SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
false rejection rate (FRR)
Data Encryption Standard (DES)
Fiber Distributed Data Interface (FDDI)
red team
2. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
Audit Trail
parameter tampering
suicide hacker
red team
3. Hex 10
CAM table
Zombie
A
Filter
4. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
stream cipher
Banner Grabbing
Mandatory access control (MAC)
-PP
5. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Banner Grabbing
quantitative risk assessment
honeypot
Last In First Out (LIFO)
6. nmap
International Organization for Standardization (ISO)
-p <port ranges>
Temporal Key Integrity Protocol (TKIP)
Domain Name System (DNS) lookup
7. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
POST
Console Port
Time exceeded
8. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
security bulletins
Wi-Fi Protected Access (WPA)
Routing Information Protocol (RIP)
Malicious code
9. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
-oX
Last In First Out (LIFO)
Annualized Loss Expectancy (ALE)
audit
10. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
gray hat
War Chalking
proxy server
A procedure for identifying active hosts on a network.
11. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Internet Assigned Number Authority (IANA)
Corrective Controls
Anonymizer
operating system attack
12. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
public key infrastructure (PKI)
Secure Multipurpose Mail Extension (S/MIME)
self encrypting
Availability
13. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
Wireless Local Area Network (WLAN)
hot site
CIA triangle
Internet Assigned Number Authority (IANA)
14. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
Dumpster Diving
Block Cipher
War Dialing
risk transference
15. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Level II assessment
-sA
Fast Ethernet
Cryptography
16. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
session hijacking
shrink-wrap code attacks
-PP
Time Bomb
17. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
protocol
node
risk acceptance
Google hacking
18. An Application layer protocol for sending electronic mail between servers.
Telnet
Simple Mail Transfer Protocol (SMTP)
session hijacking
No previous knowledge of the network
19. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
firewall
Biometrics
Collision Domain
Crossover Error Rate (CER)
20. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
User Datagram Protocol (UDP)
Hypertext Transfer Protocol Secure (HTTPS)
local area network (LAN)
fragmentation
21. Black box test
smart card
No previous knowledge of the network
HIDS
Algorithm
22. Port 110
POP 3
replay attack
-PP
Competitive Intelligence
23. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Bastion host
overt channel
Routing Protocol
session splicing
24. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Three-Way (TCP) Handshake
SYN flood attack
Digital Signature
Authentication - Authorization - and Accounting (AAA)
25. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
Virtual Local Area Network (VLAN)
network access server
MD5
Wireless Local Area Network (WLAN)
26. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
port redirection
Exploit
War Driving
replay attack
27. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
promiscuous mode
NOP
Countermeasures
28. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
port knocking
Asymmetric
route
replay attack
29. The conveying of official access or legal power to a person or entity.
security breach or security incident
stream cipher
Trusted Computer Base (TCB)
Authorization
30. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Malware
intranet
Authorization
signature scanning
31. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
Antivirus (AV) software
War Chalking
intranet
false negative
32. Hex 04
Secure Multipurpose Mail Extension (S/MIME)
Tini
physical security
R
33. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
NT LAN Manager (NTLM)
spam
Transmission Control Protocol (TCP)
POP 3
34. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
iris scanner
Demilitarized Zone (DMZ)
Replacing numbers in a url to access other files
-sX
35. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Cache
Digital Watermarking
Client
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
36. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Malware
ECHO reply
User Datagram Protocol (UDP)
Simple Object Access Protocol (SOAP)
37. A command used in HTTP and FTP to retrieve a file from a server.
Bastion host
Exposure Factor
rogue access point
GET
38. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Domain Name System (DNS) lookup
Wireless Local Area Network (WLAN)
Service Set Identifier (SSID)
Request for Comments (RFC)
39. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
Information Technology Security Evaluation Criteria (ITSEC)
Cold Site
File Transfer Protocol (FTP)
hacktivism
40. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
routed protocol
hot site
pattern matching
reconnaissance
41. FTP Bounce Attack
network operations center (NOC)
Computer-Based Attack
-b
queue
42. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Event
Asymmetric Algorithm
Corrective Controls
International Organization for Standardization (ISO)
43. A file system used by the Mac OS.
Master boot record infector
Hierarchical File System (HFS)
-PT
Cracker
44. Shifting responsibility from one party to another
Eavesdropping
non-repudiation
Password Authentication Protocol (PAP)
risk transference
45. FIN Scan
Third Party
-sF
Kerberos
quantitative risk assessment
46. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
intranet
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
separation of duties
Certificate Authority (CA)
47. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
site survey
Zero Subnet
patch
Internet Assigned Number Authority (IANA)
48. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
firewalking
Vulnerability
phishing
Tunneling Virus
49. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
penetration testing
-sX
Port Address Translation (PAT)
Worm
50. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
smart card
Self Replicating
signature scanning
site survey
