SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCP Ping
Simple Object Access Protocol (SOAP)
Acknowledgment (ACK)
-PT
R
2. A type of malware that covertly collects information about a user.
stateful packet filtering
spyware
gray hat
heuristic scanning
3. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
session hijacking
Challenge Handshake Authentication Protocol (CHAP)
Assessment
Internet Protocol (IP)
4. A data encryption/decryption program often used for e-mail and file storage.
Covert Channel
Asymmetric Algorithm
Virus
Pretty Good Privacy (PGP)
5. An Internet routing protocol used to exchange routing information within an autonomous system.
Distributed DoS (DDoS)
Port Address Translation (PAT)
Interior Gateway Protocol (IGP)
Pretty Good Privacy (PGP)
6. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
Replacing numbers in a url to access other files
sidejacking
fully qualified domain name (FQDN)
Active Directory (AD)
7. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
-p <port ranges>
security controls
CAM table
Syslog
8. ICMP Type/Code 0-0
Echo Reply
Asymmetric Algorithm
Institute of Electrical and Electronics Engineers (IEEE)
Information Technology Security Evaluation Criteria (ITSEC)
9. ICMP Type/Code 3
Daemon
Destination Unreachable
shoulder surfing
Network Basic Input/Output System (NetBIOS)
10. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Kerberos
remote procedure call (RPC)
Minimum acceptable level of risk
Syslog
11. A Windows-based GUI version of nmap.
Overwhelm CAM table to convert switch to hub mode
Zenmap
router
Vulnerability
12. ICMP Timestamp
Transport Layer Security (TLS)
Wi-Fi
-PP
Mantrap
13. Hex 12
hot site
Administratively Prohibited
White Box Testing
A S
14. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
gap analysis
EDGAR database
Assessment
Due Diligence
15. Vulnerability Scanning
Timestamping
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Administratively Prohibited
Defense in Depth
16. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Accountability
802.11 i
-p <port ranges>
Data Encryption Standard (DES)
17. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
Password Authentication Protocol (PAP)
Syslog
Interior Gateway Protocol (IGP)
Possession of access devices
18. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Bit Flipping
gray hat
Asymmetric
Point-to-Point Tunneling Protocol (PPTP)
19. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Time exceeded
Information Technology (IT) security architecture and framework
firewalking
Biometrics
20. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Hierarchical File System (HFS)
Cloning
Packet Internet Groper (ping)
-sU
21. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
Wide Area Network (WAN)
forwarding
Ethernet
User Datagram Protocol (UDP)
22. The act of dialing all numbers within an organization to discover open modems.
Finger
rootkit
local area network (LAN)
War Dialing
23. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
smart card
RID Resource identifier
Whois
Man-in-the-middle attack
24. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
firewalking
-sI
Contingency Plan
White Box Testing
25. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
NetBSD
-sP
Web Spider
Daisy Chaining
26. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
ad hoc mode
risk
integrity
Network Basic Input/Output System (NetBIOS)
27. ICMP Type/Code 3-13
R
Blowfish
Trusted Computer Base (TCB)
Administratively Prohibited
28. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Audit Trail
Threat
Adware
Multipurpose Internet Mail Extensions (MIME)
29. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Network Address Translation (NAT)
Decryption
parallel scan & 75 sec timeout & 0.3 sec/probe
Secure Multipurpose Mail Extension (S/MIME)
30. A software or hardware defect that often results in system vulnerabilities.
Database
Telnet
Bug
Contingency Plan
31. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Decryption
hashing algorithm
site survey
patch
32. Hashing algorithm that results in a 128-bit output.
SOA record
Cold Site
Post Office Protocol 3 (POP3)
MD5
33. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
signature scanning
Black Box Testing
Videocipher II Satellite Encryption System
802.11
34. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Cookie
footprinting
rootkit
overt channel
35. The process of recording activity on a system for monitoring and later review.
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Auditing
Active Attack
Hypertext Transfer Protocol Secure (HTTPS)
36. IP Protocol Scan
Level II assessment
Last In First Out (LIFO)
-sO
SID
37. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Mantrap
Cache
Vulnerability Assessment
Daisy Chaining
38. A command used in HTTP and FTP to retrieve a file from a server.
GET
Data Encryption Standard (DES)
Block Cipher
Level III assessment
39. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
non-repudiation
shrink-wrap code attacks
Target Of Engagement (TOE)
Replacing numbers in a url to access other files
40. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Open System Interconnection (OSI) Reference Model
Extensible Authentication Protocol (EAP)
Countermeasures
audit
41. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Adware
router
hybrid attack
ring topology
42. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Black Hat
Unicode
port scanning
hardware keystroke logger
43. Establish Null Session
Authorization
net use \[target ip]IPC$ '' /user:''
Level II assessment
Bit Flipping
44. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
Point-to-Point Protocol (PPP)
Trojan Horse
queue
gateway
45. A computer file system architecture used in Windows - OS/2 - and most memory cards.
-oA
Minimum acceptable level of risk
Vulnerability Management
File Allocation Table (FAT)
46. Nmap ml output
-oX
RID Resource identifier
Asynchronous
Copyright
47. Hex 29
ring topology
impersonation
Discretionary Access Control (DAC)
U P F
48. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
SOA record
Cracker
Network Address Translation (NAT)
Bluetooth
49. Port 22
personal identification number (PIN)
intrusion prevention system (IPS)
SSH
NOP
50. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Electronic Code Book (ECB)
Transmission Control Protocol (TCP)
honeypot
Uniform Resource Locator (URL)
