SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
human-based social engineering
SSH
operating system attack
Fiber Distributed Data Interface (FDDI)
2. The monetary value assigned to an IT asset.
Tini
-oN
Information Technology (IT) asset valuation
A R
3. The potential for damage to or loss of an IT asset
parameter tampering
Domain Name System (DNS) cache poisoning
risk
Password Authentication Protocol (PAP)
4. A social-engineering attack that manipulates the victim into calling the attacker for help.
Overwhelm CAM table to convert switch to hub mode
Due Diligence
Point-to-Point Protocol (PPP)
reverse social engineering
5. The Security Accounts Manager file in Windows stores all the password hashes for the system.
Data Link layer
SAM
Multipurpose Internet Mail Extensions (MIME)
Time exceeded
6. Name given to expert groups that handle computer security incidents.
Self Replicating
Computer Emergency Response Team (CERT)
Confidentiality
public key infrastructure (PKI)
7. A computer network confined to a relatively small area - such as a single building or campus.
hot site
Buffer
local area network (LAN)
Telnet
8. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
polymorphic virus
sniffer
stateful packet filtering
Post Office Protocol 3 (POP3)
9. Shifting responsibility from one party to another
private key
Exposure Factor
sheepdip
risk transference
10. A computer virus that infects and spreads in multiple ways.
Multipartite virus
risk acceptance
sniffer
Data Link layer
11. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Man-in-the-middle attack
steganography
risk assessment
spoofing
12. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
network access server
fragmentation
Vulnerability Scanning
non-repudiation
13. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
promiscuous mode
Domain Name System (DNS) lookup
Media Access Control (MAC)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
14. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
HIDS
Authentication Header (AH)
parallel scan & 300 sec timeout & 1.25 sec/probe
Temporal Key Integrity Protocol (TKIP)
15. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Application-Level Attacks
-sA
Information Technology (IT) security architecture and framework
Whois
16. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
-sW
Application-Level Attacks
S
SYN attack
17. Black box test
Certificate Authority (CA)
promiscuous mode
No previous knowledge of the network
Point-to-Point Protocol (PPP)
18. The change or growth of a project's scope
-PS
shoulder surfing
Exploit
scope creep
19. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
risk avoidance
Simple Mail Transfer Protocol (SMTP)
Internet service provider (ISP)
Cold Site
20. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Acknowledgment (ACK)
Internet Protocol Security (IPSec) architecture
GET
single loss expectancy (SLE)
21. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
Timestamping
forwarding
Defines legal email marketing
Hacks with permission
22. A small Trojan program that listens on port 777.
Tini
-sF
TACACS
Certificate
23. The combination of all IT assets - resources - components - and systems.
Information Technology (IT) infrastructure
Vulnerability Assessment
Back orifice
flood
24. Xmas Tree scan
-sX
Institute of Electrical and Electronics Engineers (IEEE)
Digital Watermarking
ECHO reply
25. Port 137/138/139
SMB
patch
keylogger
Decryption
26. Port 80/81/8080
Point-to-Point Tunneling Protocol (PPTP)
Digital Certificate
Hierarchical File System (HFS)
HTTP
27. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
pattern matching
heuristic scanning
key exchange protocol
Eavesdropping
28. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
site survey
remote access
intrusion detection system (IDS)
-b
29. Controls to detect anomalies or undesirable events occurring on a system.
Detective Controls
-sU
Acknowledgment (ACK)
Information Technology Security Evaluation Criteria (ITSEC)
30. ICMP Type/Code 3
serial scan & 300 sec wait
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
SOA record
Destination Unreachable
31. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
risk assessment
Fraud and related activity in connection with computers
intranet
network interface card (NIC)
32. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Bluesnarfing
War Driving
Domain Name System (DNS) cache poisoning
false rejection rate (FRR)
33. A string that represents the location of a web resource
Trusted Computer Base (TCB)
Uniform Resource Locator (URL)
-sI
Tunneling
34. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
Buffer
parallel scan & 300 sec timeout & 1.25 sec/probe
replay attack
Port Address Translation (PAT)
35. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
Three-Way (TCP) Handshake
404EE
Sign in Seal
Cracker
36. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
network operations center (NOC)
Address Resolution Protocol (ARP)
shoulder surfing
Media Access Control (MAC)
37. Wrapper or Binder
Interior Gateway Protocol (IGP)
encapsulation
POP 3
Real application encompassing Trojan
38. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
packet filtering
risk assessment
overt channel
security controls
39. UDP Scan
Ethernet
Blowfish
-sU
Computer Emergency Response Team (CERT)
40. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
secure channel
protocol
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Echo request
41. Version Detection Scan
-sV
SSH
nslookup
gap analysis
42. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
Data Encryption Standard (DES)
Annualized Loss Expectancy (ALE)
serialize scans & 0.4 sec wait
Daisy Chaining
43. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Access Control List (ACL)
Internet Control Message Protocol (ICMP)
Banner Grabbing
Trojan Horse
44. ICMP Type/Code 8
Echo request
qualitative analysis
FTP
hash
45. ICMP Type/Code 11
Acceptable Use Policy (AUP)
Serial Line Internet Protocol (SLIP)
Domain Name System (DNS) cache poisoning
Time exceeded
46. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Authentication - Authorization - and Accounting (AAA)
R
Third Party
File Transfer Protocol (FTP)
47. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
inference attack
-sP
-sL
Community String
48. List Scan
reverse social engineering
Active Attack
-sL
false rejection rate (FRR)
49. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
NetBus
Zone transfer
A S
Wi-Fi
50. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
spoofing
Malware
remote access
-sI
