SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
Mandatory access control (MAC)
steganography
Daemon
phishing
2. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
sheepdip
EDGAR database
polymorphic virus
Local Administrator
3. A business - government agency - or educational institution that provides access to the Internet.
Due Diligence
Acknowledgment (ACK)
Audit Trail
Internet service provider (ISP)
4. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
Zombie
-sO
Confidentiality
End User Licensing Agreement (EULA)
5. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Zone transfer
Three-Way (TCP) Handshake
Internet Protocol Security (IPSec) architecture
nslookup
6. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
intranet
Anonymizer
Tunneling Virus
-PI
7. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
shoulder surfing
Bastion host
ping sweep
Master boot record infector
8. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
proxy server
National Security Agency
Electronic serial number
patch
9. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
serial scan & 300 sec wait
routed protocol
Presentation layer
Level II assessment
10. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
-sU
hashing algorithm
Extensible Authentication Protocol (EAP)
parameter tampering
11. A routing protocol developed to be used within a single organization.
audit
Domain Name System (DNS) lookup
Interior Gateway Protocol (IGP)
Contingency Plan
12. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Acknowledgment (ACK)
Distributed DoS (DDoS)
rootkit
Asynchronous
13. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
signature scanning
inference attack
Vulnerability Management
audit
14. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
routed protocol
Anonymizer
CNAME record
Target Of Engagement (TOE)
15. Port 161/162
File Transfer Protocol (FTP)
SNMP
Cracker
-PP
16. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
overt channel
Asymmetric
hardware keystroke logger
Annualized Loss Expectancy (ALE)
17. Two or more LANs connected by a high-speed line across a large geographical area.
Transmission Control Protocol (TCP)
Network Address Translation (NAT)
Simple Network Management Protocol (SNMP)
Wide Area Network (WAN)
18. An adapter that provides the physical connection to send and receive data between the computer and the network media.
-b
serialize scans & 15 sec wait
Digital Signature
network interface card (NIC)
19. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
POP 3
session splicing
Zenmap
red team
20. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
Acknowledgment (ACK)
Vulnerability
Echo Reply
21. A device on a network.
node
packet filtering
risk
Collision Domain
22. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
enumeration
Internet Protocol (IP)
physical security
honeynet
23. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
net use \[target ip]IPC$ '' /user:''
NetBSD
-PB
Electronic Code Book (ECB)
24. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
SYN attack
SID
Three-Way (TCP) Handshake
Level II assessment
25. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
Exploit
sidejacking
Mandatory access control (MAC)
role-based access control
26. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
iris scanner
router
Archive
honeynet
27. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
NetBus
-P0
Authentication
quantitative risk assessment
28. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
Point-to-Point Protocol (PPP)
Point-to-Point Tunneling Protocol (PPTP)
remote procedure call (RPC)
NetBus
29. Black hat
Daemon
Hacks without permission
Fraud and related activity in connection with computers
Level III assessment
30. Any network incident that prompts some kind of log entry or other notification.
Event
Password Authentication Protocol (PAP)
session splicing
Wi-Fi Protected Access (WPA)
31. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
key exchange protocol
Vulnerability
logic bomb
Tumbling
32. Describes practices in production and development that promote access to the end product's source materials.
open source
-oX
Videocipher II Satellite Encryption System
Timestamping
33. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
FTP
integrity
null session
Daemon
34. The condition of a resource being ready for use and accessible by authorized users.
Availability
Assessment
router
OpenBSD
35. Nmap normal output
limitation of liability and remedies
Uniform Resource Locator (URL)
Domain Name System (DNS)
-oN
36. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Open System Interconnection (OSI) Reference Model
Institute of Electrical and Electronics Engineers (IEEE)
Digital Certificate
Eavesdropping
37. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Service Set Identifier (SSID)
-PM
Domain Name System (DNS) lookup
Time To Live (TTL)
38. Another term for firewalking
Backdoor
port knocking
ping sweep
private network address
39. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
non-repudiation
Dumpster Diving
phishing
Bit Flipping
40. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
firewall
secure channel
Vulnerability Scanning
Bluesnarfing
41. A Canonical Name record within DNS - used to provide an alias for a domain name.
Detective Controls
piggybacking
suicide hacker
CNAME record
42. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Media Access Control (MAC)
Wi-Fi Protected Access (WPA)
Access Control List (ACL)
Password Authentication Protocol (PAP)
43. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
non-repudiation
Level I assessment
Port Address Translation (PAT)
honeynet
44. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
Black Hat
Cache
RID Resource identifier
Simple Object Access Protocol (SOAP)
45. A protocol for exchanging packets over a serial line.
Cracker
DNS
enumeration
Serial Line Internet Protocol (SLIP)
46. Computer software or hardware that can intercept and log traffic passing over a digital network.
CAM table
network interface card (NIC)
Telnet
sniffer
47. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
Application Layer
intrusion detection system (IDS)
Zenmap
Domain Name System (DNS)
48. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
404EE
Acknowledgment (ACK)
protocol
suicide hacker
49. Establish Null Session
Routing Protocol
Demilitarized Zone (DMZ)
Master boot record infector
net use \[target ip]IPC$ '' /user:''
50. nmap
-p <port ranges>
SOA record
Whois
Virus Hoax