SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
802.11
honeypot
false rejection rate (FRR)
Filter
2. Computer software or hardware that can intercept and log traffic passing over a digital network.
sniffer
remote procedure call (RPC)
Bastion host
Digital Signature
3. LM Hash for short passwords (under 7)
Banner Grabbing
human-based social engineering
Telnet
404EE
4. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
risk avoidance
Eavesdropping
Virus
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
5. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
Point-to-Point Tunneling Protocol (PPTP)
MD5
secure channel
Competitive Intelligence
6. The potential for damage to or loss of an IT asset
risk acceptance
Zombie
risk
initial sequence number (ISN)
7. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
Malicious code
fully qualified domain name (FQDN)
POST
HTTP tunneling
8. A business - government agency - or educational institution that provides access to the Internet.
Internet Assigned Number Authority (IANA)
Crossover Error Rate (CER)
Wi-Fi Protected Access (WPA)
Internet service provider (ISP)
9. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Information Technology Security Evaluation Criteria (ITSEC)
SAM
Media Access Control (MAC)
Baseline
10. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Contingency Plan
patch
Uniform Resource Locator (URL)
Open System Interconnection (OSI) Reference Model
11. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
sniffer
Competitive Intelligence
packet filtering
NT LAN Manager (NTLM)
12. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
Domain Name System (DNS) cache poisoning
hashing algorithm
security kernel
Multipurpose Internet Mail Extensions (MIME)
13. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
Virus
Multipartite virus
stateful packet filtering
Directory Traversal
14. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
Wired Equivalent Privacy (WEP)
Trusted Computer System Evaluation Criteria (TCSEC)
packet filtering
network operations center (NOC)
15. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.
Worm
Block Cipher
-p <port ranges>
Access Point (AP)
16. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
SOA record
802.11 i
port redirection
Finding a directory listing and gaining access to a parent or root file for access to other files
17. Controls to detect anomalies or undesirable events occurring on a system.
service level agreements (SLAs)
security breach or security incident
Time exceeded
Detective Controls
18. Cracking Tools
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
self encrypting
Defines legal email marketing
RPC-DCOM
19. 18 U.S.C. 1029
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
gateway
Fiber Distributed Data Interface (FDDI)
Possession of access devices
20. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
quantitative risk assessment
protocol
Transmission Control Protocol (TCP)
RID Resource identifier
21. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Videocipher II Satellite Encryption System
Backdoor
POST
identity theft
22. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
Boot Sector Virus
reverse social engineering
intranet
Hacks with permission
23. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Ciphertext
Man-in-the-middle attack
phishing
encapsulation
24. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
Self Replicating
SID
GET
Zombie
25. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
ping sweep
LDAP
spyware
Asynchronous
26. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
stateful packet filtering
Domain Name
Bug
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
27. Policy stating what users of a system can and cannot do with the organization's assets.
Google hacking
Acceptable Use Policy (AUP)
Cryptographic Key
risk assessment
28. TCP connect() scan
separation of duties
Vulnerability Assessment
-sT
Mandatory access control (MAC)
29. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
self encrypting
asynchronous transmission
null session
Warm Site
30. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
open source
Finding a directory listing and gaining access to a parent or root file for access to other files
ad hoc mode
LDAP
31. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
War Chalking
Demilitarized Zone (DMZ)
POST
Droppers
32. Evaluation in which testers attempt to penetrate the network.
Level III assessment
--randomize_hosts -O OS fingerprinting
Exploit
Point-to-Point Tunneling Protocol (PPTP)
33. A record showing which user has accessed a given resource and what operations the user performed during a given period.
-b
Possession of access devices
Timestamping
Audit Trail
34. Aggressive scan timing
human-based social engineering
parallel scan & 300 sec timeout & 1.25 sec/probe
role-based access control
Zombie
35. Access by information systems (or users) communicating from outside the information system security perimeter.
Competitive Intelligence
remote access
intranet
packet filtering
36. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
symmetric encryption
Multipartite virus
Wireless Local Area Network (WLAN)
Blowfish
37. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
routed protocol
SNMP
Buffer Overflow
-PM
38. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Filter
A R
Google hacking
parallel scan & 300 sec timeout & 1.25 sec/probe
39. The monetary value assigned to an IT asset.
Information Technology (IT) asset valuation
Address Resolution Protocol (ARP) table
Electronic Code Book (ECB)
quantitative risk assessment
40. The condition of a resource being ready for use and accessible by authorized users.
payload
Availability
U P F
protocol stack
41. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Cookie
Target Of Engagement (TOE)
reverse lookup; reverse DNS lookup
integrity
42. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
Certificate Authority (CA)
rogue access point
Access Control List (ACL)
network tap
43. Hex 10
spam
Directory Traversal
Trojan Horse
A
44. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
Interior Gateway Protocol (IGP)
User Datagram Protocol (UDP)
Serial Line Internet Protocol (SLIP)
Request for Comments (RFC)
45. NSA
National Security Agency
Destination Unreachable
Electronic serial number
Hypertext Transfer Protocol Secure (HTTPS)
46. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Network Address Translation (NAT)
POP 3
Digital Signature
Archive
47. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
Anonymizer
firewall
Decryption
Post Office Protocol 3 (POP3)
48. PI and PT Ping
Telnet
identity theft
-PB
Packet Internet Groper (ping)
49. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Routing Protocol
CIA triangle
Application-Level Attacks
Trapdoor Function
50. CAN-SPAM
Virtual Private Network (VPN)
-b
Defines legal email marketing
operating system attack
