SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
gray hat
parameter tampering
Vulnerability Scanning
Simple Object Access Protocol (SOAP)
2. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Minimum acceptable level of risk
out-of-band signaling
heuristic scanning
Acknowledgment (ACK)
3. A type of malware that covertly collects information about a user.
Asset
footprinting
spyware
Smurf attack
4. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Droppers
Minimum acceptable level of risk
Cold Site
steganography
5. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
local area network (LAN)
RID Resource identifier
fully qualified domain name (FQDN)
piggybacking
6. A social-engineering attack that manipulates the victim into calling the attacker for help.
reverse social engineering
Defines legal email marketing
Virtual Local Area Network (VLAN)
File Allocation Table (FAT)
7. TCP connect() scan
Black Box Testing
-sT
International Organization for Standardization (ISO)
route
8. Port 137/138/139
Simple Object Access Protocol (SOAP)
port scanning
--randomize_hosts -O OS fingerprinting
SMB
9. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
Service Set Identifier (SSID)
Event
INFOSEC Assessment Methodology (IAM)
gateway
10. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
Transport Layer Security (TLS)
ISO 17799
Certificate
Tini
11. The condition of a resource being ready for use and accessible by authorized users.
Electronic serial number
Administratively Prohibited
Wrapper
Availability
12. An attack that combines a brute-force attack with a dictionary attack.
hybrid attack
red team
flood
stateful packet filtering
13. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Request for Comments (RFC)
-PP
Access Control List (ACL)
14. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
-sW
security by obscurity
quantitative risk assessment
separation of duties
15. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
User Datagram Protocol (UDP)
Replacing numbers in a url to access other files
Zone transfer
Three-Way (TCP) Handshake
16. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
-sL
S
script kiddie
Information Technology Security Evaluation Criteria (ITSEC)
17. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
SOA record
GET
Cookie
null session
18. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Cookie
A R
script kiddie
Trusted Computer Base (TCB)
19. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
SYN attack
Malware
Anonymizer
security breach or security incident
20. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
secure channel
stream cipher
risk transference
Denial of Service (DoS)
21. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
U P F
Transmission Control Protocol (TCP)
Virtual Private Network (VPN)
false negative
22. An informed decision to accept the potential for damage to or loss of an IT asset.
CNAME record
risk acceptance
EDGAR database
reconnaissance
23. A method of external testing whereby several systems or resources are used together to effect an attack.
Active Fingerprinting
stateful packet filtering
Daisy Chaining
security bulletins
24. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
protocol
steganography
proxy server
role-based access control
25. NSA
Tiger Team
asynchronous transmission
National Security Agency
Temporal Key Integrity Protocol (TKIP)
26. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Point-to-Point Tunneling Protocol (PPTP)
keylogger
false rejection rate (FRR)
Contingency Plan
27. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Timestamping
A S
Droppers
gray hat
28. A command used in HTTP and FTP to retrieve a file from a server.
GET
Information Technology (IT) infrastructure
Access Creep
audit
29. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
logic bomb
Service Set Identifier (SSID)
service level agreements (SLAs)
Fast Ethernet
30. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
false negative
Information Technology (IT) security architecture and framework
Wi-Fi
hashing algorithm
31. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
Contingency Plan
NetBSD
logic bomb
Internet Protocol Security (IPSec) architecture
32. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
ECHO reply
Auditing
encryption
SSH
33. ICMP Timestamp
Certificate
-PP
Time To Live (TTL)
Kerberos
34. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
OpenBSD
Tini
Fast Ethernet
Confidentiality
35. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
penetration testing
Malicious code
ad hoc mode
RID Resource identifier
36. An adapter that provides the physical connection to send and receive data between the computer and the network media.
network interface card (NIC)
Data Link layer
keylogger
No previous knowledge of the network
37. A protocol that allows a client computer to request services from a server and the server to return the results.
International Organization for Standardization (ISO)
Event
remote procedure call (RPC)
Availability
38. A point of reference used to mark an initial state in order to manage change.
remote access
SYN attack
Baseline
Fiber Distributed Data Interface (FDDI)
39. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
overt channel
Contingency Plan
intrusion detection system (IDS)
Macro virus
40. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
ping sweep
Algorithm
Acknowledgment (ACK)
-sX
41. A computer virus that infects and spreads in multiple ways.
Daisy Chaining
Secure Sockets Layer (SSL)
Multipartite virus
Kerberos
42. A data encryption/decryption program often used for e-mail and file storage.
Pretty Good Privacy (PGP)
Secure Multipurpose Mail Extension (S/MIME)
security controls
The automated process of proactively identifying vulnerabilities of computing systems present in a network
43. Shifting responsibility from one party to another
Audit Data
hybrid attack
risk transference
penetration testing
44. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
XOR Operation
Tunnel
Daisy Chaining
Hypertext Transfer Protocol Secure (HTTPS)
45. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
smart card
fragmentation
Routing Information Protocol (RIP)
Bluetooth
46. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
Internal access to the network
public key infrastructure (PKI)
RID Resource identifier
Master boot record infector
47. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
route
Vulnerability Assessment
sidejacking
Cold Site
48. Port 161/162
firewalking
SNMP
R
Videocipher II Satellite Encryption System
49. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
logic bomb
Possession of access devices
Access Control List (ACL)
Bit Flipping
50. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
Destination Unreachable
File Transfer Protocol (FTP)
Cloning
Information Technology (IT) asset criticality
