SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
Tini
stream cipher
Lightweight Directory Access Protocol (LDAP)
Anonymizer
2. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Algorithm
script kiddie
queue
RID Resource identifier
3. LM Hash for short passwords (under 7)
HTTP tunneling
polymorphic virus
404EE
Anonymizer
4. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
-sI
-sA
Point-to-Point Protocol (PPP)
Rijndael
5. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Data Encryption Standard (DES)
Asymmetric
Exposure Factor
Cache
6. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Filter
false rejection rate (FRR)
Administratively Prohibited
Cloning
7. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
serialize scans & 15 sec wait
key exchange protocol
Fiber Distributed Data Interface (FDDI)
802.11
8. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
open source
steganography
Digital Certificate
POP 3
9. Port 23
Address Resolution Protocol (ARP) table
Asymmetric
network tap
Telnet
10. 18 U.S.C. 1029
Possession of access devices
Black Hat
Archive
session hijacking
11. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
serialize scans & 15 sec wait
Data Link layer
Annualized Loss Expectancy (ALE)
Audit Data
12. Nmap ml output
--randomize_hosts -O OS fingerprinting
-oX
Daisy Chaining
Local Administrator
13. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
queue
Time To Live (TTL)
Challenge Handshake Authentication Protocol (CHAP)
private network address
14. A command used in HTTP and FTP to retrieve a file from a server.
802.11 i
GET
Time Bomb
Videocipher II Satellite Encryption System
15. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
-sV
null session
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Service Set Identifier (SSID)
16. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
Adware
session splicing
Sign in Seal
Bluesnarfing
17. Monitoring of telephone or Internet conversations - typically by covert means.
Wiretapping
Database
White Box Testing
Bit Flipping
18. A routing protocol developed to be used within a single organization.
Interior Gateway Protocol (IGP)
parallel scan & 300 sec timeout & 1.25 sec/probe
rogue access point
Virus Hoax
19. A virus designed to infect the master boot record.
Temporal Key Integrity Protocol (TKIP)
-PB
Master boot record infector
Hypertext Transfer Protocol Secure (HTTPS)
20. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Network Basic Input/Output System (NetBIOS)
Time To Live (TTL)
self encrypting
Point-to-Point Protocol (PPP)
21. Hex 12
Discretionary Access Control (DAC)
404EE
A S
Time To Live (TTL)
22. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Domain Name
parallel scan & 75 sec timeout & 0.3 sec/probe
Wi-Fi
Temporal Key Integrity Protocol (TKIP)
23. Hashing algorithm that results in a 128-bit output.
null session
Time To Live (TTL)
Zero Subnet
MD5
24. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
spyware
Zone transfer
Competitive Intelligence
suicide hacker
25. The change or growth of a project's scope
scope creep
sniffer
risk acceptance
Port Address Translation (PAT)
26. Vulnerability Scanning
-b
The automated process of proactively identifying vulnerabilities of computing systems present in a network
-sR
Information Technology (IT) security architecture and framework
27. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
Rijndael
Post Office Protocol 3 (POP3)
Possession of access devices
encapsulation
28. The art and science of creating a covert message or image within another message - image - audio - or video file.
steganography
Level II assessment
War Driving
firewall
29. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Bluesnarfing
Black Hat
HIDS
operating system attack
30. nmap
-p <port ranges>
Domain Name System (DNS) cache poisoning
hardware keystroke logger
piggybacking
31. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Banner Grabbing
Network Address Translation (NAT)
Filter
Asynchronous
32. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
private key
Domain Name System (DNS)
CIA triangle
Bastion host
33. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Active Directory (AD)
audit
encryption
34. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
qualitative analysis
Acknowledgment (ACK)
SMB
-sF
35. A program designed to execute at a specific time to release malicious code onto the computer system or network.
-PT
Time Bomb
Annualized Loss Expectancy (ALE)
Transport Layer Security (TLS)
36. Port 137/138/139
-sF
risk transference
Telnet
SMB
37. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
audit
footprinting
Backdoor
operating system attack
38. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
User Datagram Protocol (UDP)
flood
sidejacking
Acknowledgment (ACK)
39. Evaluation in which testers attempt to penetrate the network.
hot site
Level III assessment
Internet Protocol Security (IPSec) architecture
ring topology
40. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
red team
Droppers
Third Party
R
41. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
Post Office Protocol 3 (POP3)
Vulnerability Scanning
802.11
File Allocation Table (FAT)
42. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
Access Control List (ACL)
Virus Hoax
Asymmetric
War Chalking
43. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
INFOSEC Assessment Methodology (IAM)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Contingency Plan
Digital Certificate
44. Black hat
Exploit
Cache
Hacks without permission
NetBSD
45. Any network incident that prompts some kind of log entry or other notification.
Active Fingerprinting
key exchange protocol
Event
Rijndael
46. NSA
-PT
National Security Agency
Defines legal email marketing
CIA triangle
47. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
security by obscurity
-oA
Written Authorization
48. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
iris scanner
SID
Computer-Based Attack
Adware
49. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
infrastructure mode
network operations center (NOC)
-b
Authentication - Authorization - and Accounting (AAA)
50. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
File Allocation Table (FAT)
FreeBSD
stateful packet filtering
False Acceptance Rate (FAR)