SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
-sT
steganography
Zenmap
network operations center (NOC)
2. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
ISO 17799
halo effect
Bluetooth
LDAP
3. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Wireless Local Area Network (WLAN)
infrastructure mode
security bulletins
-sA
4. Directory Transversal
heuristic scanning
A R
Finding a directory listing and gaining access to a parent or root file for access to other files
A
5. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
Interior Gateway Protocol (IGP)
Certificate Authority (CA)
Buffer Overflow
-sL
6. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
Information Technology (IT) asset valuation
local area network (LAN)
patch
7. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Malware
Blowfish
router
HTTP tunneling
8. Port 23
Availability
Telnet
Daemon
proxy server
9. A business - government agency - or educational institution that provides access to the Internet.
integrity
-sV
spyware
Internet service provider (ISP)
10. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
Information Technology (IT) infrastructure
Presentation layer
Domain Name
Zero Subnet
11. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
reverse lookup; reverse DNS lookup
-oA
Transport Layer Security (TLS)
firewalking
12. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Trusted Computer Base (TCB)
symmetric algorithm
Presentation layer
Baseline
13. Hex 14
-oG
A R
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
serial scan & 300 sec wait
14. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
polymorphic virus
Fiber Distributed Data Interface (FDDI)
Anonymizer
Point-to-Point Protocol (PPP)
15. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
OpenBSD
Asynchronous
Exposure Factor
Kerberos
16. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
rogue access point
Demilitarized Zone (DMZ)
Whois
Daemon
17. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
gray hat
role-based access control
Time exceeded
risk acceptance
18. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Domain Name
Internal access to the network
War Driving
19. The default network authentication suite of protocols for Windows NT 4.0
keylogger
Buffer
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
NT LAN Manager (NTLM)
20. A type of encryption where the same key is used to encrypt and decrypt the message.
symmetric encryption
Information Technology (IT) asset criticality
risk assessment
Cold Site
21. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
session splicing
A procedure for identifying active hosts on a network.
secure channel
Interior Gateway Protocol (IGP)
22. CAN-SPAM
802.11
Defines legal email marketing
risk assessment
Trapdoor Function
23. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Google hacking
Wireless Local Area Network (WLAN)
Methodology
Tiger Team
24. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Packet Internet Groper (ping)
File Transfer Protocol (FTP)
Black Box Testing
Wi-Fi Protected Access (WPA)
25. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
-oN
Tumbling
Data Link layer
spoofing
26. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
segment
Tumbling
forwarding
A
27. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Bastion host
null session
EDGAR database
Antivirus (AV) software
28. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Mandatory access control (MAC)
encryption
audit
Biometrics
29. A device providing temporary - on-demand - point-to-point network access to users.
ad hoc mode
Due Diligence
Redundant Array of Independent Disks (RAID)
network access server
30. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
Kerberos
Finding a directory listing and gaining access to a parent or root file for access to other files
Zero Subnet
security defect
31. Microsoft SID 500
Local Administrator
inference attack
signature scanning
private network address
32. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
penetration testing
spam
Antivirus (AV) software
Multipartite virus
33. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Level II assessment
Uniform Resource Locator (URL)
Information Technology (IT) asset valuation
Due Diligence
34. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
port redirection
-PT
CAM table
Tunneling Virus
35. The software product or system that is the subject of an evaluation.
Target Of Engagement (TOE)
-oX
A R
Adware
36. Nmap normal output
No previous knowledge of the network
U P F
-oN
Acknowledgment (ACK)
37. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
-sL
Banner Grabbing
Anonymizer
stream cipher
38. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
-sV
Sign in Seal
Vulnerability Scanning
Mantrap
39. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
White Box Testing
Level III assessment
Community String
Common Internet File System/Server Message Block
40. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Cracker
Vulnerability Assessment
Baseline
Droppers
41. A device on a network.
enumeration
Network Address Translation (NAT)
Information Technology (IT) security architecture and framework
node
42. Formal description and evaluation of the vulnerabilities in an information system
-PI
Vulnerability Assessment
Buffer
Master boot record infector
43. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
Digital Certificate
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
FreeBSD
44. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
CAM table
remote access
iris scanner
Auditing
45. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
single loss expectancy (SLE)
Application Layer
risk transference
Virus
46. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
Simple Network Management Protocol (SNMP)
public key infrastructure (PKI)
firewall
Administratively Prohibited
47. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
War Chalking
Timestamping
Access Control List (ACL)
S
48. Port 389
signature scanning
LDAP
reverse social engineering
routed protocol
49. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
-p <port ranges>
Domain Name System (DNS)
Defines legal email marketing
Biometrics
50. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
Malicious code
enumeration
fragmentation
reverse lookup; reverse DNS lookup
