SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
Cookie
Certificate Authority (CA)
Threat
International Organization for Standardization (ISO)
2. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Zone transfer
Cracker
Telnet
Defines legal email marketing
3. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
polymorphic virus
Vulnerability Management
quantitative risk assessment
Written Authorization
4. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
Asymmetric Algorithm
piggybacking
Application Layer
POST
5. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
spyware
reverse lookup; reverse DNS lookup
-sU
SOA record
6. The steps taken to gather evidence and information on the targets you wish to attack.
security by obscurity
ECHO reply
reconnaissance
packet filtering
7. ICMP Type/Code 3-13
Administratively Prohibited
Cracker
SSH
Three-Way (TCP) Handshake
8. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
Cryptographic Key
Finger
-sL
Community String
9. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Access Control List (ACL)
hashing algorithm
queue
-P0
10. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
802.11
sheepdip
single loss expectancy (SLE)
Digital Signature
11. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
private key
Multipurpose Internet Mail Extensions (MIME)
Local Administrator
SYN attack
12. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
infrastructure mode
Tini
Archive
404EE
13. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Media Access Control (MAC)
flood
spyware
hashing algorithm
14. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
War Chalking
Auditing
NetBSD
fragmentation
15. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Self Replicating
Trojan Horse
Trapdoor Function
Event
16. Controls to detect anomalies or undesirable events occurring on a system.
Detective Controls
Countermeasures
parallel scan & 75 sec timeout & 0.3 sec/probe
risk acceptance
17. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
Secure Sockets Layer (SSL)
Vulnerability
patch
Algorithm
18. A virus that plants itself in a system's boot sector and infects the master boot record.
stateful packet filtering
Boot Sector Virus
Computer-Based Attack
Transport Layer Security (TLS)
19. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
sidejacking
Address Resolution Protocol (ARP) table
reverse lookup; reverse DNS lookup
stream cipher
20. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
Simple Mail Transfer Protocol (SMTP)
Detective Controls
spoofing
Buffer
21. A denial-of-service technique that uses numerous hosts to perform the attack.
risk transference
Distributed DoS (DDoS)
Rijndael
private network address
22. The change or growth of a project's scope
Master boot record infector
port scanning
scope creep
CAM table
23. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
-oN
S
Tini
Droppers
24. Port 53
POST
Availability
DNS
-sV
25. Computer software or hardware that can intercept and log traffic passing over a digital network.
MD5
Application-Level Attacks
Service Set Identifier (SSID)
sniffer
26. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
Due Diligence
hacktivism
Institute of Electrical and Electronics Engineers (IEEE)
Vulnerability Assessment
27. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
Acceptable Use Policy (AUP)
router
parameter tampering
packet
28. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
overt channel
out-of-band signaling
operating system attack
security controls
29. An Application layer protocol for managing devices on an IP network.
FTP
Simple Network Management Protocol (SNMP)
Asymmetric
parallel scan & 75 sec timeout & 0.3 sec/probe
30. White hat
Hacks with permission
802.11
network access server
Time Bomb
31. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
gray box testing
Baseline
Audit Data
Trojan Horse
32. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
Level II assessment
Exploit
Buffer Overflow
firewalking
33. A free and popular version of the Unix operating system.
firewalking
signature scanning
-PM
FreeBSD
34. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
self encrypting
Algorithm
802.11
35. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
firewalking
secure channel
Assessment
spyware
36. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
Audit Data
Multipurpose Internet Mail Extensions (MIME)
non-repudiation
self encrypting
37. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
intranet
stream cipher
service level agreements (SLAs)
encryption
38. A method of external testing whereby several systems or resources are used together to effect an attack.
Asymmetric
Information Technology (IT) asset criticality
Daisy Chaining
replay attack
39. Policy stating what users of a system can and cannot do with the organization's assets.
-sW
Acceptable Use Policy (AUP)
Accountability
404EE
40. A device on a network.
Buffer
node
ping sweep
HTTP tunneling
41. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
role-based access control
quality of service (QoS)
hacktivism
Target Of Engagement (TOE)
42. A portion of memory used to temporarily store output or input data.
Assessment
Time To Live (TTL)
Buffer
Application Layer
43. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Domain Name System (DNS) lookup
Demilitarized Zone (DMZ)
Banner Grabbing
Open System Interconnection (OSI) Reference Model
44. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
Asset
Black Hat
Bluejacking
Virtual Local Area Network (VLAN)
45. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Acknowledgment (ACK)
halo effect
Crossover Error Rate (CER)
Eavesdropping
46. A software or hardware defect that often results in system vulnerabilities.
Discretionary Access Control (DAC)
Bug
Malware
Copyright
47. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
-oX
security by obscurity
CIA triangle
security bulletins
48. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.
-oA
Minimum acceptable level of risk
Baseline
hashing algorithm
49. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
Extensible Authentication Protocol (EAP)
Ethical Hacker
Information Technology (IT) security architecture and framework
non-repudiation
50. Hex 14
Assessment
sniffer
A R
heuristic scanning