SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Internet Protocol Security (IPSec) architecture
steganography
Interior Gateway Protocol (IGP)
White Box Testing
2. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Warm Site
SYN attack
Discretionary Access Control (DAC)
Wi-Fi Protected Access (WPA)
3. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Covert Channel
halo effect
Uniform Resource Locator (URL)
Wi-Fi
4. Phases of an attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Authorization
Secure Sockets Layer (SSL)
Telnet
5. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
hot site
Eavesdropping
POP 3
Google hacking
6. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Wi-Fi
FTP
Contingency Plan
role-based access control
7. Polite scan timing
Overwhelm CAM table to convert switch to hub mode
serialize scans & 0.4 sec wait
Address Resolution Protocol (ARP)
Auditing
8. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
hash
Cracker
non-repudiation
hashing algorithm
9. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
Wrapper
stateful packet filtering
Data Link layer
Antivirus (AV) software
10. The art and science of creating a covert message or image within another message - image - audio - or video file.
Tiger Team
steganography
Bug
Ethical Hacker
11. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Simple Object Access Protocol (SOAP)
Tumbling
nslookup
Asymmetric Algorithm
12. Formal description and evaluation of the vulnerabilities in an information system
-PB
Cold Site
Vulnerability Assessment
rogue access point
13. Port 31337
public key
Demilitarized Zone (DMZ)
Back orifice
NetBus
14. The act of dialing all numbers within an organization to discover open modems.
promiscuous mode
Telnet
Exploit
War Dialing
15. Xmas Tree scan
Auditing
Boot Sector Virus
Ethernet
-sX
16. RPC Scan
-p <port ranges>
Access Control List (ACL)
Simple Object Access Protocol (SOAP)
-sR
17. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
ad hoc mode
Cryptography
-sR
RID Resource identifier
18. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
security controls
War Chalking
-sF
Simple Mail Transfer Protocol (SMTP)
19. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Collision
-sR
queue
RID Resource identifier
20. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
replay attack
Copyright
802.11
Wide Area Network (WAN)
21. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
key exchange protocol
Vulnerability Management
End User Licensing Agreement (EULA)
Acceptable Use Policy (AUP)
22. A file system used by the Mac OS.
Bluejacking
Hierarchical File System (HFS)
Corrective Controls
-sL
23. List Scan
Domain Name System (DNS) lookup
-PT
-sL
polymorphic virus
24. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
War Driving
shrink-wrap code attacks
Wiretapping
public key infrastructure (PKI)
25. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
gray box testing
Availability
segment
26. Nmap normal output
SYN attack
NOP
-oN
Simple Mail Transfer Protocol (SMTP)
27. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
802.11
hashing algorithm
White Box Testing
shrink-wrap code attacks
28. A person or entity indirectly involved in a relationship between two principles.
-oN
Third Party
risk transference
War Driving
29. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Hierarchical File System (HFS)
route
Vulnerability Scanning
flood
30. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Asymmetric
-sO
Bastion host
404EE
31. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Man-in-the-middle attack
Daisy Chaining
Bluejacking
Availability
32. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
risk
intrusion detection system (IDS)
802.11 i
Temporal Key Integrity Protocol (TKIP)
33. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
keylogger
Certificate Authority (CA)
White Box Testing
footprinting
34. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Zombie
social engineering
spyware
Cookie
35. An attack that exploits the common mistake many people make when installing operating systems
operating system attack
SYN flood attack
Trusted Computer Base (TCB)
Internet service provider (ISP)
36. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
MAC filtering
Local Administrator
enumeration
Data Encryption Standard (DES)
37. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
net use \[target ip]IPC$ '' /user:''
Worm
role-based access control
false rejection rate (FRR)
38. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Warm Site
Exposure Factor
Target Of Engagement (TOE)
Mantrap
39. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Man-in-the-middle attack
symmetric encryption
Zone transfer
Simple Object Access Protocol (SOAP)
40. Establish Null Session
security breach or security incident
physical security
protocol stack
net use \[target ip]IPC$ '' /user:''
41. White box test
Buffer
Hierarchical File System (HFS)
Internal access to the network
Hacks with permission
42. A Canonical Name record within DNS - used to provide an alias for a domain name.
SOA record
Active Attack
Countermeasures
CNAME record
43. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Application Layer
Simple Network Management Protocol (SNMP)
router
Trusted Computer System Evaluation Criteria (TCSEC)
44. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
polymorphic virus
Trojan Horse
Bit Flipping
Archive
45. A social-engineering attack that manipulates the victim into calling the attacker for help.
Audit Data
reverse social engineering
hot site
Unicode
46. A group of experts that handles computer security incidents.
Countermeasures
security incident response team (SIRT)
segment
-oX
47. Hex 12
Common Internet File System/Server Message Block
Sign in Seal
A S
Man-in-the-middle attack
48. The change or growth of a project's scope
Authorization
Information Technology (IT) asset criticality
404EE
scope creep
49. The transmission of digital signals without precise clocking or synchronization.
SYN attack
asynchronous transmission
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Local Administrator
50. Controls to detect anomalies or undesirable events occurring on a system.
red team
Detective Controls
Cryptographic Key
Wired Equivalent Privacy (WEP)