SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Port 137/138/139
network tap
Secure Sockets Layer (SSL)
SMB
Annualized Loss Expectancy (ALE)
2. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
Videocipher II Satellite Encryption System
Asset
Virus Hoax
Event
3. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
overt channel
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Timestamping
Internet Protocol Security (IPSec) architecture
4. Vulnerability Scanning
remote procedure call (RPC)
nslookup
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Mantrap
5. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Syslog
Contingency Plan
Wi-Fi
-sA
6. Window Scan
-sW
Annualized Loss Expectancy (ALE)
logic bomb
Password Authentication Protocol (PAP)
7. Black box test
Buffer Overflow
No previous knowledge of the network
Antivirus (AV) software
Detective Controls
8. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Virtual Local Area Network (VLAN)
Data Encryption Standard (DES)
hardware keystroke logger
remote access
9. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Backdoor
Media Access Control (MAC)
A S
Exploit
10. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
Worm
Presentation layer
Sign in Seal
gray box testing
11. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
Multipartite virus
Redundant Array of Independent Disks (RAID)
Open System Interconnection (OSI) Reference Model
A procedure for identifying active hosts on a network.
12. An organized collection of data.
halo effect
Client
Database
Hypertext Transfer Protocol (HTTP)
13. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
port knocking
Wrapper
network access server
Decryption
14. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
Point-to-Point Protocol (PPP)
Wi-Fi Protected Access (WPA)
Virus Hoax
private network address
15. Policy stating what users of a system can and cannot do with the organization's assets.
Acceptable Use Policy (AUP)
hot site
reconnaissance
Local Administrator
16. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
Biometrics
quantitative risk assessment
router
logic bomb
17. Idlescan
Post Office Protocol 3 (POP3)
Trojan Horse
-sI
Master boot record infector
18. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Ethernet
intranet
Mantrap
XOR Operation
19. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
Vulnerability Scanning
Service Set Identifier (SSID)
Point-to-Point Tunneling Protocol (PPTP)
ISO 17799
20. A method of external testing whereby several systems or resources are used together to effect an attack.
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
SID
Daisy Chaining
Cold Site
21. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
Secure Sockets Layer (SSL)
National Security Agency
intrusion detection system (IDS)
Digital Signature
22. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
secure channel
Internet service provider (ISP)
open source
23. A defined measure of service within a network system
quality of service (QoS)
Black Hat
Data Link layer
Simple Network Management Protocol (SNMP)
24. A social-engineering attack that manipulates the victim into calling the attacker for help.
firewall
Level I assessment
Information Technology (IT) asset criticality
reverse social engineering
25. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
piggybacking
Request for Comments (RFC)
Defense in Depth
26. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
Authentication Header (AH)
Virtual Local Area Network (VLAN)
packet
Tumbling
27. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
Application Layer
reverse social engineering
infrastructure mode
inference attack
28. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Service Set Identifier (SSID)
Telnet
firewalking
Zero Subnet
29. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
National Security Agency
DNS
single loss expectancy (SLE)
remote procedure call (RPC)
30. Ports 20/21
payload
National Security Agency
firewalking
FTP
31. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
social engineering
physical security
War Chalking
Zombie
32. Injecting traffic into the network to identify the operating system of a device.
false rejection rate (FRR)
Accountability
Active Fingerprinting
Brute-Force Password Attack
33. A business - government agency - or educational institution that provides access to the Internet.
Common Internet File System/Server Message Block
patch
Internet service provider (ISP)
Fiber Distributed Data Interface (FDDI)
34. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
International Organization for Standardization (ISO)
Backdoor
Address Resolution Protocol (ARP)
Network Basic Input/Output System (NetBIOS)
35. A portion of memory used to temporarily store output or input data.
Cloning
heuristic scanning
Buffer
-oG
36. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Rijndael
impersonation
Level I assessment
Internet service provider (ISP)
37. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
honeynet
private network address
Blowfish
Timestamping
38. Another term for firewalking
parallel scan & 300 sec timeout & 1.25 sec/probe
Virus
port knocking
Digital Watermarking
39. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
Lightweight Directory Access Protocol (LDAP)
Routing Protocol
flood
Internet Protocol (IP)
40. A virus written in a macro language and usually embedded in document or spreadsheet files.
packet filtering
Information Technology (IT) asset valuation
-p <port ranges>
Macro virus
41. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
War Driving
ad hoc mode
queue
Cloning
42. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
nslookup
Black Box Testing
Distributed DoS (DDoS)
Computer-Based Attack
43. TCP Ping
Information Technology (IT) infrastructure
Block Cipher
-PT
User Datagram Protocol (UDP)
44. A communications protocol used for browsing the Internet.
Access Creep
-sT
Hypertext Transfer Protocol (HTTP)
Computer Emergency Response Team (CERT)
45. Attacks on the actual programming code of an application.
Bluetooth
Information Technology Security Evaluation Criteria (ITSEC)
packet
Application-Level Attacks
46. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
SYN flood attack
Black Box Testing
remote procedure call (RPC)
-sS
47. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Methodology
SOA record
physical security
Confidentiality
48. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
phishing
Due Care
-sS
Authorization
49. Wrapper or Binder
Real application encompassing Trojan
Vulnerability
Digital Watermarking
Unicode
50. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
site survey
Serial Line Internet Protocol (SLIP)
Wired Equivalent Privacy (WEP)
Electronic Code Book (ECB)