SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
Destination Unreachable
Filter
Information Technology (IT) infrastructure
2. Recording the time - normally in a log file - when an event happens or when information is created or modified.
RPC-DCOM
Timestamping
Computer-Based Attack
firewall
3. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
security breach or security incident
Password Authentication Protocol (PAP)
-sS
Address Resolution Protocol (ARP)
4. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
ad hoc mode
Copyright
payload
Detective Controls
5. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Corrective Controls
--randomize_hosts -O OS fingerprinting
SSH
Methodology
6. Port 135
NetBus
-sW
RPC-DCOM
hybrid attack
7. A group of people - gathered together by a business entity - working to address a specific problem or goal.
Daemon
Unicode
Tiger Team
MAC filtering
8. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
smart card
Cache
Zone transfer
Baseline
9. The change or growth of a project's scope
Wiretapping
scope creep
SYN flood attack
payload
10. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
intrusion prevention system (IPS)
Address Resolution Protocol (ARP)
Eavesdropping
Zombie
11. List Scan
-P0
File Transfer Protocol (FTP)
Simple Mail Transfer Protocol (SMTP)
-sL
12. An organized collection of data.
INFOSEC Assessment Methodology (IAM)
Database
Methodology
Vulnerability Management
13. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Detective Controls
rule-based access control
Audit Data
passive attack
14. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
gap analysis
A S
EDGAR database
Multipurpose Internet Mail Extensions (MIME)
15. Attacks on the actual programming code of an application.
Application-Level Attacks
integrity
The automated process of proactively identifying vulnerabilities of computing systems present in a network
hash
16. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
protocol
War Dialing
intrusion prevention system (IPS)
Blowfish
17. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
false rejection rate (FRR)
heuristic scanning
-PM
Vulnerability
18. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
Information Technology (IT) asset criticality
Exposure Factor
forwarding
19. ICMP Type/Code 3
SOA record
Destination Unreachable
suicide hacker
POST
20. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a
NetBus
public key infrastructure (PKI)
Destination Unreachable
Demilitarized Zone (DMZ)
21. A document describing information security guidelines - policies - procedures - and standards.
Information Technology (IT) security architecture and framework
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
ring topology
End User Licensing Agreement (EULA)
22. NSA
parameter tampering
INFOSEC Assessment Methodology (IAM)
Eavesdropping
National Security Agency
23. A data encryption/decryption program often used for e-mail and file storage.
Pretty Good Privacy (PGP)
flood
inference attack
network access server
24. A type of malware that covertly collects information about a user.
risk acceptance
Availability
spyware
smart card
25. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
security kernel
Bluejacking
Active Directory (AD)
Administratively Prohibited
26. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
Wrapper
Computer Emergency Response Team (CERT)
Videocipher II Satellite Encryption System
Discretionary Access Control (DAC)
27. Paranoid scan timing
serial scan & 300 sec wait
Point-to-Point Tunneling Protocol (PPTP)
audit
War Chalking
28. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Pretty Good Privacy (PGP)
Network Address Translation (NAT)
Event
forwarding
29. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
Man-in-the-middle attack
Wi-Fi
service level agreements (SLAs)
Simple Network Management Protocol (SNMP)
30. An Application layer protocol for managing devices on an IP network.
Virtual Local Area Network (VLAN)
Simple Network Management Protocol (SNMP)
source routing
parallel scan
31. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
Daisy Chaining
Asynchronous
Wide Area Network (WAN)
Fiber Distributed Data Interface (FDDI)
32. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
false negative
risk transference
packet
Electronic Code Book (ECB)
33. Access by information systems (or users) communicating from outside the information system security perimeter.
remote access
risk assessment
Vulnerability Scanning
-sF
34. A protocol defining packets that are able to be routed by a router.
routed protocol
Algorithm
Backdoor
script kiddie
35. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Ethernet
Level II assessment
remote access
-P0
36. A communications protocol used for browsing the Internet.
Simple Mail Transfer Protocol (SMTP)
Hypertext Transfer Protocol (HTTP)
Antivirus (AV) software
Multipurpose Internet Mail Extensions (MIME)
37. Microsoft SID 500
Local Administrator
404EE
-sV
Overwhelm CAM table to convert switch to hub mode
38. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Vulnerability Scanning
Internet Protocol (IP)
Wi-Fi
Bastion host
39. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Virus Hoax
Transmission Control Protocol (TCP)
CAM table
Dumpster Diving
40. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
Wi-Fi Protected Access (WPA)
CNAME record
GET
spam
41. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
Transmission Control Protocol (TCP)
passive attack
-sF
phishing
42. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
Possession of access devices
Black Hat
Asymmetric Algorithm
proxy server
43. Port 23
Trusted Computer Base (TCB)
Telnet
Daisy Chaining
Last In First Out (LIFO)
44. The art and science of creating a covert message or image within another message - image - audio - or video file.
War Chalking
gray box testing
steganography
A
45. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Fast Ethernet
parameter tampering
Domain Name System (DNS) cache poisoning
Domain Name System (DNS)
46. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
SID
Trusted Computer Base (TCB)
802.11 i
Filter
47. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Virus
Last In First Out (LIFO)
Echo request
Local Administrator
48. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Data Link layer
intrusion detection system (IDS)
CNAME record
limitation of liability and remedies
49. Any item of value or worth to an organization - whether physical or virtual.
packet
Active Attack
Asset
protocol stack
50. Incremental Substitution
parallel scan
Methodology
Replacing numbers in a url to access other files
Due Diligence