SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Phases of an attack
LDAP
Demilitarized Zone (DMZ)
Countermeasures
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
2. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Point-to-Point Protocol (PPP)
Vulnerability
White Box Testing
Virus Hoax
3. White hat
Methodology
Electronic serial number
Hacks with permission
S
4. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption
forwarding
public key
Algorithm
separation of duties
5. A string that represents the location of a web resource
Uniform Resource Locator (URL)
Hypertext Transfer Protocol Secure (HTTPS)
Cookie
Warm Site
6. The conveying of official access or legal power to a person or entity.
Authorization
Written Authorization
serialize scans & 0.4 sec wait
Interior Gateway Protocol (IGP)
7. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
Network Basic Input/Output System (NetBIOS)
gray box testing
Domain Name System (DNS) cache poisoning
impersonation
8. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.
Decryption
Timestamping
Ethernet
Backdoor
9. Name given to expert groups that handle computer security incidents.
Open System Interconnection (OSI) Reference Model
Droppers
Computer Emergency Response Team (CERT)
Web Spider
10. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
-oA
hybrid attack
Self Replicating
Digital Signature
11. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
Destination Unreachable
Asymmetric
footprinting
Information Technology Security Evaluation Criteria (ITSEC)
12. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Tini
Redundant Array of Independent Disks (RAID)
rootkit
13. Another term for firewalking
-sI
port knocking
Internet Protocol (IP)
Fraud and related activity in connection with computers
14. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Computer-Based Attack
Level II assessment
Transmission Control Protocol (TCP)
INFOSEC Assessment Methodology (IAM)
15. Aggressive scan timing
logic bomb
Due Care
Address Resolution Protocol (ARP)
parallel scan & 300 sec timeout & 1.25 sec/probe
16. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
session hijacking
protocol
Cold Site
red team
17. The art and science of creating a covert message or image within another message - image - audio - or video file.
Secure Multipurpose Mail Extension (S/MIME)
Buffer Overflow
steganography
Active Attack
18. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Transmission Control Protocol (TCP)
Password Authentication Protocol (PAP)
National Security Agency
penetration testing
19. A file system used by the Mac OS.
heuristic scanning
Wide Area Network (WAN)
packet
Hierarchical File System (HFS)
20. nmap
Due Diligence
A
--randomize_hosts -O OS fingerprinting
Three-Way (TCP) Handshake
21. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
Due Care
Access Creep
halo effect
R
22. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
NOP
Wi-Fi Protected Access (WPA)
HTTP
hashing algorithm
23. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Transmission Control Protocol (TCP)
Trojan Horse
scope creep
-PB
24. A program designed to execute at a specific time to release malicious code onto the computer system or network.
Detective Controls
session splicing
DNS
Time Bomb
25. A small Trojan program that listens on port 777.
-sR
Tini
Bluejacking
-sF
26. A routing protocol developed to be used within a single organization.
footprinting
sniffer
replay attack
Interior Gateway Protocol (IGP)
27. The lack of clocking (imposed time ordering) on a bit stream.
route
Domain Name System (DNS) lookup
Asynchronous
gap analysis
28. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
SMB
Internet service provider (ISP)
rootkit
Domain Name System (DNS)
29. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
Countermeasures
Replacing numbers in a url to access other files
OpenBSD
Tunneling Virus
30. MAC Flooding
Overwhelm CAM table to convert switch to hub mode
Finger
Asymmetric
Ethernet
31. Ports 20/21
SOA record
hashing algorithm
human-based social engineering
FTP
32. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
sidejacking
Active Directory (AD)
Internet service provider (ISP)
Authentication - Authorization - and Accounting (AAA)
33. The ability to trace actions performed on a system to a specific user or system entity.
Accountability
Buffer Overflow
Bluetooth
Open System Interconnection (OSI) Reference Model
34. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
DNS enumeration
Denial of Service (DoS)
SAM
Bastion host
35. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
Tunneling
Target Of Engagement (TOE)
payload
Mantrap
36. A device on a network.
Directory Traversal
Trojan Horse
rootkit
node
37. IP Protocol Scan
-sO
Digital Signature
Anonymizer
Service Set Identifier (SSID)
38. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
script kiddie
packet filtering
Annualized Loss Expectancy (ALE)
hashing algorithm
39. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
firewalking
Active Fingerprinting
Access Creep
shoulder surfing
40. The Security Accounts Manager file in Windows stores all the password hashes for the system.
SAM
Cold Site
gap analysis
false rejection rate (FRR)
41. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
passive attack
Electronic Code Book (ECB)
serialize scans & 0.4 sec wait
POST
42. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
session hijacking
Sign in Seal
Auditing
Internet Protocol Security (IPSec) architecture
43. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Bluetooth
Black Hat
End User Licensing Agreement (EULA)
Temporal Key Integrity Protocol (TKIP)
44. A denial-of-service technique that uses numerous hosts to perform the attack.
serial scan & 300 sec wait
Syslog
Distributed DoS (DDoS)
phishing
45. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Multipartite virus
CIA triangle
Countermeasures
limitation of liability and remedies
46. ICMP Timestamp
Brute-Force Password Attack
Certificate Authority (CA)
Last In First Out (LIFO)
-PP
47. The default network authentication suite of protocols for Windows NT 4.0
Interior Gateway Protocol (IGP)
Brute-Force Password Attack
NT LAN Manager (NTLM)
Unicode
48. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all
Biometrics
Routing Information Protocol (RIP)
impersonation
Electronic Code Book (ECB)
49. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
LDAP
Zero Subnet
Directory Traversal
Routing Protocol
50. A virus that plants itself in a system's boot sector and infects the master boot record.
qualitative analysis
Annualized Loss Expectancy (ALE)
Boot Sector Virus
network tap