SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
spam
steganography
Level II assessment
Malware
2. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
Collision
iris scanner
Information Technology (IT) asset criticality
Whois
3. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
ping sweep
Discretionary Access Control (DAC)
piggybacking
POP 3
4. MAC Flooding
-p <port ranges>
Service Set Identifier (SSID)
U P F
Overwhelm CAM table to convert switch to hub mode
5. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
role-based access control
Eavesdropping
security breach or security incident
Methodology
6. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Rijndael
A
Exposure Factor
NetBSD
7. Normal scan timing
Zenmap
local area network (LAN)
Local Administrator
parallel scan
8. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
security controls
-PP
Replacing numbers in a url to access other files
Certificate
9. A routing protocol developed to be used within a single organization.
Interior Gateway Protocol (IGP)
Covert Channel
SYN flood attack
Secure Sockets Layer (SSL)
10. Port 137/138/139
SMB
operating system attack
SYN attack
private network address
11. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
-sA
Interior Gateway Protocol (IGP)
Redundant Array of Independent Disks (RAID)
rootkit
12. The conveying of official access or legal power to a person or entity.
Application Layer
Authorization
Malware
Copyright
13. The transmission of digital signals without precise clocking or synchronization.
polymorphic virus
Authentication
Ethical Hacker
asynchronous transmission
14. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
sniffer
Authentication
MD5
Multipurpose Internet Mail Extensions (MIME)
15. A file system used by the Mac OS.
Ciphertext
Hierarchical File System (HFS)
-sF
Active Directory (AD)
16. ICMP Ping
Discretionary Access Control (DAC)
Client
Ethernet
-PI
17. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
Console Port
spoofing
session splicing
Defense in Depth
18. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Secure Multipurpose Mail Extension (S/MIME)
Threat
INFOSEC Assessment Methodology (IAM)
Virtual Private Network (VPN)
19. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Real application encompassing Trojan
Port Address Translation (PAT)
Unicode
payload
20. The concept of having more than one person required to complete a task
Audit Trail
Accountability
separation of duties
Warm Site
21. A virus that plants itself in a system's boot sector and infects the master boot record.
encryption
Boot Sector Virus
Database
single loss expectancy (SLE)
22. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
source routing
Interior Gateway Protocol (IGP)
-oX
Domain Name System (DNS) cache poisoning
23. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
network access server
suicide hacker
-PB
site survey
24. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
Internet Protocol (IP)
Telnet
DNS enumeration
TACACS
25. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
-sI
halo effect
International Organization for Standardization (ISO)
Sign in Seal
26. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
passive attack
NetBSD
Multipurpose Internet Mail Extensions (MIME)
Simple Object Access Protocol (SOAP)
27. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
passive attack
Bluesnarfing
Wired Equivalent Privacy (WEP)
Request for Comments (RFC)
28. Black box test
No previous knowledge of the network
Routing Information Protocol (RIP)
Internal access to the network
Annualized Loss Expectancy (ALE)
29. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
SMB
Rijndael
Network Address Translation (NAT)
Blowfish
30. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Acknowledgment (ACK)
rogue access point
single loss expectancy (SLE)
Point-to-Point Tunneling Protocol (PPTP)
31. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
RID Resource identifier
Lightweight Directory Access Protocol (LDAP)
reverse lookup; reverse DNS lookup
War Dialing
32. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
DNS enumeration
A R
node
Copyright
33. The potential for damage to or loss of an IT asset
risk
404EE
Collision Domain
Uniform Resource Locator (URL)
34. A defined measure of service within a network system
A R
-sS
Accountability
quality of service (QoS)
35. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
Blowfish
Wi-Fi
Time To Live (TTL)
Boot Sector Virus
36. NSA
National Security Agency
Crossover Error Rate (CER)
overt channel
enumeration
37. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
NOP
Open System Interconnection (OSI) Reference Model
sidejacking
Wireless Local Area Network (WLAN)
38. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Internet Assigned Number Authority (IANA)
Application-Level Attacks
Written Authorization
public key infrastructure (PKI)
39. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
open source
Tiger Team
Internet service provider (ISP)
Ciphertext
40. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
Common Internet File System/Server Message Block
Data Link layer
Crossover Error Rate (CER)
Electronic serial number
41. RPC Scan
-oX
gap analysis
Telnet
-sR
42. A program designed to execute at a specific time to release malicious code onto the computer system or network.
Common Internet File System/Server Message Block
War Driving
Level II assessment
Time Bomb
43. Phases of an attack
hashing algorithm
ECHO reply
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
End User Licensing Agreement (EULA)
44. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
piggybacking
Kerberos
Block Cipher
promiscuous mode
45. Controls to detect anomalies or undesirable events occurring on a system.
Database
Extensible Authentication Protocol (EAP)
Certificate
Detective Controls
46. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
non-repudiation
Access Control List (ACL)
-sI
POP 3
47. Two or more LANs connected by a high-speed line across a large geographical area.
Auditing
fragmentation
Wide Area Network (WAN)
SYN flood attack
48. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
Zone transfer
Access Creep
rogue access point
Due Diligence
49. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
Password Authentication Protocol (PAP)
inference attack
Exploit
piggybacking
50. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
firewalking
Client
risk transference
Internet Assigned Number Authority (IANA)
