attack
hacktivism
POP 3
NOP
18. Port 161/162
SNMP
Information Technology (IT) asset criticality
session hijacking
limitation of liability and remedies
19. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
GET
SAM
U P F
20. Aggressive scan timing
Google hacking
parallel scan & 300 sec timeout & 1.25 sec/probe
routed protocol
Web Spider
21. List Scan
Cache
Mantrap
-sL
risk
22. Computer software or hardware that can intercept and log traffic passing over a digital network.
steganography
Collision
sniffer
Network Address Translation (NAT)
23. A Canonical Name record within DNS - used to provide an alias for a domain name.
-b
parallel scan
gap analysis
CNAME record
24. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
smart card
network operations center (NOC)
Acknowledgment (ACK)
intrusion prevention system (IPS)
25. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
Data Link layer
Worm
rogue access point
Wi-Fi Protected Access (WPA)
26. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Transmission Control Protocol (TCP)
Computer-Based Attack
Last In First Out (LIFO)
Uniform Resource Locator (URL)
27. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
penetration testing
private network address
S
security defect
28. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
SNMP
secure channel
footprinting
Pretty Good Privacy (PGP)
29. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
A S
firewalking
Distributed DoS (DDoS)
Sign in Seal
30. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).
Electronic Code Book (ECB)
SNMP
Rijndael
operating system attack
31. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Asynchronous
Syslog
Vulnerability
promiscuous mode
32. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
network tap
Level II assessment
-sS
Master boot record infector
33. SYN Ping
-PS
Internet Protocol Security (IPSec) architecture
-oX
ring topology
34. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
Access Control List (ACL)
NetBSD
SID
Fast Ethernet
35. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
A
risk avoidance
inference attack
Sign in Seal
36. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
protocol stack
File Transfer Protocol (FTP)
Zero Subnet
reverse lookup; reverse DNS lookup
37. A software or hardware application or device that captures user keystrokes.
keylogger
personal identification number (PIN)
routed protocol
-sV
38. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
Presentation layer
patch
firewall
key exchange protocol
39. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Bluejacking
Administratively Prohibited
risk avoidance
protocol stack
40. The default network authentication suite of protocols for Windows NT 4.0
Daemon
Filter
Internet Protocol (IP)
NT LAN Manager (NTLM)
41. IP Protocol Scan
-sO
scope creep
Asymmetric Algorithm
Post Office Protocol 3 (POP3)
42. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
-PS
promiscuous mode
Web Spider
Buffer Overflow
43. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
network access server
War Chalking
Rijndael
parallel scan & 300 sec timeout & 1.25 sec/probe
44. The conveying of official access or legal power to a person or entity.
Overwhelm CAM table to convert switch to hub mode
Computer-Based Attack
risk acceptance
Authorization
45. Wrapper or Binder
port knocking
Real application encompassing Trojan
Due Diligence
-oA
46. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Zero Subnet
packet
Three-Way (TCP) Handshake
quantitative risk assessment
47. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Active Attack
security bulletins
Media Access Control (MAC)
48. The lack of clocking (imposed time ordering) on a bit stream.
Asynchronous
Telnet
Routing Protocol
Access Creep
49. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Traceroute
Virus Hoax
Covert Channel
-sO
50. Incremental Substitution
Daisy Chaining
-sL
Replacing numbers in a url to access other files
Covert Channel
