SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Microsoft SID 500
Collision Domain
Cryptography
Local Administrator
RxBoot
2. Black box test
No previous knowledge of the network
Confidentiality
Redundant Array of Independent Disks (RAID)
Google hacking
3. List Scan
protocol stack
remote procedure call (RPC)
stream cipher
-sL
4. A type of malware that covertly collects information about a user.
Internet Control Message Protocol (ICMP)
identity theft
spyware
sniffer
5. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
LDAP
-oA
polymorphic virus
Virtual Local Area Network (VLAN)
6. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
-sO
Data Link layer
Point-to-Point Protocol (PPP)
Trusted Computer System Evaluation Criteria (TCSEC)
7. CAN-SPAM
overt channel
Crossover Error Rate (CER)
Defines legal email marketing
Internet Protocol Security (IPSec) architecture
8. A computer network confined to a relatively small area - such as a single building or campus.
Defense in Depth
local area network (LAN)
honeypot
Virus Hoax
9. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Daisy Chaining
Multipurpose Internet Mail Extensions (MIME)
separation of duties
Cracker
10. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Internet service provider (ISP)
security incident response team (SIRT)
Cookie
Point-to-Point Tunneling Protocol (PPTP)
11. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
Internet Control Message Protocol (ICMP)
ad hoc mode
POST
Access Point (AP)
12. Another term for firewalking
network interface card (NIC)
port knocking
Wired Equivalent Privacy (WEP)
DNS
13. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Authorization
hashing algorithm
impersonation
packet
14. Nmap normal output
Fast Ethernet
role-based access control
Challenge Handshake Authentication Protocol (CHAP)
-oN
15. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Information Technology (IT) asset valuation
protocol
reverse social engineering
Banner Grabbing
16. Aggressive scan timing
routed protocol
fully qualified domain name (FQDN)
risk assessment
parallel scan & 300 sec timeout & 1.25 sec/probe
17. ICMP Netmask
-PM
payload
Asymmetric Algorithm
Asymmetric
18. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Wi-Fi Protected Access (WPA)
risk avoidance
DNS
shoulder surfing
19. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).
Vulnerability
passive attack
Hypertext Transfer Protocol Secure (HTTPS)
fragmentation
20. Nmap ml output
LDAP
-oX
inference attack
Virtual Local Area Network (VLAN)
21. Normal scan timing
node
parallel scan
Eavesdropping
Archive
22. Insane scan timing
ping sweep
reverse lookup; reverse DNS lookup
parallel scan & 75 sec timeout & 0.3 sec/probe
HTTP
23. Policy stating what users of a system can and cannot do with the organization's assets.
Acceptable Use Policy (AUP)
Overwhelm CAM table to convert switch to hub mode
RPC-DCOM
Media Access Control (MAC)
24. Version Detection Scan
net use \[target ip]IPC$ '' /user:''
Audit Trail
-sV
Cache
25. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
port knocking
key exchange protocol
human-based social engineering
Information Technology (IT) security architecture and framework
26. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
INFOSEC Assessment Methodology (IAM)
Domain Name System (DNS) cache poisoning
Syslog
Network Basic Input/Output System (NetBIOS)
27. ICMP Timestamp
Authentication
-PP
Zenmap
false negative
28. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
hash
Virus
spoofing
parallel scan & 75 sec timeout & 0.3 sec/probe
29. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
DNS enumeration
Asymmetric
NetBus
-sA
30. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Community String
War Driving
--randomize_hosts -O OS fingerprinting
Filter
31. A group of people - gathered together by a business entity - working to address a specific problem or goal.
Level II assessment
POP 3
Tini
Tiger Team
32. An Application layer protocol for sending electronic mail between servers.
Crossover Error Rate (CER)
Simple Mail Transfer Protocol (SMTP)
reverse lookup; reverse DNS lookup
rule-based access control
33. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
spam
Vulnerability Management
Daemon
Rijndael
34. The condition of a resource being ready for use and accessible by authorized users.
Availability
gray hat
qualitative analysis
false negative
35. Port 389
LDAP
Authorization
Packet Internet Groper (ping)
Simple Object Access Protocol (SOAP)
36. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
Syslog
protocol stack
Detective Controls
-PM
37. Name given to expert groups that handle computer security incidents.
Computer Emergency Response Team (CERT)
serialize scans & 0.4 sec wait
Application-Level Attacks
proxy server
38. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
protocol
Tumbling
local area network (LAN)
public key
39. An adapter that provides the physical connection to send and receive data between the computer and the network media.
-sT
service level agreements (SLAs)
network interface card (NIC)
Client
40. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Challenge Handshake Authentication Protocol (CHAP)
Bastion host
Whois
Zombie
41. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Network Address Translation (NAT)
Simple Mail Transfer Protocol (SMTP)
serial scan & 300 sec wait
Telnet
42. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
Collision Domain
Packet Internet Groper (ping)
parallel scan & 75 sec timeout & 0.3 sec/probe
security bulletins
43. A tool that helps a company to compare its actual performance with its potential performance.
Google hacking
reverse social engineering
Hacks without permission
gap analysis
44. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
Pretty Good Privacy (PGP)
firewall
Data Encryption Standard (DES)
-sS
45. ICMP Type/Code 3-13
Network Address Translation (NAT)
Administratively Prohibited
-sV
inference attack
46. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Worm
Wi-Fi Protected Access (WPA)
Application Layer
rule-based access control
47. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
halo effect
End User Licensing Agreement (EULA)
CNAME record
48. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
Redundant Array of Independent Disks (RAID)
Information Technology (IT) security architecture and framework
Due Diligence
Challenge Handshake Authentication Protocol (CHAP)
49. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
SYN attack
Authorization
Tunneling Virus
Simple Object Access Protocol (SOAP)
50. The change or growth of a project's scope
Bluetooth
scope creep
Adware
port knocking
