SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
penetration testing
Eavesdropping
security defect
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
2. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
Distributed DoS (DDoS)
Common Internet File System/Server Message Block
Time Bomb
CAM table
3. The conveying of official access or legal power to a person or entity.
Authorization
Sign in Seal
Information Technology (IT) asset criticality
shrink-wrap code attacks
4. A routing protocol developed to be used within a single organization.
Event
Interior Gateway Protocol (IGP)
Temporal Key Integrity Protocol (TKIP)
Domain Name System (DNS) lookup
5. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Bit Flipping
Target Of Engagement (TOE)
polymorphic virus
NT LAN Manager (NTLM)
6. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
Virtual Private Network (VPN)
Syslog
gateway
Whois
7. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
payload
key exchange protocol
ECHO reply
Transport Layer Security (TLS)
8. ICMP Type/Code 8
Methodology
Wi-Fi Protected Access (WPA)
802.11 i
Echo request
9. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
RxBoot
spoofing
Trapdoor Function
Internet Control Message Protocol (ICMP)
10. An organized collection of data.
Database
A R
Internet Protocol Security (IPSec) architecture
security breach or security incident
11. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
Archive
HTTP
secure channel
Acceptable Use Policy (AUP)
12. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
NetBSD
Media Access Control (MAC)
initial sequence number (ISN)
Multipurpose Internet Mail Extensions (MIME)
13. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
initial sequence number (ISN)
personal identification number (PIN)
piggybacking
impersonation
14. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Defense in Depth
Discretionary Access Control (DAC)
phishing
Annualized Loss Expectancy (ALE)
15. A free and popular version of the Unix operating system.
Internet service provider (ISP)
hacktivism
intrusion prevention system (IPS)
FreeBSD
16. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
network operations center (NOC)
nslookup
Finding a directory listing and gaining access to a parent or root file for access to other files
Access Control List (ACL)
17. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
overt channel
-sR
queue
Information Technology Security Evaluation Criteria (ITSEC)
18. ACK Scan
-sA
Certificate Authority (CA)
session splicing
Telnet
19. Microsoft SID 500
Local Administrator
Algorithm
secure channel
Internet Protocol Security (IPSec) architecture
20. TCP Ping
-PT
DNS enumeration
-sF
-sL
21. A social-engineering attack using computer resources - such as e-mail or IRC.
Password Authentication Protocol (PAP)
NetBSD
phishing
Computer-Based Attack
22. Another term for firewalking
Accountability
port knocking
Filter
steganography
23. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
sidejacking
physical security
security bulletins
Methodology
24. Name given to expert groups that handle computer security incidents.
Computer Emergency Response Team (CERT)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Internet Protocol (IP)
protocol
25. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Eavesdropping
Tunnel
Competitive Intelligence
Internet Assigned Number Authority (IANA)
26. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
Asset
overt channel
-sL
Application-Level Attacks
27. An adapter that provides the physical connection to send and receive data between the computer and the network media.
SMB
Due Diligence
network interface card (NIC)
Digital Signature
28. Injecting traffic into the network to identify the operating system of a device.
identity theft
File Allocation Table (FAT)
gap analysis
Active Fingerprinting
29. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
Internet Protocol Security (IPSec) architecture
segment
Banner Grabbing
honeypot
30. ICMP Ping
Tumbling
Cryptographic Key
Internet service provider (ISP)
-PI
31. A tool that helps a company to compare its actual performance with its potential performance.
Discretionary Access Control (DAC)
port knocking
RID Resource identifier
gap analysis
32. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Tiger Team
Asymmetric
Archive
infrastructure mode
33. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
-sA
Presentation layer
Anonymizer
Pretty Good Privacy (PGP)
34. The combination of all IT assets - resources - components - and systems.
Request for Comments (RFC)
Information Technology (IT) infrastructure
Block Cipher
rootkit
35. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Network Address Translation (NAT)
reverse social engineering
Brute-Force Password Attack
War Driving
36. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
Community String
OpenBSD
CNAME record
User Datagram Protocol (UDP)
37. 18 U.S.C. 1029
risk
Auditing
Possession of access devices
Virtual Private Network (VPN)
38. The art and science of creating a covert message or image within another message - image - audio - or video file.
Anonymizer
HTTP tunneling
-sL
steganography
39. A data encryption/decryption program often used for e-mail and file storage.
A R
Pretty Good Privacy (PGP)
limitation of liability and remedies
Malware
40. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
suicide hacker
Sign in Seal
pattern matching
Wireless Local Area Network (WLAN)
41. The process of using easily accessible DNS records to map a target network's internal hosts.
Tiger Team
File Allocation Table (FAT)
DNS enumeration
Exposure Factor
42. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
Bit Flipping
Self Replicating
DNS
43. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
Password Authentication Protocol (PAP)
-PI
A R
The automated process of proactively identifying vulnerabilities of computing systems present in a network
44. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
sheepdip
pattern matching
spoofing
Trusted Computer System Evaluation Criteria (TCSEC)
45. Metamorphic Virus
National Security Agency
Domain Name System (DNS) lookup
impersonation
Self Replicating
46. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Authentication Header (AH)
Asymmetric
logic bomb
Confidentiality
47. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
security breach or security incident
Secure Multipurpose Mail Extension (S/MIME)
Domain Name System (DNS) lookup
Wi-Fi Protected Access (WPA)
48. The concept of having more than one person required to complete a task
separation of duties
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Auditing
Cookie
49. TCP SYN Scan
initial sequence number (ISN)
RID Resource identifier
Covert Channel
-sS
50. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
shrink-wrap code attacks
site survey
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
firewalking