SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
Replacing numbers in a url to access other files
Hypertext Transfer Protocol Secure (HTTPS)
forwarding
serialize scans & 15 sec wait
2. Two or more LANs connected by a high-speed line across a large geographical area.
scope creep
POP 3
Wide Area Network (WAN)
-sS
3. The act of dialing all numbers within an organization to discover open modems.
War Dialing
Transport Layer Security (TLS)
hacktivism
Finding a directory listing and gaining access to a parent or root file for access to other files
4. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
Authorization
Ciphertext
-sW
XOR Operation
5. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Wi-Fi Protected Access (WPA)
RPC-DCOM
human-based social engineering
security incident response team (SIRT)
6. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
inference attack
Bluejacking
self encrypting
Annualized Loss Expectancy (ALE)
7. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
qualitative analysis
Blowfish
Droppers
spoofing
8. Normal scan timing
Access Creep
scope creep
Master boot record infector
parallel scan
9. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
serialize scans & 15 sec wait
promiscuous mode
Echo Reply
out-of-band signaling
10. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
Data Link layer
passive attack
Auditing
routed protocol
11. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Distributed DoS (DDoS)
Multipurpose Internet Mail Extensions (MIME)
Self Replicating
S
12. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
-sO
signature scanning
-PB
Transport Layer Security (TLS)
13. A device providing temporary - on-demand - point-to-point network access to users.
-oA
Wrapper
Buffer
network access server
14. Xmas Tree scan
pattern matching
hybrid attack
-sX
honeypot
15. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
serial scan & 300 sec wait
network tap
scope creep
infrastructure mode
16. A Canonical Name record within DNS - used to provide an alias for a domain name.
CNAME record
Database
Secure Multipurpose Mail Extension (S/MIME)
network operations center (NOC)
17. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
Wiretapping
End User Licensing Agreement (EULA)
Confidentiality
smart card
18. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
MD5
gray box testing
Covert Channel
Google hacking
19. Access by information systems (or users) communicating from outside the information system security perimeter.
Internal access to the network
Trojan Horse
Point-to-Point Protocol (PPP)
remote access
20. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
Fraud and related activity in connection with computers
Smurf attack
script kiddie
-PP
21. Evaluation in which testers attempt to penetrate the network.
Wireless Local Area Network (WLAN)
Level III assessment
Destination Unreachable
impersonation
22. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
TACACS
Cloning
security controls
Buffer
23. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Competitive Intelligence
Bit Flipping
Access Control List (ACL)
network interface card (NIC)
24. IP Protocol Scan
-sO
public key infrastructure (PKI)
SMB
Denial of Service (DoS)
25. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Backdoor
Vulnerability Assessment
Accountability
honeynet
26. A denial-of-service technique that uses numerous hosts to perform the attack.
gap analysis
Distributed DoS (DDoS)
Ciphertext
role-based access control
27. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
Zone transfer
public key infrastructure (PKI)
false rejection rate (FRR)
-PM
28. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
encryption
Network Basic Input/Output System (NetBIOS)
parameter tampering
29. The monetary value assigned to an IT asset.
flood
International Organization for Standardization (ISO)
Information Technology (IT) asset valuation
suicide hacker
30. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Eavesdropping
personal identification number (PIN)
Serial Line Internet Protocol (SLIP)
null session
31. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
Cookie
ring topology
site survey
Bit Flipping
32. A type of malware that covertly collects information about a user.
router
node
public key infrastructure (PKI)
spyware
33. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
Multipartite virus
Dumpster Diving
footprinting
Demilitarized Zone (DMZ)
34. 18 U.S.C. 1030
Fraud and related activity in connection with computers
Extensible Authentication Protocol (EAP)
404EE
serial scan & 300 sec wait
35. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Point-to-Point Tunneling Protocol (PPTP)
iris scanner
NT LAN Manager (NTLM)
Virus Hoax
36. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
User Datagram Protocol (UDP)
Sign in Seal
Droppers
Vulnerability
37. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
Wired Equivalent Privacy (WEP)
Buffer
serialize scans & 0.4 sec wait
gray box testing
38. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
Packet Internet Groper (ping)
false negative
Authentication
39. Incremental Substitution
Replacing numbers in a url to access other files
Redundant Array of Independent Disks (RAID)
War Dialing
false rejection rate (FRR)
40. The transmission of digital signals without precise clocking or synchronization.
Authentication
Active Directory (AD)
asynchronous transmission
Cracker
41. Port 161/162
Virtual Private Network (VPN)
SNMP
-sO
Hacks without permission
42. ICMP Ping
symmetric encryption
Traceroute
-oG
-PI
43. The Security Accounts Manager file in Windows stores all the password hashes for the system.
-b
DNS enumeration
SAM
Antivirus (AV) software
44. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
enumeration
Internet Control Message Protocol (ICMP)
Vulnerability Management
parameter tampering
45. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.
source routing
Back orifice
Authentication - Authorization - and Accounting (AAA)
hash
46. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
false negative
Multipartite virus
HTTP tunneling
risk avoidance
47. An attack that exploits the common mistake many people make when installing operating systems
-sV
private key
operating system attack
parallel scan & 300 sec timeout & 1.25 sec/probe
48. A routing protocol developed to be used within a single organization.
Interior Gateway Protocol (IGP)
Hacks with permission
LDAP
network interface card (NIC)
49. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Exposure Factor
Competitive Intelligence
Audit Data
Internet Assigned Number Authority (IANA)
50. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
hardware keystroke logger
serialize scans & 0.4 sec wait
Access Point (AP)
Denial of Service (DoS)