SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
inference attack
Wired Equivalent Privacy (WEP)
gateway
source routing
2. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
Virtual Local Area Network (VLAN)
Bug
NetBSD
ISO 17799
3. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
reverse social engineering
parallel scan
qualitative analysis
Digital Signature
4. Port 389
Database
Network Address Translation (NAT)
No previous knowledge of the network
LDAP
5. Policy stating what users of a system can and cannot do with the organization's assets.
Kerberos
Acceptable Use Policy (AUP)
Asynchronous
-sX
6. A denial-of-service technique that uses numerous hosts to perform the attack.
Adware
Distributed DoS (DDoS)
payload
Hacks with permission
7. Any network incident that prompts some kind of log entry or other notification.
Event
Internal access to the network
audit
Community String
8. Insane scan timing
Boot Sector Virus
parallel scan & 75 sec timeout & 0.3 sec/probe
router
Service Set Identifier (SSID)
9. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
Digital Signature
keylogger
packet
Fraud and related activity in connection with computers
10. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
footprinting
infrastructure mode
intranet
Droppers
11. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Multipurpose Internet Mail Extensions (MIME)
public key
SMB
gap analysis
12. ICMP Type/Code 0-0
Echo request
Echo Reply
Transport Layer Security (TLS)
Simple Object Access Protocol (SOAP)
13. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
suicide hacker
hot site
Database
signature scanning
14. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
R
User Datagram Protocol (UDP)
Due Diligence
Post Office Protocol 3 (POP3)
15. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
Point-to-Point Protocol (PPP)
Event
-sO
symmetric algorithm
16. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
script kiddie
Secure Multipurpose Mail Extension (S/MIME)
Fiber Distributed Data Interface (FDDI)
Data Encryption Standard (DES)
17. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
overt channel
quality of service (QoS)
Computer Emergency Response Team (CERT)
Console Port
18. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
Post Office Protocol 3 (POP3)
Minimum acceptable level of risk
Macro virus
19. A computer virus that infects and spreads in multiple ways.
--randomize_hosts -O OS fingerprinting
Multipartite virus
audit
piggybacking
20. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
Access Point (AP)
Directory Traversal
Written Authorization
TACACS
21. A protocol for exchanging packets over a serial line.
War Driving
Access Creep
Serial Line Internet Protocol (SLIP)
Zone transfer
22. The process of recording activity on a system for monitoring and later review.
audit
Auditing
network interface card (NIC)
Interior Gateway Protocol (IGP)
23. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Asymmetric
RPC-DCOM
Information Technology (IT) security architecture and framework
piggybacking
24. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Droppers
Level II assessment
Contingency Plan
Smurf attack
25. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
Packet Internet Groper (ping)
self encrypting
rogue access point
SMB
26. The exploitation of a security vulnerability
security by obscurity
Demilitarized Zone (DMZ)
Archive
security breach or security incident
27. Vulnerability Scanning
Cookie
Wi-Fi Protected Access (WPA)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
False Acceptance Rate (FAR)
28. A Windows-based GUI version of nmap.
Pretty Good Privacy (PGP)
Zenmap
-b
Secure Sockets Layer (SSL)
29. A computer network confined to a relatively small area - such as a single building or campus.
local area network (LAN)
MAC filtering
queue
Web Spider
30. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
Filter
802.11
Local Administrator
footprinting
31. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Daemon
Worm
Target Of Engagement (TOE)
War Driving
32. The act of dialing all numbers within an organization to discover open modems.
public key
Zombie
War Dialing
Cryptographic Key
33. Hex 12
Transport Layer Security (TLS)
net use \[target ip]IPC$ '' /user:''
A S
false rejection rate (FRR)
34. UDP Scan
-p <port ranges>
-sU
-PP
-sO
35. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
network tap
risk transference
Written Authorization
Access Point (AP)
36. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
-sS
Tini
Ethical Hacker
halo effect
37. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
Certificate Authority (CA)
intrusion prevention system (IPS)
Lightweight Directory Access Protocol (LDAP)
promiscuous mode
38. A protocol that allows a client computer to request services from a server and the server to return the results.
-oG
remote procedure call (RPC)
Antivirus (AV) software
Corrective Controls
39. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Cryptography
network access server
Threat
Exposure Factor
40. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
honeypot
patch
Client
Audit Data
41. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
Routing Protocol
Interior Gateway Protocol (IGP)
Mantrap
Bit Flipping
42. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
rogue access point
Electronic Code Book (ECB)
Competitive Intelligence
POP 3
43. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
End User Licensing Agreement (EULA)
Common Internet File System/Server Message Block
net use \[target ip]IPC$ '' /user:''
DNS enumeration
44. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Adware
Contingency Plan
null session
routed protocol
45. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
security controls
Finger
Request for Comments (RFC)
Virtual Local Area Network (VLAN)
46. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
Secure Sockets Layer (SSL)
Cloning
Point-to-Point Tunneling Protocol (PPTP)
Port Address Translation (PAT)
47. Port 80/81/8080
False Acceptance Rate (FAR)
Internet Protocol (IP)
HTTP
-PM
48. FTP Bounce Attack
Three-Way (TCP) Handshake
-b
Demilitarized Zone (DMZ)
Administratively Prohibited
49. A software or hardware defect that often results in system vulnerabilities.
gray box testing
-PS
Bug
Time To Live (TTL)
50. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Black Hat
404EE
Secure Sockets Layer (SSL)
public key infrastructure (PKI)
