SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
secure channel
FreeBSD
key exchange protocol
Ciphertext
2. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
A S
footprinting
802.11 i
-sP
3. TCP SYN Scan
Routing Information Protocol (RIP)
-sS
Defines legal email marketing
proxy server
4. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
Black Hat
out-of-band signaling
Acceptable Use Policy (AUP)
SID
5. An attack that exploits the common mistake many people make when installing operating systems
symmetric encryption
operating system attack
CNAME record
Time To Live (TTL)
6. The lack of clocking (imposed time ordering) on a bit stream.
-sT
Routing Information Protocol (RIP)
Asynchronous
Asymmetric
7. Recording the time - normally in a log file - when an event happens or when information is created or modified.
802.11
Bluetooth
Zero Subnet
Timestamping
8. A group of experts that handles computer security incidents.
Virtual Private Network (VPN)
Data Encryption Standard (DES)
Virus Hoax
security incident response team (SIRT)
9. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
initial sequence number (ISN)
phishing
NOP
Network Address Translation (NAT)
10. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Kerberos
War Driving
Countermeasures
Minimum acceptable level of risk
11. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
symmetric encryption
Back orifice
Last In First Out (LIFO)
False Acceptance Rate (FAR)
12. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
Corrective Controls
TACACS
POST
protocol stack
13. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
User Datagram Protocol (UDP)
War Dialing
Defense in Depth
White Box Testing
14. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Eavesdropping
hashing algorithm
Vulnerability Scanning
Brute-Force Password Attack
15. Hex 29
U P F
Vulnerability
-sS
reverse lookup; reverse DNS lookup
16. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Cloning
CAM table
Denial of Service (DoS)
Password Authentication Protocol (PAP)
17. The conveying of official access or legal power to a person or entity.
Fraud and related activity in connection with computers
Authorization
Digital Watermarking
Trusted Computer System Evaluation Criteria (TCSEC)
18. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
shoulder surfing
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Hypertext Transfer Protocol Secure (HTTPS)
network operations center (NOC)
19. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
honeypot
ad hoc mode
Presentation layer
risk acceptance
20. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
rogue access point
Open System Interconnection (OSI) Reference Model
Three-Way (TCP) Handshake
Secure Multipurpose Mail Extension (S/MIME)
21. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Telnet
Digital Certificate
Access Creep
session splicing
22. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
ISO 17799
RPC-DCOM
limitation of liability and remedies
Application Layer
23. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
RxBoot
-oG
non-repudiation
fully qualified domain name (FQDN)
24. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Level II assessment
Rijndael
Real application encompassing Trojan
Multipurpose Internet Mail Extensions (MIME)
25. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Information Technology Security Evaluation Criteria (ITSEC)
Wi-Fi
Internet Protocol (IP)
Decryption
26. The art and science of creating a covert message or image within another message - image - audio - or video file.
steganography
Access Control List (ACL)
Simple Network Management Protocol (SNMP)
Dumpster Diving
27. nmap
human-based social engineering
National Security Agency
Antivirus (AV) software
--randomize_hosts -O OS fingerprinting
28. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
Zone transfer
Hypertext Transfer Protocol Secure (HTTPS)
honeypot
Banner Grabbing
29. A protocol that allows a client computer to request services from a server and the server to return the results.
penetration testing
private network address
remote procedure call (RPC)
session splicing
30. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
honeynet
network interface card (NIC)
Network Basic Input/Output System (NetBIOS)
Directory Traversal
31. A software or hardware application or device that captures user keystrokes.
Address Resolution Protocol (ARP)
session hijacking
keylogger
FTP
32. Two or more LANs connected by a high-speed line across a large geographical area.
reverse social engineering
RID Resource identifier
Wide Area Network (WAN)
false rejection rate (FRR)
33. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
Confidentiality
intrusion prevention system (IPS)
Electronic Code Book (ECB)
Denial of Service (DoS)
34. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
Defense in Depth
stream cipher
RPC-DCOM
honeypot
35. Network Scanning
identity theft
hacktivism
A procedure for identifying active hosts on a network.
--randomize_hosts -O OS fingerprinting
36. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Temporal Key Integrity Protocol (TKIP)
-sO
Zenmap
Third Party
37. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
Mantrap
Overwhelm CAM table to convert switch to hub mode
port scanning
overt channel
38. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
footprinting
MD5
Brute-Force Password Attack
parallel scan & 75 sec timeout & 0.3 sec/probe
39. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
Droppers
serialize scans & 15 sec wait
rogue access point
open source
40. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
RPC-DCOM
Ethical Hacker
Vulnerability Assessment
Three-Way (TCP) Handshake
41. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
scope creep
NOP
Secure Multipurpose Mail Extension (S/MIME)
Institute of Electrical and Electronics Engineers (IEEE)
42. A systematic process for the assessment of security vulnerabilities.
limitation of liability and remedies
INFOSEC Assessment Methodology (IAM)
scope creep
reconnaissance
43. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
logic bomb
Asymmetric Algorithm
Trusted Computer System Evaluation Criteria (TCSEC)
stateful packet filtering
44. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption
single loss expectancy (SLE)
Echo request
Cryptographic Key
Algorithm
45. Window Scan
Media Access Control (MAC)
-sW
Bluetooth
NetBus
46. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
overt channel
Data Link layer
port knocking
Common Internet File System/Server Message Block
47. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Acceptable Use Policy (AUP)
Backdoor
Wi-Fi Protected Access (WPA)
reverse social engineering
48. Any item of value or worth to an organization - whether physical or virtual.
Request for Comments (RFC)
Videocipher II Satellite Encryption System
Asset
SYN flood attack
49. Evaluation in which testers attempt to penetrate the network.
Hacks without permission
site survey
polymorphic virus
Level III assessment
50. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Cracker
Information Technology (IT) asset criticality
Cryptography
Port Address Translation (PAT)