SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
No previous knowledge of the network
reconnaissance
Dumpster Diving
Crossover Error Rate (CER)
2. Hex 12
Post Office Protocol 3 (POP3)
A S
script kiddie
-sV
3. A virus written in a macro language and usually embedded in document or spreadsheet files.
Macro virus
Domain Name System (DNS)
Hacks with permission
Accountability
4. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Access Creep
Denial of Service (DoS)
Black Hat
Whois
5. Access by information systems (or users) communicating from outside the information system security perimeter.
flood
false rejection rate (FRR)
separation of duties
remote access
6. nmap
parallel scan
Level II assessment
--randomize_hosts -O OS fingerprinting
-PS
7. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
A procedure for identifying active hosts on a network.
RPC-DCOM
parameter tampering
Password Authentication Protocol (PAP)
8. Any network incident that prompts some kind of log entry or other notification.
Fraud and related activity in connection with computers
stream cipher
Event
serialize scans & 0.4 sec wait
9. Attacks on the actual programming code of an application.
End User Licensing Agreement (EULA)
Application-Level Attacks
scope creep
TACACS
10. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
Presentation layer
Database
port scanning
Electronic serial number
11. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Trusted Computer Base (TCB)
network tap
Algorithm
Internet Protocol Security (IPSec) architecture
12. Version Detection Scan
red team
Trapdoor Function
Administratively Prohibited
-sV
13. nmap
-p <port ranges>
Digital Certificate
Third Party
honeynet
14. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
-oA
Cloning
piggybacking
EDGAR database
15. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
Auditing
Warm Site
symmetric encryption
logic bomb
16. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Simple Object Access Protocol (SOAP)
network access server
packet
HTTP
17. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
Internal access to the network
asynchronous transmission
Computer-Based Attack
NetBus
18. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Demilitarized Zone (DMZ)
NT LAN Manager (NTLM)
Virus
Buffer
19. 18 U.S.C. 1030
Fraud and related activity in connection with computers
private network address
payload
Telnet
20. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
heuristic scanning
Local Administrator
shoulder surfing
human-based social engineering
21. Insane scan timing
replay attack
suicide hacker
parallel scan & 75 sec timeout & 0.3 sec/probe
Zombie
22. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Transport Layer Security (TLS)
Wiretapping
Wi-Fi Protected Access (WPA)
Defense in Depth
23. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
rootkit
Digital Signature
social engineering
Dumpster Diving
24. A protocol used for sending and receiving log information for nodes on a network.
Annualized Loss Expectancy (ALE)
inference attack
Syslog
overt channel
25. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
Biometrics
Zenmap
node
802.11
26. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
ECHO reply
public key
-PI
SOA record
27. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Three-Way (TCP) Handshake
risk transference
Internet service provider (ISP)
National Security Agency
28. A storage buffer that transparently stores data so future requests for the same data can be served faster.
shoulder surfing
Cache
Computer-Based Attack
Contingency Plan
29. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
Password Authentication Protocol (PAP)
impersonation
Buffer Overflow
gateway
30. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
S
Port Address Translation (PAT)
Collision
Post Office Protocol 3 (POP3)
31. TCP connect() scan
-sT
Malware
private network address
suicide hacker
32. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
fragmentation
piggybacking
security incident response team (SIRT)
private network address
33. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Cryptography
Real application encompassing Trojan
Bluetooth
iris scanner
34. Formal description and evaluation of the vulnerabilities in an information system
Vulnerability Assessment
Post Office Protocol 3 (POP3)
Common Internet File System/Server Message Block
-sF
35. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
SMB
Packet Internet Groper (ping)
sheepdip
Finger
36. Idlescan
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
-sI
Threat
hashing algorithm
37. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
DNS enumeration
Time To Live (TTL)
White Box Testing
public key
38. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Bastion host
Acknowledgment (ACK)
Vulnerability Management
sniffer
39. Black hat
routed protocol
steganography
Hacks without permission
A procedure for identifying active hosts on a network.
40. The potential for damage to or loss of an IT asset
LDAP
security by obscurity
-P0
risk
41. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Block Cipher
DNS
flood
Information Technology Security Evaluation Criteria (ITSEC)
42. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Cryptography
Mantrap
spyware
keylogger
43. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
ISO 17799
Internet Control Message Protocol (ICMP)
hot site
Sign in Seal
44. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
MD5
Wrapper
false negative
-oA
45. An Application layer protocol for managing devices on an IP network.
steganography
Simple Network Management Protocol (SNMP)
Data Encryption Standard (DES)
Cookie
46. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
Internet Assigned Number Authority (IANA)
operating system attack
Common Internet File System/Server Message Block
service level agreements (SLAs)
47. The change or growth of a project's scope
Overwhelm CAM table to convert switch to hub mode
-oA
scope creep
Point-to-Point Tunneling Protocol (PPTP)
48. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
public key infrastructure (PKI)
Ciphertext
-PM
security breach or security incident
49. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
Hypertext Transfer Protocol Secure (HTTPS)
pattern matching
Zombie
signature scanning
50. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Countermeasures
-P0
Bluejacking
Filter
