SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
Syslog
Zero Subnet
Community String
Zone transfer
2. An Internet routing protocol used to exchange routing information within an autonomous system.
Interior Gateway Protocol (IGP)
router
Zombie
A R
3. Computer software or hardware that can intercept and log traffic passing over a digital network.
sniffer
Decryption
serialize scans & 15 sec wait
Back orifice
4. White hat
Hacks with permission
Certificate
promiscuous mode
-sS
5. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Collision Domain
Annualized Loss Expectancy (ALE)
CAM table
signature scanning
6. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
Transmission Control Protocol (TCP)
Tunneling Virus
security bulletins
7. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
-sP
Port Address Translation (PAT)
Tunnel
Point-to-Point Tunneling Protocol (PPTP)
8. The process of determining if a network entity (user or service) is legitimate
separation of duties
Authentication
self encrypting
ad hoc mode
9. The concept of having more than one person required to complete a task
SSH
separation of duties
Echo request
Banner Grabbing
10. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
SOA record
Acknowledgment (ACK)
NetBus
Internal access to the network
11. A device on a network.
-PB
White Box Testing
node
Access Creep
12. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
NOP
Distributed DoS (DDoS)
spoofing
key exchange protocol
13. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
logic bomb
hardware keystroke logger
Copyright
promiscuous mode
14. White box test
service level agreements (SLAs)
Internal access to the network
local area network (LAN)
NetBSD
15. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Internet Protocol (IP)
Covert Channel
Finger
-sA
16. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
Certificate
Time exceeded
promiscuous mode
National Security Agency
17. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
session splicing
Daemon
ping sweep
Level III assessment
18. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
Unicode
GET
Cache
risk assessment
19. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
routed protocol
Packet Internet Groper (ping)
key exchange protocol
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
20. ICMP Netmask
Mantrap
protocol stack
Password Authentication Protocol (PAP)
-PM
21. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
-sO
null session
Secure Sockets Layer (SSL)
intranet
22. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
A
Archive
private key
Simple Object Access Protocol (SOAP)
23. ICMP Type/Code 3
XOR Operation
RxBoot
steganography
Destination Unreachable
24. TCP Ping
A R
-PT
Buffer Overflow
hybrid attack
25. A person or entity indirectly involved in a relationship between two principles.
Third Party
segment
-sI
Block Cipher
26. Evaluation in which testers attempt to penetrate the network.
flood
Hypertext Transfer Protocol Secure (HTTPS)
public key infrastructure (PKI)
Level III assessment
27. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Routing Information Protocol (RIP)
serialize scans & 15 sec wait
gap analysis
Transmission Control Protocol (TCP)
28. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
Hierarchical File System (HFS)
role-based access control
route
remote procedure call (RPC)
29. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Confidentiality
Mantrap
Kerberos
Temporal Key Integrity Protocol (TKIP)
30. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
-sA
sniffer
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
31. CAN-SPAM
Defines legal email marketing
symmetric encryption
Kerberos
non-repudiation
32. A systematic process for the assessment of security vulnerabilities.
Interior Gateway Protocol (IGP)
Algorithm
Wired Equivalent Privacy (WEP)
INFOSEC Assessment Methodology (IAM)
33. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
stream cipher
Simple Mail Transfer Protocol (SMTP)
User Datagram Protocol (UDP)
sheepdip
34. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
iris scanner
Cryptography
shoulder surfing
null session
35. The conveying of official access or legal power to a person or entity.
National Security Agency
smart card
Authorization
risk assessment
36. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
asynchronous transmission
Threat
International Organization for Standardization (ISO)
hacktivism
37. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
Media Access Control (MAC)
802.11
CIA triangle
ping sweep
38. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Telnet
Trojan Horse
Collision
node
39. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
Institute of Electrical and Electronics Engineers (IEEE)
Fast Ethernet
-b
SOA record
40. Port 137/138/139
SMB
Overwhelm CAM table to convert switch to hub mode
Hypertext Transfer Protocol Secure (HTTPS)
Internet service provider (ISP)
41. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Virus
Transmission Control Protocol (TCP)
identity theft
Virtual Private Network (VPN)
42. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
Domain Name System (DNS) cache poisoning
intrusion prevention system (IPS)
Serial Line Internet Protocol (SLIP)
Certificate Authority (CA)
43. The Security Accounts Manager file in Windows stores all the password hashes for the system.
SAM
Copyright
Destination Unreachable
Demilitarized Zone (DMZ)
44. Polymorphic Virus
Wiretapping
self encrypting
SYN flood attack
Countermeasures
45. A group of experts that handles computer security incidents.
-PS
-sS
security incident response team (SIRT)
802.11 i
46. FIN Scan
-oX
Media Access Control (MAC)
-sF
iris scanner
47. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
shoulder surfing
Console Port
rule-based access control
War Driving
48. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
RxBoot
Threat
node
quality of service (QoS)
49. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
Directory Traversal
Zero Subnet
local area network (LAN)
Client
50. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
identity theft
Multipurpose Internet Mail Extensions (MIME)
packet
Simple Object Access Protocol (SOAP)
