SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Ciphertext
Cloning
NetBus
2. Nmap ml output
-oX
risk assessment
-b
intrusion detection system (IDS)
3. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
Domain Name
Local Administrator
false rejection rate (FRR)
Zenmap
4. Nmap grepable output
-oN
-PP
Unicode
-oG
5. nmap all output
ad hoc mode
-oA
self encrypting
Buffer Overflow
6. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
stream cipher
Back orifice
MD5
A S
7. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
replay attack
routed protocol
infrastructure mode
8. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
role-based access control
Bastion host
footprinting
intranet
9. Cracking Tools
Algorithm
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Countermeasures
Virtual Local Area Network (VLAN)
10. Vulnerability Scanning
Fraud and related activity in connection with computers
Routing Protocol
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Covert Channel
11. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
protocol
Ethernet
Cookie
Authentication - Authorization - and Accounting (AAA)
12. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
Certificate
Demilitarized Zone (DMZ)
router
Kerberos
13. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
remote procedure call (RPC)
key exchange protocol
Cold Site
Interior Gateway Protocol (IGP)
14. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Buffer Overflow
risk acceptance
ECHO reply
hash
15. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
End User Licensing Agreement (EULA)
logic bomb
risk assessment
Virtual Local Area Network (VLAN)
16. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
smart card
POST
local area network (LAN)
Cryptographic Key
17. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
halo effect
ping sweep
Discretionary Access Control (DAC)
signature scanning
18. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Transport Layer Security (TLS)
Ciphertext
R
Temporal Key Integrity Protocol (TKIP)
19. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
Fiber Distributed Data Interface (FDDI)
Finger
network operations center (NOC)
Interior Gateway Protocol (IGP)
20. Paranoid scan timing
serial scan & 300 sec wait
reverse social engineering
fully qualified domain name (FQDN)
reverse lookup; reverse DNS lookup
21. Controls to detect anomalies or undesirable events occurring on a system.
Detective Controls
risk assessment
LDAP
Finger
22. A computer file system architecture used in Windows - OS/2 - and most memory cards.
Methodology
File Allocation Table (FAT)
rogue access point
Access Creep
23. A software or hardware defect that often results in system vulnerabilities.
social engineering
secure channel
Archive
Bug
24. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
Virtual Local Area Network (VLAN)
encryption
asynchronous transmission
Network Basic Input/Output System (NetBIOS)
25. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
Ethical Hacker
Kerberos
Hacks without permission
enumeration
26. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
Active Directory (AD)
suicide hacker
Sign in Seal
NOP
27. A file system used by the Mac OS.
Hierarchical File System (HFS)
Domain Name System (DNS) lookup
shoulder surfing
SSH
28. A wireless networking mode where all clients connect to the wireless network through a central access point.
infrastructure mode
Last In First Out (LIFO)
HIDS
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
29. A document describing information security guidelines - policies - procedures - and standards.
Asynchronous
Archive
Information Technology (IT) security architecture and framework
single loss expectancy (SLE)
30. Directing a protocol from one port to another.
Uniform Resource Locator (URL)
port redirection
Data Encryption Standard (DES)
Network Basic Input/Output System (NetBIOS)
31. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
fully qualified domain name (FQDN)
Secure Multipurpose Mail Extension (S/MIME)
footprinting
firewalking
32. A type of malware that covertly collects information about a user.
spyware
Wired Equivalent Privacy (WEP)
War Dialing
Media Access Control (MAC)
33. A host designed to collect data on suspicious activity.
suicide hacker
serial scan & 300 sec wait
honeypot
replay attack
34. Attacks on the actual programming code of an application.
Application-Level Attacks
Covert Channel
Vulnerability Scanning
rogue access point
35. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Tunneling Virus
private key
protocol
OpenBSD
36. Computer software or hardware that can intercept and log traffic passing over a digital network.
Finger
Daisy Chaining
sniffer
SID
37. A device providing temporary - on-demand - point-to-point network access to users.
risk
firewall
initial sequence number (ISN)
network access server
38. Port 137/138/139
Extensible Authentication Protocol (EAP)
port scanning
HTTP
SMB
39. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Filter
Echo request
S
Data Encryption Standard (DES)
40. 18 U.S.C. 1030
hybrid attack
Fraud and related activity in connection with computers
-oN
protocol
41. Ports 20/21
War Chalking
FTP
Decryption
shoulder surfing
42. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
Presentation layer
payload
Boot Sector Virus
Domain Name System (DNS)
43. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
security kernel
Cold Site
Password Authentication Protocol (PAP)
Electronic serial number
44. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
Banner Grabbing
Copyright
Electronic Code Book (ECB)
self encrypting
45. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Vulnerability Assessment
spyware
queue
Point-to-Point Tunneling Protocol (PPTP)
46. A point of reference used to mark an initial state in order to manage change.
out-of-band signaling
Threat
Baseline
rule-based access control
47. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
Wi-Fi
EDGAR database
Zombie
nslookup
48. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
Trapdoor Function
MD5
Local Administrator
heuristic scanning
49. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
Access Creep
Domain Name System (DNS)
Third Party
identity theft
50. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.
null session
Temporal Key Integrity Protocol (TKIP)
source routing
security controls