SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
Information Technology (IT) infrastructure
node
Confidentiality
CIA triangle
2. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
fragmentation
R
Biometrics
Time exceeded
3. A command used in HTTP and FTP to retrieve a file from a server.
Collision
shoulder surfing
Threat
GET
4. nmap
Hypertext Transfer Protocol Secure (HTTPS)
Droppers
--randomize_hosts -O OS fingerprinting
Collision
5. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
encryption
Zero Subnet
Time To Live (TTL)
forwarding
6. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
Uniform Resource Locator (URL)
security bulletins
FTP
Level II assessment
7. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
network interface card (NIC)
Traceroute
-PT
Wi-Fi Protected Access (WPA)
8. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
SYN attack
Web Spider
impersonation
9. PI and PT Ping
Asset
hardware keystroke logger
-PB
404EE
10. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
Virtual Private Network (VPN)
smart card
National Security Agency
Algorithm
11. Hex 04
R
Syslog
Ethernet
OpenBSD
12. The process of determining if a network entity (user or service) is legitimate
intrusion detection system (IDS)
Authentication
Time To Live (TTL)
single loss expectancy (SLE)
13. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
-oG
Authentication Header (AH)
NOP
Auditing
14. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Worm
Internet Control Message Protocol (ICMP)
-sO
Access Creep
15. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
Level II assessment
Access Creep
encapsulation
Transport Layer Security (TLS)
16. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Interior Gateway Protocol (IGP)
Covert Channel
audit
Cryptography
17. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
polymorphic virus
Ethical Hacker
symmetric encryption
False Acceptance Rate (FAR)
18. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
Level I assessment
scope creep
honeynet
Virus Hoax
19. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
false negative
Request for Comments (RFC)
Community String
net use \[target ip]IPC$ '' /user:''
20. A device on a network.
intrusion detection system (IDS)
node
Authentication - Authorization - and Accounting (AAA)
A
21. Polymorphic Virus
self encrypting
Buffer Overflow
File Allocation Table (FAT)
single loss expectancy (SLE)
22. A software or hardware defect that often results in system vulnerabilities.
Bug
Zone transfer
Active Fingerprinting
Network Address Translation (NAT)
23. Hashing algorithm that results in a 128-bit output.
-sX
risk
intrusion prevention system (IPS)
MD5
24. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
OpenBSD
Data Encryption Standard (DES)
Countermeasures
promiscuous mode
25. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Mantrap
Extensible Authentication Protocol (EAP)
SYN flood attack
Active Attack
26. Window Scan
Information Technology (IT) asset criticality
rule-based access control
risk transference
-sW
27. Establish Null Session
Domain Name System (DNS)
net use \[target ip]IPC$ '' /user:''
SID
node
28. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
Methodology
User Datagram Protocol (UDP)
steganography
encryption
29. ICMP Type/Code 3-13
Application-Level Attacks
encapsulation
physical security
Administratively Prohibited
30. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
false rejection rate (FRR)
Common Internet File System/Server Message Block
EDGAR database
CAM table
31. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Trusted Computer System Evaluation Criteria (TCSEC)
Kerberos
personal identification number (PIN)
Internet Protocol Security (IPSec) architecture
32. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
quality of service (QoS)
smart card
Confidentiality
-oG
33. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Bluejacking
INFOSEC Assessment Methodology (IAM)
Event
Archive
34. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
patch
intrusion prevention system (IPS)
reverse social engineering
Domain Name
35. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
reverse lookup; reverse DNS lookup
payload
non-repudiation
Service Set Identifier (SSID)
36. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
local area network (LAN)
port redirection
Target Of Engagement (TOE)
rootkit
37. A protocol used to pass control and error messages between nodes on the Internet.
A
Open System Interconnection (OSI) Reference Model
Internet Control Message Protocol (ICMP)
nslookup
38. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Vulnerability Scanning
Last In First Out (LIFO)
Mantrap
Authorization
39. A small Trojan program that listens on port 777.
SSH
Media Access Control (MAC)
Tini
Vulnerability Scanning
40. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
File Allocation Table (FAT)
flood
Defense in Depth
ping sweep
41. Policy stating what users of a system can and cannot do with the organization's assets.
Acceptable Use Policy (AUP)
-sL
signature scanning
Tunneling Virus
42. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Virus
Application Layer
port redirection
-oA
43. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
local area network (LAN)
Third Party
Secure Multipurpose Mail Extension (S/MIME)
secure channel
44. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
-b
fragmentation
Event
shoulder surfing
45. A virus designed to infect the master boot record.
Master boot record infector
false negative
Access Point (AP)
rogue access point
46. Port 53
separation of duties
heuristic scanning
overt channel
DNS
47. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
Level I assessment
quantitative risk assessment
Common Internet File System/Server Message Block
serialize scans & 0.4 sec wait
48. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
-sP
footprinting
risk
Countermeasures
49. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
Hierarchical File System (HFS)
suicide hacker
initial sequence number (ISN)
Event
50. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
XOR Operation
rootkit
Institute of Electrical and Electronics Engineers (IEEE)
hashing algorithm